oso-cloud 1.5.1 → 1.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c024d83cfedf34c1651af2ae18b55871030b1bceb321503ccb4ad6f431e28e72
4
- data.tar.gz: 6b09b842d1e03a632fb812a874c77a2bbe7ee205daadf12be6f14e9ee3f84430
3
+ metadata.gz: b48ecc6151f39a3d6201a3cf2484cfcf38d434f7d611741bd08a6442d321e707
4
+ data.tar.gz: b7b901e42b41796396ef6e58c2f0772cf9f03c35f7349e411c66b32ed54bfcdc
5
5
  SHA512:
6
- metadata.gz: 05a25bb4a5c6e5bf9634e71c764610c59e04c40fe65b713a89c3f2a921f120ec229d4aa651700aecac3c181227a11b78583b290a3c3fb7c876c706283bf7aaaf
7
- data.tar.gz: 6bb8a131b8024389ce5ff9a18d13d25cfe990bc35ef571a821781567570ba717017ba9485776e767c7faa57966865b11e3a12bad2a91cf97afabbcbcf730977d
6
+ metadata.gz: 562381acc9b486e722b03096a18d588e3971f37f811f33c2286ea7a8655ed6fd462b6b07f7551a10f74c0fc85e2da67b245abfd04854de6aaa975acdea6497c9
7
+ data.tar.gz: c107f84d6290b88fd757221195909d5ba007c89919161fd52f0b169f6a5e51815b272a6b8752e5db078b63111ea6b6755f6c84f0f3fbb07f53ce31cc3785d4ae
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.5.1)
4
+ oso-cloud (1.6.0)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
@@ -9,7 +9,28 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
+ activemodel (7.1.3)
13
+ activesupport (= 7.1.3)
14
+ activerecord (7.1.3)
15
+ activemodel (= 7.1.3)
16
+ activesupport (= 7.1.3)
17
+ timeout (>= 0.4.0)
18
+ activesupport (7.1.3)
19
+ base64
20
+ bigdecimal
21
+ concurrent-ruby (~> 1.0, >= 1.0.2)
22
+ connection_pool (>= 2.2.5)
23
+ drb
24
+ i18n (>= 1.6, < 2)
25
+ minitest (>= 5.1)
26
+ mutex_m
27
+ tzinfo (~> 2.0)
28
+ base64 (0.2.0)
29
+ bigdecimal (3.1.6)
30
+ concurrent-ruby (1.2.3)
12
31
  connection_pool (2.4.1)
32
+ drb (2.2.0)
33
+ ruby2_keywords
13
34
  faraday (2.5.2)
14
35
  faraday-net_http (>= 2.0, < 3.1)
15
36
  ruby2_keywords (>= 0.0.4)
@@ -19,19 +40,28 @@ GEM
19
40
  net-http-persistent (~> 4.0)
20
41
  faraday-retry (2.0.0)
21
42
  faraday (~> 2.0)
43
+ i18n (1.14.1)
44
+ concurrent-ruby (~> 1.0)
22
45
  minitest (5.18.0)
46
+ mutex_m (0.2.0)
23
47
  net-http-persistent (4.0.2)
24
48
  connection_pool (~> 2.2)
49
+ pg (1.5.4)
25
50
  rake (12.3.3)
26
51
  ruby2_keywords (0.0.5)
52
+ timeout (0.4.1)
53
+ tzinfo (2.0.6)
54
+ concurrent-ruby (~> 1.0)
27
55
 
28
56
  PLATFORMS
29
57
  ruby
30
58
 
31
59
  DEPENDENCIES
60
+ activerecord (~> 7.0)
32
61
  minitest (~> 5.15)
33
62
  oso-cloud!
63
+ pg (~> 1.0)
34
64
  rake (~> 12.0)
35
65
 
36
66
  BUNDLED WITH
37
- 2.3.13
67
+ 2.5.6
data/lib/oso/api.rb CHANGED
@@ -239,9 +239,39 @@ module OsoCloud
239
239
  end
240
240
  end
241
241
 
242
+ # @!visibility private
243
+ class LocalAuthQuery
244
+ attr_reader :query, :data_bindings
245
+
246
+ def initialize(query:, data_bindings:)
247
+ @query = query
248
+ @data_bindings = data_bindings
249
+ end
250
+ end
251
+
252
+ # @!visibility private
253
+ class LocalListQuery
254
+ attr_reader :query, :column, :data_bindings
255
+
256
+ def initialize(query:, column:, data_bindings:)
257
+ @query = query
258
+ @column = column
259
+ @data_bindings = data_bindings
260
+ end
261
+ end
262
+
263
+ # @!visibility private
264
+ class LocalQueryResult
265
+ attr_reader :sql
266
+
267
+ def initialize(sql:)
268
+ @sql = sql
269
+ end
270
+ end
271
+
242
272
  # @!visibility private
243
273
  class Api
244
- def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
274
+ def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
245
275
  @url = url
246
276
  @connection = Faraday.new(url: url) do |faraday|
247
277
  faraday.request :json
@@ -291,6 +321,7 @@ module OsoCloud
291
321
  @api_key = api_key
292
322
  @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
293
323
  @last_offset = nil
324
+ @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
294
325
  end
295
326
 
296
327
  def fallback_eligible(path)
@@ -391,6 +422,20 @@ module OsoCloud
391
422
  StatsResult.new(**result)
392
423
  end
393
424
 
425
+ def post_authorize_query(query)
426
+ url = '/authorize_query'
427
+ data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
428
+ result = POST(url, nil, data, false)
429
+ LocalQueryResult.new(**result)
430
+ end
431
+
432
+ def post_list_query(query:, column:)
433
+ url = '/list_query'
434
+ data = LocalListQuery.new(query: query, column: column, data_bindings: @data_bindings)
435
+ result = POST(url, nil, data, false)
436
+ LocalQueryResult.new(**result)
437
+ end
438
+
394
439
  def clear_data
395
440
  url = '/clear_data'
396
441
  result = POST(url, nil, nil, true)
data/lib/oso/oso.rb CHANGED
@@ -28,8 +28,59 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
32
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
31
+ def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
32
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings,
33
+ options: { fallback_url: fallback_url })
34
+ end
35
+
36
+ ##
37
+ # Check a permission depending on data both in Oso Cloud and stored in a local database
38
+ #
39
+ # Returns a SQL query to run against the local database
40
+ #
41
+ # @param actor [OsoCloud::Value]
42
+ # @param action [String]
43
+ # @param resource [OsoCloud::Value]
44
+ # @return [Array<String>]
45
+ def authorize_local(actor, action, resource)
46
+ actor_typed_id = actor.to_api_value
47
+ resource_typed_id = resource.to_api_value
48
+ result = @api.post_authorize_query(
49
+ OsoCloud::Core::AuthorizeQuery.new(
50
+ actor_type: actor_typed_id.type,
51
+ actor_id: actor_typed_id.id,
52
+ action: action,
53
+ resource_type: resource_typed_id.type,
54
+ resource_id: resource_typed_id.id,
55
+ context_facts: []
56
+ )
57
+ )
58
+ result.sql
59
+ end
60
+
61
+ ##
62
+ # List authorized resources depending on data both in Oso Cloud and stored in a local database
63
+ #
64
+ # Returns a SQL query to run against the local database
65
+ #
66
+ # @param actor [OsoCloud::Value]
67
+ # @param action [String]
68
+ # @param resource_type [String]
69
+ # @param column [String]
70
+ # @return [Array<String>]
71
+ def list_local(actor, action, resource_type, column)
72
+ actor_typed_id = actor.to_api_value
73
+ result = @api.post_list_query(
74
+ query: OsoCloud::Core::ListQuery.new(
75
+ actor_type: actor_typed_id.type,
76
+ actor_id: actor_typed_id.id,
77
+ action: action,
78
+ resource_type: resource_type,
79
+ context_facts: []
80
+ ),
81
+ column: column
82
+ )
83
+ result.sql
33
84
  end
34
85
 
35
86
  ##
@@ -276,6 +327,7 @@ module OsoCloud
276
327
  context_facts: OsoCloud::Helpers.params_to_facts(context_facts)))
277
328
  OsoCloud::Helpers.facts_to_params(result.results)
278
329
  end
330
+
279
331
  ##
280
332
  # List authorized actions for a batch of queries
281
333
  #
@@ -286,26 +338,26 @@ module OsoCloud
286
338
  # @return [Array<Array<String>>]
287
339
  # @see Oso for more information about facts
288
340
  def bulk_actions(actor, queries:)
289
- actor_typed_id = actor.to_api_value
290
- data = queries.map do |q|
291
- context_facts = []
292
- resource = nil
293
- if (q.is_a?(Array))
294
- resource = q[0]
295
- context_facts = q[1]
296
- else
297
- resource = q
298
- end
299
- resource_typed_id = resource.to_api_value
300
- OsoCloud::Core::ActionsQuery.new(
301
- actor_type: actor_typed_id.type,
302
- actor_id: actor_typed_id.id,
303
- resource_type: resource_typed_id.type,
304
- resource_id: resource_typed_id.id,
305
- context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
306
- )
341
+ actor_typed_id = actor.to_api_value
342
+ data = queries.map do |q|
343
+ context_facts = []
344
+ resource = nil
345
+ if q.is_a?(Array)
346
+ resource = q[0]
347
+ context_facts = q[1]
348
+ else
349
+ resource = q
350
+ end
351
+ resource_typed_id = resource.to_api_value
352
+ OsoCloud::Core::ActionsQuery.new(
353
+ actor_type: actor_typed_id.type,
354
+ actor_id: actor_typed_id.id,
355
+ resource_type: resource_typed_id.type,
356
+ resource_id: resource_typed_id.id,
357
+ context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
358
+ )
307
359
  end
308
- @api.post_bulk_actions(data).map { |result| result.results}
360
+ @api.post_bulk_actions(data).map(&:results)
309
361
  end
310
362
  end
311
363
  end
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.5.1'.freeze
2
+ VERSION = '1.6.0'.freeze
3
3
  end
data/oso-cloud.gemspec CHANGED
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
24
24
  spec.add_dependency 'faraday-retry', '~> 2.0.0'
25
25
  spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
26
26
  spec.add_development_dependency 'minitest', '~> 5.15'
27
+ spec.add_development_dependency 'pg', '~> 1.0'
28
+ spec.add_development_dependency 'activerecord', '~> 7.0'
27
29
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.1
4
+ version: 1.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-03-07 00:00:00.000000000 Z
11
+ date: 2024-04-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -66,6 +66,34 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5.15'
69
+ - !ruby/object:Gem::Dependency
70
+ name: pg
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: activerecord
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '7.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '7.0'
69
97
  description:
70
98
  email:
71
99
  - support@osohq.com