oso-cloud 1.0.1 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +5 -0
- data/Gemfile.lock +1 -1
- data/lib/oso/api.rb +75 -98
- data/lib/oso/helpers.rb +30 -15
- data/lib/oso/oso.rb +71 -52
- data/lib/oso/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9268075db2dd7d76b41905d870962afa84ec350ff9d0b335f4c473cef169868e
|
|
4
|
+
data.tar.gz: 7eacd7959071d7d2500ceeebf14d09846d5482cd5189139a92667155df796db9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8fbea6dd735db2f768fd9d1c8a6af8b3219abc5e688b3d9bc2e557b512aa9303fa2e6afa792f701aa60bebc0443d6703fa6fcd3e48ce5a6fcfd3aad8a09e17c4
|
|
7
|
+
data.tar.gz: 84baac085041cf7d3e34c0b2261b3bf66a83245ea82d42b42ed3d47de39600d28939e31bf119d000477d5e67dce09a40a3a4a64bd60ecf0bf80ceb1d2f3d8c97
|
data/.rubocop.yml
ADDED
data/Gemfile.lock
CHANGED
data/lib/oso/api.rb
CHANGED
|
@@ -4,6 +4,7 @@ require 'faraday'
|
|
|
4
4
|
require 'faraday/retry'
|
|
5
5
|
|
|
6
6
|
require 'oso/helpers'
|
|
7
|
+
require 'oso/version'
|
|
7
8
|
|
|
8
9
|
module OsoCloud
|
|
9
10
|
# @!visibility private
|
|
@@ -26,8 +27,7 @@ module OsoCloud
|
|
|
26
27
|
|
|
27
28
|
# @!visibility private
|
|
28
29
|
class Policy
|
|
29
|
-
attr_reader :filename
|
|
30
|
-
attr_reader :src
|
|
30
|
+
attr_reader :filename, :src
|
|
31
31
|
|
|
32
32
|
def initialize(filename:, src:)
|
|
33
33
|
@filename = filename
|
|
@@ -40,29 +40,27 @@ module OsoCloud
|
|
|
40
40
|
attr_reader :policy
|
|
41
41
|
|
|
42
42
|
def initialize(policy:)
|
|
43
|
-
if policy.is_a? Policy
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
43
|
+
@policy = if policy.is_a? Policy
|
|
44
|
+
policy
|
|
45
|
+
else
|
|
46
|
+
Policy.new(**policy)
|
|
47
|
+
end
|
|
48
48
|
end
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
# @!visibility private
|
|
52
52
|
class Fact
|
|
53
|
-
attr_reader :predicate
|
|
54
|
-
attr_reader :args
|
|
53
|
+
attr_reader :predicate, :args
|
|
55
54
|
|
|
56
55
|
def initialize(predicate:, args:)
|
|
57
56
|
@predicate = predicate
|
|
58
|
-
@args = args.map { |v|
|
|
57
|
+
@args = args.map { |v| (v.is_a? Value) ? v : Value.new(**v) }
|
|
59
58
|
end
|
|
60
59
|
end
|
|
61
60
|
|
|
62
61
|
# @!visibility private
|
|
63
62
|
class Value
|
|
64
|
-
attr_reader :type
|
|
65
|
-
attr_reader :id
|
|
63
|
+
attr_reader :type, :id
|
|
66
64
|
|
|
67
65
|
def initialize(type:, id:)
|
|
68
66
|
@type = type
|
|
@@ -72,12 +70,11 @@ module OsoCloud
|
|
|
72
70
|
|
|
73
71
|
# @!visibility private
|
|
74
72
|
class Bulk
|
|
75
|
-
attr_reader :delete
|
|
76
|
-
attr_reader :tell
|
|
73
|
+
attr_reader :delete, :tell
|
|
77
74
|
|
|
78
75
|
def initialize(delete:, tell:)
|
|
79
|
-
@delete = delete.map { |v|
|
|
80
|
-
@tell = tell.map { |v|
|
|
76
|
+
@delete = delete.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
|
|
77
|
+
@tell = tell.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
|
|
81
78
|
end
|
|
82
79
|
end
|
|
83
80
|
|
|
@@ -92,12 +89,7 @@ module OsoCloud
|
|
|
92
89
|
|
|
93
90
|
# @!visibility private
|
|
94
91
|
class AuthorizeQuery
|
|
95
|
-
attr_reader :actor_type
|
|
96
|
-
attr_reader :actor_id
|
|
97
|
-
attr_reader :action
|
|
98
|
-
attr_reader :resource_type
|
|
99
|
-
attr_reader :resource_id
|
|
100
|
-
attr_reader :context_facts
|
|
92
|
+
attr_reader :actor_type, :actor_id, :action, :resource_type, :resource_id, :context_facts
|
|
101
93
|
|
|
102
94
|
def initialize(actor_type:, actor_id:, action:, resource_type:, resource_id:, context_facts:)
|
|
103
95
|
@actor_type = actor_type
|
|
@@ -105,7 +97,7 @@ module OsoCloud
|
|
|
105
97
|
@action = action
|
|
106
98
|
@resource_type = resource_type
|
|
107
99
|
@resource_id = resource_id
|
|
108
|
-
@context_facts = context_facts.map { |v|
|
|
100
|
+
@context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
|
|
109
101
|
end
|
|
110
102
|
end
|
|
111
103
|
|
|
@@ -114,24 +106,20 @@ module OsoCloud
|
|
|
114
106
|
attr_reader :results
|
|
115
107
|
|
|
116
108
|
def initialize(results:)
|
|
117
|
-
@results = results.map { |v|
|
|
109
|
+
@results = results.map { |v| (v.is_a? Value) ? v : Value.new(**v) }
|
|
118
110
|
end
|
|
119
111
|
end
|
|
120
112
|
|
|
121
113
|
# @!visibility private
|
|
122
114
|
class AuthorizeResourcesQuery
|
|
123
|
-
attr_reader :actor_type
|
|
124
|
-
attr_reader :actor_id
|
|
125
|
-
attr_reader :action
|
|
126
|
-
attr_reader :resources
|
|
127
|
-
attr_reader :context_facts
|
|
115
|
+
attr_reader :actor_type, :actor_id, :action, :resources, :context_facts
|
|
128
116
|
|
|
129
117
|
def initialize(actor_type:, actor_id:, action:, resources:, context_facts:)
|
|
130
118
|
@actor_type = actor_type
|
|
131
119
|
@actor_id = actor_id
|
|
132
120
|
@action = action
|
|
133
|
-
@resources = resources.map { |v|
|
|
134
|
-
@context_facts = context_facts.map { |v|
|
|
121
|
+
@resources = resources.map { |v| (v.is_a? Value) ? v : Value.new(**v) }
|
|
122
|
+
@context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
|
|
135
123
|
end
|
|
136
124
|
end
|
|
137
125
|
|
|
@@ -146,18 +134,14 @@ module OsoCloud
|
|
|
146
134
|
|
|
147
135
|
# @!visibility private
|
|
148
136
|
class ListQuery
|
|
149
|
-
attr_reader :actor_type
|
|
150
|
-
attr_reader :actor_id
|
|
151
|
-
attr_reader :action
|
|
152
|
-
attr_reader :resource_type
|
|
153
|
-
attr_reader :context_facts
|
|
137
|
+
attr_reader :actor_type, :actor_id, :action, :resource_type, :context_facts
|
|
154
138
|
|
|
155
139
|
def initialize(actor_type:, actor_id:, action:, resource_type:, context_facts:)
|
|
156
140
|
@actor_type = actor_type
|
|
157
141
|
@actor_id = actor_id
|
|
158
142
|
@action = action
|
|
159
143
|
@resource_type = resource_type
|
|
160
|
-
@context_facts = context_facts.map { |v|
|
|
144
|
+
@context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
|
|
161
145
|
end
|
|
162
146
|
end
|
|
163
147
|
|
|
@@ -172,18 +156,14 @@ module OsoCloud
|
|
|
172
156
|
|
|
173
157
|
# @!visibility private
|
|
174
158
|
class ActionsQuery
|
|
175
|
-
attr_reader :actor_type
|
|
176
|
-
attr_reader :actor_id
|
|
177
|
-
attr_reader :resource_type
|
|
178
|
-
attr_reader :resource_id
|
|
179
|
-
attr_reader :context_facts
|
|
159
|
+
attr_reader :actor_type, :actor_id, :resource_type, :resource_id, :context_facts
|
|
180
160
|
|
|
181
161
|
def initialize(actor_type:, actor_id:, resource_type:, resource_id:, context_facts:)
|
|
182
162
|
@actor_type = actor_type
|
|
183
163
|
@actor_id = actor_id
|
|
184
164
|
@resource_type = resource_type
|
|
185
165
|
@resource_id = resource_id
|
|
186
|
-
@context_facts = context_facts.map { |v|
|
|
166
|
+
@context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
|
|
187
167
|
end
|
|
188
168
|
end
|
|
189
169
|
|
|
@@ -192,30 +172,27 @@ module OsoCloud
|
|
|
192
172
|
attr_reader :results
|
|
193
173
|
|
|
194
174
|
def initialize(results:)
|
|
195
|
-
@results = results.map { |v|
|
|
175
|
+
@results = results.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
|
|
196
176
|
end
|
|
197
177
|
end
|
|
198
178
|
|
|
199
179
|
# @!visibility private
|
|
200
180
|
class Query
|
|
201
|
-
attr_reader :fact
|
|
202
|
-
attr_reader :context_facts
|
|
181
|
+
attr_reader :fact, :context_facts
|
|
203
182
|
|
|
204
183
|
def initialize(fact:, context_facts:)
|
|
205
|
-
if fact.is_a? Fact
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
@context_facts = context_facts.map { |v|
|
|
184
|
+
@fact = if fact.is_a? Fact
|
|
185
|
+
fact
|
|
186
|
+
else
|
|
187
|
+
Fact.new(**fact)
|
|
188
|
+
end
|
|
189
|
+
@context_facts = context_facts.map { |v| (v.is_a? Fact) ? v : Fact.new(**v) }
|
|
211
190
|
end
|
|
212
191
|
end
|
|
213
192
|
|
|
214
193
|
# @!visibility private
|
|
215
194
|
class StatsResult
|
|
216
|
-
attr_reader :num_roles
|
|
217
|
-
attr_reader :num_relations
|
|
218
|
-
attr_reader :num_facts
|
|
195
|
+
attr_reader :num_roles, :num_relations, :num_facts
|
|
219
196
|
|
|
220
197
|
def initialize(num_roles:, num_relations:, num_facts:)
|
|
221
198
|
@num_roles = num_roles
|
|
@@ -224,7 +201,6 @@ module OsoCloud
|
|
|
224
201
|
end
|
|
225
202
|
end
|
|
226
203
|
|
|
227
|
-
|
|
228
204
|
# @!visibility private
|
|
229
205
|
class Api
|
|
230
206
|
def initialize(url: 'https://cloud.osohq.com', api_key: nil, options: nil)
|
|
@@ -246,7 +222,7 @@ module OsoCloud
|
|
|
246
222
|
retry_statuses: [429, 500, 502, 503, 504],
|
|
247
223
|
# ensure authorize and related check functions are retried because
|
|
248
224
|
# they are POST requests, which are not retried automatically
|
|
249
|
-
retry_if:
|
|
225
|
+
retry_if: lambda { |env, _exc|
|
|
250
226
|
%w[
|
|
251
227
|
/api/authorize
|
|
252
228
|
/api/authorize_resources
|
|
@@ -254,18 +230,18 @@ module OsoCloud
|
|
|
254
230
|
/api/actions
|
|
255
231
|
/api/query
|
|
256
232
|
].include? env.url.path
|
|
257
|
-
}
|
|
233
|
+
}
|
|
258
234
|
}
|
|
259
235
|
|
|
260
|
-
if
|
|
236
|
+
if options && options[:test_adapter]
|
|
261
237
|
faraday.adapter :test do |stub|
|
|
262
|
-
stub.post(options[:test_adapter][:path]) do |
|
|
238
|
+
stub.post(options[:test_adapter][:path]) do |_env|
|
|
263
239
|
options[:test_adapter][:func].call
|
|
264
240
|
end
|
|
265
|
-
stub.get(options[:test_adapter][:path]) do |
|
|
241
|
+
stub.get(options[:test_adapter][:path]) do |_env|
|
|
266
242
|
options[:test_adapter][:func].call
|
|
267
243
|
end
|
|
268
|
-
stub.delete(options[:test_adapter][:path]) do |
|
|
244
|
+
stub.delete(options[:test_adapter][:path]) do |_env|
|
|
269
245
|
options[:test_adapter][:func].call
|
|
270
246
|
end
|
|
271
247
|
end
|
|
@@ -274,12 +250,13 @@ module OsoCloud
|
|
|
274
250
|
end
|
|
275
251
|
end
|
|
276
252
|
@api_key = api_key
|
|
253
|
+
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
|
277
254
|
end
|
|
278
255
|
|
|
279
|
-
def get_policy
|
|
256
|
+
def get_policy
|
|
280
257
|
params = {}
|
|
281
258
|
data = nil
|
|
282
|
-
url =
|
|
259
|
+
url = '/policy'
|
|
283
260
|
result = GET(url, params, data)
|
|
284
261
|
GetPolicyResult.new(**result)
|
|
285
262
|
end
|
|
@@ -287,7 +264,7 @@ module OsoCloud
|
|
|
287
264
|
def post_policy(data)
|
|
288
265
|
params = {}
|
|
289
266
|
data = OsoCloud::Helpers.to_hash(data)
|
|
290
|
-
url =
|
|
267
|
+
url = '/policy'
|
|
291
268
|
result = POST(url, params, data)
|
|
292
269
|
ApiResult.new(**result)
|
|
293
270
|
end
|
|
@@ -295,7 +272,7 @@ module OsoCloud
|
|
|
295
272
|
def post_facts(data)
|
|
296
273
|
params = {}
|
|
297
274
|
data = OsoCloud::Helpers.to_hash(data)
|
|
298
|
-
url =
|
|
275
|
+
url = '/facts'
|
|
299
276
|
result = POST(url, params, data)
|
|
300
277
|
Fact.new(**result)
|
|
301
278
|
end
|
|
@@ -303,7 +280,7 @@ module OsoCloud
|
|
|
303
280
|
def delete_facts(data)
|
|
304
281
|
params = {}
|
|
305
282
|
data = OsoCloud::Helpers.to_hash(data)
|
|
306
|
-
url =
|
|
283
|
+
url = '/facts'
|
|
307
284
|
result = DELETE(url, params, data)
|
|
308
285
|
ApiResult.new(**result)
|
|
309
286
|
end
|
|
@@ -311,7 +288,7 @@ module OsoCloud
|
|
|
311
288
|
def post_bulk_load(data)
|
|
312
289
|
params = {}
|
|
313
290
|
data = OsoCloud::Helpers.to_hash(data)
|
|
314
|
-
url =
|
|
291
|
+
url = '/bulk_load'
|
|
315
292
|
result = POST(url, params, data)
|
|
316
293
|
ApiResult.new(**result)
|
|
317
294
|
end
|
|
@@ -319,7 +296,7 @@ module OsoCloud
|
|
|
319
296
|
def post_bulk_delete(data)
|
|
320
297
|
params = {}
|
|
321
298
|
data = OsoCloud::Helpers.to_hash(data)
|
|
322
|
-
url =
|
|
299
|
+
url = '/bulk_delete'
|
|
323
300
|
result = POST(url, params, data)
|
|
324
301
|
ApiResult.new(**result)
|
|
325
302
|
end
|
|
@@ -327,7 +304,7 @@ module OsoCloud
|
|
|
327
304
|
def post_bulk(data)
|
|
328
305
|
params = {}
|
|
329
306
|
data = OsoCloud::Helpers.to_hash(data)
|
|
330
|
-
url =
|
|
307
|
+
url = '/bulk'
|
|
331
308
|
result = POST(url, params, data)
|
|
332
309
|
ApiResult.new(**result)
|
|
333
310
|
end
|
|
@@ -335,7 +312,7 @@ module OsoCloud
|
|
|
335
312
|
def post_authorize(data)
|
|
336
313
|
params = {}
|
|
337
314
|
data = OsoCloud::Helpers.to_hash(data)
|
|
338
|
-
url =
|
|
315
|
+
url = '/authorize'
|
|
339
316
|
result = POST(url, params, data)
|
|
340
317
|
AuthorizeResult.new(**result)
|
|
341
318
|
end
|
|
@@ -343,7 +320,7 @@ module OsoCloud
|
|
|
343
320
|
def post_authorize_resources(data)
|
|
344
321
|
params = {}
|
|
345
322
|
data = OsoCloud::Helpers.to_hash(data)
|
|
346
|
-
url =
|
|
323
|
+
url = '/authorize_resources'
|
|
347
324
|
result = POST(url, params, data)
|
|
348
325
|
AuthorizeResourcesResult.new(**result)
|
|
349
326
|
end
|
|
@@ -351,7 +328,7 @@ module OsoCloud
|
|
|
351
328
|
def post_list(data)
|
|
352
329
|
params = {}
|
|
353
330
|
data = OsoCloud::Helpers.to_hash(data)
|
|
354
|
-
url =
|
|
331
|
+
url = '/list'
|
|
355
332
|
result = POST(url, params, data)
|
|
356
333
|
ListResult.new(**result)
|
|
357
334
|
end
|
|
@@ -359,7 +336,7 @@ module OsoCloud
|
|
|
359
336
|
def post_actions(data)
|
|
360
337
|
params = {}
|
|
361
338
|
data = OsoCloud::Helpers.to_hash(data)
|
|
362
|
-
url =
|
|
339
|
+
url = '/actions'
|
|
363
340
|
result = POST(url, params, data)
|
|
364
341
|
ActionsResult.new(**result)
|
|
365
342
|
end
|
|
@@ -367,33 +344,34 @@ module OsoCloud
|
|
|
367
344
|
def post_query(data)
|
|
368
345
|
params = {}
|
|
369
346
|
data = OsoCloud::Helpers.to_hash(data)
|
|
370
|
-
url =
|
|
347
|
+
url = '/query'
|
|
371
348
|
result = POST(url, params, data)
|
|
372
349
|
QueryResult.new(**result)
|
|
373
350
|
end
|
|
374
351
|
|
|
375
|
-
def get_stats
|
|
352
|
+
def get_stats
|
|
376
353
|
params = {}
|
|
377
354
|
data = nil
|
|
378
|
-
url =
|
|
355
|
+
url = '/stats'
|
|
379
356
|
result = GET(url, params, data)
|
|
380
357
|
StatsResult.new(**result)
|
|
381
358
|
end
|
|
382
359
|
|
|
383
|
-
def clear_data
|
|
360
|
+
def clear_data
|
|
384
361
|
params = {}
|
|
385
362
|
data = nil
|
|
386
|
-
url =
|
|
363
|
+
url = '/clear_data'
|
|
387
364
|
result = POST(url, params, data)
|
|
388
365
|
ApiResult.new(**result)
|
|
389
366
|
end
|
|
390
367
|
|
|
391
|
-
|
|
392
368
|
# hard-coded, not generated
|
|
393
369
|
def get_facts(predicate, args)
|
|
394
370
|
params = {}
|
|
395
|
-
params[
|
|
371
|
+
params['predicate'] = predicate
|
|
396
372
|
args.each_with_index do |arg, i|
|
|
373
|
+
next if arg.nil?
|
|
374
|
+
|
|
397
375
|
arg_query = OsoCloud::Helpers.extract_arg_query(arg)
|
|
398
376
|
if arg_query
|
|
399
377
|
params["args.#{i}.type"] = arg_query.type
|
|
@@ -401,26 +379,26 @@ module OsoCloud
|
|
|
401
379
|
end
|
|
402
380
|
end
|
|
403
381
|
data = nil
|
|
404
|
-
url =
|
|
382
|
+
url = '/facts'
|
|
405
383
|
result = GET(url, params, data)
|
|
406
384
|
result.map { |v| Fact.new(**v) }
|
|
407
385
|
end
|
|
408
386
|
|
|
409
|
-
def headers
|
|
387
|
+
def headers
|
|
410
388
|
{
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
389
|
+
'Authorization' => format('Bearer %s', @api_key),
|
|
390
|
+
'User-Agent' => @user_agent,
|
|
391
|
+
Accept: 'application/json',
|
|
392
|
+
'Content-Type': 'application/json',
|
|
393
|
+
'X-OsoApiVersion': '0'
|
|
416
394
|
}
|
|
417
395
|
end
|
|
418
396
|
|
|
419
|
-
def GET(path, params,
|
|
420
|
-
response = @connection.get("api#{path}", params, headers
|
|
397
|
+
def GET(path, params, _body)
|
|
398
|
+
response = @connection.get("api#{path}", params, headers)
|
|
421
399
|
handle_faraday_response response
|
|
422
|
-
rescue Faraday::Error =>
|
|
423
|
-
handle_faraday_error
|
|
400
|
+
rescue Faraday::Error => e
|
|
401
|
+
handle_faraday_error e
|
|
424
402
|
end
|
|
425
403
|
|
|
426
404
|
def POST(path, params, body)
|
|
@@ -428,8 +406,8 @@ module OsoCloud
|
|
|
428
406
|
req.params = params
|
|
429
407
|
end
|
|
430
408
|
handle_faraday_response response
|
|
431
|
-
rescue Faraday::Error =>
|
|
432
|
-
handle_faraday_error
|
|
409
|
+
rescue Faraday::Error => e
|
|
410
|
+
handle_faraday_error e
|
|
433
411
|
end
|
|
434
412
|
|
|
435
413
|
def DELETE(path, params, body)
|
|
@@ -437,12 +415,12 @@ module OsoCloud
|
|
|
437
415
|
req.body = body
|
|
438
416
|
end
|
|
439
417
|
handle_faraday_response response
|
|
440
|
-
rescue Faraday::Error =>
|
|
441
|
-
handle_faraday_error
|
|
418
|
+
rescue Faraday::Error => e
|
|
419
|
+
handle_faraday_error e
|
|
442
420
|
end
|
|
443
421
|
|
|
444
422
|
def handle_faraday_response(response)
|
|
445
|
-
# TODO:(@patrickod) refactor duplicative JSON parsing
|
|
423
|
+
# TODO: (@patrickod) refactor duplicative JSON parsing
|
|
446
424
|
JSON.parse(response.env[:raw_body], symbolize_names: true)
|
|
447
425
|
end
|
|
448
426
|
|
|
@@ -453,6 +431,5 @@ module OsoCloud
|
|
|
453
431
|
raise ApiError.new(message: e.message)
|
|
454
432
|
end
|
|
455
433
|
end
|
|
456
|
-
|
|
457
434
|
end
|
|
458
435
|
end
|
data/lib/oso/helpers.rb
CHANGED
|
@@ -3,9 +3,9 @@ module OsoCloud
|
|
|
3
3
|
module Helpers
|
|
4
4
|
# @!visibility private
|
|
5
5
|
def self.extract_value(x)
|
|
6
|
-
return OsoCloud::Core::Value.new(type:
|
|
6
|
+
return OsoCloud::Core::Value.new(type: 'String', id: x) if x.is_a? String
|
|
7
7
|
|
|
8
|
-
return nil if x.nil?
|
|
8
|
+
return OsoCloud::Core::Value.new(type: nil, id: nil) if x.nil?
|
|
9
9
|
|
|
10
10
|
type = (x.type.nil? ? nil : x.type.to_s)
|
|
11
11
|
id = (x.id.nil? ? nil : x.id.to_s)
|
|
@@ -14,17 +14,33 @@ module OsoCloud
|
|
|
14
14
|
|
|
15
15
|
# @!visibility private
|
|
16
16
|
def self.extract_arg_query(x)
|
|
17
|
-
|
|
17
|
+
extract_value(x)
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
# @!visibility private
|
|
21
21
|
def self.param_to_fact(predicate, args)
|
|
22
|
-
OsoCloud::Core::Fact.new(predicate: predicate, args: args.map { |a|
|
|
22
|
+
OsoCloud::Core::Fact.new(predicate: predicate, args: args.map { |a| extract_value(a) })
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
# @!visibility private
|
|
26
26
|
def self.params_to_facts(facts)
|
|
27
|
-
facts.map { |predicate, *args|
|
|
27
|
+
facts.map { |predicate, *args| param_to_fact(predicate, args) }
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# @!visibility private
|
|
31
|
+
def self.facts_to_params(facts)
|
|
32
|
+
facts.map do |f|
|
|
33
|
+
name = f.predicate
|
|
34
|
+
args = f.args.map do |a|
|
|
35
|
+
v = from_value(a)
|
|
36
|
+
if v.is_a? Hash
|
|
37
|
+
OsoCloud::Value.new(type: v[:type], id: v[:id])
|
|
38
|
+
else
|
|
39
|
+
v
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
[name, *args]
|
|
43
|
+
end
|
|
28
44
|
end
|
|
29
45
|
|
|
30
46
|
def self.from_value(value)
|
|
@@ -34,25 +50,24 @@ module OsoCloud
|
|
|
34
50
|
else
|
|
35
51
|
{ type: value.type }
|
|
36
52
|
end
|
|
53
|
+
elsif value.type == 'String'
|
|
54
|
+
value.id
|
|
37
55
|
else
|
|
38
|
-
|
|
39
|
-
value.id
|
|
40
|
-
else
|
|
41
|
-
{ id: value.id, type: value.type }
|
|
42
|
-
end
|
|
56
|
+
{ id: value.id, type: value.type }
|
|
43
57
|
end
|
|
44
58
|
end
|
|
45
59
|
|
|
46
60
|
# @!visibility private
|
|
47
61
|
def self.to_hash(o)
|
|
48
|
-
return o.map { |v|
|
|
62
|
+
return o.map { |v| to_hash(v) } if o.is_a? Array
|
|
49
63
|
return o if o.instance_variables.empty?
|
|
64
|
+
|
|
50
65
|
hash = {}
|
|
51
|
-
o.instance_variables.each
|
|
52
|
-
v = var.to_s.delete(
|
|
66
|
+
o.instance_variables.each do |var|
|
|
67
|
+
v = var.to_s.delete('@')
|
|
53
68
|
value = o.send(v)
|
|
54
|
-
hash[v] =
|
|
55
|
-
|
|
69
|
+
hash[v] = to_hash(value)
|
|
70
|
+
end
|
|
56
71
|
hash
|
|
57
72
|
end
|
|
58
73
|
end
|
data/lib/oso/oso.rb
CHANGED
|
@@ -10,11 +10,9 @@ require 'oso/helpers'
|
|
|
10
10
|
# For more detailed documentation, see
|
|
11
11
|
# https://www.osohq.com/docs/reference/client-apis/ruby
|
|
12
12
|
module OsoCloud
|
|
13
|
-
|
|
14
13
|
# Represents an object in your application, with a type and id.
|
|
15
14
|
# Both "type" and "id" should be strings.
|
|
16
|
-
Value = Struct
|
|
17
|
-
|
|
15
|
+
Value = Struct.new(:type, :id, keyword_init: true) do
|
|
18
16
|
def to_api_value
|
|
19
17
|
OsoCloud::Helpers.extract_value(self)
|
|
20
18
|
end
|
|
@@ -43,7 +41,7 @@ module OsoCloud
|
|
|
43
41
|
# @param policy [String]
|
|
44
42
|
# @return [nil]
|
|
45
43
|
def policy(policy)
|
|
46
|
-
@api.post_policy(OsoCloud::Core::Policy.new(src: policy, filename:
|
|
44
|
+
@api.post_policy(OsoCloud::Core::Policy.new(src: policy, filename: ''))
|
|
47
45
|
nil
|
|
48
46
|
end
|
|
49
47
|
|
|
@@ -58,18 +56,18 @@ module OsoCloud
|
|
|
58
56
|
# @param resource [OsoCloud::Value]
|
|
59
57
|
# @param context_facts [Array<fact>]
|
|
60
58
|
# @return [Boolean]
|
|
61
|
-
# @see Oso more information about facts
|
|
59
|
+
# @see Oso for more information about facts
|
|
62
60
|
def authorize(actor, action, resource, context_facts = [])
|
|
63
61
|
actor_typed_id = actor.to_api_value
|
|
64
62
|
resource_typed_id = resource.to_api_value
|
|
65
63
|
result = @api.post_authorize(OsoCloud::Core::AuthorizeQuery.new(
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
64
|
+
actor_type: actor_typed_id.type,
|
|
65
|
+
actor_id: actor_typed_id.id,
|
|
66
|
+
action: action,
|
|
67
|
+
resource_type: resource_typed_id.type,
|
|
68
|
+
resource_id: resource_typed_id.id,
|
|
69
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
|
70
|
+
))
|
|
73
71
|
result.allowed
|
|
74
72
|
end
|
|
75
73
|
|
|
@@ -84,7 +82,7 @@ module OsoCloud
|
|
|
84
82
|
# @param resources [Array<OsoCloud::Value>]
|
|
85
83
|
# @param context_facts [Array<fact>]
|
|
86
84
|
# @return [Array<OsoCloud::Value>]
|
|
87
|
-
# @see Oso more information about facts
|
|
85
|
+
# @see Oso for more information about facts
|
|
88
86
|
def authorize_resources(actor, action, resources, context_facts = [])
|
|
89
87
|
return [] if resources.nil?
|
|
90
88
|
return [] if resources.empty?
|
|
@@ -99,26 +97,23 @@ module OsoCloud
|
|
|
99
97
|
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
100
98
|
action: action,
|
|
101
99
|
resources: resources_extracted,
|
|
102
|
-
context_facts: OsoCloud::Helpers
|
|
100
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
|
103
101
|
)
|
|
104
102
|
result = @api.post_authorize_resources(data)
|
|
105
103
|
|
|
106
104
|
return [] if result.results.empty?
|
|
107
105
|
|
|
108
|
-
results_lookup =
|
|
106
|
+
results_lookup = {}
|
|
109
107
|
result.results.each do |r|
|
|
110
108
|
k = key.call(r.type, r.id)
|
|
111
|
-
if results_lookup[k]
|
|
112
|
-
results_lookup[k] = true
|
|
113
|
-
end
|
|
109
|
+
results_lookup[k] = true if results_lookup[k].nil?
|
|
114
110
|
end
|
|
115
111
|
|
|
116
|
-
|
|
112
|
+
resources.select do |r|
|
|
117
113
|
e = r.to_api_value
|
|
118
114
|
exists = results_lookup[key.call(e.type, e.id)]
|
|
119
115
|
exists
|
|
120
116
|
end
|
|
121
|
-
results
|
|
122
117
|
end
|
|
123
118
|
|
|
124
119
|
##
|
|
@@ -132,16 +127,16 @@ module OsoCloud
|
|
|
132
127
|
# @param resource_type [String]
|
|
133
128
|
# @param context_facts [Array<fact>]
|
|
134
129
|
# @return [Array<String>]
|
|
135
|
-
# @see Oso more information about facts
|
|
130
|
+
# @see Oso for more information about facts
|
|
136
131
|
def list(actor, action, resource_type, context_facts = [])
|
|
137
132
|
actor_typed_id = actor.to_api_value
|
|
138
133
|
result = @api.post_list(OsoCloud::Core::ListQuery.new(
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
134
|
+
actor_type: actor_typed_id.type,
|
|
135
|
+
actor_id: actor_typed_id.id,
|
|
136
|
+
action: action,
|
|
137
|
+
resource_type: resource_type,
|
|
138
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
|
139
|
+
))
|
|
145
140
|
result.results
|
|
146
141
|
end
|
|
147
142
|
|
|
@@ -154,17 +149,17 @@ module OsoCloud
|
|
|
154
149
|
# @param resource [OsoCloud::Value]
|
|
155
150
|
# @param context_facts [Array<fact>]
|
|
156
151
|
# @return [Array<String>]
|
|
157
|
-
# @see Oso more information about facts
|
|
152
|
+
# @see Oso for more information about facts
|
|
158
153
|
def actions(actor, resource, context_facts = [])
|
|
159
154
|
actor_typed_id = actor.to_api_value
|
|
160
155
|
resource_typed_id = resource.to_api_value
|
|
161
156
|
result = @api.post_actions(OsoCloud::Core::ActionsQuery.new(
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
157
|
+
actor_type: actor_typed_id.type,
|
|
158
|
+
actor_id: actor_typed_id.id,
|
|
159
|
+
resource_type: resource_typed_id.type,
|
|
160
|
+
resource_id: resource_typed_id.id,
|
|
161
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
|
162
|
+
))
|
|
168
163
|
result.results
|
|
169
164
|
end
|
|
170
165
|
|
|
@@ -177,7 +172,7 @@ module OsoCloud
|
|
|
177
172
|
# @param args [*[String, OsoCloud::Value]]
|
|
178
173
|
# @return [nil]
|
|
179
174
|
def tell(name, *args)
|
|
180
|
-
typed_args = args.map { |a| OsoCloud::Helpers.extract_value(a)}
|
|
175
|
+
typed_args = args.map { |a| OsoCloud::Helpers.extract_value(a) }
|
|
181
176
|
@api.post_facts(OsoCloud::Core::Fact.new(predicate: name, args: typed_args))
|
|
182
177
|
nil
|
|
183
178
|
end
|
|
@@ -189,7 +184,7 @@ module OsoCloud
|
|
|
189
184
|
#
|
|
190
185
|
# @param facts [Array<fact>]
|
|
191
186
|
# @return [nil]
|
|
192
|
-
# @see Oso more information about facts
|
|
187
|
+
# @see Oso for more information about facts
|
|
193
188
|
def bulk_tell(facts)
|
|
194
189
|
@api.post_bulk_load(OsoCloud::Helpers.params_to_facts(facts))
|
|
195
190
|
nil
|
|
@@ -217,12 +212,32 @@ module OsoCloud
|
|
|
217
212
|
#
|
|
218
213
|
# @param facts [Array<fact>]
|
|
219
214
|
# @return [nil]
|
|
220
|
-
# @see Oso more information about facts
|
|
215
|
+
# @see Oso for more information about facts
|
|
221
216
|
def bulk_delete(facts)
|
|
222
217
|
@api.post_bulk_delete(OsoCloud::Helpers.params_to_facts(facts))
|
|
223
218
|
nil
|
|
224
219
|
end
|
|
225
220
|
|
|
221
|
+
##
|
|
222
|
+
# Transactionally delete and insert fact(s)
|
|
223
|
+
#
|
|
224
|
+
# Delete(s) are processed before insertion(s). nil arguments in facts to be
|
|
225
|
+
# deleted act as wildcards. Does not throw an error if facts to be deleted
|
|
226
|
+
# are not found or facts to be inserted already exist.
|
|
227
|
+
#
|
|
228
|
+
#
|
|
229
|
+
# Throws an OsoCloud::Core::Api exception if error returned from server.
|
|
230
|
+
#
|
|
231
|
+
# @param delete [Array<fact>]
|
|
232
|
+
# @param insert [Array<fact>]
|
|
233
|
+
# @return [nil]
|
|
234
|
+
# @see Oso for more information about facts
|
|
235
|
+
def bulk(delete: [], insert: [])
|
|
236
|
+
@api.post_bulk(OsoCloud::Core::Bulk.new(delete: OsoCloud::Helpers.params_to_facts(delete),
|
|
237
|
+
tell: OsoCloud::Helpers.params_to_facts(insert)))
|
|
238
|
+
nil
|
|
239
|
+
end
|
|
240
|
+
|
|
226
241
|
##
|
|
227
242
|
# List facts
|
|
228
243
|
#
|
|
@@ -233,23 +248,27 @@ module OsoCloud
|
|
|
233
248
|
# @param name [String]
|
|
234
249
|
# @param args [*[String, OsoCloud::Value, nil]]
|
|
235
250
|
# @return [Array<fact>]
|
|
236
|
-
# @see Oso more information about facts
|
|
251
|
+
# @see Oso for more information about facts
|
|
237
252
|
def get(name, *args)
|
|
238
|
-
@api.get_facts(name, args)
|
|
239
|
-
name = f.predicate
|
|
240
|
-
args = f.args.map do |a|
|
|
241
|
-
v = OsoCloud::Helpers.from_value(a)
|
|
242
|
-
if v.is_a? Hash
|
|
243
|
-
OsoCloud::Value.new(type: v[:type], id: v[:id])
|
|
244
|
-
else
|
|
245
|
-
v
|
|
246
|
-
end
|
|
247
|
-
end
|
|
248
|
-
[name, *args]
|
|
249
|
-
end
|
|
253
|
+
OsoCloud::Helpers.facts_to_params(@api.get_facts(name, args))
|
|
250
254
|
end
|
|
251
255
|
|
|
252
|
-
|
|
253
|
-
#
|
|
256
|
+
##
|
|
257
|
+
# List added and derived facts
|
|
258
|
+
#
|
|
259
|
+
# Lists facts that are stored in Oso Cloud in addition to derived facts
|
|
260
|
+
# from evaluating the policy. nil arguments operate as wildcards.
|
|
261
|
+
#
|
|
262
|
+
# @param name [String]
|
|
263
|
+
# @param args [Array<[String, OsoCloud::Value, nil]>]
|
|
264
|
+
# @param context_facts [Array<fact>]
|
|
265
|
+
# @return [Array<fact>]
|
|
266
|
+
# @see Oso for more information about facts
|
|
267
|
+
def query(name, *args, context_facts: [])
|
|
268
|
+
typed_args = args.map { |a| OsoCloud::Helpers.extract_value(a) }
|
|
269
|
+
result = @api.post_query(OsoCloud::Core::Query.new(fact: OsoCloud::Helpers.param_to_fact(name, typed_args),
|
|
270
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)))
|
|
271
|
+
OsoCloud::Helpers.facts_to_params(result.results)
|
|
272
|
+
end
|
|
254
273
|
end
|
|
255
274
|
end
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-04-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -60,6 +60,7 @@ extensions: []
|
|
|
60
60
|
extra_rdoc_files: []
|
|
61
61
|
files:
|
|
62
62
|
- ".gitignore"
|
|
63
|
+
- ".rubocop.yml"
|
|
63
64
|
- Gemfile
|
|
64
65
|
- Gemfile.lock
|
|
65
66
|
- README.md
|