oso-cloud 1.6.0 → 1.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/oso/api.rb +28 -1
- data/lib/oso/helpers.rb +2 -1
- data/lib/oso/oso.rb +25 -2
- data/lib/oso/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 78d81ade4fd246a2398c1a0224ecc8a6ff3852b968e03c0c79c1d28295358cfd
|
|
4
|
+
data.tar.gz: cdfa7bb5f957f1aaf7d801d8b5bca4e3e2dc4b1df8044d9cc30114aae5d012fe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dc3fa7da1c706b47ffe89e6d9ed03ed9950cb8c756051ef2cc3e7ed81e2931f34dbdad8e6c8e217f9d061a4c9a2d5ad36784acdbba0772a3d16102bc43d8e09f
|
|
7
|
+
data.tar.gz: e48be352ec530bfb99afe81723abbfca673a9c63d295388d68f34bebf97b973a8c911d68133cc11668622cef26553cb92e5336346b1410d081bd1dac41c9c881
|
data/Gemfile.lock
CHANGED
data/lib/oso/api.rb
CHANGED
|
@@ -3,6 +3,7 @@ require 'uri'
|
|
|
3
3
|
require 'faraday'
|
|
4
4
|
require 'faraday/retry'
|
|
5
5
|
require 'faraday/net_http_persistent'
|
|
6
|
+
require 'securerandom'
|
|
6
7
|
|
|
7
8
|
require 'oso/helpers'
|
|
8
9
|
require 'oso/version'
|
|
@@ -260,6 +261,16 @@ module OsoCloud
|
|
|
260
261
|
end
|
|
261
262
|
end
|
|
262
263
|
|
|
264
|
+
# @!visibility private
|
|
265
|
+
class LocalActionsQuery
|
|
266
|
+
attr_reader :query, :data_bindings
|
|
267
|
+
|
|
268
|
+
def initialize(query:, data_bindings:)
|
|
269
|
+
@query = query
|
|
270
|
+
@data_bindings = data_bindings
|
|
271
|
+
end
|
|
272
|
+
end
|
|
273
|
+
|
|
263
274
|
# @!visibility private
|
|
264
275
|
class LocalQueryResult
|
|
265
276
|
attr_reader :sql
|
|
@@ -322,6 +333,7 @@ module OsoCloud
|
|
|
322
333
|
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
|
323
334
|
@last_offset = nil
|
|
324
335
|
@data_bindings = IO.read(data_bindings) unless data_bindings.nil?
|
|
336
|
+
@client_id = SecureRandom.uuid
|
|
325
337
|
end
|
|
326
338
|
|
|
327
339
|
def fallback_eligible(path)
|
|
@@ -436,6 +448,13 @@ module OsoCloud
|
|
|
436
448
|
LocalQueryResult.new(**result)
|
|
437
449
|
end
|
|
438
450
|
|
|
451
|
+
def post_actions_query(query)
|
|
452
|
+
url = '/actions_query'
|
|
453
|
+
data = LocalActionsQuery.new(query: query, data_bindings: @data_bindings)
|
|
454
|
+
result = POST(url, nil, data, false)
|
|
455
|
+
LocalQueryResult.new(**result)
|
|
456
|
+
end
|
|
457
|
+
|
|
439
458
|
def clear_data
|
|
440
459
|
url = '/clear_data'
|
|
441
460
|
result = POST(url, nil, nil, true)
|
|
@@ -467,6 +486,8 @@ module OsoCloud
|
|
|
467
486
|
Accept: 'application/json',
|
|
468
487
|
'Content-Type': 'application/json',
|
|
469
488
|
'X-OsoApiVersion': '0',
|
|
489
|
+
'X-Request-ID' => SecureRandom.uuid,
|
|
490
|
+
'X-Oso-Instance-Id' => @client_id
|
|
470
491
|
}
|
|
471
492
|
# set OsoOffset is last_offset is not nil
|
|
472
493
|
default_headers[:OsoOffset] = @last_offset unless @last_offset.nil?
|
|
@@ -532,12 +553,18 @@ module OsoCloud
|
|
|
532
553
|
|
|
533
554
|
def handle_faraday_error(error)
|
|
534
555
|
resp = error.response
|
|
556
|
+
formatted_request_id = if resp.nil? || resp[:headers].nil? || resp[:headers]['X-Request-ID'].nil?
|
|
557
|
+
""
|
|
558
|
+
else
|
|
559
|
+
" (Request ID: " + resp[:headers]['X-Request-ID'] + ")"
|
|
560
|
+
end
|
|
561
|
+
|
|
535
562
|
err = if resp.nil? || resp[:body].nil? || resp[:body][:message].nil?
|
|
536
563
|
error.message
|
|
537
564
|
else
|
|
538
565
|
resp[:body][:message]
|
|
539
566
|
end
|
|
540
|
-
raise ApiError.new(message: err)
|
|
567
|
+
raise ApiError.new(message: err + formatted_request_id)
|
|
541
568
|
end
|
|
542
569
|
end
|
|
543
570
|
end
|
data/lib/oso/helpers.rb
CHANGED
|
@@ -4,8 +4,9 @@ module OsoCloud
|
|
|
4
4
|
# @!visibility private
|
|
5
5
|
def self.extract_value(x)
|
|
6
6
|
return OsoCloud::Core::Value.new(type: 'String', id: x) if x.is_a? String
|
|
7
|
-
|
|
8
7
|
return OsoCloud::Core::Value.new(type: nil, id: nil) if x.nil?
|
|
8
|
+
return OsoCloud::Core::Value.new(type: 'Boolean', id: x.to_s) if [true, false].include? x
|
|
9
|
+
return OsoCloud::Core::Value.new(type: 'Integer', id: x.to_s) if x.is_a? Integer
|
|
9
10
|
|
|
10
11
|
type = (x.type.nil? ? nil : x.type.to_s)
|
|
11
12
|
id = (x.id.nil? ? nil : x.id.to_s)
|
data/lib/oso/oso.rb
CHANGED
|
@@ -41,7 +41,7 @@ module OsoCloud
|
|
|
41
41
|
# @param actor [OsoCloud::Value]
|
|
42
42
|
# @param action [String]
|
|
43
43
|
# @param resource [OsoCloud::Value]
|
|
44
|
-
# @return [
|
|
44
|
+
# @return [String]
|
|
45
45
|
def authorize_local(actor, action, resource)
|
|
46
46
|
actor_typed_id = actor.to_api_value
|
|
47
47
|
resource_typed_id = resource.to_api_value
|
|
@@ -67,7 +67,7 @@ module OsoCloud
|
|
|
67
67
|
# @param action [String]
|
|
68
68
|
# @param resource_type [String]
|
|
69
69
|
# @param column [String]
|
|
70
|
-
# @return [
|
|
70
|
+
# @return [String]
|
|
71
71
|
def list_local(actor, action, resource_type, column)
|
|
72
72
|
actor_typed_id = actor.to_api_value
|
|
73
73
|
result = @api.post_list_query(
|
|
@@ -83,6 +83,29 @@ module OsoCloud
|
|
|
83
83
|
result.sql
|
|
84
84
|
end
|
|
85
85
|
|
|
86
|
+
##
|
|
87
|
+
# Fetches a query that can be run against your database to fetch the actions an actor can perform on a resource.
|
|
88
|
+
#
|
|
89
|
+
# Returns a SQL query to run against the local database
|
|
90
|
+
#
|
|
91
|
+
# @param actor [OsoCloud::Value]
|
|
92
|
+
# @param resource [OsoCloud::Value]
|
|
93
|
+
# @return [String]
|
|
94
|
+
def actions_local(actor, resource)
|
|
95
|
+
actor_typed_id = actor.to_api_value
|
|
96
|
+
resource_typed_id = resource.to_api_value
|
|
97
|
+
result = @api.post_actions_query(
|
|
98
|
+
OsoCloud::Core::ActionsQuery.new(
|
|
99
|
+
actor_type: actor_typed_id.type,
|
|
100
|
+
actor_id: actor_typed_id.id,
|
|
101
|
+
resource_type: resource_typed_id.type,
|
|
102
|
+
resource_id: resource_typed_id.id,
|
|
103
|
+
context_facts: []
|
|
104
|
+
)
|
|
105
|
+
)
|
|
106
|
+
result.sql
|
|
107
|
+
end
|
|
108
|
+
|
|
86
109
|
##
|
|
87
110
|
# Update the active policy
|
|
88
111
|
#
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-06-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|