oso-cloud 1.7.0 → 1.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/oso/api.rb +62 -25
- data/lib/oso/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aa3ca5a542cd09609eab342416030091943a7e777e6fdccd8b6caf1b1b6a5a99
|
|
4
|
+
data.tar.gz: 34c40e85594b08ef91ead85505c1488d42fc1291bcf1f3583dacce49abb47446
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e950c324bbb312688fe5b2e119d761fb5e7189ac087386ef232d632b1179d7ad2db0a3f7c63ea468088fd3a4d1b4953d4837f8462b6582bb3f09f4c0ed93eb9e
|
|
7
|
+
data.tar.gz: 24bed9cfb7b77c0fa77867166188e55e2811e63c5ed0fedb111d013338b8a8fdd59c0edf084169ad58d11c1988f4fb53a0e14d882aa8d827a195afc12f1129e7
|
data/Gemfile.lock
CHANGED
data/lib/oso/api.rb
CHANGED
|
@@ -3,6 +3,7 @@ require 'uri'
|
|
|
3
3
|
require 'faraday'
|
|
4
4
|
require 'faraday/retry'
|
|
5
5
|
require 'faraday/net_http_persistent'
|
|
6
|
+
require 'securerandom'
|
|
6
7
|
|
|
7
8
|
require 'oso/helpers'
|
|
8
9
|
require 'oso/version'
|
|
@@ -79,10 +80,10 @@ module OsoCloud
|
|
|
79
80
|
|
|
80
81
|
def initialize(metadata:)
|
|
81
82
|
@metadata = if metadata.is_a? PolicyMetadata
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
83
|
+
metadata
|
|
84
|
+
else
|
|
85
|
+
PolicyMetadata.new(**metadata)
|
|
86
|
+
end
|
|
86
87
|
end
|
|
87
88
|
end
|
|
88
89
|
|
|
@@ -292,7 +293,7 @@ module OsoCloud
|
|
|
292
293
|
faraday.response :raise_error
|
|
293
294
|
faraday.response :json, parser_options: { symbolize_names: true }
|
|
294
295
|
faraday.request :retry, {
|
|
295
|
-
max: (options && options[:max_retries]) ||
|
|
296
|
+
max: (options && options[:max_retries]) || 3,
|
|
296
297
|
interval: 0.01,
|
|
297
298
|
interval_randomness: 0.005,
|
|
298
299
|
max_interval: 1,
|
|
@@ -300,7 +301,7 @@ module OsoCloud
|
|
|
300
301
|
retry_statuses: [429, 500, 502, 503, 504],
|
|
301
302
|
# This is the default set of methods plus POST.
|
|
302
303
|
# ref: https://github.com/lostisland/faraday-retry#specify-which-methods-will-be-retried
|
|
303
|
-
methods: %i[delete get head options post put]
|
|
304
|
+
methods: %i[delete get head options post put]
|
|
304
305
|
}
|
|
305
306
|
|
|
306
307
|
if options && options[:test_adapter]
|
|
@@ -332,14 +333,26 @@ module OsoCloud
|
|
|
332
333
|
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
|
333
334
|
@last_offset = nil
|
|
334
335
|
@data_bindings = IO.read(data_bindings) unless data_bindings.nil?
|
|
336
|
+
@client_id = SecureRandom.uuid
|
|
335
337
|
end
|
|
336
338
|
|
|
337
|
-
def fallback_eligible(path)
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
339
|
+
def fallback_eligible(path, method:)
|
|
340
|
+
path_eligible = if method == 'get'
|
|
341
|
+
['/facts', '/policy_metadata'].include?(path)
|
|
342
|
+
elsif method == 'post'
|
|
343
|
+
['/authorize',
|
|
344
|
+
'/authorize_resources',
|
|
345
|
+
'/list',
|
|
346
|
+
'/actions',
|
|
347
|
+
'/query',
|
|
348
|
+
'/authorize_query',
|
|
349
|
+
'/list_query',
|
|
350
|
+
'/actions_query'].include?(path)
|
|
351
|
+
else
|
|
352
|
+
false
|
|
353
|
+
end
|
|
354
|
+
|
|
355
|
+
!@fallback_connection.nil? && path_eligible
|
|
343
356
|
end
|
|
344
357
|
|
|
345
358
|
def get_policy
|
|
@@ -484,6 +497,8 @@ module OsoCloud
|
|
|
484
497
|
Accept: 'application/json',
|
|
485
498
|
'Content-Type': 'application/json',
|
|
486
499
|
'X-OsoApiVersion': '0',
|
|
500
|
+
'X-Request-ID' => SecureRandom.uuid,
|
|
501
|
+
'X-Oso-Instance-Id' => @client_id
|
|
487
502
|
}
|
|
488
503
|
# set OsoOffset is last_offset is not nil
|
|
489
504
|
default_headers[:OsoOffset] = @last_offset unless @last_offset.nil?
|
|
@@ -492,13 +507,14 @@ module OsoCloud
|
|
|
492
507
|
|
|
493
508
|
def GET(path, params)
|
|
494
509
|
begin
|
|
495
|
-
response = @connection.get("api#{path}")
|
|
510
|
+
response = @connection.get("api#{path}") do |req|
|
|
496
511
|
req.params = params unless params.nil?
|
|
497
512
|
req.headers = headers
|
|
498
513
|
end
|
|
499
514
|
response.body
|
|
500
|
-
rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
|
|
501
|
-
|
|
515
|
+
rescue Faraday::BadRequestError, Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
|
|
516
|
+
Faraday::SSLError => e
|
|
517
|
+
raise e unless fallback_eligible(path, method: 'get')
|
|
502
518
|
|
|
503
519
|
response = @fallback_connection.get("api#{path}") do |req|
|
|
504
520
|
req.params = params unless params.nil?
|
|
@@ -511,6 +527,14 @@ module OsoCloud
|
|
|
511
527
|
end
|
|
512
528
|
|
|
513
529
|
def POST(path, params, body, isMutation)
|
|
530
|
+
max_body_size = 10 * 1024 * 1024
|
|
531
|
+
hash = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
|
532
|
+
json_str = JSON.generate(hash)
|
|
533
|
+
body_size_bytes = json_str&.bytesize || 0
|
|
534
|
+
if body_size_bytes > max_body_size
|
|
535
|
+
raise ApiError.new(message: "Request payload too large (body_size_bytes: #{body_size_bytes}, max_body_size #{max_body_size})")
|
|
536
|
+
end
|
|
537
|
+
|
|
514
538
|
begin
|
|
515
539
|
response = @connection.post("api#{path}") do |req|
|
|
516
540
|
req.params = params unless params.nil?
|
|
@@ -518,13 +542,12 @@ module OsoCloud
|
|
|
518
542
|
req.headers = headers
|
|
519
543
|
end
|
|
520
544
|
|
|
521
|
-
if isMutation
|
|
522
|
-
@last_offset = response.headers[:OsoOffset]
|
|
523
|
-
end
|
|
545
|
+
@last_offset = response.headers[:OsoOffset] if isMutation
|
|
524
546
|
response.body
|
|
525
547
|
# only attempt fallback on 5xx, and connection failure conditions
|
|
526
|
-
rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
|
|
527
|
-
|
|
548
|
+
rescue Faraday::BadRequestError, Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
|
|
549
|
+
Faraday::SSLError => e
|
|
550
|
+
raise e unless fallback_eligible(path, method: 'post')
|
|
528
551
|
|
|
529
552
|
response = @fallback_connection.post("api#{path}") do |req|
|
|
530
553
|
req.params = params unless params.nil?
|
|
@@ -538,6 +561,14 @@ module OsoCloud
|
|
|
538
561
|
end
|
|
539
562
|
|
|
540
563
|
def DELETE(path, body)
|
|
564
|
+
max_body_size = 10 * 1024 * 1024
|
|
565
|
+
hash = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
|
566
|
+
json_str = JSON.generate(hash)
|
|
567
|
+
body_size_bytes = json_str&.bytesize || 0
|
|
568
|
+
if body_size_bytes > max_body_size
|
|
569
|
+
raise ApiError.new(message: "Request payload too large (body_size_bytes: #{body_size_bytes}, max_body_size #{max_body_size})")
|
|
570
|
+
end
|
|
571
|
+
|
|
541
572
|
response = @connection.delete("api#{path}") do |req|
|
|
542
573
|
req.headers = headers
|
|
543
574
|
req.body = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
|
@@ -549,12 +580,18 @@ module OsoCloud
|
|
|
549
580
|
|
|
550
581
|
def handle_faraday_error(error)
|
|
551
582
|
resp = error.response
|
|
583
|
+
formatted_request_id = if resp.nil? || resp[:headers].nil? || resp[:headers]['X-Request-ID'].nil?
|
|
584
|
+
''
|
|
585
|
+
else
|
|
586
|
+
' (Request ID: ' + resp[:headers]['X-Request-ID'] + ')'
|
|
587
|
+
end
|
|
588
|
+
|
|
552
589
|
err = if resp.nil? || resp[:body].nil? || resp[:body][:message].nil?
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
raise ApiError.new(message: err)
|
|
590
|
+
error.message
|
|
591
|
+
else
|
|
592
|
+
resp[:body][:message]
|
|
593
|
+
end
|
|
594
|
+
raise ApiError.new(message: err + formatted_request_id)
|
|
558
595
|
end
|
|
559
596
|
end
|
|
560
597
|
end
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-10-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|