oso-cloud 1.4.1 → 1.5.0.pre

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +32 -2
  3. data/lib/oso/api.rb +45 -1
  4. data/lib/oso/oso.rb +46 -2
  5. data/lib/oso/version.rb +1 -1
  6. data/oso-cloud.gemspec +2 -0
  7. metadata +32 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4f65c9e4cafbbd08a93b4c772310d2741bd3a8a7f9f9fe90c15bf06e4f98f3c5
4
- data.tar.gz: 0fed4dce1b4043811202203fae204454b086327f6204f88ada6ec9d57710e914
3
+ metadata.gz: 310422514ccb68c2540ae5a2ce16873be40e8d59a7c57861552d4589eb95ebb5
4
+ data.tar.gz: 0f75e291effa87ff7b6887c00202fa56938822f837dcd1feeaa257d9a6c931a4
5
5
  SHA512:
6
- metadata.gz: 59a1e5af09cbcf16f6bcb01b951ad75ff0e80351c94e27968c82f95ecdf308aac98a70b7d6f6e98287a4e6eae9b76276497f47267c8c3c195fcfa80f41843494
7
- data.tar.gz: 42d8ac7a9a9366c6e338e86ce27cd8249615b7c268e8c5abda237719e489fc09ffa71743a2c69828a660f27aa67fdde2514eb34206c5c03e502209b4951caf76
6
+ metadata.gz: 766038bec33959a1b400e2a63a3b5de71acfa3b55a6d24d88ebcf20dcf73f94251f05a3279120a8506901f8234191159355696442c43052860cd0a49eafcf5c2
7
+ data.tar.gz: 8932d721294ba88b589a64b75236af34ed7386bd7f5e18416f85a66358a3a84c737ed359e8a68d93c7d8491784b710d54ec5f4508dd67b8ee37ec30ab39568af
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.4.1)
4
+ oso-cloud (1.5.0.pre)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
@@ -9,7 +9,28 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
+ activemodel (7.1.3)
13
+ activesupport (= 7.1.3)
14
+ activerecord (7.1.3)
15
+ activemodel (= 7.1.3)
16
+ activesupport (= 7.1.3)
17
+ timeout (>= 0.4.0)
18
+ activesupport (7.1.3)
19
+ base64
20
+ bigdecimal
21
+ concurrent-ruby (~> 1.0, >= 1.0.2)
22
+ connection_pool (>= 2.2.5)
23
+ drb
24
+ i18n (>= 1.6, < 2)
25
+ minitest (>= 5.1)
26
+ mutex_m
27
+ tzinfo (~> 2.0)
28
+ base64 (0.2.0)
29
+ bigdecimal (3.1.6)
30
+ concurrent-ruby (1.2.3)
12
31
  connection_pool (2.4.1)
32
+ drb (2.2.0)
33
+ ruby2_keywords
13
34
  faraday (2.5.2)
14
35
  faraday-net_http (>= 2.0, < 3.1)
15
36
  ruby2_keywords (>= 0.0.4)
@@ -19,19 +40,28 @@ GEM
19
40
  net-http-persistent (~> 4.0)
20
41
  faraday-retry (2.0.0)
21
42
  faraday (~> 2.0)
43
+ i18n (1.14.1)
44
+ concurrent-ruby (~> 1.0)
22
45
  minitest (5.18.0)
46
+ mutex_m (0.2.0)
23
47
  net-http-persistent (4.0.2)
24
48
  connection_pool (~> 2.2)
49
+ pg (1.5.4)
25
50
  rake (12.3.3)
26
51
  ruby2_keywords (0.0.5)
52
+ timeout (0.4.1)
53
+ tzinfo (2.0.6)
54
+ concurrent-ruby (~> 1.0)
27
55
 
28
56
  PLATFORMS
29
57
  ruby
30
58
 
31
59
  DEPENDENCIES
60
+ activerecord (~> 7.0)
32
61
  minitest (~> 5.15)
33
62
  oso-cloud!
63
+ pg (~> 1.0)
34
64
  rake (~> 12.0)
35
65
 
36
66
  BUNDLED WITH
37
- 2.3.13
67
+ 2.5.6
data/lib/oso/api.rb CHANGED
@@ -202,9 +202,38 @@ module OsoCloud
202
202
  end
203
203
  end
204
204
 
205
+ # @!visibility private
206
+ class LocalAuthQuery
207
+ attr_reader :query, :data_bindings
208
+
209
+ def initialize(query:, data_bindings:)
210
+ @query = query
211
+ @data_bindings = data_bindings
212
+ end
213
+ end
214
+
215
+ # @!visibility private
216
+ class LocalListQuery
217
+ attr_reader :query, :data_bindings
218
+
219
+ def initialize(query:, data_bindings:)
220
+ @query = query
221
+ @data_bindings = data_bindings
222
+ end
223
+ end
224
+
225
+ # @!visibility private
226
+ class LocalQueryResult
227
+ attr_reader :sql
228
+
229
+ def initialize(sql:)
230
+ @sql = sql
231
+ end
232
+ end
233
+
205
234
  # @!visibility private
206
235
  class Api
207
- def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
236
+ def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
208
237
  @url = url
209
238
  @connection = Faraday.new(url: url) do |faraday|
210
239
  faraday.request :json
@@ -262,6 +291,7 @@ module OsoCloud
262
291
  @api_key = api_key
263
292
  @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
264
293
  @last_offset = nil
294
+ @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
265
295
  end
266
296
 
267
297
  def fallback_eligible(path)
@@ -356,6 +386,20 @@ module OsoCloud
356
386
  StatsResult.new(**result)
357
387
  end
358
388
 
389
+ def post_authorize_query(query)
390
+ url = '/authorize_query'
391
+ data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
392
+ result = POST(url, nil, data, false)
393
+ LocalQueryResult.new(**result)
394
+ end
395
+
396
+ def post_list_query(query)
397
+ url = '/list_query'
398
+ data = LocalListQuery.new(query: query, data_bindings: @data_bindings)
399
+ result = POST(url, nil, data, false)
400
+ LocalQueryResult.new(**result)
401
+ end
402
+
359
403
  def clear_data
360
404
  url = '/clear_data'
361
405
  result = POST(url, nil, nil, true)
data/lib/oso/oso.rb CHANGED
@@ -28,8 +28,8 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
32
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
31
+ def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
32
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
33
33
  end
34
34
 
35
35
  ##
@@ -71,6 +71,50 @@ module OsoCloud
71
71
  result.allowed
72
72
  end
73
73
 
74
+ ##
75
+ # Check a permission depending on data both in Oso Cloud and stored in a local database
76
+ #
77
+ # Returns a SQL query to run against the local database
78
+ #
79
+ # @param actor [OsoCloud::Value]
80
+ # @param action [String]
81
+ # @param resource [OsoCloud::Value]
82
+ # @return [Array<String>]
83
+ def authorize_local(actor, action, resource)
84
+ actor_typed_id = actor.to_api_value
85
+ resource_typed_id = resource.to_api_value
86
+ result = @api.post_authorize_query(OsoCloud::Core::AuthorizeQuery.new(
87
+ actor_type: actor_typed_id.type,
88
+ actor_id: actor_typed_id.id,
89
+ action: action,
90
+ resource_type: resource_typed_id.type,
91
+ resource_id: resource_typed_id.id,
92
+ context_facts: []
93
+ ))
94
+ result.sql
95
+ end
96
+
97
+ ##
98
+ # List authorized resources depending on data both in Oso Cloud and stored in a local database
99
+ #
100
+ # Returns a SQL query to run against the local database
101
+ #
102
+ # @param actor [OsoCloud::Value]
103
+ # @param action [String]
104
+ # @param resource_type [String]
105
+ # @return [Array<String>]
106
+ def list_local(actor, action, resource_type)
107
+ actor_typed_id = actor.to_api_value
108
+ result = @api.post_list_query(OsoCloud::Core::ListQuery.new(
109
+ actor_type: actor_typed_id.type,
110
+ actor_id: actor_typed_id.id,
111
+ action: action,
112
+ resource_type: resource_type,
113
+ context_facts: []
114
+ ))
115
+ result.sql
116
+ end
117
+
74
118
  ##
75
119
  # Check authorized resources
76
120
  #
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.4.1'.freeze
2
+ VERSION = '1.5.0.pre'.freeze
3
3
  end
data/oso-cloud.gemspec CHANGED
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
24
24
  spec.add_dependency 'faraday-retry', '~> 2.0.0'
25
25
  spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
26
26
  spec.add_development_dependency 'minitest', '~> 5.15'
27
+ spec.add_development_dependency 'pg', '~> 1.0'
28
+ spec.add_development_dependency 'activerecord', '~> 7.0'
27
29
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.1
4
+ version: 1.5.0.pre
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-12-01 00:00:00.000000000 Z
11
+ date: 2024-02-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -66,6 +66,34 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5.15'
69
+ - !ruby/object:Gem::Dependency
70
+ name: pg
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: activerecord
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '7.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '7.0'
69
97
  description:
70
98
  email:
71
99
  - support@osohq.com
@@ -102,9 +130,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
102
130
  version: 3.0.0
103
131
  required_rubygems_version: !ruby/object:Gem::Requirement
104
132
  requirements:
105
- - - ">="
133
+ - - ">"
106
134
  - !ruby/object:Gem::Version
107
- version: '0'
135
+ version: 1.3.1
108
136
  requirements: []
109
137
  rubygems_version: 3.2.33
110
138
  signing_key: