oso-cloud 1.4.0.dev.3 → 1.4.1.pre
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +32 -2
- data/lib/oso/api.rb +49 -6
- data/lib/oso/oso.rb +46 -2
- data/lib/oso/version.rb +1 -1
- data/oso-cloud.gemspec +2 -0
- metadata +34 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a4142cfc4502df10c914ba05acf90676bff499445afc0a4725ca0626e2bd86b2
|
|
4
|
+
data.tar.gz: 27a7afb62bb3e51e18b5578d396c1afcef411e01fb006d2c75ac9a67c6810d55
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 70f7c7849d93ad2f1b3d348202a87670fc6b2b728dca642fc01add67154978a7f2867305f9a855df8da034f360d95f97898f645d71cbad14d67cc6a26204ac5b
|
|
7
|
+
data.tar.gz: e2ee31a01a51e4eba0ae81f7a9f53fd0ae5b3749ef36214d85945d3f6d1ca6c0f181092c9026b0fc6c25f2abfa14605d8d622b15a54d24b8b20a909b0469eddb
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
oso-cloud (1.4.
|
|
4
|
+
oso-cloud (1.4.1.pre)
|
|
5
5
|
faraday (~> 2.5.2)
|
|
6
6
|
faraday-net_http_persistent (~> 2.0)
|
|
7
7
|
faraday-retry (~> 2.0.0)
|
|
@@ -9,7 +9,28 @@ PATH
|
|
|
9
9
|
GEM
|
|
10
10
|
remote: https://rubygems.org/
|
|
11
11
|
specs:
|
|
12
|
+
activemodel (7.1.3)
|
|
13
|
+
activesupport (= 7.1.3)
|
|
14
|
+
activerecord (7.1.3)
|
|
15
|
+
activemodel (= 7.1.3)
|
|
16
|
+
activesupport (= 7.1.3)
|
|
17
|
+
timeout (>= 0.4.0)
|
|
18
|
+
activesupport (7.1.3)
|
|
19
|
+
base64
|
|
20
|
+
bigdecimal
|
|
21
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
22
|
+
connection_pool (>= 2.2.5)
|
|
23
|
+
drb
|
|
24
|
+
i18n (>= 1.6, < 2)
|
|
25
|
+
minitest (>= 5.1)
|
|
26
|
+
mutex_m
|
|
27
|
+
tzinfo (~> 2.0)
|
|
28
|
+
base64 (0.2.0)
|
|
29
|
+
bigdecimal (3.1.6)
|
|
30
|
+
concurrent-ruby (1.2.3)
|
|
12
31
|
connection_pool (2.4.1)
|
|
32
|
+
drb (2.2.0)
|
|
33
|
+
ruby2_keywords
|
|
13
34
|
faraday (2.5.2)
|
|
14
35
|
faraday-net_http (>= 2.0, < 3.1)
|
|
15
36
|
ruby2_keywords (>= 0.0.4)
|
|
@@ -19,19 +40,28 @@ GEM
|
|
|
19
40
|
net-http-persistent (~> 4.0)
|
|
20
41
|
faraday-retry (2.0.0)
|
|
21
42
|
faraday (~> 2.0)
|
|
43
|
+
i18n (1.14.1)
|
|
44
|
+
concurrent-ruby (~> 1.0)
|
|
22
45
|
minitest (5.18.0)
|
|
46
|
+
mutex_m (0.2.0)
|
|
23
47
|
net-http-persistent (4.0.2)
|
|
24
48
|
connection_pool (~> 2.2)
|
|
49
|
+
pg (1.5.4)
|
|
25
50
|
rake (12.3.3)
|
|
26
51
|
ruby2_keywords (0.0.5)
|
|
52
|
+
timeout (0.4.1)
|
|
53
|
+
tzinfo (2.0.6)
|
|
54
|
+
concurrent-ruby (~> 1.0)
|
|
27
55
|
|
|
28
56
|
PLATFORMS
|
|
29
57
|
ruby
|
|
30
58
|
|
|
31
59
|
DEPENDENCIES
|
|
60
|
+
activerecord (~> 7.0)
|
|
32
61
|
minitest (~> 5.15)
|
|
33
62
|
oso-cloud!
|
|
63
|
+
pg (~> 1.0)
|
|
34
64
|
rake (~> 12.0)
|
|
35
65
|
|
|
36
66
|
BUNDLED WITH
|
|
37
|
-
2.
|
|
67
|
+
2.5.6
|
data/lib/oso/api.rb
CHANGED
|
@@ -202,9 +202,38 @@ module OsoCloud
|
|
|
202
202
|
end
|
|
203
203
|
end
|
|
204
204
|
|
|
205
|
+
# @!visibility private
|
|
206
|
+
class LocalAuthQuery
|
|
207
|
+
attr_reader :query, :data_bindings
|
|
208
|
+
|
|
209
|
+
def initialize(query:, data_bindings:)
|
|
210
|
+
@query = query
|
|
211
|
+
@data_bindings = data_bindings
|
|
212
|
+
end
|
|
213
|
+
end
|
|
214
|
+
|
|
215
|
+
# @!visibility private
|
|
216
|
+
class LocalListQuery
|
|
217
|
+
attr_reader :query, :data_bindings
|
|
218
|
+
|
|
219
|
+
def initialize(query:, data_bindings:)
|
|
220
|
+
@query = query
|
|
221
|
+
@data_bindings = data_bindings
|
|
222
|
+
end
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
# @!visibility private
|
|
226
|
+
class LocalQueryResult
|
|
227
|
+
attr_reader :sql
|
|
228
|
+
|
|
229
|
+
def initialize(sql:)
|
|
230
|
+
@sql = sql
|
|
231
|
+
end
|
|
232
|
+
end
|
|
233
|
+
|
|
205
234
|
# @!visibility private
|
|
206
235
|
class Api
|
|
207
|
-
def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
|
|
236
|
+
def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
|
|
208
237
|
@url = url
|
|
209
238
|
@connection = Faraday.new(url: url) do |faraday|
|
|
210
239
|
faraday.request :json
|
|
@@ -212,8 +241,8 @@ module OsoCloud
|
|
|
212
241
|
# responses are processed in reverse order; this stack implies the
|
|
213
242
|
# retries are attempted before an error is raised, and the json
|
|
214
243
|
# parser is only applied if there are no errors
|
|
215
|
-
faraday.response :json, parser_options: { symbolize_names: true }
|
|
216
244
|
faraday.response :raise_error
|
|
245
|
+
faraday.response :json, parser_options: { symbolize_names: true }
|
|
217
246
|
faraday.request :retry, {
|
|
218
247
|
max: (options && options[:max_retries]) || 10,
|
|
219
248
|
interval: 0.01,
|
|
@@ -262,6 +291,7 @@ module OsoCloud
|
|
|
262
291
|
@api_key = api_key
|
|
263
292
|
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
|
264
293
|
@last_offset = nil
|
|
294
|
+
@data_bindings = IO.read(data_bindings) unless data_bindings.nil?
|
|
265
295
|
end
|
|
266
296
|
|
|
267
297
|
def fallback_eligible(path)
|
|
@@ -356,6 +386,20 @@ module OsoCloud
|
|
|
356
386
|
StatsResult.new(**result)
|
|
357
387
|
end
|
|
358
388
|
|
|
389
|
+
def post_authorize_query(query)
|
|
390
|
+
url = '/authorize_query'
|
|
391
|
+
data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
|
|
392
|
+
result = POST(url, nil, data, false)
|
|
393
|
+
LocalQueryResult.new(**result)
|
|
394
|
+
end
|
|
395
|
+
|
|
396
|
+
def post_list_query(query)
|
|
397
|
+
url = '/list_query'
|
|
398
|
+
data = LocalListQuery.new(query: query, data_bindings: @data_bindings)
|
|
399
|
+
result = POST(url, nil, data, false)
|
|
400
|
+
LocalQueryResult.new(**result)
|
|
401
|
+
end
|
|
402
|
+
|
|
359
403
|
def clear_data
|
|
360
404
|
url = '/clear_data'
|
|
361
405
|
result = POST(url, nil, nil, true)
|
|
@@ -452,11 +496,10 @@ module OsoCloud
|
|
|
452
496
|
|
|
453
497
|
def handle_faraday_error(error)
|
|
454
498
|
resp = error.response
|
|
455
|
-
|
|
456
|
-
err = if resp.respond_to? :body
|
|
457
|
-
resp.body[:message]
|
|
458
|
-
else
|
|
499
|
+
err = if resp.nil? || resp[:body].nil? || resp[:body][:message].nil?
|
|
459
500
|
error.message
|
|
501
|
+
else
|
|
502
|
+
resp[:body][:message]
|
|
460
503
|
end
|
|
461
504
|
raise ApiError.new(message: err)
|
|
462
505
|
end
|
data/lib/oso/oso.rb
CHANGED
|
@@ -28,8 +28,8 @@ module OsoCloud
|
|
|
28
28
|
# Any other elements in the array, which together represent the fact's arguments,
|
|
29
29
|
# can be "OsoCloud::Value" objects or strings.
|
|
30
30
|
class Oso
|
|
31
|
-
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
|
|
32
|
-
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
|
|
31
|
+
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
|
|
32
|
+
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
##
|
|
@@ -71,6 +71,50 @@ module OsoCloud
|
|
|
71
71
|
result.allowed
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
##
|
|
75
|
+
# Check a permission depending on data both in Oso Cloud and stored in a local database
|
|
76
|
+
#
|
|
77
|
+
# Returns a SQL query to run against the local database
|
|
78
|
+
#
|
|
79
|
+
# @param actor [OsoCloud::Value]
|
|
80
|
+
# @param action [String]
|
|
81
|
+
# @param resource [OsoCloud::Value]
|
|
82
|
+
# @return [Array<String>]
|
|
83
|
+
def authorize_local(actor, action, resource)
|
|
84
|
+
actor_typed_id = actor.to_api_value
|
|
85
|
+
resource_typed_id = resource.to_api_value
|
|
86
|
+
result = @api.post_authorize_query(OsoCloud::Core::AuthorizeQuery.new(
|
|
87
|
+
actor_type: actor_typed_id.type,
|
|
88
|
+
actor_id: actor_typed_id.id,
|
|
89
|
+
action: action,
|
|
90
|
+
resource_type: resource_typed_id.type,
|
|
91
|
+
resource_id: resource_typed_id.id,
|
|
92
|
+
context_facts: []
|
|
93
|
+
))
|
|
94
|
+
result.sql
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
##
|
|
98
|
+
# List authorized resources depending on data both in Oso Cloud and stored in a local database
|
|
99
|
+
#
|
|
100
|
+
# Returns a SQL query to run against the local database
|
|
101
|
+
#
|
|
102
|
+
# @param actor [OsoCloud::Value]
|
|
103
|
+
# @param action [String]
|
|
104
|
+
# @param resource_type [String]
|
|
105
|
+
# @return [Array<String>]
|
|
106
|
+
def list_local(actor, action, resource_type)
|
|
107
|
+
actor_typed_id = actor.to_api_value
|
|
108
|
+
result = @api.post_list_query(OsoCloud::Core::ListQuery.new(
|
|
109
|
+
actor_type: actor_typed_id.type,
|
|
110
|
+
actor_id: actor_typed_id.id,
|
|
111
|
+
action: action,
|
|
112
|
+
resource_type: resource_type,
|
|
113
|
+
context_facts: []
|
|
114
|
+
))
|
|
115
|
+
result.sql
|
|
116
|
+
end
|
|
117
|
+
|
|
74
118
|
##
|
|
75
119
|
# Check authorized resources
|
|
76
120
|
#
|
data/lib/oso/version.rb
CHANGED
data/oso-cloud.gemspec
CHANGED
|
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_dependency 'faraday-retry', '~> 2.0.0'
|
|
25
25
|
spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
|
|
26
26
|
spec.add_development_dependency 'minitest', '~> 5.15'
|
|
27
|
+
spec.add_development_dependency 'pg', '~> 1.0'
|
|
28
|
+
spec.add_development_dependency 'activerecord', '~> 7.0'
|
|
27
29
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.1.pre
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-02-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -66,7 +66,35 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '5.15'
|
|
69
|
-
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: pg
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '1.0'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '1.0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: activerecord
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - "~>"
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '7.0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - "~>"
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '7.0'
|
|
97
|
+
description:
|
|
70
98
|
email:
|
|
71
99
|
- support@osohq.com
|
|
72
100
|
executables: []
|
|
@@ -91,7 +119,7 @@ homepage: https://www.osohq.com/
|
|
|
91
119
|
licenses:
|
|
92
120
|
- Apache-2.0
|
|
93
121
|
metadata: {}
|
|
94
|
-
post_install_message:
|
|
122
|
+
post_install_message:
|
|
95
123
|
rdoc_options: []
|
|
96
124
|
require_paths:
|
|
97
125
|
- lib
|
|
@@ -107,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
107
135
|
version: 1.3.1
|
|
108
136
|
requirements: []
|
|
109
137
|
rubygems_version: 3.2.33
|
|
110
|
-
signing_key:
|
|
138
|
+
signing_key:
|
|
111
139
|
specification_version: 4
|
|
112
140
|
summary: Oso Cloud Ruby client
|
|
113
141
|
test_files: []
|