oso-cloud 1.5.0 → 1.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8caffaaf6fc5b7f40897324bf031d6151d1a89f325c0a923faf90a83b69450db
-  data.tar.gz: 6bac277adc4fb5f09613b45bd4dfe234c20650b8109111315f7b34d5c1fa8889
+  metadata.gz: 543c9f70374f12ec330aa655fe0deea23947f36c617dcf25428f0ccc6945b206
+  data.tar.gz: 6796fbb6d239a400ea63ef2fe3e8758ada1a5bc13e6acfb2197324956d540125
 SHA512:
-  metadata.gz: 9ec6d213cd63d70183c7364607377dc65ad4d814c7274421d5420e27a2105b7dfa8ad5efcf3f11e0678acd7f2d182c6695126cc3202aba5b16560da2e88902b2
-  data.tar.gz: 3edaab02b6ac4614efd53e4674827ccd92a5680ad063b380cebc9373e4a195cee243cae0da100f51129d9a34913d3e8dd8e5aac3e8ef8c4fc91648602bdd2b00
+  metadata.gz: 970a457c345a128ae7833bb78405d2f119df5901a59460d93ff29bb9a6f90cd90fca3415cd821097a1689edaffedcd13ea8c8d8ef11a51343e9e6a5fb8fa42dd
+  data.tar.gz: 23f7a1318a526e3cf9a2da95f932a68ca69ed655314df1b777b5e449ab0aa64b1b6aa8956196d63027789fa11119d98ca9c9912b8a3cd005eb0a0d861cd211be

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-cloud (1.5.0)
+    oso-cloud (1.5.2)
       faraday (~> 2.5.2)
       faraday-net_http_persistent (~> 2.0)
       faraday-retry (~> 2.0.0)
@@ -9,7 +9,28 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
+    activemodel (7.1.3)
+      activesupport (= 7.1.3)
+    activerecord (7.1.3)
+      activemodel (= 7.1.3)
+      activesupport (= 7.1.3)
+      timeout (>= 0.4.0)
+    activesupport (7.1.3)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      mutex_m
+      tzinfo (~> 2.0)
+    base64 (0.2.0)
+    bigdecimal (3.1.6)
+    concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
+    drb (2.2.0)
+      ruby2_keywords
     faraday (2.5.2)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
@@ -19,19 +40,28 @@ GEM
       net-http-persistent (~> 4.0)
     faraday-retry (2.0.0)
       faraday (~> 2.0)
+    i18n (1.14.1)
+      concurrent-ruby (~> 1.0)
     minitest (5.18.0)
+    mutex_m (0.2.0)
     net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
+    pg (1.5.4)
     rake (12.3.3)
     ruby2_keywords (0.0.5)
+    timeout (0.4.1)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  activerecord (~> 7.0)
   minitest (~> 5.15)
   oso-cloud!
+  pg (~> 1.0)
   rake (~> 12.0)
 
 BUNDLED WITH
-   2.3.13
+   2.5.6

data/lib/oso/api.rb

@@ -239,9 +239,39 @@ module OsoCloud
       end
     end
 
+    # @!visibility private
+    class LocalAuthQuery
+      attr_reader :query, :data_bindings
+
+      def initialize(query:, data_bindings:)
+        @query = query
+        @data_bindings = data_bindings
+      end
+    end
+
+    # @!visibility private
+    class LocalListQuery
+      attr_reader :query, :column, :data_bindings
+
+      def initialize(query:, column:, data_bindings:)
+        @query = query
+        @column = column
+        @data_bindings = data_bindings
+      end
+    end
+
+    # @!visibility private
+    class LocalQueryResult
+      attr_reader :sql
+
+      def initialize(sql:)
+        @sql = sql
+      end
+    end
+
     # @!visibility private
     class Api
-      def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
+      def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
         @url = url
         @connection = Faraday.new(url: url) do |faraday|
           faraday.request :json
@@ -258,17 +288,9 @@ module OsoCloud
             max_interval: 1,
             backoff_factor: 2,
             retry_statuses: [429, 500, 502, 503, 504],
-            # ensure authorize and related check functions are retried because
-            # they are POST requests, which are not retried automatically
-            retry_if: lambda { |env, _exc|
-              %w[
-                /api/authorize
-                /api/authorize_resources
-                /api/list
-                /api/actions
-                /api/query
-              ].include? env.url.path
-            }
+            # This is the default set of methods plus POST.
+            # ref: https://github.com/lostisland/faraday-retry#specify-which-methods-will-be-retried
+            methods: %i[delete get head options post put],
           }
 
           if options && options[:test_adapter]
@@ -299,6 +321,7 @@ module OsoCloud
         @api_key = api_key
         @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
         @last_offset = nil
+        @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
       end
 
       def fallback_eligible(path)
@@ -399,6 +422,20 @@ module OsoCloud
         StatsResult.new(**result)
       end
 
+      def post_authorize_query(query)
+        url = '/authorize_query'
+        data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
+        result = POST(url, nil, data, false)
+        LocalQueryResult.new(**result)
+      end
+
+      def post_list_query(query:, column:)
+        url = '/list_query'
+        data = LocalListQuery.new(query: query, column: column, data_bindings: @data_bindings)
+        result = POST(url, nil, data, false)
+        LocalQueryResult.new(**result)
+      end
+
       def clear_data
         url = '/clear_data'
         result = POST(url, nil, nil, true)

data/lib/oso/oso.rb

@@ -28,8 +28,67 @@ module OsoCloud
   # Any other elements in the array, which together represent the fact's arguments,
   # can be "OsoCloud::Value" objects or strings.
   class Oso
-    def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
-      @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
+    attr_reader :experimental
+
+    def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
+      @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
+      @experimental = Experimental.new(@api)
+    end
+
+    class Experimental
+      def initialize(api)
+        @api = api
+      end
+
+      ##
+      # Check a permission depending on data both in Oso Cloud and stored in a local database
+      #
+      # Returns a SQL query to run against the local database
+      #
+      # @param actor [OsoCloud::Value]
+      # @param action [String]
+      # @param resource [OsoCloud::Value]
+      # @param column [String]
+      # @return [Array<String>]
+      def authorize_local(actor, action, resource)
+        actor_typed_id = actor.to_api_value
+        resource_typed_id = resource.to_api_value
+        result = @api.post_authorize_query(
+          OsoCloud::Core::AuthorizeQuery.new(
+            actor_type: actor_typed_id.type,
+            actor_id: actor_typed_id.id,
+            action: action,
+            resource_type: resource_typed_id.type,
+            resource_id: resource_typed_id.id,
+            context_facts: []
+          )
+        )
+        result.sql
+      end
+
+      ##
+      # List authorized resources depending on data both in Oso Cloud and stored in a local database
+      #
+      # Returns a SQL query to run against the local database
+      #
+      # @param actor [OsoCloud::Value]
+      # @param action [String]
+      # @param resource_type [String]
+      # @return [Array<String>]
+      def list_local(actor, action, resource_type, column)
+        actor_typed_id = actor.to_api_value
+        result = @api.post_list_query(
+          query: OsoCloud::Core::ListQuery.new(
+            actor_type: actor_typed_id.type,
+            actor_id: actor_typed_id.id,
+            action: action,
+            resource_type: resource_type,
+            context_facts: []
+          ),
+          column: column
+        )
+        result.sql
+      end
     end
 
     ##

data/lib/oso/version.rb

@@ -1,3 +1,3 @@
 module OsoCloud
-  VERSION = '1.5.0'.freeze
+  VERSION = '1.5.2'.freeze
 end

data/oso-cloud.gemspec

@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'faraday-retry', '~> 2.0.0'
   spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
   spec.add_development_dependency 'minitest', '~> 5.15'
+  spec.add_development_dependency 'pg', '~> 1.0'
+  spec.add_development_dependency 'activerecord', '~> 7.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oso-cloud
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 1.5.2
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-02-20 00:00:00.000000000 Z
+date: 2024-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -66,6 +66,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.15'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
 description: 
 email:
 - support@osohq.com