RubyGems - oso-cloud - Versions diffs - 0.7.0 → 1.0.1 - Mend

oso-cloud 0.7.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69149698f1269f5bd98bf3072671992b364170e0ff5264132fde524f10d997b2
-  data.tar.gz: ccd52aa2087dfadffc11dce6343aaad7abf10ec3cb2099a8b01df8f19f3e88d4
+  metadata.gz: 339079e696596a482f6f1fe6bc875d9f88dc5415b0eaca4b4e7a04304280cc7a
+  data.tar.gz: '099c6b0532405a7fc0cf5933b09ea03991fe43f3e2da6b726d5e33e932706b55'
 SHA512:
-  metadata.gz: 2cc987575b2ef6ff3b7bdff48b575c23f1a6739ba5553a44f00731700e03b89a854d71bac3fd60b41bf76854d9b38fb9b380ee2eb7b4abdc7a0338abcb48b3ed
-  data.tar.gz: afa3922a254311adf4616372c15b3c51c834339d89c5cc3942c86d261e12121d919b8879dd9494e28cb71b7f318f060924e1852cae28e36e7fcf385c70591cb1
+  metadata.gz: 441e11c7fdb4b201cf22d84195d7f0cc5454a64186c0078086ae085138a31a8ee10f667f5723b94b467aa74ee89780e1ccd853c435d044f84616b46f78a44527
+  data.tar.gz: 56c4cb7d88820805bbd9238624f8220253c48aa19fdffe71298af26ff9369e3bf5692d49be70f439a582e4f76ff9d4b7458f45a303fa32c02296c5c2324f9f08

data/Gemfile.lock CHANGED Viewed

@@ -1,13 +1,22 @@
 PATH
   remote: .
   specs:
-    oso-cloud (0.7.0)
+    oso-cloud (1.0.1)
+      faraday (~> 2.5.2)
+      faraday-retry (~> 2.0.0)
 GEM
   remote: https://rubygems.org/
   specs:
+    faraday (2.5.2)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (3.0.2)
+    faraday-retry (2.0.0)
+      faraday (~> 2.0)
     minitest (5.15.0)
     rake (12.3.3)
+    ruby2_keywords (0.0.5)
 PLATFORMS
   ruby

data/README.md CHANGED Viewed

@@ -1,25 +1,53 @@
-# Oso::Client
+# Oso Cloud Client for Ruby
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/oso/client`. To experiment with that code, run `bin/console` for an interactive prompt.
+[![Slack][badge-slack]][badge-slack-link]
-TODO: Delete this and the text above, and describe your gem
+The Oso Cloud client for Ruby provides a convenient wrapper around the Oso
+Cloud HTTP API for applications and services written in Ruby.
-## Installation
+## What is Oso Cloud?
+Oso Cloud is authorization-as-a-service. It provides abstractions for building
+and iterating on authorization in your application – based on years of work
+with hundreds of engineering teams.
-Add this line to your application's Gemfile:
+- Model: Build your authorization model using primitives for common patterns
+  like multi-tenancy and RBAC. Express custom rules using Polar, a
+  declarative policy language for authorization.
-```ruby
-gem 'oso-cloud'
-```
+- Store: Store your authorization data using a best-practices data model and
+  use it for access decisions across all of your services.
-And then execute:
+- Enforce & Query: Add enforcement calls to your application to perform
+  yes/no permission checks, filter resources by permissions, list a user's
+  roles, and show/hide pieces of your UI.
-    $ bundle install
+- Test & Watch: Write tests over your authorization policies before you push
+  them live. See logs of authorization decisions in real time.
-Or install it yourself as:
+For more information on  how Oso Cloud works and how it fits into your
+architecture, check out the
+[introduction](https://www.osohq.com/docs/get-started/what-is-oso-cloud).
-    $ gem install oso-cloud
+## Documentation
+- To get up and running with Oso Cloud, try the
+  [Quickstart guide](https://www.osohq.com/docs/get-started/quickstart).
+- For method-level documentation, see the
+  [Ruby Client API documentation](https://www.osohq.com/docs/reference/client-apis/ruby).
+- Full documentation is available at
+  [osohq.com/docs](https://www.osohq.com/docs).
+- To learn about authorization best practices (not specific to Oso), read the
+  [Authorization Academy](https://www.osohq.com/developers/authorization-academy)
+  guides.
-## Usage
+## Community & Support
+If you have any questions on Oso Cloud or authorization more generally, you can
+join our engineering team & hundreds of other developers using Oso in our
+community Slack:
+[![Button][join-slack-link]][badge-slack-link]
+[join-slack-link]: https://user-images.githubusercontent.com/282595/128394344-1bd9e5b2-e83d-4666-b446-2e4f431ffcea.png
+[badge-slack]: https://img.shields.io/badge/slack-oso--oss-orange
+[badge-slack-link]: https://join-slack.osohq.com/
-TODO: Write usage instructions here

data/lib/oso/api.rb ADDED Viewed

@@ -0,0 +1,458 @@
+require 'json'
+require 'uri'
+require 'faraday'
+require 'faraday/retry'
+require 'oso/helpers'
+module OsoCloud
+  # @!visibility private
+  module Core
+    # @!visibility private
+    class ApiResult
+      attr_reader :message
+      def initialize(message:)
+        @message = message
+      end
+    end
+    # @!visibility private
+    class ApiError < StandardError
+      def initialize(message:)
+        super(message)
+      end
+    end
+    # @!visibility private
+    class Policy
+      attr_reader :filename
+      attr_reader :src
+      def initialize(filename:, src:)
+        @filename = filename
+        @src = src
+      end
+    end
+    # @!visibility private
+    class GetPolicyResult
+      attr_reader :policy
+      def initialize(policy:)
+        if policy.is_a? Policy
+          @policy = policy
+        else
+          @policy = Policy.new(**policy)
+        end
+      end
+    end
+    # @!visibility private
+    class Fact
+      attr_reader :predicate
+      attr_reader :args
+      def initialize(predicate:, args:)
+        @predicate = predicate
+        @args = args.map { |v| if v.is_a? Value then v else Value.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class Value
+      attr_reader :type
+      attr_reader :id
+      def initialize(type:, id:)
+        @type = type
+        @id = id
+      end
+    end
+    # @!visibility private
+    class Bulk
+      attr_reader :delete
+      attr_reader :tell
+      def initialize(delete:, tell:)
+        @delete = delete.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
+        @tell = tell.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class AuthorizeResult
+      attr_reader :allowed
+      def initialize(allowed:)
+        @allowed = allowed
+      end
+    end
+    # @!visibility private
+    class AuthorizeQuery
+      attr_reader :actor_type
+      attr_reader :actor_id
+      attr_reader :action
+      attr_reader :resource_type
+      attr_reader :resource_id
+      attr_reader :context_facts
+      def initialize(actor_type:, actor_id:, action:, resource_type:, resource_id:, context_facts:)
+        @actor_type = actor_type
+        @actor_id = actor_id
+        @action = action
+        @resource_type = resource_type
+        @resource_id = resource_id
+        @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class AuthorizeResourcesResult
+      attr_reader :results
+      def initialize(results:)
+        @results = results.map { |v| if v.is_a? Value then v else Value.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class AuthorizeResourcesQuery
+      attr_reader :actor_type
+      attr_reader :actor_id
+      attr_reader :action
+      attr_reader :resources
+      attr_reader :context_facts
+      def initialize(actor_type:, actor_id:, action:, resources:, context_facts:)
+        @actor_type = actor_type
+        @actor_id = actor_id
+        @action = action
+        @resources = resources.map { |v| if v.is_a? Value then v else Value.new(**v) end }
+        @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class ListResult
+      attr_reader :results
+      def initialize(results:)
+        @results = results
+      end
+    end
+    # @!visibility private
+    class ListQuery
+      attr_reader :actor_type
+      attr_reader :actor_id
+      attr_reader :action
+      attr_reader :resource_type
+      attr_reader :context_facts
+      def initialize(actor_type:, actor_id:, action:, resource_type:, context_facts:)
+        @actor_type = actor_type
+        @actor_id = actor_id
+        @action = action
+        @resource_type = resource_type
+        @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class ActionsResult
+      attr_reader :results
+      def initialize(results:)
+        @results = results
+      end
+    end
+    # @!visibility private
+    class ActionsQuery
+      attr_reader :actor_type
+      attr_reader :actor_id
+      attr_reader :resource_type
+      attr_reader :resource_id
+      attr_reader :context_facts
+      def initialize(actor_type:, actor_id:, resource_type:, resource_id:, context_facts:)
+        @actor_type = actor_type
+        @actor_id = actor_id
+        @resource_type = resource_type
+        @resource_id = resource_id
+        @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class QueryResult
+      attr_reader :results
+      def initialize(results:)
+        @results = results.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class Query
+      attr_reader :fact
+      attr_reader :context_facts
+      def initialize(fact:, context_facts:)
+        if fact.is_a? Fact
+          @fact = fact
+        else
+          @fact = Fact.new(**fact)
+        end
+        @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
+      end
+    end
+    # @!visibility private
+    class StatsResult
+      attr_reader :num_roles
+      attr_reader :num_relations
+      attr_reader :num_facts
+      def initialize(num_roles:, num_relations:, num_facts:)
+        @num_roles = num_roles
+        @num_relations = num_relations
+        @num_facts = num_facts
+      end
+    end
+    # @!visibility private
+    class Api
+      def initialize(url: 'https://cloud.osohq.com', api_key: nil, options: nil)
+        @url = url
+        @connection = Faraday.new(url: url) do |faraday|
+          faraday.request :json
+          # responses are processed in reverse order; this stack implies the
+          # retries are attempted before an error is raised, and the json
+          # parser is only applied if there are no errors
+          faraday.response :json, preserve_raw: true
+          faraday.response :raise_error
+          faraday.request :retry, {
+            max: (options && options[:max_retries]) || 10,
+            interval: 0.01,
+            interval_randomness: 0.005,
+            max_interval: 1,
+            backoff_factor: 2,
+            retry_statuses: [429, 500, 502, 503, 504],
+            # ensure authorize and related check functions are retried because
+            # they are POST requests, which are not retried automatically
+            retry_if: ->(env, _exc) {
+              %w[
+                /api/authorize
+                /api/authorize_resources
+                /api/list
+                /api/actions
+                /api/query
+              ].include? env.url.path
+            },
+          }
+          if (options && options[:test_adapter])
+            faraday.adapter :test do |stub|
+              stub.post(options[:test_adapter][:path]) do |env|
+                options[:test_adapter][:func].call
+              end
+              stub.get(options[:test_adapter][:path]) do |env|
+                options[:test_adapter][:func].call
+              end
+              stub.delete(options[:test_adapter][:path]) do |env|
+                options[:test_adapter][:func].call
+              end
+            end
+          else
+            faraday.adapter :net_http
+          end
+        end
+        @api_key = api_key
+      end
+      def get_policy()
+        params = {}
+        data = nil
+        url = "/policy"
+        result = GET(url, params, data)
+        GetPolicyResult.new(**result)
+      end
+      def post_policy(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/policy"
+        result = POST(url, params, data)
+        ApiResult.new(**result)
+      end
+      def post_facts(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/facts"
+        result = POST(url, params, data)
+        Fact.new(**result)
+      end
+      def delete_facts(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/facts"
+        result = DELETE(url, params, data)
+        ApiResult.new(**result)
+      end
+      def post_bulk_load(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/bulk_load"
+        result = POST(url, params, data)
+        ApiResult.new(**result)
+      end
+      def post_bulk_delete(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/bulk_delete"
+        result = POST(url, params, data)
+        ApiResult.new(**result)
+      end
+      def post_bulk(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/bulk"
+        result = POST(url, params, data)
+        ApiResult.new(**result)
+      end
+      def post_authorize(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/authorize"
+        result = POST(url, params, data)
+        AuthorizeResult.new(**result)
+      end
+      def post_authorize_resources(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/authorize_resources"
+        result = POST(url, params, data)
+        AuthorizeResourcesResult.new(**result)
+      end
+      def post_list(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/list"
+        result = POST(url, params, data)
+        ListResult.new(**result)
+      end
+      def post_actions(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/actions"
+        result = POST(url, params, data)
+        ActionsResult.new(**result)
+      end
+      def post_query(data)
+        params = {}
+        data = OsoCloud::Helpers.to_hash(data)
+        url = "/query"
+        result = POST(url, params, data)
+        QueryResult.new(**result)
+      end
+      def get_stats()
+        params = {}
+        data = nil
+        url = "/stats"
+        result = GET(url, params, data)
+        StatsResult.new(**result)
+      end
+      def clear_data()
+        params = {}
+        data = nil
+        url = "/clear_data"
+        result = POST(url, params, data)
+        ApiResult.new(**result)
+      end
+      # hard-coded, not generated
+      def get_facts(predicate, args)
+        params = {}
+        params["predicate"] = predicate
+        args.each_with_index do |arg, i|
+          arg_query = OsoCloud::Helpers.extract_arg_query(arg)
+          if arg_query
+            params["args.#{i}.type"] = arg_query.type
+            params["args.#{i}.id"] = arg_query.id
+          end
+        end
+        data = nil
+        url = "/facts"
+        result = GET(url, params, data)
+        result.map { |v| Fact.new(**v) }
+      end
+      def headers()
+        {
+          "Authorization" => "Bearer %s" % @api_key,
+          "User-Agent" => "Oso Cloud (ruby)",
+          "Accept": "application/json",
+          "Content-Type": "application/json",
+          "X-OsoApiVersion": "0"
+        }
+      end
+      def GET(path, params, body)
+        response = @connection.get("api#{path}", params, headers )
+        handle_faraday_response response
+      rescue Faraday::Error => error
+        handle_faraday_error error
+      end
+      def POST(path, params, body)
+        response = @connection.post("api#{path}", body, headers) do |req|
+          req.params = params
+        end
+        handle_faraday_response response
+      rescue Faraday::Error => error
+        handle_faraday_error error
+      end
+      def DELETE(path, params, body)
+        response = @connection.delete("api#{path}", params, headers) do |req|
+          req.body = body
+        end
+        handle_faraday_response response
+      rescue Faraday::Error => error
+        handle_faraday_error error
+      end
+      def handle_faraday_response(response)
+        # TODO:(@patrickod) refactor duplicative JSON parsing
+        JSON.parse(response.env[:raw_body], symbolize_names: true)
+      end
+      def handle_faraday_error(error)
+        err = JSON.parse(error.response[:body], symbolize_names: true)
+        raise ApiError.new(**err)
+      rescue JSON::ParserError => e
+        raise ApiError.new(message: e.message)
+      end
+    end
+  end
+end

data/lib/oso/helpers.rb ADDED Viewed

@@ -0,0 +1,59 @@
+module OsoCloud
+  # @!visibility private
+  module Helpers
+    # @!visibility private
+    def self.extract_value(x)
+      return OsoCloud::Core::Value.new(type: "String", id: x) if x.is_a? String
+      return nil if x.nil?
+      type = (x.type.nil? ? nil : x.type.to_s)
+      id = (x.id.nil? ? nil : x.id.to_s)
+      OsoCloud::Core::Value.new(type: type, id: id)
+    end
+    # @!visibility private
+    def self.extract_arg_query(x)
+      self.extract_value(x)
+    end
+    # @!visibility private
+    def self.param_to_fact(predicate, args)
+      OsoCloud::Core::Fact.new(predicate: predicate, args: args.map { |a| self.extract_value(a) })
+    end
+    # @!visibility private
+    def self.params_to_facts(facts)
+      facts.map { |predicate, *args| self.param_to_fact(predicate, args) }
+    end
+    def self.from_value(value)
+      if value.id.nil?
+        if value.type.nil?
+          nil
+        else
+          { type: value.type }
+        end
+      else
+        if value.type == "String"
+          value.id
+        else
+          { id: value.id, type: value.type }
+        end
+      end
+    end
+    # @!visibility private
+    def self.to_hash(o)
+      return o.map { |v| self.to_hash(v) } if o.is_a? Array
+      return o if o.instance_variables.empty?
+      hash = {}
+      o.instance_variables.each { |var|
+        v = var.to_s.delete("@")
+        value = o.send(v)
+        hash[v] = self.to_hash(value)
+      }
+      hash
+    end
+  end
+end

data/lib/oso/oso.rb ADDED Viewed

@@ -0,0 +1,255 @@
+require 'json'
+require 'net/http'
+require 'uri'
+require 'oso/version'
+require 'oso/api'
+require 'oso/helpers'
+##
+# For more detailed documentation, see
+# https://www.osohq.com/docs/reference/client-apis/ruby
+module OsoCloud
+  # Represents an object in your application, with a type and id.
+  # Both "type" and "id" should be strings.
+  Value = Struct::new(:type, :id, keyword_init: true) do
+    def to_api_value
+      OsoCloud::Helpers.extract_value(self)
+    end
+  end
+  # Oso Cloud client for Ruby
+  #
+  # About facts:
+  #
+  # Some of these methods accept and return "fact"s.
+  # A "fact" is an array with at least one element.
+  # The first element must be a string, representing the fact's name.
+  # Any other elements in the array, which together represent the fact's arguments,
+  # can be "OsoCloud::Value" objects or strings.
+  class Oso
+    def initialize(url: 'https://cloud.osohq.com', api_key: nil)
+      @api = OsoCloud::Core::Api.new(url: url, api_key: api_key)
+    end
+    ##
+    # Update the active policy
+    #
+    # Updates the active policy in Oso Cloud, The string passed into
+    # this method should be written in Polar.
+    #
+    # @param policy [String]
+    # @return [nil]
+    def policy(policy)
+      @api.post_policy(OsoCloud::Core::Policy.new(src: policy, filename: ""))
+      nil
+    end
+    ##
+    # Check a permission
+    #
+    # Returns true if the actor can perform the action on the resource;
+    # otherwise false.
+    #
+    # @param actor [OsoCloud::Value]
+    # @param action [String]
+    # @param resource [OsoCloud::Value]
+    # @param context_facts [Array<fact>]
+    # @return [Boolean]
+    # @see Oso more information about facts
+    def authorize(actor, action, resource, context_facts = [])
+      actor_typed_id = actor.to_api_value
+      resource_typed_id = resource.to_api_value
+      result = @api.post_authorize(OsoCloud::Core::AuthorizeQuery.new(
+        actor_type: actor_typed_id.type,
+        actor_id: actor_typed_id.id,
+        action: action,
+        resource_type: resource_typed_id.type,
+        resource_id: resource_typed_id.id,
+        context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
+      ))
+      result.allowed
+    end
+    ##
+    # Check authorized resources
+    #
+    # Returns a subset of the resource which an actor can perform
+    # a particular action. Ordering and duplicates, if any exist, are preserved.
+    #
+    # @param actor [OsoCloud::Value]
+    # @param action [String]
+    # @param resources [Array<OsoCloud::Value>]
+    # @param context_facts [Array<fact>]
+    # @return [Array<OsoCloud::Value>]
+    # @see Oso more information about facts
+    def authorize_resources(actor, action, resources, context_facts = [])
+      return [] if resources.nil?
+      return [] if resources.empty?
+      key = lambda do |type, id|
+        "#{type}:#{id}"
+      end
+      resources_extracted = resources.map(&:to_api_value)
+      actor_typed_id = actor.to_api_value
+      data = OsoCloud::Core::AuthorizeResourcesQuery.new(
+        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
+        action: action,
+        resources: resources_extracted,
+        context_facts: OsoCloud::Helpers::params_to_facts(context_facts)
+      )
+      result = @api.post_authorize_resources(data)
+      return [] if result.results.empty?
+      results_lookup = Hash.new
+      result.results.each do |r|
+        k = key.call(r.type, r.id)
+        if results_lookup[k] == nil
+          results_lookup[k] = true
+        end
+      end
+      results = resources.select do |r|
+        e = r.to_api_value
+        exists = results_lookup[key.call(e.type, e.id)]
+        exists
+      end
+      results
+    end
+    ##
+    # List authorized resources
+    #
+    # Fetches a list of resource ids on which an actor can perform a
+    # particular action.
+    #
+    # @param actor [OsoCloud::Value]
+    # @param action [String]
+    # @param resource_type [String]
+    # @param context_facts [Array<fact>]
+    # @return [Array<String>]
+    # @see Oso more information about facts
+    def list(actor, action, resource_type, context_facts = [])
+      actor_typed_id = actor.to_api_value
+      result = @api.post_list(OsoCloud::Core::ListQuery.new(
+        actor_type: actor_typed_id.type,
+        actor_id: actor_typed_id.id,
+        action: action,
+        resource_type: resource_type,
+        context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
+      ))
+      result.results
+    end
+    ##
+    # List authorized actions
+    #
+    # Fetches a list of actions which an actor can perform on a particular resource.
+    #
+    # @param actor [OsoCloud::Value]
+    # @param resource [OsoCloud::Value]
+    # @param context_facts [Array<fact>]
+    # @return [Array<String>]
+    # @see Oso more information about facts
+    def actions(actor, resource, context_facts = [])
+      actor_typed_id = actor.to_api_value
+      resource_typed_id = resource.to_api_value
+      result = @api.post_actions(OsoCloud::Core::ActionsQuery.new(
+        actor_type: actor_typed_id.type,
+        actor_id: actor_typed_id.id,
+        resource_type: resource_typed_id.type,
+        resource_id: resource_typed_id.id,
+        context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
+      ))
+      result.results
+    end
+    ##
+    # Add a fact
+    #
+    # Adds a fact with the given name and arguments.
+    #
+    # @param name [String]
+    # @param args [*[String, OsoCloud::Value]]
+    # @return [nil]
+    def tell(name, *args)
+      typed_args = args.map { |a| OsoCloud::Helpers.extract_value(a)}
+      @api.post_facts(OsoCloud::Core::Fact.new(predicate: name, args: typed_args))
+      nil
+    end
+    ##
+    # Add many facts
+    #
+    # Adds many facts at once.
+    #
+    # @param facts [Array<fact>]
+    # @return [nil]
+    # @see Oso more information about facts
+    def bulk_tell(facts)
+      @api.post_bulk_load(OsoCloud::Helpers.params_to_facts(facts))
+      nil
+    end
+    ##
+    # Delete fact
+    #
+    # Deletes a fact. Does not throw an error if the fact is not found.
+    #
+    # @param name [String]
+    # @param args [*[String, OsoCloud::Value]]
+    # @return [nil]
+    def delete(name, *args)
+      typed_args = args.map { |a| OsoCloud::Helpers.extract_value(a) }
+      @api.delete_facts(OsoCloud::Core::Fact.new(predicate: name, args: typed_args))
+      nil
+    end
+    ##
+    # Delete many facts
+    #
+    # Deletes many facts at once. Does not throw an error when some of
+    # the facts are not found.
+    #
+    # @param facts [Array<fact>]
+    # @return [nil]
+    # @see Oso more information about facts
+    def bulk_delete(facts)
+      @api.post_bulk_delete(OsoCloud::Helpers.params_to_facts(facts))
+      nil
+    end
+    ##
+    # List facts
+    #
+    # Lists facts that are stored in Oso Cloud. Can be used to check the existence
+    # of a particular fact, or used to fetch all facts that have a particular
+    # argument. nil arguments operate as wildcards.
+    #
+    # @param name [String]
+    # @param args [*[String, OsoCloud::Value, nil]]
+    # @return [Array<fact>]
+    # @see Oso more information about facts
+    def get(name, *args)
+      @api.get_facts(name, args).map do |f|
+        name = f.predicate
+        args = f.args.map do |a|
+          v = OsoCloud::Helpers.from_value(a)
+          if v.is_a? Hash
+            OsoCloud::Value.new(type: v[:type], id: v[:id])
+          else
+            v
+          end
+        end
+        [name, *args]
+      end
+    end
+    # TODO query, bulk
+  end
+end

data/lib/oso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
-module Oso
-  VERSION = '0.7.0'.freeze
+module OsoCloud
+  VERSION = '1.0.1'.freeze
 end

data/lib/oso-cloud.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'oso/oso'

data/oso-cloud.gemspec CHANGED Viewed

@@ -2,13 +2,14 @@ require_relative 'lib/oso/version'
 Gem::Specification.new do |spec|
   spec.name          = 'oso-cloud'
-  spec.version       = Oso::VERSION
+  spec.version       = OsoCloud::VERSION
   spec.authors       = ['Oso Security, Inc.']
   spec.email         = ['support@osohq.com']
-  spec.summary       = 'Oso authorization library.'
+  spec.summary       = 'Oso Cloud Ruby client'
   spec.homepage      = 'https://www.osohq.com/'
+  spec.license       = 'Apache-2.0'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 3.0.0')
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -19,5 +20,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.add_dependency 'faraday', '~> 2.5.2'
+  spec.add_dependency 'faraday-retry', '~> 2.0.0'
   spec.add_development_dependency 'minitest', '~> 5.15'
 end

metadata CHANGED Viewed

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: oso-cloud
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-06-24 00:00:00.000000000 Z
+date: 2023-03-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.5.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.5.2
+- !ruby/object:Gem::Dependency
+  name: faraday-retry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -38,11 +66,15 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
-- lib/oso/client.rb
+- lib/oso-cloud.rb
+- lib/oso/api.rb
+- lib/oso/helpers.rb
+- lib/oso/oso.rb
 - lib/oso/version.rb
 - oso-cloud.gemspec
 homepage: https://www.osohq.com/
-licenses: []
+licenses:
+- Apache-2.0
 metadata: {}
 post_install_message:
 rdoc_options: []
@@ -52,15 +84,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.2.33
 signing_key:
 specification_version: 4
-summary: Oso authorization library.
+summary: Oso Cloud Ruby client
 test_files: []

data/lib/oso/client.rb DELETED Viewed

@@ -1,198 +0,0 @@
-require 'json'
-require 'net/http'
-require 'uri'
-require 'oso/version'
-module Oso
-  class Client
-    def initialize(url: 'https://cloud.osohq.com', api_key: nil)
-      @url = url
-      @api_key = api_key
-    end
-    def policy(policy)
-      POST('policy', { src: policy })
-    end
-    def authorize(actor, action, resource, context_facts = [])
-      actor_typed_id = extract_typed_id actor
-      resource_typed_id = extract_typed_id resource
-      result = POST('authorize', {
-        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
-        action: action,
-        resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
-        context_facts: facts_to_params(context_facts)
-      })
-      allowed = result['allowed']
-      allowed
-    end
-    def authorize_resources(actor, action, resources, context_facts = [])
-      return [] if resources.nil?
-      return [] if resources.empty?
-      key = lambda do |type, id|
-        "#{type}:#{id}"
-      end
-      resources_extracted = resources.map { |r| extract_typed_id(r) }
-      actor_typed_id = extract_typed_id actor
-      result = POST('authorize_resources', {
-        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
-        action: action,
-        resources: resources_extracted,
-        context_facts: facts_to_params(context_facts)
-      })
-      return [] if result['results'].empty?
-      results_lookup = Hash.new
-      result['results'].each do |r|
-        k = key.call(r['type'], r['id'])
-        if results_lookup[k] == nil
-          results_lookup[k] = true
-        end
-      end
-      results = resources.select do |r|
-        e = extract_typed_id(r)
-        exists = results_lookup[key.call(e.type, e.id)]
-        exists
-      end
-      results
-    end
-    def list(actor, action, resource_type, context_facts = [])
-      actor_typed_id = extract_typed_id actor
-      result = POST('list', {
-        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
-        action: action,
-        resource_type: resource_type,
-        context_facts: facts_to_params(context_facts)
-      })
-      results = result['results']
-      results
-    end
-    def actions(actor, resource, context_facts = [])
-      actor_typed_id = extract_typed_id actor
-      resource_typed_id = extract_typed_id resource
-      result = POST('actions', {
-        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
-        resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
-        context_facts: facts_to_params(context_facts)
-      })
-      results = result['results']
-      results
-    end
-    def tell(predicate, *args)
-      typed_args = args.map { |a| extract_typed_id a}
-      POST('facts', { predicate: predicate, args: typed_args })
-    end
-    def bulk_tell(facts)
-      POST('bulk_load', facts_to_params(facts))
-    end
-    def delete(predicate, *args)
-      typed_args = args.map { |a| extract_typed_id a}
-      DELETE('facts', { predicate: predicate, args: typed_args })
-    end
-    def bulk_delete(facts)
-      POST('bulk_delete', facts_to_params(facts))
-    end
-    def get(predicate, *args)
-      params = {predicate: predicate}
-      args.each_with_index do |arg, i|
-        typed_id = extract_arg_query(arg)
-        if typed_id
-          params["args.#{i}.type"] = typed_id.type
-          params["args.#{i}.id"] = typed_id.id
-        end
-      end
-      GET('facts', params)
-    end
-    private
-    def headers()
-      {
-        "Authorization" => "Basic %s" % @api_key,
-        "User-Agent" => "Oso Cloud (ruby)",
-        "Accept": "application/json",
-        "Content-Type": "application/json"
-      }
-    end
-    def GET(path, params)
-      uri = URI("#{@url}/api/#{path}")
-      uri.query = URI::encode_www_form(params)
-      use_ssl = (uri.scheme == 'https')
-      result = Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl ) { |http|
-        http.request(Net::HTTP::Get.new(uri, headers)) {|r|
-          r.read_body
-        }
-      }
-      handle_result result
-    end
-    def POST(path, params)
-      result = Net::HTTP.post(URI("#{@url}/api/#{path}"), params.to_json, headers)
-      handle_result result
-    end
-    def DELETE(path, params)
-      uri = URI("#{@url}/api/#{path}")
-      use_ssl = (uri.scheme == 'https')
-      result = Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl ) { |http|
-        http.request(Net::HTTP::Delete.new(uri, headers), params.to_json) {|r|
-          r.read_body
-        }
-      }
-      handle_result result
-    end
-    def handle_result(result)
-      unless result.is_a?(Net::HTTPSuccess)
-        raise "Got an unexpected error from Oso Service: #{result.code}\n#{result.body}"
-      end
-      JSON.parse(result.body)
-    end
-    def extract_typed_id(x)
-      return TypedId.new(type: "String", id: x) if x.is_a? String
-      raise "#{x} does not have an 'id' field" unless x.respond_to? :id
-      raise "Invalid 'id' field on #{x}: #{x.id}" if x.id.nil?
-      TypedId.new(type: x.class.name, id: x.id.to_s)
-    end
-    def extract_arg_query(x)
-      return nil if x.nil?
-      extract_typed_id(x)
-    end
-    def facts_to_params(facts)
-      facts.map { |predicate, *args|
-        typed_args = args.map { |a| extract_typed_id a}
-        { predicate: predicate, args: typed_args }
-      }
-    end
-    TypedId = Struct.new(:type, :id, keyword_init: true) do
-      def to_json(*args)
-        to_h.to_json(*args)
-      end
-    end
-  end
-end