oso-cloud 1.3.0.dev.7 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -34
- data/lib/oso/api.rb +53 -74
- data/lib/oso/oso.rb +3 -35
- data/lib/oso/version.rb +1 -1
- data/oso-cloud.gemspec +0 -5
- metadata +7 -63
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7449894386d2dd2bfd681e8586f59637b8cbc69eb9058da28e8a09ad5e97cabe
|
4
|
+
data.tar.gz: 1b2766a45d78838742694759ab8bc1698dc9a219b8e9ccb05283cc9677777fac
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7e6e454bdd19f96680fba49fa045b781443be54e3060aeb7bf1c37f2938f711d73c430d270aa85e429f0ffe77353fadc412a65b35abceab5f2cb8b026a27c38f
|
7
|
+
data.tar.gz: 2d5bde575259087917b2575ae2bc85fa82d27821426799507a32021a4a61c0a4b69c055b4b6c4bede5ed7a2916557b05ba3de0e6a5af00c6ca7c68d22ec7e79b
|
data/Gemfile.lock
CHANGED
@@ -1,53 +1,22 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
oso-cloud (1.3.0
|
4
|
+
oso-cloud (1.3.0)
|
5
5
|
faraday (~> 2.5.2)
|
6
|
-
faraday-net_http_persistent (~> 2.0)
|
7
6
|
faraday-retry (~> 2.0.0)
|
8
|
-
faraday-typhoeus (~> 1.0.0)
|
9
7
|
|
10
8
|
GEM
|
11
9
|
remote: https://rubygems.org/
|
12
10
|
specs:
|
13
|
-
binding_of_caller (1.0.0)
|
14
|
-
debug_inspector (>= 0.0.1)
|
15
|
-
coderay (1.1.3)
|
16
|
-
connection_pool (2.4.1)
|
17
|
-
debug_inspector (1.1.0)
|
18
|
-
ethon (0.16.0)
|
19
|
-
ffi (>= 1.15.0)
|
20
11
|
faraday (2.5.2)
|
21
12
|
faraday-net_http (>= 2.0, < 3.1)
|
22
13
|
ruby2_keywords (>= 0.0.4)
|
23
14
|
faraday-net_http (3.0.2)
|
24
|
-
faraday-net_http_persistent (2.1.0)
|
25
|
-
faraday (~> 2.5)
|
26
|
-
net-http-persistent (~> 4.0)
|
27
15
|
faraday-retry (2.0.0)
|
28
16
|
faraday (~> 2.0)
|
29
|
-
faraday-typhoeus (1.0.0)
|
30
|
-
faraday (~> 2.0)
|
31
|
-
typhoeus (~> 1.4)
|
32
|
-
ffi (1.16.2)
|
33
|
-
interception (0.5)
|
34
|
-
method_source (1.0.0)
|
35
17
|
minitest (5.18.0)
|
36
|
-
net-http-persistent (4.0.2)
|
37
|
-
connection_pool (~> 2.2)
|
38
|
-
pry (0.14.2)
|
39
|
-
coderay (~> 1.1)
|
40
|
-
method_source (~> 1.0)
|
41
|
-
pry-rescue (1.5.2)
|
42
|
-
interception (>= 0.5)
|
43
|
-
pry (>= 0.12.0)
|
44
|
-
pry-stack_explorer (0.6.1)
|
45
|
-
binding_of_caller (~> 1.0)
|
46
|
-
pry (~> 0.13)
|
47
18
|
rake (12.3.3)
|
48
19
|
ruby2_keywords (0.0.5)
|
49
|
-
typhoeus (1.4.0)
|
50
|
-
ethon (>= 0.9.0)
|
51
20
|
|
52
21
|
PLATFORMS
|
53
22
|
ruby
|
@@ -55,8 +24,6 @@ PLATFORMS
|
|
55
24
|
DEPENDENCIES
|
56
25
|
minitest (~> 5.15)
|
57
26
|
oso-cloud!
|
58
|
-
pry-rescue
|
59
|
-
pry-stack_explorer
|
60
27
|
rake (~> 12.0)
|
61
28
|
|
62
29
|
BUNDLED WITH
|
data/lib/oso/api.rb
CHANGED
@@ -2,8 +2,6 @@ require 'json'
|
|
2
2
|
require 'uri'
|
3
3
|
require 'faraday'
|
4
4
|
require 'faraday/retry'
|
5
|
-
require 'faraday/typhoeus'
|
6
|
-
require 'faraday/net_http_persistent'
|
7
5
|
|
8
6
|
require 'oso/helpers'
|
9
7
|
require 'oso/version'
|
@@ -203,21 +201,11 @@ module OsoCloud
|
|
203
201
|
end
|
204
202
|
end
|
205
203
|
|
206
|
-
class OsoAdapter < Faraday::Adapter::Typhoeus
|
207
|
-
@@max_concurrency = 20
|
208
|
-
|
209
|
-
def self.setup_parallel_manager(options = {})
|
210
|
-
options[:max_concurrency] = @@max_concurrency
|
211
|
-
::Typhoeus::Hydra.new(options)
|
212
|
-
end
|
213
|
-
end
|
214
|
-
|
215
|
-
Faraday::Adapter.register_middleware(oso_http: OsoAdapter)
|
216
|
-
|
217
204
|
# @!visibility private
|
218
205
|
class Api
|
219
|
-
def
|
220
|
-
|
206
|
+
def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
|
207
|
+
@url = url
|
208
|
+
@connection = Faraday.new(url: url) do |faraday|
|
221
209
|
faraday.request :json
|
222
210
|
|
223
211
|
# responses are processed in reverse order; this stack implies the
|
@@ -225,7 +213,6 @@ module OsoCloud
|
|
225
213
|
# parser is only applied if there are no errors
|
226
214
|
faraday.response :json, parser_options: { symbolize_names: true }
|
227
215
|
faraday.response :raise_error
|
228
|
-
# faraday.response :logger
|
229
216
|
faraday.request :retry, {
|
230
217
|
max: (options && options[:max_retries]) || 10,
|
231
218
|
interval: 0.01,
|
@@ -243,7 +230,7 @@ module OsoCloud
|
|
243
230
|
/api/actions
|
244
231
|
/api/query
|
245
232
|
].include? env.url.path
|
246
|
-
}
|
233
|
+
}
|
247
234
|
}
|
248
235
|
|
249
236
|
if options && options[:test_adapter]
|
@@ -258,26 +245,32 @@ module OsoCloud
|
|
258
245
|
options[:test_adapter][:func].call
|
259
246
|
end
|
260
247
|
end
|
261
|
-
elsif options && options[:parallel_adapter]
|
262
|
-
if options[:max_concurrency]
|
263
|
-
OsoAdapter.class_variable_set(:@@max_concurrency, options[:max_concurrency])
|
264
|
-
end
|
265
|
-
faraday.adapter :oso_http, forbid_reuse: false, maxredirs: 1, connecttimeout: 30
|
266
248
|
else
|
267
|
-
faraday.adapter :
|
249
|
+
faraday.adapter :net_http
|
268
250
|
end
|
269
251
|
end
|
270
|
-
end
|
271
252
|
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
253
|
+
if options && options[:fallback_url]
|
254
|
+
@fallback_connection = Faraday.new(url: options[:fallback_url]) do |faraday|
|
255
|
+
faraday.request :json
|
256
|
+
faraday.response :json, parser_options: { symbolize_names: true }
|
257
|
+
faraday.response :raise_error
|
258
|
+
faraday.adapter :net_http
|
259
|
+
end
|
260
|
+
end
|
276
261
|
@api_key = api_key
|
277
262
|
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
278
263
|
@last_offset = nil
|
279
264
|
end
|
280
265
|
|
266
|
+
def fallback_eligible(path)
|
267
|
+
!@fallback_connection.nil? && ['/authorize',
|
268
|
+
'/authorize_resources',
|
269
|
+
'/list',
|
270
|
+
'/actions',
|
271
|
+
'/query'].include?(path)
|
272
|
+
end
|
273
|
+
|
281
274
|
def get_policy
|
282
275
|
url = '/policy'
|
283
276
|
result = GET(url, nil)
|
@@ -344,12 +337,6 @@ module OsoCloud
|
|
344
337
|
ActionsResult.new(**result)
|
345
338
|
end
|
346
339
|
|
347
|
-
def post_actions_batch(batch_data)
|
348
|
-
url = '/actions'
|
349
|
-
results = POST_BATCH(url, nil, batch_data, false)
|
350
|
-
results.map { |result| ActionsResult.new(**result.body) }
|
351
|
-
end
|
352
|
-
|
353
340
|
def post_query(data)
|
354
341
|
url = '/query'
|
355
342
|
result = POST(url, nil, data, false)
|
@@ -400,56 +387,48 @@ module OsoCloud
|
|
400
387
|
end
|
401
388
|
|
402
389
|
def GET(path, params)
|
403
|
-
|
404
|
-
|
405
|
-
|
406
|
-
|
407
|
-
response.body
|
408
|
-
rescue Faraday::Error => e
|
409
|
-
handle_faraday_error e
|
410
|
-
end
|
411
|
-
|
412
|
-
def POST_BATCH(path, params, body_array, isMutation)
|
413
|
-
connection = @parallel_connection
|
414
|
-
responses = []
|
415
|
-
connection.in_parallel do
|
416
|
-
responses = body_array.map do |body|
|
417
|
-
connection.post("api#{path}") do |req|
|
418
|
-
req.params = params unless params.nil?
|
419
|
-
req.body = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
420
|
-
req.headers = headers
|
421
|
-
end
|
390
|
+
begin
|
391
|
+
response = @connection.get("api#{path}") do |req|
|
392
|
+
req.params = params unless params.nil?
|
393
|
+
req.headers = headers
|
422
394
|
end
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
if connection_failed
|
427
|
-
raise Faraday::ConnectionFailed, connection_failed.env.custom_members[:typhoeus_return_message]
|
428
|
-
end
|
395
|
+
response.body
|
396
|
+
rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError, Faraday::SSLError => e
|
397
|
+
raise e unless fallback_eligible(path)
|
429
398
|
|
430
|
-
|
431
|
-
|
432
|
-
|
433
|
-
|
434
|
-
|
435
|
-
@last_offset = responses[-1].headers[:OsoOffset]
|
399
|
+
response = @fallback_connection.get("api#{path}") do |req|
|
400
|
+
req.params = params unless params.nil?
|
401
|
+
req.headers = headers
|
402
|
+
end
|
403
|
+
response.body
|
436
404
|
end
|
437
|
-
responses
|
438
405
|
rescue Faraday::Error => e
|
439
406
|
handle_faraday_error e
|
440
407
|
end
|
441
408
|
|
442
409
|
def POST(path, params, body, isMutation)
|
443
|
-
|
444
|
-
|
445
|
-
|
446
|
-
|
447
|
-
|
410
|
+
begin
|
411
|
+
response = @connection.post("api#{path}") do |req|
|
412
|
+
req.params = params unless params.nil?
|
413
|
+
req.body = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
414
|
+
req.headers = headers
|
415
|
+
end
|
448
416
|
|
449
|
-
|
450
|
-
|
417
|
+
if isMutation
|
418
|
+
@last_offset = response.headers[:OsoOffset]
|
419
|
+
end
|
420
|
+
response.body
|
421
|
+
# only attempt fallback on 5xx, and connection failure conditions
|
422
|
+
rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError, Faraday::SSLError => e
|
423
|
+
raise e unless fallback_eligible(path)
|
424
|
+
|
425
|
+
response = @fallback_connection.post("api#{path}") do |req|
|
426
|
+
req.params = params unless params.nil?
|
427
|
+
req.body = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
428
|
+
req.headers = headers
|
429
|
+
end
|
430
|
+
response.body
|
451
431
|
end
|
452
|
-
response.body
|
453
432
|
rescue Faraday::Error => e
|
454
433
|
handle_faraday_error e
|
455
434
|
end
|
data/lib/oso/oso.rb
CHANGED
@@ -28,10 +28,11 @@ module OsoCloud
|
|
28
28
|
# Any other elements in the array, which together represent the fact's arguments,
|
29
29
|
# can be "OsoCloud::Value" objects or strings.
|
30
30
|
class Oso
|
31
|
-
def initialize(url: 'https://cloud.osohq.com', api_key: nil,
|
32
|
-
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options:
|
31
|
+
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
|
32
|
+
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
|
33
33
|
end
|
34
34
|
|
35
|
+
##
|
35
36
|
# Update the active policy
|
36
37
|
#
|
37
38
|
# Updates the active policy in Oso Cloud, The string passed into
|
@@ -269,38 +270,5 @@ module OsoCloud
|
|
269
270
|
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)))
|
270
271
|
OsoCloud::Helpers.facts_to_params(result.results)
|
271
272
|
end
|
272
|
-
|
273
|
-
##
|
274
|
-
# List authorized actions for a batch of queries
|
275
|
-
#
|
276
|
-
# Fetches a list of actions which an actor can perform on a particular resource.
|
277
|
-
#
|
278
|
-
# @param actor [OsoCloud::Value]
|
279
|
-
# @param queries [Array<OsoCloud::Value>] | Array<[OsoCloud::Value, Array<fact>]>
|
280
|
-
# @return [Array<Array<String>>]
|
281
|
-
# @see Oso for more information about facts
|
282
|
-
def actions_batch(actor, queries:)
|
283
|
-
actor_typed_id = actor.to_api_value
|
284
|
-
data = queries.map do |q|
|
285
|
-
context_facts = []
|
286
|
-
resource = nil
|
287
|
-
if (q.is_a?(Array))
|
288
|
-
resource = q[0]
|
289
|
-
context_facts = q[1]
|
290
|
-
else
|
291
|
-
resource = q
|
292
|
-
end
|
293
|
-
resource_typed_id = resource.to_api_value
|
294
|
-
OsoCloud::Core::ActionsQuery.new(
|
295
|
-
actor_type: actor_typed_id.type,
|
296
|
-
actor_id: actor_typed_id.id,
|
297
|
-
resource_type: resource_typed_id.type,
|
298
|
-
resource_id: resource_typed_id.id,
|
299
|
-
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
300
|
-
)
|
301
|
-
end
|
302
|
-
@api.post_actions_batch(data).map { |result| result.results}
|
303
|
-
end
|
304
273
|
end
|
305
|
-
|
306
274
|
end
|
data/lib/oso/version.rb
CHANGED
data/oso-cloud.gemspec
CHANGED
@@ -22,10 +22,5 @@ Gem::Specification.new do |spec|
|
|
22
22
|
|
23
23
|
spec.add_dependency 'faraday', '~> 2.5.2'
|
24
24
|
spec.add_dependency 'faraday-retry', '~> 2.0.0'
|
25
|
-
spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
|
26
|
-
spec.add_dependency 'faraday-typhoeus', '~> 1.0.0'
|
27
|
-
#
|
28
25
|
spec.add_development_dependency 'minitest', '~> 5.15'
|
29
|
-
spec.add_development_dependency 'pry-rescue'
|
30
|
-
spec.add_development_dependency 'pry-stack_explorer'
|
31
26
|
end
|
metadata
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oso-cloud
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.0
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oso Security, Inc.
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
11
|
date: 2023-10-09 00:00:00.000000000 Z
|
@@ -38,34 +38,6 @@ dependencies:
|
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: 2.0.0
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: faraday-net_http_persistent
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - "~>"
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: '2.0'
|
48
|
-
type: :runtime
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - "~>"
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: '2.0'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: faraday-typhoeus
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - "~>"
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: 1.0.0
|
62
|
-
type: :runtime
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: 1.0.0
|
69
41
|
- !ruby/object:Gem::Dependency
|
70
42
|
name: minitest
|
71
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,35 +52,7 @@ dependencies:
|
|
80
52
|
- - "~>"
|
81
53
|
- !ruby/object:Gem::Version
|
82
54
|
version: '5.15'
|
83
|
-
|
84
|
-
name: pry-rescue
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
86
|
-
requirements:
|
87
|
-
- - ">="
|
88
|
-
- !ruby/object:Gem::Version
|
89
|
-
version: '0'
|
90
|
-
type: :development
|
91
|
-
prerelease: false
|
92
|
-
version_requirements: !ruby/object:Gem::Requirement
|
93
|
-
requirements:
|
94
|
-
- - ">="
|
95
|
-
- !ruby/object:Gem::Version
|
96
|
-
version: '0'
|
97
|
-
- !ruby/object:Gem::Dependency
|
98
|
-
name: pry-stack_explorer
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
100
|
-
requirements:
|
101
|
-
- - ">="
|
102
|
-
- !ruby/object:Gem::Version
|
103
|
-
version: '0'
|
104
|
-
type: :development
|
105
|
-
prerelease: false
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
107
|
-
requirements:
|
108
|
-
- - ">="
|
109
|
-
- !ruby/object:Gem::Version
|
110
|
-
version: '0'
|
111
|
-
description:
|
55
|
+
description:
|
112
56
|
email:
|
113
57
|
- support@osohq.com
|
114
58
|
executables: []
|
@@ -133,7 +77,7 @@ homepage: https://www.osohq.com/
|
|
133
77
|
licenses:
|
134
78
|
- Apache-2.0
|
135
79
|
metadata: {}
|
136
|
-
post_install_message:
|
80
|
+
post_install_message:
|
137
81
|
rdoc_options: []
|
138
82
|
require_paths:
|
139
83
|
- lib
|
@@ -144,12 +88,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
144
88
|
version: 3.0.0
|
145
89
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
146
90
|
requirements:
|
147
|
-
- - "
|
91
|
+
- - ">="
|
148
92
|
- !ruby/object:Gem::Version
|
149
|
-
version:
|
93
|
+
version: '0'
|
150
94
|
requirements: []
|
151
95
|
rubygems_version: 3.2.33
|
152
|
-
signing_key:
|
96
|
+
signing_key:
|
153
97
|
specification_version: 4
|
154
98
|
summary: Oso Cloud Ruby client
|
155
99
|
test_files: []
|