oso-cloud 1.5.0 → 1.5.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8caffaaf6fc5b7f40897324bf031d6151d1a89f325c0a923faf90a83b69450db
4
- data.tar.gz: 6bac277adc4fb5f09613b45bd4dfe234c20650b8109111315f7b34d5c1fa8889
3
+ metadata.gz: 543c9f70374f12ec330aa655fe0deea23947f36c617dcf25428f0ccc6945b206
4
+ data.tar.gz: 6796fbb6d239a400ea63ef2fe3e8758ada1a5bc13e6acfb2197324956d540125
5
5
  SHA512:
6
- metadata.gz: 9ec6d213cd63d70183c7364607377dc65ad4d814c7274421d5420e27a2105b7dfa8ad5efcf3f11e0678acd7f2d182c6695126cc3202aba5b16560da2e88902b2
7
- data.tar.gz: 3edaab02b6ac4614efd53e4674827ccd92a5680ad063b380cebc9373e4a195cee243cae0da100f51129d9a34913d3e8dd8e5aac3e8ef8c4fc91648602bdd2b00
6
+ metadata.gz: 970a457c345a128ae7833bb78405d2f119df5901a59460d93ff29bb9a6f90cd90fca3415cd821097a1689edaffedcd13ea8c8d8ef11a51343e9e6a5fb8fa42dd
7
+ data.tar.gz: 23f7a1318a526e3cf9a2da95f932a68ca69ed655314df1b777b5e449ab0aa64b1b6aa8956196d63027789fa11119d98ca9c9912b8a3cd005eb0a0d861cd211be
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.5.0)
4
+ oso-cloud (1.5.2)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
@@ -9,7 +9,28 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
+ activemodel (7.1.3)
13
+ activesupport (= 7.1.3)
14
+ activerecord (7.1.3)
15
+ activemodel (= 7.1.3)
16
+ activesupport (= 7.1.3)
17
+ timeout (>= 0.4.0)
18
+ activesupport (7.1.3)
19
+ base64
20
+ bigdecimal
21
+ concurrent-ruby (~> 1.0, >= 1.0.2)
22
+ connection_pool (>= 2.2.5)
23
+ drb
24
+ i18n (>= 1.6, < 2)
25
+ minitest (>= 5.1)
26
+ mutex_m
27
+ tzinfo (~> 2.0)
28
+ base64 (0.2.0)
29
+ bigdecimal (3.1.6)
30
+ concurrent-ruby (1.2.3)
12
31
  connection_pool (2.4.1)
32
+ drb (2.2.0)
33
+ ruby2_keywords
13
34
  faraday (2.5.2)
14
35
  faraday-net_http (>= 2.0, < 3.1)
15
36
  ruby2_keywords (>= 0.0.4)
@@ -19,19 +40,28 @@ GEM
19
40
  net-http-persistent (~> 4.0)
20
41
  faraday-retry (2.0.0)
21
42
  faraday (~> 2.0)
43
+ i18n (1.14.1)
44
+ concurrent-ruby (~> 1.0)
22
45
  minitest (5.18.0)
46
+ mutex_m (0.2.0)
23
47
  net-http-persistent (4.0.2)
24
48
  connection_pool (~> 2.2)
49
+ pg (1.5.4)
25
50
  rake (12.3.3)
26
51
  ruby2_keywords (0.0.5)
52
+ timeout (0.4.1)
53
+ tzinfo (2.0.6)
54
+ concurrent-ruby (~> 1.0)
27
55
 
28
56
  PLATFORMS
29
57
  ruby
30
58
 
31
59
  DEPENDENCIES
60
+ activerecord (~> 7.0)
32
61
  minitest (~> 5.15)
33
62
  oso-cloud!
63
+ pg (~> 1.0)
34
64
  rake (~> 12.0)
35
65
 
36
66
  BUNDLED WITH
37
- 2.3.13
67
+ 2.5.6
data/lib/oso/api.rb CHANGED
@@ -239,9 +239,39 @@ module OsoCloud
239
239
  end
240
240
  end
241
241
 
242
+ # @!visibility private
243
+ class LocalAuthQuery
244
+ attr_reader :query, :data_bindings
245
+
246
+ def initialize(query:, data_bindings:)
247
+ @query = query
248
+ @data_bindings = data_bindings
249
+ end
250
+ end
251
+
252
+ # @!visibility private
253
+ class LocalListQuery
254
+ attr_reader :query, :column, :data_bindings
255
+
256
+ def initialize(query:, column:, data_bindings:)
257
+ @query = query
258
+ @column = column
259
+ @data_bindings = data_bindings
260
+ end
261
+ end
262
+
263
+ # @!visibility private
264
+ class LocalQueryResult
265
+ attr_reader :sql
266
+
267
+ def initialize(sql:)
268
+ @sql = sql
269
+ end
270
+ end
271
+
242
272
  # @!visibility private
243
273
  class Api
244
- def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
274
+ def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
245
275
  @url = url
246
276
  @connection = Faraday.new(url: url) do |faraday|
247
277
  faraday.request :json
@@ -258,17 +288,9 @@ module OsoCloud
258
288
  max_interval: 1,
259
289
  backoff_factor: 2,
260
290
  retry_statuses: [429, 500, 502, 503, 504],
261
- # ensure authorize and related check functions are retried because
262
- # they are POST requests, which are not retried automatically
263
- retry_if: lambda { |env, _exc|
264
- %w[
265
- /api/authorize
266
- /api/authorize_resources
267
- /api/list
268
- /api/actions
269
- /api/query
270
- ].include? env.url.path
271
- }
291
+ # This is the default set of methods plus POST.
292
+ # ref: https://github.com/lostisland/faraday-retry#specify-which-methods-will-be-retried
293
+ methods: %i[delete get head options post put],
272
294
  }
273
295
 
274
296
  if options && options[:test_adapter]
@@ -299,6 +321,7 @@ module OsoCloud
299
321
  @api_key = api_key
300
322
  @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
301
323
  @last_offset = nil
324
+ @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
302
325
  end
303
326
 
304
327
  def fallback_eligible(path)
@@ -399,6 +422,20 @@ module OsoCloud
399
422
  StatsResult.new(**result)
400
423
  end
401
424
 
425
+ def post_authorize_query(query)
426
+ url = '/authorize_query'
427
+ data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
428
+ result = POST(url, nil, data, false)
429
+ LocalQueryResult.new(**result)
430
+ end
431
+
432
+ def post_list_query(query:, column:)
433
+ url = '/list_query'
434
+ data = LocalListQuery.new(query: query, column: column, data_bindings: @data_bindings)
435
+ result = POST(url, nil, data, false)
436
+ LocalQueryResult.new(**result)
437
+ end
438
+
402
439
  def clear_data
403
440
  url = '/clear_data'
404
441
  result = POST(url, nil, nil, true)
data/lib/oso/oso.rb CHANGED
@@ -28,8 +28,67 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
32
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
31
+ attr_reader :experimental
32
+
33
+ def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
34
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
35
+ @experimental = Experimental.new(@api)
36
+ end
37
+
38
+ class Experimental
39
+ def initialize(api)
40
+ @api = api
41
+ end
42
+
43
+ ##
44
+ # Check a permission depending on data both in Oso Cloud and stored in a local database
45
+ #
46
+ # Returns a SQL query to run against the local database
47
+ #
48
+ # @param actor [OsoCloud::Value]
49
+ # @param action [String]
50
+ # @param resource [OsoCloud::Value]
51
+ # @param column [String]
52
+ # @return [Array<String>]
53
+ def authorize_local(actor, action, resource)
54
+ actor_typed_id = actor.to_api_value
55
+ resource_typed_id = resource.to_api_value
56
+ result = @api.post_authorize_query(
57
+ OsoCloud::Core::AuthorizeQuery.new(
58
+ actor_type: actor_typed_id.type,
59
+ actor_id: actor_typed_id.id,
60
+ action: action,
61
+ resource_type: resource_typed_id.type,
62
+ resource_id: resource_typed_id.id,
63
+ context_facts: []
64
+ )
65
+ )
66
+ result.sql
67
+ end
68
+
69
+ ##
70
+ # List authorized resources depending on data both in Oso Cloud and stored in a local database
71
+ #
72
+ # Returns a SQL query to run against the local database
73
+ #
74
+ # @param actor [OsoCloud::Value]
75
+ # @param action [String]
76
+ # @param resource_type [String]
77
+ # @return [Array<String>]
78
+ def list_local(actor, action, resource_type, column)
79
+ actor_typed_id = actor.to_api_value
80
+ result = @api.post_list_query(
81
+ query: OsoCloud::Core::ListQuery.new(
82
+ actor_type: actor_typed_id.type,
83
+ actor_id: actor_typed_id.id,
84
+ action: action,
85
+ resource_type: resource_type,
86
+ context_facts: []
87
+ ),
88
+ column: column
89
+ )
90
+ result.sql
91
+ end
33
92
  end
34
93
 
35
94
  ##
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.5.0'.freeze
2
+ VERSION = '1.5.2'.freeze
3
3
  end
data/oso-cloud.gemspec CHANGED
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
24
24
  spec.add_dependency 'faraday-retry', '~> 2.0.0'
25
25
  spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
26
26
  spec.add_development_dependency 'minitest', '~> 5.15'
27
+ spec.add_development_dependency 'pg', '~> 1.0'
28
+ spec.add_development_dependency 'activerecord', '~> 7.0'
27
29
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-02-20 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -66,6 +66,34 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5.15'
69
+ - !ruby/object:Gem::Dependency
70
+ name: pg
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: activerecord
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '7.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '7.0'
69
97
  description:
70
98
  email:
71
99
  - support@osohq.com