oso-cloud 1.5.0.pre → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 310422514ccb68c2540ae5a2ce16873be40e8d59a7c57861552d4589eb95ebb5
4
- data.tar.gz: 0f75e291effa87ff7b6887c00202fa56938822f837dcd1feeaa257d9a6c931a4
3
+ metadata.gz: 8caffaaf6fc5b7f40897324bf031d6151d1a89f325c0a923faf90a83b69450db
4
+ data.tar.gz: 6bac277adc4fb5f09613b45bd4dfe234c20650b8109111315f7b34d5c1fa8889
5
5
  SHA512:
6
- metadata.gz: 766038bec33959a1b400e2a63a3b5de71acfa3b55a6d24d88ebcf20dcf73f94251f05a3279120a8506901f8234191159355696442c43052860cd0a49eafcf5c2
7
- data.tar.gz: 8932d721294ba88b589a64b75236af34ed7386bd7f5e18416f85a66358a3a84c737ed359e8a68d93c7d8491784b710d54ec5f4508dd67b8ee37ec30ab39568af
6
+ metadata.gz: 9ec6d213cd63d70183c7364607377dc65ad4d814c7274421d5420e27a2105b7dfa8ad5efcf3f11e0678acd7f2d182c6695126cc3202aba5b16560da2e88902b2
7
+ data.tar.gz: 3edaab02b6ac4614efd53e4674827ccd92a5680ad063b380cebc9373e4a195cee243cae0da100f51129d9a34913d3e8dd8e5aac3e8ef8c4fc91648602bdd2b00
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.5.0.pre)
4
+ oso-cloud (1.5.0)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
@@ -9,28 +9,7 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- activemodel (7.1.3)
13
- activesupport (= 7.1.3)
14
- activerecord (7.1.3)
15
- activemodel (= 7.1.3)
16
- activesupport (= 7.1.3)
17
- timeout (>= 0.4.0)
18
- activesupport (7.1.3)
19
- base64
20
- bigdecimal
21
- concurrent-ruby (~> 1.0, >= 1.0.2)
22
- connection_pool (>= 2.2.5)
23
- drb
24
- i18n (>= 1.6, < 2)
25
- minitest (>= 5.1)
26
- mutex_m
27
- tzinfo (~> 2.0)
28
- base64 (0.2.0)
29
- bigdecimal (3.1.6)
30
- concurrent-ruby (1.2.3)
31
12
  connection_pool (2.4.1)
32
- drb (2.2.0)
33
- ruby2_keywords
34
13
  faraday (2.5.2)
35
14
  faraday-net_http (>= 2.0, < 3.1)
36
15
  ruby2_keywords (>= 0.0.4)
@@ -40,28 +19,19 @@ GEM
40
19
  net-http-persistent (~> 4.0)
41
20
  faraday-retry (2.0.0)
42
21
  faraday (~> 2.0)
43
- i18n (1.14.1)
44
- concurrent-ruby (~> 1.0)
45
22
  minitest (5.18.0)
46
- mutex_m (0.2.0)
47
23
  net-http-persistent (4.0.2)
48
24
  connection_pool (~> 2.2)
49
- pg (1.5.4)
50
25
  rake (12.3.3)
51
26
  ruby2_keywords (0.0.5)
52
- timeout (0.4.1)
53
- tzinfo (2.0.6)
54
- concurrent-ruby (~> 1.0)
55
27
 
56
28
  PLATFORMS
57
29
  ruby
58
30
 
59
31
  DEPENDENCIES
60
- activerecord (~> 7.0)
61
32
  minitest (~> 5.15)
62
33
  oso-cloud!
63
- pg (~> 1.0)
64
34
  rake (~> 12.0)
65
35
 
66
36
  BUNDLED WITH
67
- 2.5.6
37
+ 2.3.13
data/lib/oso/api.rb CHANGED
@@ -49,6 +49,43 @@ module OsoCloud
49
49
  end
50
50
  end
51
51
 
52
+ class PolicyMetadata
53
+ attr_reader :resources
54
+
55
+ def initialize(resources:)
56
+ @resources = resources.map do |k, v|
57
+ if v.is_a? ResourceMetadata
58
+ [k, v]
59
+ else
60
+ [k, ResourceMetadata.new(**v)]
61
+ end
62
+ end.to_h
63
+ end
64
+ end
65
+
66
+ class ResourceMetadata
67
+ attr_reader :roles, :permissions, :relations
68
+
69
+ def initialize(roles:, permissions:, relations:)
70
+ @roles = roles
71
+ @permissions = permissions
72
+ @relations = relations
73
+ end
74
+ end
75
+
76
+ # @!visibility private
77
+ class GetPolicyMetadataResult
78
+ attr_reader :metadata
79
+
80
+ def initialize(metadata:)
81
+ @metadata = if metadata.is_a? PolicyMetadata
82
+ metadata
83
+ else
84
+ PolicyMetadata.new(**metadata)
85
+ end
86
+ end
87
+ end
88
+
52
89
  # @!visibility private
53
90
  class Fact
54
91
  attr_reader :predicate, :args
@@ -202,38 +239,9 @@ module OsoCloud
202
239
  end
203
240
  end
204
241
 
205
- # @!visibility private
206
- class LocalAuthQuery
207
- attr_reader :query, :data_bindings
208
-
209
- def initialize(query:, data_bindings:)
210
- @query = query
211
- @data_bindings = data_bindings
212
- end
213
- end
214
-
215
- # @!visibility private
216
- class LocalListQuery
217
- attr_reader :query, :data_bindings
218
-
219
- def initialize(query:, data_bindings:)
220
- @query = query
221
- @data_bindings = data_bindings
222
- end
223
- end
224
-
225
- # @!visibility private
226
- class LocalQueryResult
227
- attr_reader :sql
228
-
229
- def initialize(sql:)
230
- @sql = sql
231
- end
232
- end
233
-
234
242
  # @!visibility private
235
243
  class Api
236
- def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
244
+ def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
237
245
  @url = url
238
246
  @connection = Faraday.new(url: url) do |faraday|
239
247
  faraday.request :json
@@ -291,7 +299,6 @@ module OsoCloud
291
299
  @api_key = api_key
292
300
  @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
293
301
  @last_offset = nil
294
- @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
295
302
  end
296
303
 
297
304
  def fallback_eligible(path)
@@ -308,6 +315,12 @@ module OsoCloud
308
315
  GetPolicyResult.new(**result)
309
316
  end
310
317
 
318
+ def get_policy_metadata
319
+ url = '/policy_metadata'
320
+ result = GET(url, nil)
321
+ GetPolicyMetadataResult.new(**result)
322
+ end
323
+
311
324
  def post_policy(data)
312
325
  url = '/policy'
313
326
  result = POST(url, nil, data, true)
@@ -386,20 +399,6 @@ module OsoCloud
386
399
  StatsResult.new(**result)
387
400
  end
388
401
 
389
- def post_authorize_query(query)
390
- url = '/authorize_query'
391
- data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
392
- result = POST(url, nil, data, false)
393
- LocalQueryResult.new(**result)
394
- end
395
-
396
- def post_list_query(query)
397
- url = '/list_query'
398
- data = LocalListQuery.new(query: query, data_bindings: @data_bindings)
399
- result = POST(url, nil, data, false)
400
- LocalQueryResult.new(**result)
401
- end
402
-
403
402
  def clear_data
404
403
  url = '/clear_data'
405
404
  result = POST(url, nil, nil, true)
data/lib/oso/oso.rb CHANGED
@@ -28,8 +28,8 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
32
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
31
+ def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
32
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
33
33
  end
34
34
 
35
35
  ##
@@ -45,6 +45,12 @@ module OsoCloud
45
45
  nil
46
46
  end
47
47
 
48
+ ##
49
+ # Returns metadata about the currently active policy
50
+ def get_policy_metadata
51
+ @api.get_policy_metadata.metadata
52
+ end
53
+
48
54
  ##
49
55
  # Check a permission
50
56
  #
@@ -71,50 +77,6 @@ module OsoCloud
71
77
  result.allowed
72
78
  end
73
79
 
74
- ##
75
- # Check a permission depending on data both in Oso Cloud and stored in a local database
76
- #
77
- # Returns a SQL query to run against the local database
78
- #
79
- # @param actor [OsoCloud::Value]
80
- # @param action [String]
81
- # @param resource [OsoCloud::Value]
82
- # @return [Array<String>]
83
- def authorize_local(actor, action, resource)
84
- actor_typed_id = actor.to_api_value
85
- resource_typed_id = resource.to_api_value
86
- result = @api.post_authorize_query(OsoCloud::Core::AuthorizeQuery.new(
87
- actor_type: actor_typed_id.type,
88
- actor_id: actor_typed_id.id,
89
- action: action,
90
- resource_type: resource_typed_id.type,
91
- resource_id: resource_typed_id.id,
92
- context_facts: []
93
- ))
94
- result.sql
95
- end
96
-
97
- ##
98
- # List authorized resources depending on data both in Oso Cloud and stored in a local database
99
- #
100
- # Returns a SQL query to run against the local database
101
- #
102
- # @param actor [OsoCloud::Value]
103
- # @param action [String]
104
- # @param resource_type [String]
105
- # @return [Array<String>]
106
- def list_local(actor, action, resource_type)
107
- actor_typed_id = actor.to_api_value
108
- result = @api.post_list_query(OsoCloud::Core::ListQuery.new(
109
- actor_type: actor_typed_id.type,
110
- actor_id: actor_typed_id.id,
111
- action: action,
112
- resource_type: resource_type,
113
- context_facts: []
114
- ))
115
- result.sql
116
- end
117
-
118
80
  ##
119
81
  # Check authorized resources
120
82
  #
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.5.0.pre'.freeze
2
+ VERSION = '1.5.0'.freeze
3
3
  end
data/oso-cloud.gemspec CHANGED
@@ -24,6 +24,4 @@ Gem::Specification.new do |spec|
24
24
  spec.add_dependency 'faraday-retry', '~> 2.0.0'
25
25
  spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
26
26
  spec.add_development_dependency 'minitest', '~> 5.15'
27
- spec.add_development_dependency 'pg', '~> 1.0'
28
- spec.add_development_dependency 'activerecord', '~> 7.0'
29
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0.pre
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-02-14 00:00:00.000000000 Z
11
+ date: 2024-02-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -66,34 +66,6 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5.15'
69
- - !ruby/object:Gem::Dependency
70
- name: pg
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - "~>"
74
- - !ruby/object:Gem::Version
75
- version: '1.0'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - "~>"
81
- - !ruby/object:Gem::Version
82
- version: '1.0'
83
- - !ruby/object:Gem::Dependency
84
- name: activerecord
85
- requirement: !ruby/object:Gem::Requirement
86
- requirements:
87
- - - "~>"
88
- - !ruby/object:Gem::Version
89
- version: '7.0'
90
- type: :development
91
- prerelease: false
92
- version_requirements: !ruby/object:Gem::Requirement
93
- requirements:
94
- - - "~>"
95
- - !ruby/object:Gem::Version
96
- version: '7.0'
97
69
  description:
98
70
  email:
99
71
  - support@osohq.com
@@ -130,9 +102,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
130
102
  version: 3.0.0
131
103
  required_rubygems_version: !ruby/object:Gem::Requirement
132
104
  requirements:
133
- - - ">"
105
+ - - ">="
134
106
  - !ruby/object:Gem::Version
135
- version: 1.3.1
107
+ version: '0'
136
108
  requirements: []
137
109
  rubygems_version: 3.2.33
138
110
  signing_key: