oso-cloud 1.6.0 → 1.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/oso/api.rb +28 -1
- data/lib/oso/helpers.rb +2 -1
- data/lib/oso/oso.rb +25 -2
- data/lib/oso/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 78d81ade4fd246a2398c1a0224ecc8a6ff3852b968e03c0c79c1d28295358cfd
|
|
4
|
+
data.tar.gz: cdfa7bb5f957f1aaf7d801d8b5bca4e3e2dc4b1df8044d9cc30114aae5d012fe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dc3fa7da1c706b47ffe89e6d9ed03ed9950cb8c756051ef2cc3e7ed81e2931f34dbdad8e6c8e217f9d061a4c9a2d5ad36784acdbba0772a3d16102bc43d8e09f
|
|
7
|
+
data.tar.gz: e48be352ec530bfb99afe81723abbfca673a9c63d295388d68f34bebf97b973a8c911d68133cc11668622cef26553cb92e5336346b1410d081bd1dac41c9c881
|
data/Gemfile.lock
CHANGED
data/lib/oso/api.rb
CHANGED
|
@@ -3,6 +3,7 @@ require 'uri'
|
|
|
3
3
|
require 'faraday'
|
|
4
4
|
require 'faraday/retry'
|
|
5
5
|
require 'faraday/net_http_persistent'
|
|
6
|
+
require 'securerandom'
|
|
6
7
|
|
|
7
8
|
require 'oso/helpers'
|
|
8
9
|
require 'oso/version'
|
|
@@ -260,6 +261,16 @@ module OsoCloud
|
|
|
260
261
|
end
|
|
261
262
|
end
|
|
262
263
|
|
|
264
|
+
# @!visibility private
|
|
265
|
+
class LocalActionsQuery
|
|
266
|
+
attr_reader :query, :data_bindings
|
|
267
|
+
|
|
268
|
+
def initialize(query:, data_bindings:)
|
|
269
|
+
@query = query
|
|
270
|
+
@data_bindings = data_bindings
|
|
271
|
+
end
|
|
272
|
+
end
|
|
273
|
+
|
|
263
274
|
# @!visibility private
|
|
264
275
|
class LocalQueryResult
|
|
265
276
|
attr_reader :sql
|
|
@@ -322,6 +333,7 @@ module OsoCloud
|
|
|
322
333
|
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
|
323
334
|
@last_offset = nil
|
|
324
335
|
@data_bindings = IO.read(data_bindings) unless data_bindings.nil?
|
|
336
|
+
@client_id = SecureRandom.uuid
|
|
325
337
|
end
|
|
326
338
|
|
|
327
339
|
def fallback_eligible(path)
|
|
@@ -436,6 +448,13 @@ module OsoCloud
|
|
|
436
448
|
LocalQueryResult.new(**result)
|
|
437
449
|
end
|
|
438
450
|
|
|
451
|
+
def post_actions_query(query)
|
|
452
|
+
url = '/actions_query'
|
|
453
|
+
data = LocalActionsQuery.new(query: query, data_bindings: @data_bindings)
|
|
454
|
+
result = POST(url, nil, data, false)
|
|
455
|
+
LocalQueryResult.new(**result)
|
|
456
|
+
end
|
|
457
|
+
|
|
439
458
|
def clear_data
|
|
440
459
|
url = '/clear_data'
|
|
441
460
|
result = POST(url, nil, nil, true)
|
|
@@ -467,6 +486,8 @@ module OsoCloud
|
|
|
467
486
|
Accept: 'application/json',
|
|
468
487
|
'Content-Type': 'application/json',
|
|
469
488
|
'X-OsoApiVersion': '0',
|
|
489
|
+
'X-Request-ID' => SecureRandom.uuid,
|
|
490
|
+
'X-Oso-Instance-Id' => @client_id
|
|
470
491
|
}
|
|
471
492
|
# set OsoOffset is last_offset is not nil
|
|
472
493
|
default_headers[:OsoOffset] = @last_offset unless @last_offset.nil?
|
|
@@ -532,12 +553,18 @@ module OsoCloud
|
|
|
532
553
|
|
|
533
554
|
def handle_faraday_error(error)
|
|
534
555
|
resp = error.response
|
|
556
|
+
formatted_request_id = if resp.nil? || resp[:headers].nil? || resp[:headers]['X-Request-ID'].nil?
|
|
557
|
+
""
|
|
558
|
+
else
|
|
559
|
+
" (Request ID: " + resp[:headers]['X-Request-ID'] + ")"
|
|
560
|
+
end
|
|
561
|
+
|
|
535
562
|
err = if resp.nil? || resp[:body].nil? || resp[:body][:message].nil?
|
|
536
563
|
error.message
|
|
537
564
|
else
|
|
538
565
|
resp[:body][:message]
|
|
539
566
|
end
|
|
540
|
-
raise ApiError.new(message: err)
|
|
567
|
+
raise ApiError.new(message: err + formatted_request_id)
|
|
541
568
|
end
|
|
542
569
|
end
|
|
543
570
|
end
|
data/lib/oso/helpers.rb
CHANGED
|
@@ -4,8 +4,9 @@ module OsoCloud
|
|
|
4
4
|
# @!visibility private
|
|
5
5
|
def self.extract_value(x)
|
|
6
6
|
return OsoCloud::Core::Value.new(type: 'String', id: x) if x.is_a? String
|
|
7
|
-
|
|
8
7
|
return OsoCloud::Core::Value.new(type: nil, id: nil) if x.nil?
|
|
8
|
+
return OsoCloud::Core::Value.new(type: 'Boolean', id: x.to_s) if [true, false].include? x
|
|
9
|
+
return OsoCloud::Core::Value.new(type: 'Integer', id: x.to_s) if x.is_a? Integer
|
|
9
10
|
|
|
10
11
|
type = (x.type.nil? ? nil : x.type.to_s)
|
|
11
12
|
id = (x.id.nil? ? nil : x.id.to_s)
|
data/lib/oso/oso.rb
CHANGED
|
@@ -41,7 +41,7 @@ module OsoCloud
|
|
|
41
41
|
# @param actor [OsoCloud::Value]
|
|
42
42
|
# @param action [String]
|
|
43
43
|
# @param resource [OsoCloud::Value]
|
|
44
|
-
# @return [
|
|
44
|
+
# @return [String]
|
|
45
45
|
def authorize_local(actor, action, resource)
|
|
46
46
|
actor_typed_id = actor.to_api_value
|
|
47
47
|
resource_typed_id = resource.to_api_value
|
|
@@ -67,7 +67,7 @@ module OsoCloud
|
|
|
67
67
|
# @param action [String]
|
|
68
68
|
# @param resource_type [String]
|
|
69
69
|
# @param column [String]
|
|
70
|
-
# @return [
|
|
70
|
+
# @return [String]
|
|
71
71
|
def list_local(actor, action, resource_type, column)
|
|
72
72
|
actor_typed_id = actor.to_api_value
|
|
73
73
|
result = @api.post_list_query(
|
|
@@ -83,6 +83,29 @@ module OsoCloud
|
|
|
83
83
|
result.sql
|
|
84
84
|
end
|
|
85
85
|
|
|
86
|
+
##
|
|
87
|
+
# Fetches a query that can be run against your database to fetch the actions an actor can perform on a resource.
|
|
88
|
+
#
|
|
89
|
+
# Returns a SQL query to run against the local database
|
|
90
|
+
#
|
|
91
|
+
# @param actor [OsoCloud::Value]
|
|
92
|
+
# @param resource [OsoCloud::Value]
|
|
93
|
+
# @return [String]
|
|
94
|
+
def actions_local(actor, resource)
|
|
95
|
+
actor_typed_id = actor.to_api_value
|
|
96
|
+
resource_typed_id = resource.to_api_value
|
|
97
|
+
result = @api.post_actions_query(
|
|
98
|
+
OsoCloud::Core::ActionsQuery.new(
|
|
99
|
+
actor_type: actor_typed_id.type,
|
|
100
|
+
actor_id: actor_typed_id.id,
|
|
101
|
+
resource_type: resource_typed_id.type,
|
|
102
|
+
resource_id: resource_typed_id.id,
|
|
103
|
+
context_facts: []
|
|
104
|
+
)
|
|
105
|
+
)
|
|
106
|
+
result.sql
|
|
107
|
+
end
|
|
108
|
+
|
|
86
109
|
##
|
|
87
110
|
# Update the active policy
|
|
88
111
|
#
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-06-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|