RubyGems - oso-cloud - Versions diffs - 1.4.1 → 1.5.0.pre.1 - Mend

oso-cloud 1.4.1 → 1.5.0.pre.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4f65c9e4cafbbd08a93b4c772310d2741bd3a8a7f9f9fe90c15bf06e4f98f3c5
-  data.tar.gz: 0fed4dce1b4043811202203fae204454b086327f6204f88ada6ec9d57710e914
+  metadata.gz: 49263eac12bcf56f22f66f9bf6a456164dc69ec1f2406c78ce09541638782ec4
+  data.tar.gz: '0488d56163f5fa068152c25f391f668542a92ecc43e385f63ef92728d37ee2be'
 SHA512:
-  metadata.gz: 59a1e5af09cbcf16f6bcb01b951ad75ff0e80351c94e27968c82f95ecdf308aac98a70b7d6f6e98287a4e6eae9b76276497f47267c8c3c195fcfa80f41843494
-  data.tar.gz: 42d8ac7a9a9366c6e338e86ce27cd8249615b7c268e8c5abda237719e489fc09ffa71743a2c69828a660f27aa67fdde2514eb34206c5c03e502209b4951caf76
+  metadata.gz: 49c372d256f076a88ff06fb539ff894d6040250c2244f3c6e1affbaf9990515ab364af3961479c41180751d7c2c01ebbebbb9decae0dc602fa29ad06f87315f1
+  data.tar.gz: f657048f571981bf2b51ac7a41b0865526857d6ffc90e96db9a2a95f82dff5cf889bf264e1c8232c157367c996c6c9be66a3d050290eddbcbfcdb17dd97dfe6d

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-cloud (1.4.1)
+    oso-cloud (1.5.0.pre.1)
       faraday (~> 2.5.2)
       faraday-net_http_persistent (~> 2.0)
       faraday-retry (~> 2.0.0)
@@ -9,7 +9,28 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
+    activemodel (7.1.3)
+      activesupport (= 7.1.3)
+    activerecord (7.1.3)
+      activemodel (= 7.1.3)
+      activesupport (= 7.1.3)
+      timeout (>= 0.4.0)
+    activesupport (7.1.3)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      mutex_m
+      tzinfo (~> 2.0)
+    base64 (0.2.0)
+    bigdecimal (3.1.6)
+    concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
+    drb (2.2.0)
+      ruby2_keywords
     faraday (2.5.2)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
@@ -19,19 +40,28 @@ GEM
       net-http-persistent (~> 4.0)
     faraday-retry (2.0.0)
       faraday (~> 2.0)
+    i18n (1.14.1)
+      concurrent-ruby (~> 1.0)
     minitest (5.18.0)
+    mutex_m (0.2.0)
     net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
+    pg (1.5.4)
     rake (12.3.3)
     ruby2_keywords (0.0.5)
+    timeout (0.4.1)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
 PLATFORMS
   ruby
 DEPENDENCIES
+  activerecord (~> 7.0)
   minitest (~> 5.15)
   oso-cloud!
+  pg (~> 1.0)
   rake (~> 12.0)
 BUNDLED WITH
-   2.3.13
+   2.5.6

data/lib/oso/api.rb CHANGED Viewed

@@ -202,9 +202,39 @@ module OsoCloud
       end
     end
+    # @!visibility private
+    class LocalAuthQuery
+      attr_reader :query, :data_bindings
+      def initialize(query:, data_bindings:)
+        @query = query
+        @data_bindings = data_bindings
+      end
+    end
+    # @!visibility private
+    class LocalListQuery
+      attr_reader :query, :column, :data_bindings
+      def initialize(query:, column:, data_bindings:)
+        @query = query
+        @column = column
+        @data_bindings = data_bindings
+      end
+    end
+    # @!visibility private
+    class LocalQueryResult
+      attr_reader :sql
+      def initialize(sql:)
+        @sql = sql
+      end
+    end
     # @!visibility private
     class Api
-      def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
+      def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
         @url = url
         @connection = Faraday.new(url: url) do |faraday|
           faraday.request :json
@@ -262,6 +292,7 @@ module OsoCloud
         @api_key = api_key
         @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
         @last_offset = nil
+        @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
       end
       def fallback_eligible(path)
@@ -356,6 +387,20 @@ module OsoCloud
         StatsResult.new(**result)
       end
+      def post_authorize_query(query)
+        url = '/authorize_query'
+        data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
+        result = POST(url, nil, data, false)
+        LocalQueryResult.new(**result)
+      end
+      def post_list_query(query:, column:)
+        url = '/list_query'
+        data = LocalListQuery.new(query: query, column: column, data_bindings: @data_bindings)
+        result = POST(url, nil, data, false)
+        LocalQueryResult.new(**result)
+      end
       def clear_data
         url = '/clear_data'
         result = POST(url, nil, nil, true)

data/lib/oso/oso.rb CHANGED Viewed

@@ -28,8 +28,8 @@ module OsoCloud
   # Any other elements in the array, which together represent the fact's arguments,
   # can be "OsoCloud::Value" objects or strings.
   class Oso
-    def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
-      @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
+    def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
+      @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
     end
     ##
@@ -71,6 +71,56 @@ module OsoCloud
       result.allowed
     end
+    ##
+    # Check a permission depending on data both in Oso Cloud and stored in a local database
+    #
+    # Returns a SQL query to run against the local database
+    #
+    # @param actor [OsoCloud::Value]
+    # @param action [String]
+    # @param resource [OsoCloud::Value]
+    # @param column [String]
+    # @return [Array<String>]
+    def authorize_local(actor, action, resource)
+      actor_typed_id = actor.to_api_value
+      resource_typed_id = resource.to_api_value
+      result = @api.post_authorize_query(
+        OsoCloud::Core::AuthorizeQuery.new(
+          actor_type: actor_typed_id.type,
+          actor_id: actor_typed_id.id,
+          action: action,
+          resource_type: resource_typed_id.type,
+          resource_id: resource_typed_id.id,
+          context_facts: []
+        )
+      )
+      result.sql
+    end
+    ##
+    # List authorized resources depending on data both in Oso Cloud and stored in a local database
+    #
+    # Returns a SQL query to run against the local database
+    #
+    # @param actor [OsoCloud::Value]
+    # @param action [String]
+    # @param resource_type [String]
+    # @return [Array<String>]
+    def list_local(actor, action, resource_type, column)
+      actor_typed_id = actor.to_api_value
+      result = @api.post_list_query(
+        query: OsoCloud::Core::ListQuery.new(
+          actor_type: actor_typed_id.type,
+          actor_id: actor_typed_id.id,
+          action: action,
+          resource_type: resource_type,
+          context_facts: []
+        ),
+        column: column
+      )
+      result.sql
+    end
     ##
     # Check authorized resources
     #

data/lib/oso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module OsoCloud
-  VERSION = '1.4.1'.freeze
+  VERSION = '1.5.0.pre.1'.freeze
 end

data/oso-cloud.gemspec CHANGED Viewed

@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'faraday-retry', '~> 2.0.0'
   spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
   spec.add_development_dependency 'minitest', '~> 5.15'
+  spec.add_development_dependency 'pg', '~> 1.0'
+  spec.add_development_dependency 'activerecord', '~> 7.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oso-cloud
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0.pre.1
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-12-01 00:00:00.000000000 Z
+date: 2024-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -66,6 +66,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.15'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
 description:
 email:
 - support@osohq.com
@@ -102,9 +130,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.2.33
 signing_key: