oso-cloud 1.5.2 → 1.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/oso/api.rb +17 -0
  4. data/lib/oso/helpers.rb +2 -1
  5. data/lib/oso/oso.rb +90 -74
  6. data/lib/oso/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 543c9f70374f12ec330aa655fe0deea23947f36c617dcf25428f0ccc6945b206
4
- data.tar.gz: 6796fbb6d239a400ea63ef2fe3e8758ada1a5bc13e6acfb2197324956d540125
3
+ metadata.gz: 747cf1fda61eae9e9a96076e782a503e3c440a3aa7049a6b8f74ce8d0c697273
4
+ data.tar.gz: 5a3fcbb8574c21416fa81dbf8e1054dfef59337da6c72ff686c06304b3c27711
5
5
  SHA512:
6
- metadata.gz: 970a457c345a128ae7833bb78405d2f119df5901a59460d93ff29bb9a6f90cd90fca3415cd821097a1689edaffedcd13ea8c8d8ef11a51343e9e6a5fb8fa42dd
7
- data.tar.gz: 23f7a1318a526e3cf9a2da95f932a68ca69ed655314df1b777b5e449ab0aa64b1b6aa8956196d63027789fa11119d98ca9c9912b8a3cd005eb0a0d861cd211be
6
+ metadata.gz: 1f0a4732c2f76b499f1dc962a0ee806fd6d2c17abdb734d2a1ce448c35eff4781dafce6aec90f39ede78e06fac44bcdbbb11033949867d562007c3f15a3fcee7
7
+ data.tar.gz: 41b95a2e852e431e1e1598277abeaad8b76bb174ea562d52a6e9c1d9c644f12a5799e1cde75063bf1d6757eb4cd62be0463c369192f8644353bb791a69391e43
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.5.2)
4
+ oso-cloud (1.7.0)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
data/lib/oso/api.rb CHANGED
@@ -260,6 +260,16 @@ module OsoCloud
260
260
  end
261
261
  end
262
262
 
263
+ # @!visibility private
264
+ class LocalActionsQuery
265
+ attr_reader :query, :data_bindings
266
+
267
+ def initialize(query:, data_bindings:)
268
+ @query = query
269
+ @data_bindings = data_bindings
270
+ end
271
+ end
272
+
263
273
  # @!visibility private
264
274
  class LocalQueryResult
265
275
  attr_reader :sql
@@ -436,6 +446,13 @@ module OsoCloud
436
446
  LocalQueryResult.new(**result)
437
447
  end
438
448
 
449
+ def post_actions_query(query)
450
+ url = '/actions_query'
451
+ data = LocalActionsQuery.new(query: query, data_bindings: @data_bindings)
452
+ result = POST(url, nil, data, false)
453
+ LocalQueryResult.new(**result)
454
+ end
455
+
439
456
  def clear_data
440
457
  url = '/clear_data'
441
458
  result = POST(url, nil, nil, true)
data/lib/oso/helpers.rb CHANGED
@@ -4,8 +4,9 @@ module OsoCloud
4
4
  # @!visibility private
5
5
  def self.extract_value(x)
6
6
  return OsoCloud::Core::Value.new(type: 'String', id: x) if x.is_a? String
7
-
8
7
  return OsoCloud::Core::Value.new(type: nil, id: nil) if x.nil?
8
+ return OsoCloud::Core::Value.new(type: 'Boolean', id: x.to_s) if [true, false].include? x
9
+ return OsoCloud::Core::Value.new(type: 'Integer', id: x.to_s) if x.is_a? Integer
9
10
 
10
11
  type = (x.type.nil? ? nil : x.type.to_s)
11
12
  id = (x.id.nil? ? nil : x.id.to_s)
data/lib/oso/oso.rb CHANGED
@@ -28,67 +28,82 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- attr_reader :experimental
32
-
33
31
  def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
34
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
35
- @experimental = Experimental.new(@api)
32
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings,
33
+ options: { fallback_url: fallback_url })
36
34
  end
37
35
 
38
- class Experimental
39
- def initialize(api)
40
- @api = api
41
- end
42
-
43
- ##
44
- # Check a permission depending on data both in Oso Cloud and stored in a local database
45
- #
46
- # Returns a SQL query to run against the local database
47
- #
48
- # @param actor [OsoCloud::Value]
49
- # @param action [String]
50
- # @param resource [OsoCloud::Value]
51
- # @param column [String]
52
- # @return [Array<String>]
53
- def authorize_local(actor, action, resource)
54
- actor_typed_id = actor.to_api_value
55
- resource_typed_id = resource.to_api_value
56
- result = @api.post_authorize_query(
57
- OsoCloud::Core::AuthorizeQuery.new(
58
- actor_type: actor_typed_id.type,
59
- actor_id: actor_typed_id.id,
60
- action: action,
61
- resource_type: resource_typed_id.type,
62
- resource_id: resource_typed_id.id,
63
- context_facts: []
64
- )
36
+ ##
37
+ # Check a permission depending on data both in Oso Cloud and stored in a local database
38
+ #
39
+ # Returns a SQL query to run against the local database
40
+ #
41
+ # @param actor [OsoCloud::Value]
42
+ # @param action [String]
43
+ # @param resource [OsoCloud::Value]
44
+ # @return [String]
45
+ def authorize_local(actor, action, resource)
46
+ actor_typed_id = actor.to_api_value
47
+ resource_typed_id = resource.to_api_value
48
+ result = @api.post_authorize_query(
49
+ OsoCloud::Core::AuthorizeQuery.new(
50
+ actor_type: actor_typed_id.type,
51
+ actor_id: actor_typed_id.id,
52
+ action: action,
53
+ resource_type: resource_typed_id.type,
54
+ resource_id: resource_typed_id.id,
55
+ context_facts: []
65
56
  )
66
- result.sql
67
- end
57
+ )
58
+ result.sql
59
+ end
60
+
61
+ ##
62
+ # List authorized resources depending on data both in Oso Cloud and stored in a local database
63
+ #
64
+ # Returns a SQL query to run against the local database
65
+ #
66
+ # @param actor [OsoCloud::Value]
67
+ # @param action [String]
68
+ # @param resource_type [String]
69
+ # @param column [String]
70
+ # @return [String]
71
+ def list_local(actor, action, resource_type, column)
72
+ actor_typed_id = actor.to_api_value
73
+ result = @api.post_list_query(
74
+ query: OsoCloud::Core::ListQuery.new(
75
+ actor_type: actor_typed_id.type,
76
+ actor_id: actor_typed_id.id,
77
+ action: action,
78
+ resource_type: resource_type,
79
+ context_facts: []
80
+ ),
81
+ column: column
82
+ )
83
+ result.sql
84
+ end
68
85
 
69
- ##
70
- # List authorized resources depending on data both in Oso Cloud and stored in a local database
71
- #
72
- # Returns a SQL query to run against the local database
73
- #
74
- # @param actor [OsoCloud::Value]
75
- # @param action [String]
76
- # @param resource_type [String]
77
- # @return [Array<String>]
78
- def list_local(actor, action, resource_type, column)
79
- actor_typed_id = actor.to_api_value
80
- result = @api.post_list_query(
81
- query: OsoCloud::Core::ListQuery.new(
82
- actor_type: actor_typed_id.type,
83
- actor_id: actor_typed_id.id,
84
- action: action,
85
- resource_type: resource_type,
86
- context_facts: []
87
- ),
88
- column: column
86
+ ##
87
+ # Fetches a query that can be run against your database to fetch the actions an actor can perform on a resource.
88
+ #
89
+ # Returns a SQL query to run against the local database
90
+ #
91
+ # @param actor [OsoCloud::Value]
92
+ # @param resource [OsoCloud::Value]
93
+ # @return [String]
94
+ def actions_local(actor, resource)
95
+ actor_typed_id = actor.to_api_value
96
+ resource_typed_id = resource.to_api_value
97
+ result = @api.post_actions_query(
98
+ OsoCloud::Core::ActionsQuery.new(
99
+ actor_type: actor_typed_id.type,
100
+ actor_id: actor_typed_id.id,
101
+ resource_type: resource_typed_id.type,
102
+ resource_id: resource_typed_id.id,
103
+ context_facts: []
89
104
  )
90
- result.sql
91
- end
105
+ )
106
+ result.sql
92
107
  end
93
108
 
94
109
  ##
@@ -335,6 +350,7 @@ module OsoCloud
335
350
  context_facts: OsoCloud::Helpers.params_to_facts(context_facts)))
336
351
  OsoCloud::Helpers.facts_to_params(result.results)
337
352
  end
353
+
338
354
  ##
339
355
  # List authorized actions for a batch of queries
340
356
  #
@@ -345,26 +361,26 @@ module OsoCloud
345
361
  # @return [Array<Array<String>>]
346
362
  # @see Oso for more information about facts
347
363
  def bulk_actions(actor, queries:)
348
- actor_typed_id = actor.to_api_value
349
- data = queries.map do |q|
350
- context_facts = []
351
- resource = nil
352
- if (q.is_a?(Array))
353
- resource = q[0]
354
- context_facts = q[1]
355
- else
356
- resource = q
357
- end
358
- resource_typed_id = resource.to_api_value
359
- OsoCloud::Core::ActionsQuery.new(
360
- actor_type: actor_typed_id.type,
361
- actor_id: actor_typed_id.id,
362
- resource_type: resource_typed_id.type,
363
- resource_id: resource_typed_id.id,
364
- context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
365
- )
364
+ actor_typed_id = actor.to_api_value
365
+ data = queries.map do |q|
366
+ context_facts = []
367
+ resource = nil
368
+ if q.is_a?(Array)
369
+ resource = q[0]
370
+ context_facts = q[1]
371
+ else
372
+ resource = q
373
+ end
374
+ resource_typed_id = resource.to_api_value
375
+ OsoCloud::Core::ActionsQuery.new(
376
+ actor_type: actor_typed_id.type,
377
+ actor_id: actor_typed_id.id,
378
+ resource_type: resource_typed_id.type,
379
+ resource_id: resource_typed_id.id,
380
+ context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
381
+ )
366
382
  end
367
- @api.post_bulk_actions(data).map { |result| result.results}
383
+ @api.post_bulk_actions(data).map(&:results)
368
384
  end
369
385
  end
370
386
  end
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.5.2'.freeze
2
+ VERSION = '1.7.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.2
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-03-11 00:00:00.000000000 Z
11
+ date: 2024-05-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday