oso-cloud 1.5.2 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/oso/api.rb +17 -0
  4. data/lib/oso/helpers.rb +2 -1
  5. data/lib/oso/oso.rb +90 -74
  6. data/lib/oso/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 543c9f70374f12ec330aa655fe0deea23947f36c617dcf25428f0ccc6945b206
4
- data.tar.gz: 6796fbb6d239a400ea63ef2fe3e8758ada1a5bc13e6acfb2197324956d540125
3
+ metadata.gz: 747cf1fda61eae9e9a96076e782a503e3c440a3aa7049a6b8f74ce8d0c697273
4
+ data.tar.gz: 5a3fcbb8574c21416fa81dbf8e1054dfef59337da6c72ff686c06304b3c27711
5
5
  SHA512:
6
- metadata.gz: 970a457c345a128ae7833bb78405d2f119df5901a59460d93ff29bb9a6f90cd90fca3415cd821097a1689edaffedcd13ea8c8d8ef11a51343e9e6a5fb8fa42dd
7
- data.tar.gz: 23f7a1318a526e3cf9a2da95f932a68ca69ed655314df1b777b5e449ab0aa64b1b6aa8956196d63027789fa11119d98ca9c9912b8a3cd005eb0a0d861cd211be
6
+ metadata.gz: 1f0a4732c2f76b499f1dc962a0ee806fd6d2c17abdb734d2a1ce448c35eff4781dafce6aec90f39ede78e06fac44bcdbbb11033949867d562007c3f15a3fcee7
7
+ data.tar.gz: 41b95a2e852e431e1e1598277abeaad8b76bb174ea562d52a6e9c1d9c644f12a5799e1cde75063bf1d6757eb4cd62be0463c369192f8644353bb791a69391e43
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.5.2)
4
+ oso-cloud (1.7.0)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
data/lib/oso/api.rb CHANGED
@@ -260,6 +260,16 @@ module OsoCloud
260
260
  end
261
261
  end
262
262
 
263
+ # @!visibility private
264
+ class LocalActionsQuery
265
+ attr_reader :query, :data_bindings
266
+
267
+ def initialize(query:, data_bindings:)
268
+ @query = query
269
+ @data_bindings = data_bindings
270
+ end
271
+ end
272
+
263
273
  # @!visibility private
264
274
  class LocalQueryResult
265
275
  attr_reader :sql
@@ -436,6 +446,13 @@ module OsoCloud
436
446
  LocalQueryResult.new(**result)
437
447
  end
438
448
 
449
+ def post_actions_query(query)
450
+ url = '/actions_query'
451
+ data = LocalActionsQuery.new(query: query, data_bindings: @data_bindings)
452
+ result = POST(url, nil, data, false)
453
+ LocalQueryResult.new(**result)
454
+ end
455
+
439
456
  def clear_data
440
457
  url = '/clear_data'
441
458
  result = POST(url, nil, nil, true)
data/lib/oso/helpers.rb CHANGED
@@ -4,8 +4,9 @@ module OsoCloud
4
4
  # @!visibility private
5
5
  def self.extract_value(x)
6
6
  return OsoCloud::Core::Value.new(type: 'String', id: x) if x.is_a? String
7
-
8
7
  return OsoCloud::Core::Value.new(type: nil, id: nil) if x.nil?
8
+ return OsoCloud::Core::Value.new(type: 'Boolean', id: x.to_s) if [true, false].include? x
9
+ return OsoCloud::Core::Value.new(type: 'Integer', id: x.to_s) if x.is_a? Integer
9
10
 
10
11
  type = (x.type.nil? ? nil : x.type.to_s)
11
12
  id = (x.id.nil? ? nil : x.id.to_s)
data/lib/oso/oso.rb CHANGED
@@ -28,67 +28,82 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- attr_reader :experimental
32
-
33
31
  def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
34
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
35
- @experimental = Experimental.new(@api)
32
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings,
33
+ options: { fallback_url: fallback_url })
36
34
  end
37
35
 
38
- class Experimental
39
- def initialize(api)
40
- @api = api
41
- end
42
-
43
- ##
44
- # Check a permission depending on data both in Oso Cloud and stored in a local database
45
- #
46
- # Returns a SQL query to run against the local database
47
- #
48
- # @param actor [OsoCloud::Value]
49
- # @param action [String]
50
- # @param resource [OsoCloud::Value]
51
- # @param column [String]
52
- # @return [Array<String>]
53
- def authorize_local(actor, action, resource)
54
- actor_typed_id = actor.to_api_value
55
- resource_typed_id = resource.to_api_value
56
- result = @api.post_authorize_query(
57
- OsoCloud::Core::AuthorizeQuery.new(
58
- actor_type: actor_typed_id.type,
59
- actor_id: actor_typed_id.id,
60
- action: action,
61
- resource_type: resource_typed_id.type,
62
- resource_id: resource_typed_id.id,
63
- context_facts: []
64
- )
36
+ ##
37
+ # Check a permission depending on data both in Oso Cloud and stored in a local database
38
+ #
39
+ # Returns a SQL query to run against the local database
40
+ #
41
+ # @param actor [OsoCloud::Value]
42
+ # @param action [String]
43
+ # @param resource [OsoCloud::Value]
44
+ # @return [String]
45
+ def authorize_local(actor, action, resource)
46
+ actor_typed_id = actor.to_api_value
47
+ resource_typed_id = resource.to_api_value
48
+ result = @api.post_authorize_query(
49
+ OsoCloud::Core::AuthorizeQuery.new(
50
+ actor_type: actor_typed_id.type,
51
+ actor_id: actor_typed_id.id,
52
+ action: action,
53
+ resource_type: resource_typed_id.type,
54
+ resource_id: resource_typed_id.id,
55
+ context_facts: []
65
56
  )
66
- result.sql
67
- end
57
+ )
58
+ result.sql
59
+ end
60
+
61
+ ##
62
+ # List authorized resources depending on data both in Oso Cloud and stored in a local database
63
+ #
64
+ # Returns a SQL query to run against the local database
65
+ #
66
+ # @param actor [OsoCloud::Value]
67
+ # @param action [String]
68
+ # @param resource_type [String]
69
+ # @param column [String]
70
+ # @return [String]
71
+ def list_local(actor, action, resource_type, column)
72
+ actor_typed_id = actor.to_api_value
73
+ result = @api.post_list_query(
74
+ query: OsoCloud::Core::ListQuery.new(
75
+ actor_type: actor_typed_id.type,
76
+ actor_id: actor_typed_id.id,
77
+ action: action,
78
+ resource_type: resource_type,
79
+ context_facts: []
80
+ ),
81
+ column: column
82
+ )
83
+ result.sql
84
+ end
68
85
 
69
- ##
70
- # List authorized resources depending on data both in Oso Cloud and stored in a local database
71
- #
72
- # Returns a SQL query to run against the local database
73
- #
74
- # @param actor [OsoCloud::Value]
75
- # @param action [String]
76
- # @param resource_type [String]
77
- # @return [Array<String>]
78
- def list_local(actor, action, resource_type, column)
79
- actor_typed_id = actor.to_api_value
80
- result = @api.post_list_query(
81
- query: OsoCloud::Core::ListQuery.new(
82
- actor_type: actor_typed_id.type,
83
- actor_id: actor_typed_id.id,
84
- action: action,
85
- resource_type: resource_type,
86
- context_facts: []
87
- ),
88
- column: column
86
+ ##
87
+ # Fetches a query that can be run against your database to fetch the actions an actor can perform on a resource.
88
+ #
89
+ # Returns a SQL query to run against the local database
90
+ #
91
+ # @param actor [OsoCloud::Value]
92
+ # @param resource [OsoCloud::Value]
93
+ # @return [String]
94
+ def actions_local(actor, resource)
95
+ actor_typed_id = actor.to_api_value
96
+ resource_typed_id = resource.to_api_value
97
+ result = @api.post_actions_query(
98
+ OsoCloud::Core::ActionsQuery.new(
99
+ actor_type: actor_typed_id.type,
100
+ actor_id: actor_typed_id.id,
101
+ resource_type: resource_typed_id.type,
102
+ resource_id: resource_typed_id.id,
103
+ context_facts: []
89
104
  )
90
- result.sql
91
- end
105
+ )
106
+ result.sql
92
107
  end
93
108
 
94
109
  ##
@@ -335,6 +350,7 @@ module OsoCloud
335
350
  context_facts: OsoCloud::Helpers.params_to_facts(context_facts)))
336
351
  OsoCloud::Helpers.facts_to_params(result.results)
337
352
  end
353
+
338
354
  ##
339
355
  # List authorized actions for a batch of queries
340
356
  #
@@ -345,26 +361,26 @@ module OsoCloud
345
361
  # @return [Array<Array<String>>]
346
362
  # @see Oso for more information about facts
347
363
  def bulk_actions(actor, queries:)
348
- actor_typed_id = actor.to_api_value
349
- data = queries.map do |q|
350
- context_facts = []
351
- resource = nil
352
- if (q.is_a?(Array))
353
- resource = q[0]
354
- context_facts = q[1]
355
- else
356
- resource = q
357
- end
358
- resource_typed_id = resource.to_api_value
359
- OsoCloud::Core::ActionsQuery.new(
360
- actor_type: actor_typed_id.type,
361
- actor_id: actor_typed_id.id,
362
- resource_type: resource_typed_id.type,
363
- resource_id: resource_typed_id.id,
364
- context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
365
- )
364
+ actor_typed_id = actor.to_api_value
365
+ data = queries.map do |q|
366
+ context_facts = []
367
+ resource = nil
368
+ if q.is_a?(Array)
369
+ resource = q[0]
370
+ context_facts = q[1]
371
+ else
372
+ resource = q
373
+ end
374
+ resource_typed_id = resource.to_api_value
375
+ OsoCloud::Core::ActionsQuery.new(
376
+ actor_type: actor_typed_id.type,
377
+ actor_id: actor_typed_id.id,
378
+ resource_type: resource_typed_id.type,
379
+ resource_id: resource_typed_id.id,
380
+ context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
381
+ )
366
382
  end
367
- @api.post_bulk_actions(data).map { |result| result.results}
383
+ @api.post_bulk_actions(data).map(&:results)
368
384
  end
369
385
  end
370
386
  end
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.5.2'.freeze
2
+ VERSION = '1.7.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.2
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-03-11 00:00:00.000000000 Z
11
+ date: 2024-05-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday