oso-cloud 1.4.1 → 1.5.0.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +32 -2
  3. data/lib/oso/api.rb +45 -1
  4. data/lib/oso/oso.rb +46 -2
  5. data/lib/oso/version.rb +1 -1
  6. data/oso-cloud.gemspec +2 -0
  7. metadata +32 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4f65c9e4cafbbd08a93b4c772310d2741bd3a8a7f9f9fe90c15bf06e4f98f3c5
4
- data.tar.gz: 0fed4dce1b4043811202203fae204454b086327f6204f88ada6ec9d57710e914
3
+ metadata.gz: 310422514ccb68c2540ae5a2ce16873be40e8d59a7c57861552d4589eb95ebb5
4
+ data.tar.gz: 0f75e291effa87ff7b6887c00202fa56938822f837dcd1feeaa257d9a6c931a4
5
5
  SHA512:
6
- metadata.gz: 59a1e5af09cbcf16f6bcb01b951ad75ff0e80351c94e27968c82f95ecdf308aac98a70b7d6f6e98287a4e6eae9b76276497f47267c8c3c195fcfa80f41843494
7
- data.tar.gz: 42d8ac7a9a9366c6e338e86ce27cd8249615b7c268e8c5abda237719e489fc09ffa71743a2c69828a660f27aa67fdde2514eb34206c5c03e502209b4951caf76
6
+ metadata.gz: 766038bec33959a1b400e2a63a3b5de71acfa3b55a6d24d88ebcf20dcf73f94251f05a3279120a8506901f8234191159355696442c43052860cd0a49eafcf5c2
7
+ data.tar.gz: 8932d721294ba88b589a64b75236af34ed7386bd7f5e18416f85a66358a3a84c737ed359e8a68d93c7d8491784b710d54ec5f4508dd67b8ee37ec30ab39568af
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.4.1)
4
+ oso-cloud (1.5.0.pre)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
@@ -9,7 +9,28 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
+ activemodel (7.1.3)
13
+ activesupport (= 7.1.3)
14
+ activerecord (7.1.3)
15
+ activemodel (= 7.1.3)
16
+ activesupport (= 7.1.3)
17
+ timeout (>= 0.4.0)
18
+ activesupport (7.1.3)
19
+ base64
20
+ bigdecimal
21
+ concurrent-ruby (~> 1.0, >= 1.0.2)
22
+ connection_pool (>= 2.2.5)
23
+ drb
24
+ i18n (>= 1.6, < 2)
25
+ minitest (>= 5.1)
26
+ mutex_m
27
+ tzinfo (~> 2.0)
28
+ base64 (0.2.0)
29
+ bigdecimal (3.1.6)
30
+ concurrent-ruby (1.2.3)
12
31
  connection_pool (2.4.1)
32
+ drb (2.2.0)
33
+ ruby2_keywords
13
34
  faraday (2.5.2)
14
35
  faraday-net_http (>= 2.0, < 3.1)
15
36
  ruby2_keywords (>= 0.0.4)
@@ -19,19 +40,28 @@ GEM
19
40
  net-http-persistent (~> 4.0)
20
41
  faraday-retry (2.0.0)
21
42
  faraday (~> 2.0)
43
+ i18n (1.14.1)
44
+ concurrent-ruby (~> 1.0)
22
45
  minitest (5.18.0)
46
+ mutex_m (0.2.0)
23
47
  net-http-persistent (4.0.2)
24
48
  connection_pool (~> 2.2)
49
+ pg (1.5.4)
25
50
  rake (12.3.3)
26
51
  ruby2_keywords (0.0.5)
52
+ timeout (0.4.1)
53
+ tzinfo (2.0.6)
54
+ concurrent-ruby (~> 1.0)
27
55
 
28
56
  PLATFORMS
29
57
  ruby
30
58
 
31
59
  DEPENDENCIES
60
+ activerecord (~> 7.0)
32
61
  minitest (~> 5.15)
33
62
  oso-cloud!
63
+ pg (~> 1.0)
34
64
  rake (~> 12.0)
35
65
 
36
66
  BUNDLED WITH
37
- 2.3.13
67
+ 2.5.6
data/lib/oso/api.rb CHANGED
@@ -202,9 +202,38 @@ module OsoCloud
202
202
  end
203
203
  end
204
204
 
205
+ # @!visibility private
206
+ class LocalAuthQuery
207
+ attr_reader :query, :data_bindings
208
+
209
+ def initialize(query:, data_bindings:)
210
+ @query = query
211
+ @data_bindings = data_bindings
212
+ end
213
+ end
214
+
215
+ # @!visibility private
216
+ class LocalListQuery
217
+ attr_reader :query, :data_bindings
218
+
219
+ def initialize(query:, data_bindings:)
220
+ @query = query
221
+ @data_bindings = data_bindings
222
+ end
223
+ end
224
+
225
+ # @!visibility private
226
+ class LocalQueryResult
227
+ attr_reader :sql
228
+
229
+ def initialize(sql:)
230
+ @sql = sql
231
+ end
232
+ end
233
+
205
234
  # @!visibility private
206
235
  class Api
207
- def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
236
+ def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
208
237
  @url = url
209
238
  @connection = Faraday.new(url: url) do |faraday|
210
239
  faraday.request :json
@@ -262,6 +291,7 @@ module OsoCloud
262
291
  @api_key = api_key
263
292
  @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
264
293
  @last_offset = nil
294
+ @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
265
295
  end
266
296
 
267
297
  def fallback_eligible(path)
@@ -356,6 +386,20 @@ module OsoCloud
356
386
  StatsResult.new(**result)
357
387
  end
358
388
 
389
+ def post_authorize_query(query)
390
+ url = '/authorize_query'
391
+ data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
392
+ result = POST(url, nil, data, false)
393
+ LocalQueryResult.new(**result)
394
+ end
395
+
396
+ def post_list_query(query)
397
+ url = '/list_query'
398
+ data = LocalListQuery.new(query: query, data_bindings: @data_bindings)
399
+ result = POST(url, nil, data, false)
400
+ LocalQueryResult.new(**result)
401
+ end
402
+
359
403
  def clear_data
360
404
  url = '/clear_data'
361
405
  result = POST(url, nil, nil, true)
data/lib/oso/oso.rb CHANGED
@@ -28,8 +28,8 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
32
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
31
+ def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
32
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
33
33
  end
34
34
 
35
35
  ##
@@ -71,6 +71,50 @@ module OsoCloud
71
71
  result.allowed
72
72
  end
73
73
 
74
+ ##
75
+ # Check a permission depending on data both in Oso Cloud and stored in a local database
76
+ #
77
+ # Returns a SQL query to run against the local database
78
+ #
79
+ # @param actor [OsoCloud::Value]
80
+ # @param action [String]
81
+ # @param resource [OsoCloud::Value]
82
+ # @return [Array<String>]
83
+ def authorize_local(actor, action, resource)
84
+ actor_typed_id = actor.to_api_value
85
+ resource_typed_id = resource.to_api_value
86
+ result = @api.post_authorize_query(OsoCloud::Core::AuthorizeQuery.new(
87
+ actor_type: actor_typed_id.type,
88
+ actor_id: actor_typed_id.id,
89
+ action: action,
90
+ resource_type: resource_typed_id.type,
91
+ resource_id: resource_typed_id.id,
92
+ context_facts: []
93
+ ))
94
+ result.sql
95
+ end
96
+
97
+ ##
98
+ # List authorized resources depending on data both in Oso Cloud and stored in a local database
99
+ #
100
+ # Returns a SQL query to run against the local database
101
+ #
102
+ # @param actor [OsoCloud::Value]
103
+ # @param action [String]
104
+ # @param resource_type [String]
105
+ # @return [Array<String>]
106
+ def list_local(actor, action, resource_type)
107
+ actor_typed_id = actor.to_api_value
108
+ result = @api.post_list_query(OsoCloud::Core::ListQuery.new(
109
+ actor_type: actor_typed_id.type,
110
+ actor_id: actor_typed_id.id,
111
+ action: action,
112
+ resource_type: resource_type,
113
+ context_facts: []
114
+ ))
115
+ result.sql
116
+ end
117
+
74
118
  ##
75
119
  # Check authorized resources
76
120
  #
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.4.1'.freeze
2
+ VERSION = '1.5.0.pre'.freeze
3
3
  end
data/oso-cloud.gemspec CHANGED
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
24
24
  spec.add_dependency 'faraday-retry', '~> 2.0.0'
25
25
  spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
26
26
  spec.add_development_dependency 'minitest', '~> 5.15'
27
+ spec.add_development_dependency 'pg', '~> 1.0'
28
+ spec.add_development_dependency 'activerecord', '~> 7.0'
27
29
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.1
4
+ version: 1.5.0.pre
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-12-01 00:00:00.000000000 Z
11
+ date: 2024-02-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -66,6 +66,34 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5.15'
69
+ - !ruby/object:Gem::Dependency
70
+ name: pg
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: activerecord
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '7.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '7.0'
69
97
  description:
70
98
  email:
71
99
  - support@osohq.com
@@ -102,9 +130,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
102
130
  version: 3.0.0
103
131
  required_rubygems_version: !ruby/object:Gem::Requirement
104
132
  requirements:
105
- - - ">="
133
+ - - ">"
106
134
  - !ruby/object:Gem::Version
107
- version: '0'
135
+ version: 1.3.1
108
136
  requirements: []
109
137
  rubygems_version: 3.2.33
110
138
  signing_key: