oso-cloud 1.4.0.dev.3 → 1.4.1.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +32 -2
- data/lib/oso/api.rb +49 -6
- data/lib/oso/oso.rb +46 -2
- data/lib/oso/version.rb +1 -1
- data/oso-cloud.gemspec +2 -0
- metadata +34 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a4142cfc4502df10c914ba05acf90676bff499445afc0a4725ca0626e2bd86b2
|
|
4
|
+
data.tar.gz: 27a7afb62bb3e51e18b5578d396c1afcef411e01fb006d2c75ac9a67c6810d55
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 70f7c7849d93ad2f1b3d348202a87670fc6b2b728dca642fc01add67154978a7f2867305f9a855df8da034f360d95f97898f645d71cbad14d67cc6a26204ac5b
|
|
7
|
+
data.tar.gz: e2ee31a01a51e4eba0ae81f7a9f53fd0ae5b3749ef36214d85945d3f6d1ca6c0f181092c9026b0fc6c25f2abfa14605d8d622b15a54d24b8b20a909b0469eddb
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
oso-cloud (1.4.
|
|
4
|
+
oso-cloud (1.4.1.pre)
|
|
5
5
|
faraday (~> 2.5.2)
|
|
6
6
|
faraday-net_http_persistent (~> 2.0)
|
|
7
7
|
faraday-retry (~> 2.0.0)
|
|
@@ -9,7 +9,28 @@ PATH
|
|
|
9
9
|
GEM
|
|
10
10
|
remote: https://rubygems.org/
|
|
11
11
|
specs:
|
|
12
|
+
activemodel (7.1.3)
|
|
13
|
+
activesupport (= 7.1.3)
|
|
14
|
+
activerecord (7.1.3)
|
|
15
|
+
activemodel (= 7.1.3)
|
|
16
|
+
activesupport (= 7.1.3)
|
|
17
|
+
timeout (>= 0.4.0)
|
|
18
|
+
activesupport (7.1.3)
|
|
19
|
+
base64
|
|
20
|
+
bigdecimal
|
|
21
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
22
|
+
connection_pool (>= 2.2.5)
|
|
23
|
+
drb
|
|
24
|
+
i18n (>= 1.6, < 2)
|
|
25
|
+
minitest (>= 5.1)
|
|
26
|
+
mutex_m
|
|
27
|
+
tzinfo (~> 2.0)
|
|
28
|
+
base64 (0.2.0)
|
|
29
|
+
bigdecimal (3.1.6)
|
|
30
|
+
concurrent-ruby (1.2.3)
|
|
12
31
|
connection_pool (2.4.1)
|
|
32
|
+
drb (2.2.0)
|
|
33
|
+
ruby2_keywords
|
|
13
34
|
faraday (2.5.2)
|
|
14
35
|
faraday-net_http (>= 2.0, < 3.1)
|
|
15
36
|
ruby2_keywords (>= 0.0.4)
|
|
@@ -19,19 +40,28 @@ GEM
|
|
|
19
40
|
net-http-persistent (~> 4.0)
|
|
20
41
|
faraday-retry (2.0.0)
|
|
21
42
|
faraday (~> 2.0)
|
|
43
|
+
i18n (1.14.1)
|
|
44
|
+
concurrent-ruby (~> 1.0)
|
|
22
45
|
minitest (5.18.0)
|
|
46
|
+
mutex_m (0.2.0)
|
|
23
47
|
net-http-persistent (4.0.2)
|
|
24
48
|
connection_pool (~> 2.2)
|
|
49
|
+
pg (1.5.4)
|
|
25
50
|
rake (12.3.3)
|
|
26
51
|
ruby2_keywords (0.0.5)
|
|
52
|
+
timeout (0.4.1)
|
|
53
|
+
tzinfo (2.0.6)
|
|
54
|
+
concurrent-ruby (~> 1.0)
|
|
27
55
|
|
|
28
56
|
PLATFORMS
|
|
29
57
|
ruby
|
|
30
58
|
|
|
31
59
|
DEPENDENCIES
|
|
60
|
+
activerecord (~> 7.0)
|
|
32
61
|
minitest (~> 5.15)
|
|
33
62
|
oso-cloud!
|
|
63
|
+
pg (~> 1.0)
|
|
34
64
|
rake (~> 12.0)
|
|
35
65
|
|
|
36
66
|
BUNDLED WITH
|
|
37
|
-
2.
|
|
67
|
+
2.5.6
|
data/lib/oso/api.rb
CHANGED
|
@@ -202,9 +202,38 @@ module OsoCloud
|
|
|
202
202
|
end
|
|
203
203
|
end
|
|
204
204
|
|
|
205
|
+
# @!visibility private
|
|
206
|
+
class LocalAuthQuery
|
|
207
|
+
attr_reader :query, :data_bindings
|
|
208
|
+
|
|
209
|
+
def initialize(query:, data_bindings:)
|
|
210
|
+
@query = query
|
|
211
|
+
@data_bindings = data_bindings
|
|
212
|
+
end
|
|
213
|
+
end
|
|
214
|
+
|
|
215
|
+
# @!visibility private
|
|
216
|
+
class LocalListQuery
|
|
217
|
+
attr_reader :query, :data_bindings
|
|
218
|
+
|
|
219
|
+
def initialize(query:, data_bindings:)
|
|
220
|
+
@query = query
|
|
221
|
+
@data_bindings = data_bindings
|
|
222
|
+
end
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
# @!visibility private
|
|
226
|
+
class LocalQueryResult
|
|
227
|
+
attr_reader :sql
|
|
228
|
+
|
|
229
|
+
def initialize(sql:)
|
|
230
|
+
@sql = sql
|
|
231
|
+
end
|
|
232
|
+
end
|
|
233
|
+
|
|
205
234
|
# @!visibility private
|
|
206
235
|
class Api
|
|
207
|
-
def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
|
|
236
|
+
def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
|
|
208
237
|
@url = url
|
|
209
238
|
@connection = Faraday.new(url: url) do |faraday|
|
|
210
239
|
faraday.request :json
|
|
@@ -212,8 +241,8 @@ module OsoCloud
|
|
|
212
241
|
# responses are processed in reverse order; this stack implies the
|
|
213
242
|
# retries are attempted before an error is raised, and the json
|
|
214
243
|
# parser is only applied if there are no errors
|
|
215
|
-
faraday.response :json, parser_options: { symbolize_names: true }
|
|
216
244
|
faraday.response :raise_error
|
|
245
|
+
faraday.response :json, parser_options: { symbolize_names: true }
|
|
217
246
|
faraday.request :retry, {
|
|
218
247
|
max: (options && options[:max_retries]) || 10,
|
|
219
248
|
interval: 0.01,
|
|
@@ -262,6 +291,7 @@ module OsoCloud
|
|
|
262
291
|
@api_key = api_key
|
|
263
292
|
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
|
264
293
|
@last_offset = nil
|
|
294
|
+
@data_bindings = IO.read(data_bindings) unless data_bindings.nil?
|
|
265
295
|
end
|
|
266
296
|
|
|
267
297
|
def fallback_eligible(path)
|
|
@@ -356,6 +386,20 @@ module OsoCloud
|
|
|
356
386
|
StatsResult.new(**result)
|
|
357
387
|
end
|
|
358
388
|
|
|
389
|
+
def post_authorize_query(query)
|
|
390
|
+
url = '/authorize_query'
|
|
391
|
+
data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
|
|
392
|
+
result = POST(url, nil, data, false)
|
|
393
|
+
LocalQueryResult.new(**result)
|
|
394
|
+
end
|
|
395
|
+
|
|
396
|
+
def post_list_query(query)
|
|
397
|
+
url = '/list_query'
|
|
398
|
+
data = LocalListQuery.new(query: query, data_bindings: @data_bindings)
|
|
399
|
+
result = POST(url, nil, data, false)
|
|
400
|
+
LocalQueryResult.new(**result)
|
|
401
|
+
end
|
|
402
|
+
|
|
359
403
|
def clear_data
|
|
360
404
|
url = '/clear_data'
|
|
361
405
|
result = POST(url, nil, nil, true)
|
|
@@ -452,11 +496,10 @@ module OsoCloud
|
|
|
452
496
|
|
|
453
497
|
def handle_faraday_error(error)
|
|
454
498
|
resp = error.response
|
|
455
|
-
|
|
456
|
-
err = if resp.respond_to? :body
|
|
457
|
-
resp.body[:message]
|
|
458
|
-
else
|
|
499
|
+
err = if resp.nil? || resp[:body].nil? || resp[:body][:message].nil?
|
|
459
500
|
error.message
|
|
501
|
+
else
|
|
502
|
+
resp[:body][:message]
|
|
460
503
|
end
|
|
461
504
|
raise ApiError.new(message: err)
|
|
462
505
|
end
|
data/lib/oso/oso.rb
CHANGED
|
@@ -28,8 +28,8 @@ module OsoCloud
|
|
|
28
28
|
# Any other elements in the array, which together represent the fact's arguments,
|
|
29
29
|
# can be "OsoCloud::Value" objects or strings.
|
|
30
30
|
class Oso
|
|
31
|
-
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
|
|
32
|
-
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
|
|
31
|
+
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
|
|
32
|
+
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
##
|
|
@@ -71,6 +71,50 @@ module OsoCloud
|
|
|
71
71
|
result.allowed
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
##
|
|
75
|
+
# Check a permission depending on data both in Oso Cloud and stored in a local database
|
|
76
|
+
#
|
|
77
|
+
# Returns a SQL query to run against the local database
|
|
78
|
+
#
|
|
79
|
+
# @param actor [OsoCloud::Value]
|
|
80
|
+
# @param action [String]
|
|
81
|
+
# @param resource [OsoCloud::Value]
|
|
82
|
+
# @return [Array<String>]
|
|
83
|
+
def authorize_local(actor, action, resource)
|
|
84
|
+
actor_typed_id = actor.to_api_value
|
|
85
|
+
resource_typed_id = resource.to_api_value
|
|
86
|
+
result = @api.post_authorize_query(OsoCloud::Core::AuthorizeQuery.new(
|
|
87
|
+
actor_type: actor_typed_id.type,
|
|
88
|
+
actor_id: actor_typed_id.id,
|
|
89
|
+
action: action,
|
|
90
|
+
resource_type: resource_typed_id.type,
|
|
91
|
+
resource_id: resource_typed_id.id,
|
|
92
|
+
context_facts: []
|
|
93
|
+
))
|
|
94
|
+
result.sql
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
##
|
|
98
|
+
# List authorized resources depending on data both in Oso Cloud and stored in a local database
|
|
99
|
+
#
|
|
100
|
+
# Returns a SQL query to run against the local database
|
|
101
|
+
#
|
|
102
|
+
# @param actor [OsoCloud::Value]
|
|
103
|
+
# @param action [String]
|
|
104
|
+
# @param resource_type [String]
|
|
105
|
+
# @return [Array<String>]
|
|
106
|
+
def list_local(actor, action, resource_type)
|
|
107
|
+
actor_typed_id = actor.to_api_value
|
|
108
|
+
result = @api.post_list_query(OsoCloud::Core::ListQuery.new(
|
|
109
|
+
actor_type: actor_typed_id.type,
|
|
110
|
+
actor_id: actor_typed_id.id,
|
|
111
|
+
action: action,
|
|
112
|
+
resource_type: resource_type,
|
|
113
|
+
context_facts: []
|
|
114
|
+
))
|
|
115
|
+
result.sql
|
|
116
|
+
end
|
|
117
|
+
|
|
74
118
|
##
|
|
75
119
|
# Check authorized resources
|
|
76
120
|
#
|
data/lib/oso/version.rb
CHANGED
data/oso-cloud.gemspec
CHANGED
|
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_dependency 'faraday-retry', '~> 2.0.0'
|
|
25
25
|
spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
|
|
26
26
|
spec.add_development_dependency 'minitest', '~> 5.15'
|
|
27
|
+
spec.add_development_dependency 'pg', '~> 1.0'
|
|
28
|
+
spec.add_development_dependency 'activerecord', '~> 7.0'
|
|
27
29
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.1.pre
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-02-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -66,7 +66,35 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '5.15'
|
|
69
|
-
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: pg
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '1.0'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '1.0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: activerecord
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - "~>"
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '7.0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - "~>"
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '7.0'
|
|
97
|
+
description:
|
|
70
98
|
email:
|
|
71
99
|
- support@osohq.com
|
|
72
100
|
executables: []
|
|
@@ -91,7 +119,7 @@ homepage: https://www.osohq.com/
|
|
|
91
119
|
licenses:
|
|
92
120
|
- Apache-2.0
|
|
93
121
|
metadata: {}
|
|
94
|
-
post_install_message:
|
|
122
|
+
post_install_message:
|
|
95
123
|
rdoc_options: []
|
|
96
124
|
require_paths:
|
|
97
125
|
- lib
|
|
@@ -107,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
107
135
|
version: 1.3.1
|
|
108
136
|
requirements: []
|
|
109
137
|
rubygems_version: 3.2.33
|
|
110
|
-
signing_key:
|
|
138
|
+
signing_key:
|
|
111
139
|
specification_version: 4
|
|
112
140
|
summary: Oso Cloud Ruby client
|
|
113
141
|
test_files: []
|