RubyGems - oso-cloud - Versions diffs - 1.7.0 → 1.8.0 - Mend

oso-cloud 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 747cf1fda61eae9e9a96076e782a503e3c440a3aa7049a6b8f74ce8d0c697273
-  data.tar.gz: 5a3fcbb8574c21416fa81dbf8e1054dfef59337da6c72ff686c06304b3c27711
+  metadata.gz: aa3ca5a542cd09609eab342416030091943a7e777e6fdccd8b6caf1b1b6a5a99
+  data.tar.gz: 34c40e85594b08ef91ead85505c1488d42fc1291bcf1f3583dacce49abb47446
 SHA512:
-  metadata.gz: 1f0a4732c2f76b499f1dc962a0ee806fd6d2c17abdb734d2a1ce448c35eff4781dafce6aec90f39ede78e06fac44bcdbbb11033949867d562007c3f15a3fcee7
-  data.tar.gz: 41b95a2e852e431e1e1598277abeaad8b76bb174ea562d52a6e9c1d9c644f12a5799e1cde75063bf1d6757eb4cd62be0463c369192f8644353bb791a69391e43
+  metadata.gz: e950c324bbb312688fe5b2e119d761fb5e7189ac087386ef232d632b1179d7ad2db0a3f7c63ea468088fd3a4d1b4953d4837f8462b6582bb3f09f4c0ed93eb9e
+  data.tar.gz: 24bed9cfb7b77c0fa77867166188e55e2811e63c5ed0fedb111d013338b8a8fdd59c0edf084169ad58d11c1988f4fb53a0e14d882aa8d827a195afc12f1129e7

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-cloud (1.7.0)
+    oso-cloud (1.8.0)
       faraday (~> 2.5.2)
       faraday-net_http_persistent (~> 2.0)
       faraday-retry (~> 2.0.0)

data/lib/oso/api.rb CHANGED Viewed

@@ -3,6 +3,7 @@ require 'uri'
 require 'faraday'
 require 'faraday/retry'
 require 'faraday/net_http_persistent'
+require 'securerandom'
 require 'oso/helpers'
 require 'oso/version'
@@ -79,10 +80,10 @@ module OsoCloud
       def initialize(metadata:)
         @metadata = if metadata.is_a? PolicyMetadata
-          metadata
-        else
-          PolicyMetadata.new(**metadata)
-        end
+                      metadata
+                    else
+                      PolicyMetadata.new(**metadata)
+                    end
       end
     end
@@ -292,7 +293,7 @@ module OsoCloud
           faraday.response :raise_error
           faraday.response :json, parser_options: { symbolize_names: true }
           faraday.request :retry, {
-            max: (options && options[:max_retries]) || 10,
+            max: (options && options[:max_retries]) || 3,
             interval: 0.01,
             interval_randomness: 0.005,
             max_interval: 1,
@@ -300,7 +301,7 @@ module OsoCloud
             retry_statuses: [429, 500, 502, 503, 504],
             # This is the default set of methods plus POST.
             # ref: https://github.com/lostisland/faraday-retry#specify-which-methods-will-be-retried
-            methods: %i[delete get head options post put],
+            methods: %i[delete get head options post put]
           }
           if options && options[:test_adapter]
@@ -332,14 +333,26 @@ module OsoCloud
         @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
         @last_offset = nil
         @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
+        @client_id = SecureRandom.uuid
       end
-      def fallback_eligible(path)
-        !@fallback_connection.nil? && ['/authorize',
-                                       '/authorize_resources',
-                                       '/list',
-                                       '/actions',
-                                       '/query'].include?(path)
+      def fallback_eligible(path, method:)
+        path_eligible = if method == 'get'
+                          ['/facts', '/policy_metadata'].include?(path)
+                        elsif method == 'post'
+                          ['/authorize',
+                           '/authorize_resources',
+                           '/list',
+                           '/actions',
+                           '/query',
+                           '/authorize_query',
+                           '/list_query',
+                           '/actions_query'].include?(path)
+                        else
+                          false
+                        end
+        !@fallback_connection.nil? && path_eligible
       end
       def get_policy
@@ -484,6 +497,8 @@ module OsoCloud
           Accept: 'application/json',
           'Content-Type': 'application/json',
           'X-OsoApiVersion': '0',
+          'X-Request-ID' => SecureRandom.uuid,
+          'X-Oso-Instance-Id' => @client_id
         }
         # set OsoOffset is last_offset is not nil
         default_headers[:OsoOffset] = @last_offset unless @last_offset.nil?
@@ -492,13 +507,14 @@ module OsoCloud
       def GET(path, params)
         begin
-          response = @connection.get("api#{path}")  do |req|
+          response = @connection.get("api#{path}") do |req|
             req.params = params unless params.nil?
             req.headers = headers
           end
           response.body
-        rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError, Faraday::SSLError => e
-          raise e unless fallback_eligible(path)
+        rescue Faraday::BadRequestError, Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
+               Faraday::SSLError => e
+          raise e unless fallback_eligible(path, method: 'get')
           response = @fallback_connection.get("api#{path}") do |req|
             req.params = params unless params.nil?
@@ -511,6 +527,14 @@ module OsoCloud
       end
       def POST(path, params, body, isMutation)
+        max_body_size = 10 * 1024 * 1024
+        hash = OsoCloud::Helpers.to_hash(body) unless body.nil?
+        json_str = JSON.generate(hash)
+        body_size_bytes = json_str&.bytesize || 0
+        if body_size_bytes > max_body_size
+          raise ApiError.new(message: "Request payload too large (body_size_bytes: #{body_size_bytes}, max_body_size #{max_body_size})")
+        end
         begin
           response = @connection.post("api#{path}") do |req|
             req.params = params unless params.nil?
@@ -518,13 +542,12 @@ module OsoCloud
             req.headers = headers
           end
-          if isMutation
-            @last_offset = response.headers[:OsoOffset]
-          end
+          @last_offset = response.headers[:OsoOffset] if isMutation
           response.body
         # only attempt fallback on 5xx, and connection failure conditions
-        rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError, Faraday::SSLError => e
-          raise e unless fallback_eligible(path)
+        rescue Faraday::BadRequestError, Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
+               Faraday::SSLError => e
+          raise e unless fallback_eligible(path, method: 'post')
           response = @fallback_connection.post("api#{path}") do |req|
             req.params = params unless params.nil?
@@ -538,6 +561,14 @@ module OsoCloud
       end
       def DELETE(path, body)
+        max_body_size = 10 * 1024 * 1024
+        hash = OsoCloud::Helpers.to_hash(body) unless body.nil?
+        json_str = JSON.generate(hash)
+        body_size_bytes = json_str&.bytesize || 0
+        if body_size_bytes > max_body_size
+          raise ApiError.new(message: "Request payload too large (body_size_bytes: #{body_size_bytes}, max_body_size #{max_body_size})")
+        end
         response = @connection.delete("api#{path}") do |req|
           req.headers = headers
           req.body = OsoCloud::Helpers.to_hash(body) unless body.nil?
@@ -549,12 +580,18 @@ module OsoCloud
       def handle_faraday_error(error)
         resp = error.response
+        formatted_request_id = if resp.nil? || resp[:headers].nil? || resp[:headers]['X-Request-ID'].nil?
+                                 ''
+                               else
+                                 ' (Request ID: ' + resp[:headers]['X-Request-ID'] + ')'
+                               end
         err = if resp.nil? || resp[:body].nil? || resp[:body][:message].nil?
-          error.message
-        else
-          resp[:body][:message]
-        end
-        raise ApiError.new(message: err)
+                error.message
+              else
+                resp[:body][:message]
+              end
+        raise ApiError.new(message: err + formatted_request_id)
       end
     end
   end

data/lib/oso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module OsoCloud
-  VERSION = '1.7.0'.freeze
+  VERSION = '1.8.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oso-cloud
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-05-24 00:00:00.000000000 Z
+date: 2024-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday