oso-cloud 1.0.1 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +5 -0
  3. data/Gemfile.lock +1 -1
  4. data/lib/oso/api.rb +73 -98
  5. data/lib/oso/helpers.rb +30 -15
  6. data/lib/oso/oso.rb +71 -52
  7. data/lib/oso/version.rb +1 -1
  8. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 339079e696596a482f6f1fe6bc875d9f88dc5415b0eaca4b4e7a04304280cc7a
4
- data.tar.gz: '099c6b0532405a7fc0cf5933b09ea03991fe43f3e2da6b726d5e33e932706b55'
3
+ metadata.gz: 0afcafa1d502f02d19ed93b21ad4606eaf59056114c496c5a9d8b72f55994c05
4
+ data.tar.gz: e9bc9ad6450429c9d2c5a1574e4451316e1f043b666da2cfbdc3ae69e1e449cf
5
5
  SHA512:
6
- metadata.gz: 441e11c7fdb4b201cf22d84195d7f0cc5454a64186c0078086ae085138a31a8ee10f667f5723b94b467aa74ee89780e1ccd853c435d044f84616b46f78a44527
7
- data.tar.gz: 56c4cb7d88820805bbd9238624f8220253c48aa19fdffe71298af26ff9369e3bf5692d49be70f439a582e4f76ff9d4b7458f45a303fa32c02296c5c2324f9f08
6
+ metadata.gz: 8e837b4bd3d8c16aa1859c93453756a35c844c5371ab9cad18d2afb88748dfc413993be213da260f73bff9d9b83ef28a734e2cfd994e706220c92c4d2ce62df4
7
+ data.tar.gz: 179d6e9639dd2cf447c4c71c6f888b5474f633ad1f323f15b46a8729e8acb86419e2e5b4f628628a4c8655d874881ee6e938d379dbd794f68ea6a18b593c580d
data/.rubocop.yml ADDED
@@ -0,0 +1,5 @@
1
+ AllCops:
2
+ TargetRubyVersion: 3.0.0
3
+ Exclude:
4
+ - "bin/**/*"
5
+ NewCops: enable
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.0.1)
4
+ oso-cloud (1.1.0)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-retry (~> 2.0.0)
7
7
 
data/lib/oso/api.rb CHANGED
@@ -26,8 +26,7 @@ module OsoCloud
26
26
 
27
27
  # @!visibility private
28
28
  class Policy
29
- attr_reader :filename
30
- attr_reader :src
29
+ attr_reader :filename, :src
31
30
 
32
31
  def initialize(filename:, src:)
33
32
  @filename = filename
@@ -40,29 +39,27 @@ module OsoCloud
40
39
  attr_reader :policy
41
40
 
42
41
  def initialize(policy:)
43
- if policy.is_a? Policy
44
- @policy = policy
45
- else
46
- @policy = Policy.new(**policy)
47
- end
42
+ @policy = if policy.is_a? Policy
43
+ policy
44
+ else
45
+ Policy.new(**policy)
46
+ end
48
47
  end
49
48
  end
50
49
 
51
50
  # @!visibility private
52
51
  class Fact
53
- attr_reader :predicate
54
- attr_reader :args
52
+ attr_reader :predicate, :args
55
53
 
56
54
  def initialize(predicate:, args:)
57
55
  @predicate = predicate
58
- @args = args.map { |v| if v.is_a? Value then v else Value.new(**v) end }
56
+ @args = args.map { |v| (v.is_a? Value) ? v : Value.new(**v) }
59
57
  end
60
58
  end
61
59
 
62
60
  # @!visibility private
63
61
  class Value
64
- attr_reader :type
65
- attr_reader :id
62
+ attr_reader :type, :id
66
63
 
67
64
  def initialize(type:, id:)
68
65
  @type = type
@@ -72,12 +69,11 @@ module OsoCloud
72
69
 
73
70
  # @!visibility private
74
71
  class Bulk
75
- attr_reader :delete
76
- attr_reader :tell
72
+ attr_reader :delete, :tell
77
73
 
78
74
  def initialize(delete:, tell:)
79
- @delete = delete.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
80
- @tell = tell.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
75
+ @delete = delete.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
76
+ @tell = tell.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
81
77
  end
82
78
  end
83
79
 
@@ -92,12 +88,7 @@ module OsoCloud
92
88
 
93
89
  # @!visibility private
94
90
  class AuthorizeQuery
95
- attr_reader :actor_type
96
- attr_reader :actor_id
97
- attr_reader :action
98
- attr_reader :resource_type
99
- attr_reader :resource_id
100
- attr_reader :context_facts
91
+ attr_reader :actor_type, :actor_id, :action, :resource_type, :resource_id, :context_facts
101
92
 
102
93
  def initialize(actor_type:, actor_id:, action:, resource_type:, resource_id:, context_facts:)
103
94
  @actor_type = actor_type
@@ -105,7 +96,7 @@ module OsoCloud
105
96
  @action = action
106
97
  @resource_type = resource_type
107
98
  @resource_id = resource_id
108
- @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
99
+ @context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
109
100
  end
110
101
  end
111
102
 
@@ -114,24 +105,20 @@ module OsoCloud
114
105
  attr_reader :results
115
106
 
116
107
  def initialize(results:)
117
- @results = results.map { |v| if v.is_a? Value then v else Value.new(**v) end }
108
+ @results = results.map { |v| (v.is_a? Value) ? v : Value.new(**v) }
118
109
  end
119
110
  end
120
111
 
121
112
  # @!visibility private
122
113
  class AuthorizeResourcesQuery
123
- attr_reader :actor_type
124
- attr_reader :actor_id
125
- attr_reader :action
126
- attr_reader :resources
127
- attr_reader :context_facts
114
+ attr_reader :actor_type, :actor_id, :action, :resources, :context_facts
128
115
 
129
116
  def initialize(actor_type:, actor_id:, action:, resources:, context_facts:)
130
117
  @actor_type = actor_type
131
118
  @actor_id = actor_id
132
119
  @action = action
133
- @resources = resources.map { |v| if v.is_a? Value then v else Value.new(**v) end }
134
- @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
120
+ @resources = resources.map { |v| (v.is_a? Value) ? v : Value.new(**v) }
121
+ @context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
135
122
  end
136
123
  end
137
124
 
@@ -146,18 +133,14 @@ module OsoCloud
146
133
 
147
134
  # @!visibility private
148
135
  class ListQuery
149
- attr_reader :actor_type
150
- attr_reader :actor_id
151
- attr_reader :action
152
- attr_reader :resource_type
153
- attr_reader :context_facts
136
+ attr_reader :actor_type, :actor_id, :action, :resource_type, :context_facts
154
137
 
155
138
  def initialize(actor_type:, actor_id:, action:, resource_type:, context_facts:)
156
139
  @actor_type = actor_type
157
140
  @actor_id = actor_id
158
141
  @action = action
159
142
  @resource_type = resource_type
160
- @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
143
+ @context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
161
144
  end
162
145
  end
163
146
 
@@ -172,18 +155,14 @@ module OsoCloud
172
155
 
173
156
  # @!visibility private
174
157
  class ActionsQuery
175
- attr_reader :actor_type
176
- attr_reader :actor_id
177
- attr_reader :resource_type
178
- attr_reader :resource_id
179
- attr_reader :context_facts
158
+ attr_reader :actor_type, :actor_id, :resource_type, :resource_id, :context_facts
180
159
 
181
160
  def initialize(actor_type:, actor_id:, resource_type:, resource_id:, context_facts:)
182
161
  @actor_type = actor_type
183
162
  @actor_id = actor_id
184
163
  @resource_type = resource_type
185
164
  @resource_id = resource_id
186
- @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
165
+ @context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
187
166
  end
188
167
  end
189
168
 
@@ -192,30 +171,27 @@ module OsoCloud
192
171
  attr_reader :results
193
172
 
194
173
  def initialize(results:)
195
- @results = results.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
174
+ @results = results.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
196
175
  end
197
176
  end
198
177
 
199
178
  # @!visibility private
200
179
  class Query
201
- attr_reader :fact
202
- attr_reader :context_facts
180
+ attr_reader :fact, :context_facts
203
181
 
204
182
  def initialize(fact:, context_facts:)
205
- if fact.is_a? Fact
206
- @fact = fact
207
- else
208
- @fact = Fact.new(**fact)
209
- end
210
- @context_facts = context_facts.map { |v| if v.is_a? Fact then v else Fact.new(**v) end }
183
+ @fact = if fact.is_a? Fact
184
+ fact
185
+ else
186
+ Fact.new(**fact)
187
+ end
188
+ @context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
211
189
  end
212
190
  end
213
191
 
214
192
  # @!visibility private
215
193
  class StatsResult
216
- attr_reader :num_roles
217
- attr_reader :num_relations
218
- attr_reader :num_facts
194
+ attr_reader :num_roles, :num_relations, :num_facts
219
195
 
220
196
  def initialize(num_roles:, num_relations:, num_facts:)
221
197
  @num_roles = num_roles
@@ -224,7 +200,6 @@ module OsoCloud
224
200
  end
225
201
  end
226
202
 
227
-
228
203
  # @!visibility private
229
204
  class Api
230
205
  def initialize(url: 'https://cloud.osohq.com', api_key: nil, options: nil)
@@ -246,7 +221,7 @@ module OsoCloud
246
221
  retry_statuses: [429, 500, 502, 503, 504],
247
222
  # ensure authorize and related check functions are retried because
248
223
  # they are POST requests, which are not retried automatically
249
- retry_if: ->(env, _exc) {
224
+ retry_if: lambda { |env, _exc|
250
225
  %w[
251
226
  /api/authorize
252
227
  /api/authorize_resources
@@ -254,18 +229,18 @@ module OsoCloud
254
229
  /api/actions
255
230
  /api/query
256
231
  ].include? env.url.path
257
- },
232
+ }
258
233
  }
259
234
 
260
- if (options && options[:test_adapter])
235
+ if options && options[:test_adapter]
261
236
  faraday.adapter :test do |stub|
262
- stub.post(options[:test_adapter][:path]) do |env|
237
+ stub.post(options[:test_adapter][:path]) do |_env|
263
238
  options[:test_adapter][:func].call
264
239
  end
265
- stub.get(options[:test_adapter][:path]) do |env|
240
+ stub.get(options[:test_adapter][:path]) do |_env|
266
241
  options[:test_adapter][:func].call
267
242
  end
268
- stub.delete(options[:test_adapter][:path]) do |env|
243
+ stub.delete(options[:test_adapter][:path]) do |_env|
269
244
  options[:test_adapter][:func].call
270
245
  end
271
246
  end
@@ -276,10 +251,10 @@ module OsoCloud
276
251
  @api_key = api_key
277
252
  end
278
253
 
279
- def get_policy()
254
+ def get_policy
280
255
  params = {}
281
256
  data = nil
282
- url = "/policy"
257
+ url = '/policy'
283
258
  result = GET(url, params, data)
284
259
  GetPolicyResult.new(**result)
285
260
  end
@@ -287,7 +262,7 @@ module OsoCloud
287
262
  def post_policy(data)
288
263
  params = {}
289
264
  data = OsoCloud::Helpers.to_hash(data)
290
- url = "/policy"
265
+ url = '/policy'
291
266
  result = POST(url, params, data)
292
267
  ApiResult.new(**result)
293
268
  end
@@ -295,7 +270,7 @@ module OsoCloud
295
270
  def post_facts(data)
296
271
  params = {}
297
272
  data = OsoCloud::Helpers.to_hash(data)
298
- url = "/facts"
273
+ url = '/facts'
299
274
  result = POST(url, params, data)
300
275
  Fact.new(**result)
301
276
  end
@@ -303,7 +278,7 @@ module OsoCloud
303
278
  def delete_facts(data)
304
279
  params = {}
305
280
  data = OsoCloud::Helpers.to_hash(data)
306
- url = "/facts"
281
+ url = '/facts'
307
282
  result = DELETE(url, params, data)
308
283
  ApiResult.new(**result)
309
284
  end
@@ -311,7 +286,7 @@ module OsoCloud
311
286
  def post_bulk_load(data)
312
287
  params = {}
313
288
  data = OsoCloud::Helpers.to_hash(data)
314
- url = "/bulk_load"
289
+ url = '/bulk_load'
315
290
  result = POST(url, params, data)
316
291
  ApiResult.new(**result)
317
292
  end
@@ -319,7 +294,7 @@ module OsoCloud
319
294
  def post_bulk_delete(data)
320
295
  params = {}
321
296
  data = OsoCloud::Helpers.to_hash(data)
322
- url = "/bulk_delete"
297
+ url = '/bulk_delete'
323
298
  result = POST(url, params, data)
324
299
  ApiResult.new(**result)
325
300
  end
@@ -327,7 +302,7 @@ module OsoCloud
327
302
  def post_bulk(data)
328
303
  params = {}
329
304
  data = OsoCloud::Helpers.to_hash(data)
330
- url = "/bulk"
305
+ url = '/bulk'
331
306
  result = POST(url, params, data)
332
307
  ApiResult.new(**result)
333
308
  end
@@ -335,7 +310,7 @@ module OsoCloud
335
310
  def post_authorize(data)
336
311
  params = {}
337
312
  data = OsoCloud::Helpers.to_hash(data)
338
- url = "/authorize"
313
+ url = '/authorize'
339
314
  result = POST(url, params, data)
340
315
  AuthorizeResult.new(**result)
341
316
  end
@@ -343,7 +318,7 @@ module OsoCloud
343
318
  def post_authorize_resources(data)
344
319
  params = {}
345
320
  data = OsoCloud::Helpers.to_hash(data)
346
- url = "/authorize_resources"
321
+ url = '/authorize_resources'
347
322
  result = POST(url, params, data)
348
323
  AuthorizeResourcesResult.new(**result)
349
324
  end
@@ -351,7 +326,7 @@ module OsoCloud
351
326
  def post_list(data)
352
327
  params = {}
353
328
  data = OsoCloud::Helpers.to_hash(data)
354
- url = "/list"
329
+ url = '/list'
355
330
  result = POST(url, params, data)
356
331
  ListResult.new(**result)
357
332
  end
@@ -359,7 +334,7 @@ module OsoCloud
359
334
  def post_actions(data)
360
335
  params = {}
361
336
  data = OsoCloud::Helpers.to_hash(data)
362
- url = "/actions"
337
+ url = '/actions'
363
338
  result = POST(url, params, data)
364
339
  ActionsResult.new(**result)
365
340
  end
@@ -367,33 +342,34 @@ module OsoCloud
367
342
  def post_query(data)
368
343
  params = {}
369
344
  data = OsoCloud::Helpers.to_hash(data)
370
- url = "/query"
345
+ url = '/query'
371
346
  result = POST(url, params, data)
372
347
  QueryResult.new(**result)
373
348
  end
374
349
 
375
- def get_stats()
350
+ def get_stats
376
351
  params = {}
377
352
  data = nil
378
- url = "/stats"
353
+ url = '/stats'
379
354
  result = GET(url, params, data)
380
355
  StatsResult.new(**result)
381
356
  end
382
357
 
383
- def clear_data()
358
+ def clear_data
384
359
  params = {}
385
360
  data = nil
386
- url = "/clear_data"
361
+ url = '/clear_data'
387
362
  result = POST(url, params, data)
388
363
  ApiResult.new(**result)
389
364
  end
390
365
 
391
-
392
366
  # hard-coded, not generated
393
367
  def get_facts(predicate, args)
394
368
  params = {}
395
- params["predicate"] = predicate
369
+ params['predicate'] = predicate
396
370
  args.each_with_index do |arg, i|
371
+ next if arg.nil?
372
+
397
373
  arg_query = OsoCloud::Helpers.extract_arg_query(arg)
398
374
  if arg_query
399
375
  params["args.#{i}.type"] = arg_query.type
@@ -401,26 +377,26 @@ module OsoCloud
401
377
  end
402
378
  end
403
379
  data = nil
404
- url = "/facts"
380
+ url = '/facts'
405
381
  result = GET(url, params, data)
406
382
  result.map { |v| Fact.new(**v) }
407
383
  end
408
384
 
409
- def headers()
385
+ def headers
410
386
  {
411
- "Authorization" => "Bearer %s" % @api_key,
412
- "User-Agent" => "Oso Cloud (ruby)",
413
- "Accept": "application/json",
414
- "Content-Type": "application/json",
415
- "X-OsoApiVersion": "0"
387
+ 'Authorization' => format('Bearer %s', @api_key),
388
+ 'User-Agent' => 'Oso Cloud (ruby)',
389
+ Accept: 'application/json',
390
+ 'Content-Type': 'application/json',
391
+ 'X-OsoApiVersion': '0'
416
392
  }
417
393
  end
418
394
 
419
- def GET(path, params, body)
420
- response = @connection.get("api#{path}", params, headers )
395
+ def GET(path, params, _body)
396
+ response = @connection.get("api#{path}", params, headers)
421
397
  handle_faraday_response response
422
- rescue Faraday::Error => error
423
- handle_faraday_error error
398
+ rescue Faraday::Error => e
399
+ handle_faraday_error e
424
400
  end
425
401
 
426
402
  def POST(path, params, body)
@@ -428,8 +404,8 @@ module OsoCloud
428
404
  req.params = params
429
405
  end
430
406
  handle_faraday_response response
431
- rescue Faraday::Error => error
432
- handle_faraday_error error
407
+ rescue Faraday::Error => e
408
+ handle_faraday_error e
433
409
  end
434
410
 
435
411
  def DELETE(path, params, body)
@@ -437,12 +413,12 @@ module OsoCloud
437
413
  req.body = body
438
414
  end
439
415
  handle_faraday_response response
440
- rescue Faraday::Error => error
441
- handle_faraday_error error
416
+ rescue Faraday::Error => e
417
+ handle_faraday_error e
442
418
  end
443
419
 
444
420
  def handle_faraday_response(response)
445
- # TODO:(@patrickod) refactor duplicative JSON parsing
421
+ # TODO: (@patrickod) refactor duplicative JSON parsing
446
422
  JSON.parse(response.env[:raw_body], symbolize_names: true)
447
423
  end
448
424
 
@@ -453,6 +429,5 @@ module OsoCloud
453
429
  raise ApiError.new(message: e.message)
454
430
  end
455
431
  end
456
-
457
432
  end
458
433
  end
data/lib/oso/helpers.rb CHANGED
@@ -3,9 +3,9 @@ module OsoCloud
3
3
  module Helpers
4
4
  # @!visibility private
5
5
  def self.extract_value(x)
6
- return OsoCloud::Core::Value.new(type: "String", id: x) if x.is_a? String
6
+ return OsoCloud::Core::Value.new(type: 'String', id: x) if x.is_a? String
7
7
 
8
- return nil if x.nil?
8
+ return OsoCloud::Core::Value.new(type: nil, id: nil) if x.nil?
9
9
 
10
10
  type = (x.type.nil? ? nil : x.type.to_s)
11
11
  id = (x.id.nil? ? nil : x.id.to_s)
@@ -14,17 +14,33 @@ module OsoCloud
14
14
 
15
15
  # @!visibility private
16
16
  def self.extract_arg_query(x)
17
- self.extract_value(x)
17
+ extract_value(x)
18
18
  end
19
19
 
20
20
  # @!visibility private
21
21
  def self.param_to_fact(predicate, args)
22
- OsoCloud::Core::Fact.new(predicate: predicate, args: args.map { |a| self.extract_value(a) })
22
+ OsoCloud::Core::Fact.new(predicate: predicate, args: args.map { |a| extract_value(a) })
23
23
  end
24
24
 
25
25
  # @!visibility private
26
26
  def self.params_to_facts(facts)
27
- facts.map { |predicate, *args| self.param_to_fact(predicate, args) }
27
+ facts.map { |predicate, *args| param_to_fact(predicate, args) }
28
+ end
29
+
30
+ # @!visibility private
31
+ def self.facts_to_params(facts)
32
+ facts.map do |f|
33
+ name = f.predicate
34
+ args = f.args.map do |a|
35
+ v = from_value(a)
36
+ if v.is_a? Hash
37
+ OsoCloud::Value.new(type: v[:type], id: v[:id])
38
+ else
39
+ v
40
+ end
41
+ end
42
+ [name, *args]
43
+ end
28
44
  end
29
45
 
30
46
  def self.from_value(value)
@@ -34,25 +50,24 @@ module OsoCloud
34
50
  else
35
51
  { type: value.type }
36
52
  end
53
+ elsif value.type == 'String'
54
+ value.id
37
55
  else
38
- if value.type == "String"
39
- value.id
40
- else
41
- { id: value.id, type: value.type }
42
- end
56
+ { id: value.id, type: value.type }
43
57
  end
44
58
  end
45
59
 
46
60
  # @!visibility private
47
61
  def self.to_hash(o)
48
- return o.map { |v| self.to_hash(v) } if o.is_a? Array
62
+ return o.map { |v| to_hash(v) } if o.is_a? Array
49
63
  return o if o.instance_variables.empty?
64
+
50
65
  hash = {}
51
- o.instance_variables.each { |var|
52
- v = var.to_s.delete("@")
66
+ o.instance_variables.each do |var|
67
+ v = var.to_s.delete('@')
53
68
  value = o.send(v)
54
- hash[v] = self.to_hash(value)
55
- }
69
+ hash[v] = to_hash(value)
70
+ end
56
71
  hash
57
72
  end
58
73
  end
data/lib/oso/oso.rb CHANGED
@@ -10,11 +10,9 @@ require 'oso/helpers'
10
10
  # For more detailed documentation, see
11
11
  # https://www.osohq.com/docs/reference/client-apis/ruby
12
12
  module OsoCloud
13
-
14
13
  # Represents an object in your application, with a type and id.
15
14
  # Both "type" and "id" should be strings.
16
- Value = Struct::new(:type, :id, keyword_init: true) do
17
-
15
+ Value = Struct.new(:type, :id, keyword_init: true) do
18
16
  def to_api_value
19
17
  OsoCloud::Helpers.extract_value(self)
20
18
  end
@@ -43,7 +41,7 @@ module OsoCloud
43
41
  # @param policy [String]
44
42
  # @return [nil]
45
43
  def policy(policy)
46
- @api.post_policy(OsoCloud::Core::Policy.new(src: policy, filename: ""))
44
+ @api.post_policy(OsoCloud::Core::Policy.new(src: policy, filename: ''))
47
45
  nil
48
46
  end
49
47
 
@@ -58,18 +56,18 @@ module OsoCloud
58
56
  # @param resource [OsoCloud::Value]
59
57
  # @param context_facts [Array<fact>]
60
58
  # @return [Boolean]
61
- # @see Oso more information about facts
59
+ # @see Oso for more information about facts
62
60
  def authorize(actor, action, resource, context_facts = [])
63
61
  actor_typed_id = actor.to_api_value
64
62
  resource_typed_id = resource.to_api_value
65
63
  result = @api.post_authorize(OsoCloud::Core::AuthorizeQuery.new(
66
- actor_type: actor_typed_id.type,
67
- actor_id: actor_typed_id.id,
68
- action: action,
69
- resource_type: resource_typed_id.type,
70
- resource_id: resource_typed_id.id,
71
- context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
72
- ))
64
+ actor_type: actor_typed_id.type,
65
+ actor_id: actor_typed_id.id,
66
+ action: action,
67
+ resource_type: resource_typed_id.type,
68
+ resource_id: resource_typed_id.id,
69
+ context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
70
+ ))
73
71
  result.allowed
74
72
  end
75
73
 
@@ -84,7 +82,7 @@ module OsoCloud
84
82
  # @param resources [Array<OsoCloud::Value>]
85
83
  # @param context_facts [Array<fact>]
86
84
  # @return [Array<OsoCloud::Value>]
87
- # @see Oso more information about facts
85
+ # @see Oso for more information about facts
88
86
  def authorize_resources(actor, action, resources, context_facts = [])
89
87
  return [] if resources.nil?
90
88
  return [] if resources.empty?
@@ -99,26 +97,23 @@ module OsoCloud
99
97
  actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
100
98
  action: action,
101
99
  resources: resources_extracted,
102
- context_facts: OsoCloud::Helpers::params_to_facts(context_facts)
100
+ context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
103
101
  )
104
102
  result = @api.post_authorize_resources(data)
105
103
 
106
104
  return [] if result.results.empty?
107
105
 
108
- results_lookup = Hash.new
106
+ results_lookup = {}
109
107
  result.results.each do |r|
110
108
  k = key.call(r.type, r.id)
111
- if results_lookup[k] == nil
112
- results_lookup[k] = true
113
- end
109
+ results_lookup[k] = true if results_lookup[k].nil?
114
110
  end
115
111
 
116
- results = resources.select do |r|
112
+ resources.select do |r|
117
113
  e = r.to_api_value
118
114
  exists = results_lookup[key.call(e.type, e.id)]
119
115
  exists
120
116
  end
121
- results
122
117
  end
123
118
 
124
119
  ##
@@ -132,16 +127,16 @@ module OsoCloud
132
127
  # @param resource_type [String]
133
128
  # @param context_facts [Array<fact>]
134
129
  # @return [Array<String>]
135
- # @see Oso more information about facts
130
+ # @see Oso for more information about facts
136
131
  def list(actor, action, resource_type, context_facts = [])
137
132
  actor_typed_id = actor.to_api_value
138
133
  result = @api.post_list(OsoCloud::Core::ListQuery.new(
139
- actor_type: actor_typed_id.type,
140
- actor_id: actor_typed_id.id,
141
- action: action,
142
- resource_type: resource_type,
143
- context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
144
- ))
134
+ actor_type: actor_typed_id.type,
135
+ actor_id: actor_typed_id.id,
136
+ action: action,
137
+ resource_type: resource_type,
138
+ context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
139
+ ))
145
140
  result.results
146
141
  end
147
142
 
@@ -154,17 +149,17 @@ module OsoCloud
154
149
  # @param resource [OsoCloud::Value]
155
150
  # @param context_facts [Array<fact>]
156
151
  # @return [Array<String>]
157
- # @see Oso more information about facts
152
+ # @see Oso for more information about facts
158
153
  def actions(actor, resource, context_facts = [])
159
154
  actor_typed_id = actor.to_api_value
160
155
  resource_typed_id = resource.to_api_value
161
156
  result = @api.post_actions(OsoCloud::Core::ActionsQuery.new(
162
- actor_type: actor_typed_id.type,
163
- actor_id: actor_typed_id.id,
164
- resource_type: resource_typed_id.type,
165
- resource_id: resource_typed_id.id,
166
- context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
167
- ))
157
+ actor_type: actor_typed_id.type,
158
+ actor_id: actor_typed_id.id,
159
+ resource_type: resource_typed_id.type,
160
+ resource_id: resource_typed_id.id,
161
+ context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
162
+ ))
168
163
  result.results
169
164
  end
170
165
 
@@ -177,7 +172,7 @@ module OsoCloud
177
172
  # @param args [*[String, OsoCloud::Value]]
178
173
  # @return [nil]
179
174
  def tell(name, *args)
180
- typed_args = args.map { |a| OsoCloud::Helpers.extract_value(a)}
175
+ typed_args = args.map { |a| OsoCloud::Helpers.extract_value(a) }
181
176
  @api.post_facts(OsoCloud::Core::Fact.new(predicate: name, args: typed_args))
182
177
  nil
183
178
  end
@@ -189,7 +184,7 @@ module OsoCloud
189
184
  #
190
185
  # @param facts [Array<fact>]
191
186
  # @return [nil]
192
- # @see Oso more information about facts
187
+ # @see Oso for more information about facts
193
188
  def bulk_tell(facts)
194
189
  @api.post_bulk_load(OsoCloud::Helpers.params_to_facts(facts))
195
190
  nil
@@ -217,12 +212,32 @@ module OsoCloud
217
212
  #
218
213
  # @param facts [Array<fact>]
219
214
  # @return [nil]
220
- # @see Oso more information about facts
215
+ # @see Oso for more information about facts
221
216
  def bulk_delete(facts)
222
217
  @api.post_bulk_delete(OsoCloud::Helpers.params_to_facts(facts))
223
218
  nil
224
219
  end
225
220
 
221
+ ##
222
+ # Transactionally delete and insert fact(s)
223
+ #
224
+ # Delete(s) are processed before insertion(s). nil arguments in facts to be
225
+ # deleted act as wildcards. Does not throw an error if facts to be deleted
226
+ # are not found or facts to be inserted already exist.
227
+ #
228
+ #
229
+ # Throws an OsoCloud::Core::Api exception if error returned from server.
230
+ #
231
+ # @param delete [Array<fact>]
232
+ # @param insert [Array<fact>]
233
+ # @return [nil]
234
+ # @see Oso for more information about facts
235
+ def bulk(delete: [], insert: [])
236
+ @api.post_bulk(OsoCloud::Core::Bulk.new(delete: OsoCloud::Helpers.params_to_facts(delete),
237
+ tell: OsoCloud::Helpers.params_to_facts(insert)))
238
+ nil
239
+ end
240
+
226
241
  ##
227
242
  # List facts
228
243
  #
@@ -233,23 +248,27 @@ module OsoCloud
233
248
  # @param name [String]
234
249
  # @param args [*[String, OsoCloud::Value, nil]]
235
250
  # @return [Array<fact>]
236
- # @see Oso more information about facts
251
+ # @see Oso for more information about facts
237
252
  def get(name, *args)
238
- @api.get_facts(name, args).map do |f|
239
- name = f.predicate
240
- args = f.args.map do |a|
241
- v = OsoCloud::Helpers.from_value(a)
242
- if v.is_a? Hash
243
- OsoCloud::Value.new(type: v[:type], id: v[:id])
244
- else
245
- v
246
- end
247
- end
248
- [name, *args]
249
- end
253
+ OsoCloud::Helpers.facts_to_params(@api.get_facts(name, args))
250
254
  end
251
255
 
252
-
253
- # TODO query, bulk
256
+ ##
257
+ # List added and derived facts
258
+ #
259
+ # Lists facts that are stored in Oso Cloud in addition to derived facts
260
+ # from evaluating the policy. nil arguments operate as wildcards.
261
+ #
262
+ # @param name [String]
263
+ # @param args [Array<[String, OsoCloud::Value, nil]>]
264
+ # @param context_facts [Array<fact>]
265
+ # @return [Array<fact>]
266
+ # @see Oso for more information about facts
267
+ def query(name, *args, context_facts: [])
268
+ typed_args = args.map { |a| OsoCloud::Helpers.extract_value(a) }
269
+ result = @api.post_query(OsoCloud::Core::Query.new(fact: OsoCloud::Helpers.param_to_fact(name, typed_args),
270
+ context_facts: OsoCloud::Helpers.params_to_facts(context_facts)))
271
+ OsoCloud::Helpers.facts_to_params(result.results)
272
+ end
254
273
  end
255
274
  end
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.0.1'.freeze
2
+ VERSION = '1.1.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-03-29 00:00:00.000000000 Z
11
+ date: 2023-03-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -60,6 +60,7 @@ extensions: []
60
60
  extra_rdoc_files: []
61
61
  files:
62
62
  - ".gitignore"
63
+ - ".rubocop.yml"
63
64
  - Gemfile
64
65
  - Gemfile.lock
65
66
  - README.md