oso-cloud 1.3.0 → 1.4.0.dev.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +34 -1
- data/lib/oso/api.rb +65 -5
- data/lib/oso/oso.rb +37 -3
- data/lib/oso/version.rb +1 -1
- data/oso-cloud.gemspec +5 -0
- metadata +63 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bccf4bc9bf1950fba9c250563971c55f3f2be4299677adf9fb1eeadedc5b6e90
|
4
|
+
data.tar.gz: 56572baaeafefc78940e4c3c688e2d7d8dc71cf81ad91246ab89f237a9925f50
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6c3d2b3bcfaff463c156bb2b50341a2350e81d39264d2bcac50fd917f849208f8ba5eb8a5b7335f18bad3604d6d57bb9b12305d10ca4126fa07ecf94e6741a7f
|
7
|
+
data.tar.gz: d0025b3196aadf1dc3d04ca8a7a8cbce61d31fd6ba18b2dd8ec9ab3b185542c668c985e7ab8545697a86ec9d32c22afacdad97c65dcfcc8b7c738f4b959ab3ea
|
data/Gemfile.lock
CHANGED
@@ -1,22 +1,53 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
oso-cloud (1.
|
4
|
+
oso-cloud (1.4.0.dev.0)
|
5
5
|
faraday (~> 2.5.2)
|
6
|
+
faraday-net_http_persistent (~> 2.0)
|
6
7
|
faraday-retry (~> 2.0.0)
|
8
|
+
faraday-typhoeus (~> 1.0.0)
|
7
9
|
|
8
10
|
GEM
|
9
11
|
remote: https://rubygems.org/
|
10
12
|
specs:
|
13
|
+
binding_of_caller (1.0.0)
|
14
|
+
debug_inspector (>= 0.0.1)
|
15
|
+
coderay (1.1.3)
|
16
|
+
connection_pool (2.4.1)
|
17
|
+
debug_inspector (1.1.0)
|
18
|
+
ethon (0.16.0)
|
19
|
+
ffi (>= 1.15.0)
|
11
20
|
faraday (2.5.2)
|
12
21
|
faraday-net_http (>= 2.0, < 3.1)
|
13
22
|
ruby2_keywords (>= 0.0.4)
|
14
23
|
faraday-net_http (3.0.2)
|
24
|
+
faraday-net_http_persistent (2.1.0)
|
25
|
+
faraday (~> 2.5)
|
26
|
+
net-http-persistent (~> 4.0)
|
15
27
|
faraday-retry (2.0.0)
|
16
28
|
faraday (~> 2.0)
|
29
|
+
faraday-typhoeus (1.0.0)
|
30
|
+
faraday (~> 2.0)
|
31
|
+
typhoeus (~> 1.4)
|
32
|
+
ffi (1.16.3)
|
33
|
+
interception (0.5)
|
34
|
+
method_source (1.0.0)
|
17
35
|
minitest (5.18.0)
|
36
|
+
net-http-persistent (4.0.2)
|
37
|
+
connection_pool (~> 2.2)
|
38
|
+
pry (0.14.2)
|
39
|
+
coderay (~> 1.1)
|
40
|
+
method_source (~> 1.0)
|
41
|
+
pry-rescue (1.5.2)
|
42
|
+
interception (>= 0.5)
|
43
|
+
pry (>= 0.12.0)
|
44
|
+
pry-stack_explorer (0.6.1)
|
45
|
+
binding_of_caller (~> 1.0)
|
46
|
+
pry (~> 0.13)
|
18
47
|
rake (12.3.3)
|
19
48
|
ruby2_keywords (0.0.5)
|
49
|
+
typhoeus (1.4.0)
|
50
|
+
ethon (>= 0.9.0)
|
20
51
|
|
21
52
|
PLATFORMS
|
22
53
|
ruby
|
@@ -24,6 +55,8 @@ PLATFORMS
|
|
24
55
|
DEPENDENCIES
|
25
56
|
minitest (~> 5.15)
|
26
57
|
oso-cloud!
|
58
|
+
pry-rescue
|
59
|
+
pry-stack_explorer
|
27
60
|
rake (~> 12.0)
|
28
61
|
|
29
62
|
BUNDLED WITH
|
data/lib/oso/api.rb
CHANGED
@@ -2,6 +2,8 @@ require 'json'
|
|
2
2
|
require 'uri'
|
3
3
|
require 'faraday'
|
4
4
|
require 'faraday/retry'
|
5
|
+
require 'faraday/typhoeus'
|
6
|
+
require 'faraday/net_http_persistent'
|
5
7
|
|
6
8
|
require 'oso/helpers'
|
7
9
|
require 'oso/version'
|
@@ -201,11 +203,21 @@ module OsoCloud
|
|
201
203
|
end
|
202
204
|
end
|
203
205
|
|
206
|
+
class OsoAdapter < Faraday::Adapter::Typhoeus
|
207
|
+
@@max_concurrency = 20
|
208
|
+
|
209
|
+
def self.setup_parallel_manager(options = {})
|
210
|
+
options[:max_concurrency] = @@max_concurrency
|
211
|
+
::Typhoeus::Hydra.new(options)
|
212
|
+
end
|
213
|
+
end
|
214
|
+
|
215
|
+
Faraday::Adapter.register_middleware(oso_http: OsoAdapter)
|
216
|
+
|
204
217
|
# @!visibility private
|
205
218
|
class Api
|
206
|
-
def
|
207
|
-
@url
|
208
|
-
@connection = Faraday.new(url: url) do |faraday|
|
219
|
+
def get_connection(options: nil)
|
220
|
+
Faraday.new(url: @url) do |faraday|
|
209
221
|
faraday.request :json
|
210
222
|
|
211
223
|
# responses are processed in reverse order; this stack implies the
|
@@ -213,6 +225,7 @@ module OsoCloud
|
|
213
225
|
# parser is only applied if there are no errors
|
214
226
|
faraday.response :json, parser_options: { symbolize_names: true }
|
215
227
|
faraday.response :raise_error
|
228
|
+
# faraday.response :logger
|
216
229
|
faraday.request :retry, {
|
217
230
|
max: (options && options[:max_retries]) || 10,
|
218
231
|
interval: 0.01,
|
@@ -230,7 +243,7 @@ module OsoCloud
|
|
230
243
|
/api/actions
|
231
244
|
/api/query
|
232
245
|
].include? env.url.path
|
233
|
-
}
|
246
|
+
},
|
234
247
|
}
|
235
248
|
|
236
249
|
if options && options[:test_adapter]
|
@@ -245,10 +258,21 @@ module OsoCloud
|
|
245
258
|
options[:test_adapter][:func].call
|
246
259
|
end
|
247
260
|
end
|
261
|
+
elsif options && options[:parallel_adapter]
|
262
|
+
if options[:max_concurrency]
|
263
|
+
OsoAdapter.class_variable_set(:@@max_concurrency, options[:max_concurrency])
|
264
|
+
end
|
265
|
+
faraday.adapter :oso_http, forbid_reuse: false, maxredirs: 1, connecttimeout: 30
|
248
266
|
else
|
249
|
-
faraday.adapter :
|
267
|
+
faraday.adapter :net_http_persistent, pool_size: 10, idle_timeout: 30
|
250
268
|
end
|
251
269
|
end
|
270
|
+
end
|
271
|
+
|
272
|
+
def initialize(url: 'https://api.osohq.com', api_key: nil, options: {})
|
273
|
+
@url = url
|
274
|
+
@connection = get_connection(options: options)
|
275
|
+
@parallel_connection = get_connection(options: { parallel_adapter: true, max_concurrency: options[:max_concurrency] })
|
252
276
|
|
253
277
|
if options && options[:fallback_url]
|
254
278
|
@fallback_connection = Faraday.new(url: options[:fallback_url]) do |faraday|
|
@@ -337,6 +361,12 @@ module OsoCloud
|
|
337
361
|
ActionsResult.new(**result)
|
338
362
|
end
|
339
363
|
|
364
|
+
def post_actions_batch(batch_data)
|
365
|
+
url = '/actions'
|
366
|
+
results = POST_BATCH(url, nil, batch_data, false)
|
367
|
+
results.map { |result| ActionsResult.new(**result.body) }
|
368
|
+
end
|
369
|
+
|
340
370
|
def post_query(data)
|
341
371
|
url = '/query'
|
342
372
|
result = POST(url, nil, data, false)
|
@@ -406,6 +436,36 @@ module OsoCloud
|
|
406
436
|
handle_faraday_error e
|
407
437
|
end
|
408
438
|
|
439
|
+
def POST_BATCH(path, params, body_array, isMutation)
|
440
|
+
connection = @parallel_connection
|
441
|
+
responses = []
|
442
|
+
connection.in_parallel do
|
443
|
+
responses = body_array.map do |body|
|
444
|
+
connection.post("api#{path}") do |req|
|
445
|
+
req.params = params unless params.nil?
|
446
|
+
req.body = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
447
|
+
req.headers = headers
|
448
|
+
end
|
449
|
+
end
|
450
|
+
end
|
451
|
+
|
452
|
+
connection_failed = responses.find { |r| r.env.custom_members[:typhoeus_connection_failed] }
|
453
|
+
if connection_failed
|
454
|
+
raise Faraday::ConnectionFailed, connection_failed.env.custom_members[:typhoeus_return_message]
|
455
|
+
end
|
456
|
+
|
457
|
+
timed_out = responses.find { |r| r.env.custom_members[:typhoeus_timed_out] }
|
458
|
+
if timed_out
|
459
|
+
raise Faraday::TimeoutError, timed_out.env.custom_members[:typhoeus_return_message]
|
460
|
+
end
|
461
|
+
if isMutation
|
462
|
+
@last_offset = responses[-1].headers[:OsoOffset]
|
463
|
+
end
|
464
|
+
responses
|
465
|
+
rescue Faraday::Error => e
|
466
|
+
handle_faraday_error e
|
467
|
+
end
|
468
|
+
|
409
469
|
def POST(path, params, body, isMutation)
|
410
470
|
begin
|
411
471
|
response = @connection.post("api#{path}") do |req|
|
data/lib/oso/oso.rb
CHANGED
@@ -28,11 +28,12 @@ module OsoCloud
|
|
28
28
|
# Any other elements in the array, which together represent the fact's arguments,
|
29
29
|
# can be "OsoCloud::Value" objects or strings.
|
30
30
|
class Oso
|
31
|
-
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
|
32
|
-
|
31
|
+
def initialize(url: 'https://cloud.osohq.com', api_key: nil, options: nil, fallback_url: nil)
|
32
|
+
options ||= {}
|
33
|
+
options[:fallback_url] = fallback_url unless fallback_url.nil?
|
34
|
+
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: options)
|
33
35
|
end
|
34
36
|
|
35
|
-
##
|
36
37
|
# Update the active policy
|
37
38
|
#
|
38
39
|
# Updates the active policy in Oso Cloud, The string passed into
|
@@ -270,5 +271,38 @@ module OsoCloud
|
|
270
271
|
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)))
|
271
272
|
OsoCloud::Helpers.facts_to_params(result.results)
|
272
273
|
end
|
274
|
+
|
275
|
+
##
|
276
|
+
# List authorized actions for a batch of queries
|
277
|
+
#
|
278
|
+
# Fetches a list of actions which an actor can perform on a particular resource.
|
279
|
+
#
|
280
|
+
# @param actor [OsoCloud::Value]
|
281
|
+
# @param queries [Array<OsoCloud::Value>] | Array<[OsoCloud::Value, Array<fact>]>
|
282
|
+
# @return [Array<Array<String>>]
|
283
|
+
# @see Oso for more information about facts
|
284
|
+
def actions_batch(actor, queries:)
|
285
|
+
actor_typed_id = actor.to_api_value
|
286
|
+
data = queries.map do |q|
|
287
|
+
context_facts = []
|
288
|
+
resource = nil
|
289
|
+
if (q.is_a?(Array))
|
290
|
+
resource = q[0]
|
291
|
+
context_facts = q[1]
|
292
|
+
else
|
293
|
+
resource = q
|
294
|
+
end
|
295
|
+
resource_typed_id = resource.to_api_value
|
296
|
+
OsoCloud::Core::ActionsQuery.new(
|
297
|
+
actor_type: actor_typed_id.type,
|
298
|
+
actor_id: actor_typed_id.id,
|
299
|
+
resource_type: resource_typed_id.type,
|
300
|
+
resource_id: resource_typed_id.id,
|
301
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
302
|
+
)
|
303
|
+
end
|
304
|
+
@api.post_actions_batch(data).map { |result| result.results}
|
305
|
+
end
|
273
306
|
end
|
307
|
+
|
274
308
|
end
|
data/lib/oso/version.rb
CHANGED
data/oso-cloud.gemspec
CHANGED
@@ -22,5 +22,10 @@ Gem::Specification.new do |spec|
|
|
22
22
|
|
23
23
|
spec.add_dependency 'faraday', '~> 2.5.2'
|
24
24
|
spec.add_dependency 'faraday-retry', '~> 2.0.0'
|
25
|
+
spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
|
26
|
+
spec.add_dependency 'faraday-typhoeus', '~> 1.0.0'
|
27
|
+
#
|
25
28
|
spec.add_development_dependency 'minitest', '~> 5.15'
|
29
|
+
spec.add_development_dependency 'pry-rescue'
|
30
|
+
spec.add_development_dependency 'pry-stack_explorer'
|
26
31
|
end
|
metadata
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oso-cloud
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.4.0.dev.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oso Security, Inc.
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
11
|
date: 2023-10-09 00:00:00.000000000 Z
|
@@ -38,6 +38,34 @@ dependencies:
|
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: 2.0.0
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: faraday-net_http_persistent
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '2.0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '2.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: faraday-typhoeus
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 1.0.0
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 1.0.0
|
41
69
|
- !ruby/object:Gem::Dependency
|
42
70
|
name: minitest
|
43
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -52,7 +80,35 @@ dependencies:
|
|
52
80
|
- - "~>"
|
53
81
|
- !ruby/object:Gem::Version
|
54
82
|
version: '5.15'
|
55
|
-
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: pry-rescue
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: pry-stack_explorer
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - ">="
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
description:
|
56
112
|
email:
|
57
113
|
- support@osohq.com
|
58
114
|
executables: []
|
@@ -77,7 +133,7 @@ homepage: https://www.osohq.com/
|
|
77
133
|
licenses:
|
78
134
|
- Apache-2.0
|
79
135
|
metadata: {}
|
80
|
-
post_install_message:
|
136
|
+
post_install_message:
|
81
137
|
rdoc_options: []
|
82
138
|
require_paths:
|
83
139
|
- lib
|
@@ -88,12 +144,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
88
144
|
version: 3.0.0
|
89
145
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
90
146
|
requirements:
|
91
|
-
- - "
|
147
|
+
- - ">"
|
92
148
|
- !ruby/object:Gem::Version
|
93
|
-
version:
|
149
|
+
version: 1.3.1
|
94
150
|
requirements: []
|
95
151
|
rubygems_version: 3.2.33
|
96
|
-
signing_key:
|
152
|
+
signing_key:
|
97
153
|
specification_version: 4
|
98
154
|
summary: Oso Cloud Ruby client
|
99
155
|
test_files: []
|