oso-cloud 1.5.0.pre.1 → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +2 -32
  3. data/lib/oso/api.rb +44 -46
  4. data/lib/oso/oso.rb +8 -52
  5. data/lib/oso/version.rb +1 -1
  6. data/oso-cloud.gemspec +0 -2
  7. metadata +4 -32
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 49263eac12bcf56f22f66f9bf6a456164dc69ec1f2406c78ce09541638782ec4
4
- data.tar.gz: '0488d56163f5fa068152c25f391f668542a92ecc43e385f63ef92728d37ee2be'
3
+ metadata.gz: 8caffaaf6fc5b7f40897324bf031d6151d1a89f325c0a923faf90a83b69450db
4
+ data.tar.gz: 6bac277adc4fb5f09613b45bd4dfe234c20650b8109111315f7b34d5c1fa8889
5
5
  SHA512:
6
- metadata.gz: 49c372d256f076a88ff06fb539ff894d6040250c2244f3c6e1affbaf9990515ab364af3961479c41180751d7c2c01ebbebbb9decae0dc602fa29ad06f87315f1
7
- data.tar.gz: f657048f571981bf2b51ac7a41b0865526857d6ffc90e96db9a2a95f82dff5cf889bf264e1c8232c157367c996c6c9be66a3d050290eddbcbfcdb17dd97dfe6d
6
+ metadata.gz: 9ec6d213cd63d70183c7364607377dc65ad4d814c7274421d5420e27a2105b7dfa8ad5efcf3f11e0678acd7f2d182c6695126cc3202aba5b16560da2e88902b2
7
+ data.tar.gz: 3edaab02b6ac4614efd53e4674827ccd92a5680ad063b380cebc9373e4a195cee243cae0da100f51129d9a34913d3e8dd8e5aac3e8ef8c4fc91648602bdd2b00
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.5.0.pre.1)
4
+ oso-cloud (1.5.0)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
@@ -9,28 +9,7 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- activemodel (7.1.3)
13
- activesupport (= 7.1.3)
14
- activerecord (7.1.3)
15
- activemodel (= 7.1.3)
16
- activesupport (= 7.1.3)
17
- timeout (>= 0.4.0)
18
- activesupport (7.1.3)
19
- base64
20
- bigdecimal
21
- concurrent-ruby (~> 1.0, >= 1.0.2)
22
- connection_pool (>= 2.2.5)
23
- drb
24
- i18n (>= 1.6, < 2)
25
- minitest (>= 5.1)
26
- mutex_m
27
- tzinfo (~> 2.0)
28
- base64 (0.2.0)
29
- bigdecimal (3.1.6)
30
- concurrent-ruby (1.2.3)
31
12
  connection_pool (2.4.1)
32
- drb (2.2.0)
33
- ruby2_keywords
34
13
  faraday (2.5.2)
35
14
  faraday-net_http (>= 2.0, < 3.1)
36
15
  ruby2_keywords (>= 0.0.4)
@@ -40,28 +19,19 @@ GEM
40
19
  net-http-persistent (~> 4.0)
41
20
  faraday-retry (2.0.0)
42
21
  faraday (~> 2.0)
43
- i18n (1.14.1)
44
- concurrent-ruby (~> 1.0)
45
22
  minitest (5.18.0)
46
- mutex_m (0.2.0)
47
23
  net-http-persistent (4.0.2)
48
24
  connection_pool (~> 2.2)
49
- pg (1.5.4)
50
25
  rake (12.3.3)
51
26
  ruby2_keywords (0.0.5)
52
- timeout (0.4.1)
53
- tzinfo (2.0.6)
54
- concurrent-ruby (~> 1.0)
55
27
 
56
28
  PLATFORMS
57
29
  ruby
58
30
 
59
31
  DEPENDENCIES
60
- activerecord (~> 7.0)
61
32
  minitest (~> 5.15)
62
33
  oso-cloud!
63
- pg (~> 1.0)
64
34
  rake (~> 12.0)
65
35
 
66
36
  BUNDLED WITH
67
- 2.5.6
37
+ 2.3.13
data/lib/oso/api.rb CHANGED
@@ -49,6 +49,43 @@ module OsoCloud
49
49
  end
50
50
  end
51
51
 
52
+ class PolicyMetadata
53
+ attr_reader :resources
54
+
55
+ def initialize(resources:)
56
+ @resources = resources.map do |k, v|
57
+ if v.is_a? ResourceMetadata
58
+ [k, v]
59
+ else
60
+ [k, ResourceMetadata.new(**v)]
61
+ end
62
+ end.to_h
63
+ end
64
+ end
65
+
66
+ class ResourceMetadata
67
+ attr_reader :roles, :permissions, :relations
68
+
69
+ def initialize(roles:, permissions:, relations:)
70
+ @roles = roles
71
+ @permissions = permissions
72
+ @relations = relations
73
+ end
74
+ end
75
+
76
+ # @!visibility private
77
+ class GetPolicyMetadataResult
78
+ attr_reader :metadata
79
+
80
+ def initialize(metadata:)
81
+ @metadata = if metadata.is_a? PolicyMetadata
82
+ metadata
83
+ else
84
+ PolicyMetadata.new(**metadata)
85
+ end
86
+ end
87
+ end
88
+
52
89
  # @!visibility private
53
90
  class Fact
54
91
  attr_reader :predicate, :args
@@ -202,39 +239,9 @@ module OsoCloud
202
239
  end
203
240
  end
204
241
 
205
- # @!visibility private
206
- class LocalAuthQuery
207
- attr_reader :query, :data_bindings
208
-
209
- def initialize(query:, data_bindings:)
210
- @query = query
211
- @data_bindings = data_bindings
212
- end
213
- end
214
-
215
- # @!visibility private
216
- class LocalListQuery
217
- attr_reader :query, :column, :data_bindings
218
-
219
- def initialize(query:, column:, data_bindings:)
220
- @query = query
221
- @column = column
222
- @data_bindings = data_bindings
223
- end
224
- end
225
-
226
- # @!visibility private
227
- class LocalQueryResult
228
- attr_reader :sql
229
-
230
- def initialize(sql:)
231
- @sql = sql
232
- end
233
- end
234
-
235
242
  # @!visibility private
236
243
  class Api
237
- def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
244
+ def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
238
245
  @url = url
239
246
  @connection = Faraday.new(url: url) do |faraday|
240
247
  faraday.request :json
@@ -292,7 +299,6 @@ module OsoCloud
292
299
  @api_key = api_key
293
300
  @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
294
301
  @last_offset = nil
295
- @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
296
302
  end
297
303
 
298
304
  def fallback_eligible(path)
@@ -309,6 +315,12 @@ module OsoCloud
309
315
  GetPolicyResult.new(**result)
310
316
  end
311
317
 
318
+ def get_policy_metadata
319
+ url = '/policy_metadata'
320
+ result = GET(url, nil)
321
+ GetPolicyMetadataResult.new(**result)
322
+ end
323
+
312
324
  def post_policy(data)
313
325
  url = '/policy'
314
326
  result = POST(url, nil, data, true)
@@ -387,20 +399,6 @@ module OsoCloud
387
399
  StatsResult.new(**result)
388
400
  end
389
401
 
390
- def post_authorize_query(query)
391
- url = '/authorize_query'
392
- data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
393
- result = POST(url, nil, data, false)
394
- LocalQueryResult.new(**result)
395
- end
396
-
397
- def post_list_query(query:, column:)
398
- url = '/list_query'
399
- data = LocalListQuery.new(query: query, column: column, data_bindings: @data_bindings)
400
- result = POST(url, nil, data, false)
401
- LocalQueryResult.new(**result)
402
- end
403
-
404
402
  def clear_data
405
403
  url = '/clear_data'
406
404
  result = POST(url, nil, nil, true)
data/lib/oso/oso.rb CHANGED
@@ -28,8 +28,8 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
32
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
31
+ def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
32
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
33
33
  end
34
34
 
35
35
  ##
@@ -45,6 +45,12 @@ module OsoCloud
45
45
  nil
46
46
  end
47
47
 
48
+ ##
49
+ # Returns metadata about the currently active policy
50
+ def get_policy_metadata
51
+ @api.get_policy_metadata.metadata
52
+ end
53
+
48
54
  ##
49
55
  # Check a permission
50
56
  #
@@ -71,56 +77,6 @@ module OsoCloud
71
77
  result.allowed
72
78
  end
73
79
 
74
- ##
75
- # Check a permission depending on data both in Oso Cloud and stored in a local database
76
- #
77
- # Returns a SQL query to run against the local database
78
- #
79
- # @param actor [OsoCloud::Value]
80
- # @param action [String]
81
- # @param resource [OsoCloud::Value]
82
- # @param column [String]
83
- # @return [Array<String>]
84
- def authorize_local(actor, action, resource)
85
- actor_typed_id = actor.to_api_value
86
- resource_typed_id = resource.to_api_value
87
- result = @api.post_authorize_query(
88
- OsoCloud::Core::AuthorizeQuery.new(
89
- actor_type: actor_typed_id.type,
90
- actor_id: actor_typed_id.id,
91
- action: action,
92
- resource_type: resource_typed_id.type,
93
- resource_id: resource_typed_id.id,
94
- context_facts: []
95
- )
96
- )
97
- result.sql
98
- end
99
-
100
- ##
101
- # List authorized resources depending on data both in Oso Cloud and stored in a local database
102
- #
103
- # Returns a SQL query to run against the local database
104
- #
105
- # @param actor [OsoCloud::Value]
106
- # @param action [String]
107
- # @param resource_type [String]
108
- # @return [Array<String>]
109
- def list_local(actor, action, resource_type, column)
110
- actor_typed_id = actor.to_api_value
111
- result = @api.post_list_query(
112
- query: OsoCloud::Core::ListQuery.new(
113
- actor_type: actor_typed_id.type,
114
- actor_id: actor_typed_id.id,
115
- action: action,
116
- resource_type: resource_type,
117
- context_facts: []
118
- ),
119
- column: column
120
- )
121
- result.sql
122
- end
123
-
124
80
  ##
125
81
  # Check authorized resources
126
82
  #
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.5.0.pre.1'.freeze
2
+ VERSION = '1.5.0'.freeze
3
3
  end
data/oso-cloud.gemspec CHANGED
@@ -24,6 +24,4 @@ Gem::Specification.new do |spec|
24
24
  spec.add_dependency 'faraday-retry', '~> 2.0.0'
25
25
  spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
26
26
  spec.add_development_dependency 'minitest', '~> 5.15'
27
- spec.add_development_dependency 'pg', '~> 1.0'
28
- spec.add_development_dependency 'activerecord', '~> 7.0'
29
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0.pre.1
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-02-15 00:00:00.000000000 Z
11
+ date: 2024-02-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -66,34 +66,6 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5.15'
69
- - !ruby/object:Gem::Dependency
70
- name: pg
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - "~>"
74
- - !ruby/object:Gem::Version
75
- version: '1.0'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - "~>"
81
- - !ruby/object:Gem::Version
82
- version: '1.0'
83
- - !ruby/object:Gem::Dependency
84
- name: activerecord
85
- requirement: !ruby/object:Gem::Requirement
86
- requirements:
87
- - - "~>"
88
- - !ruby/object:Gem::Version
89
- version: '7.0'
90
- type: :development
91
- prerelease: false
92
- version_requirements: !ruby/object:Gem::Requirement
93
- requirements:
94
- - - "~>"
95
- - !ruby/object:Gem::Version
96
- version: '7.0'
97
69
  description:
98
70
  email:
99
71
  - support@osohq.com
@@ -130,9 +102,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
130
102
  version: 3.0.0
131
103
  required_rubygems_version: !ruby/object:Gem::Requirement
132
104
  requirements:
133
- - - ">"
105
+ - - ">="
134
106
  - !ruby/object:Gem::Version
135
- version: 1.3.1
107
+ version: '0'
136
108
  requirements: []
137
109
  rubygems_version: 3.2.33
138
110
  signing_key: