oso-cloud 1.7.1 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78d81ade4fd246a2398c1a0224ecc8a6ff3852b968e03c0c79c1d28295358cfd
-  data.tar.gz: cdfa7bb5f957f1aaf7d801d8b5bca4e3e2dc4b1df8044d9cc30114aae5d012fe
+  metadata.gz: aa3ca5a542cd09609eab342416030091943a7e777e6fdccd8b6caf1b1b6a5a99
+  data.tar.gz: 34c40e85594b08ef91ead85505c1488d42fc1291bcf1f3583dacce49abb47446
 SHA512:
-  metadata.gz: dc3fa7da1c706b47ffe89e6d9ed03ed9950cb8c756051ef2cc3e7ed81e2931f34dbdad8e6c8e217f9d061a4c9a2d5ad36784acdbba0772a3d16102bc43d8e09f
-  data.tar.gz: e48be352ec530bfb99afe81723abbfca673a9c63d295388d68f34bebf97b973a8c911d68133cc11668622cef26553cb92e5336346b1410d081bd1dac41c9c881
+  metadata.gz: e950c324bbb312688fe5b2e119d761fb5e7189ac087386ef232d632b1179d7ad2db0a3f7c63ea468088fd3a4d1b4953d4837f8462b6582bb3f09f4c0ed93eb9e
+  data.tar.gz: 24bed9cfb7b77c0fa77867166188e55e2811e63c5ed0fedb111d013338b8a8fdd59c0edf084169ad58d11c1988f4fb53a0e14d882aa8d827a195afc12f1129e7

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-cloud (1.7.1)
+    oso-cloud (1.8.0)
       faraday (~> 2.5.2)
       faraday-net_http_persistent (~> 2.0)
       faraday-retry (~> 2.0.0)

data/lib/oso/api.rb

@@ -80,10 +80,10 @@ module OsoCloud
 
       def initialize(metadata:)
         @metadata = if metadata.is_a? PolicyMetadata
-          metadata
-        else
-          PolicyMetadata.new(**metadata)
-        end
+                      metadata
+                    else
+                      PolicyMetadata.new(**metadata)
+                    end
       end
     end
 
@@ -293,7 +293,7 @@ module OsoCloud
           faraday.response :raise_error
           faraday.response :json, parser_options: { symbolize_names: true }
           faraday.request :retry, {
-            max: (options && options[:max_retries]) || 10,
+            max: (options && options[:max_retries]) || 3,
             interval: 0.01,
             interval_randomness: 0.005,
             max_interval: 1,
@@ -301,7 +301,7 @@ module OsoCloud
             retry_statuses: [429, 500, 502, 503, 504],
             # This is the default set of methods plus POST.
             # ref: https://github.com/lostisland/faraday-retry#specify-which-methods-will-be-retried
-            methods: %i[delete get head options post put],
+            methods: %i[delete get head options post put]
           }
 
           if options && options[:test_adapter]
@@ -336,12 +336,23 @@ module OsoCloud
         @client_id = SecureRandom.uuid
       end
 
-      def fallback_eligible(path)
-        !@fallback_connection.nil? && ['/authorize',
-                                       '/authorize_resources',
-                                       '/list',
-                                       '/actions',
-                                       '/query'].include?(path)
+      def fallback_eligible(path, method:)
+        path_eligible = if method == 'get'
+                          ['/facts', '/policy_metadata'].include?(path)
+                        elsif method == 'post'
+                          ['/authorize',
+                           '/authorize_resources',
+                           '/list',
+                           '/actions',
+                           '/query',
+                           '/authorize_query',
+                           '/list_query',
+                           '/actions_query'].include?(path)
+                        else
+                          false
+                        end
+
+        !@fallback_connection.nil? && path_eligible
       end
 
       def get_policy
@@ -496,13 +507,14 @@ module OsoCloud
 
       def GET(path, params)
         begin
-          response = @connection.get("api#{path}")  do |req|
+          response = @connection.get("api#{path}") do |req|
             req.params = params unless params.nil?
             req.headers = headers
           end
           response.body
-        rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError, Faraday::SSLError => e
-          raise e unless fallback_eligible(path)
+        rescue Faraday::BadRequestError, Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
+               Faraday::SSLError => e
+          raise e unless fallback_eligible(path, method: 'get')
 
           response = @fallback_connection.get("api#{path}") do |req|
             req.params = params unless params.nil?
@@ -515,6 +527,14 @@ module OsoCloud
       end
 
       def POST(path, params, body, isMutation)
+        max_body_size = 10 * 1024 * 1024
+        hash = OsoCloud::Helpers.to_hash(body) unless body.nil?
+        json_str = JSON.generate(hash)
+        body_size_bytes = json_str&.bytesize || 0
+        if body_size_bytes > max_body_size
+          raise ApiError.new(message: "Request payload too large (body_size_bytes: #{body_size_bytes}, max_body_size #{max_body_size})")
+        end
+
         begin
           response = @connection.post("api#{path}") do |req|
             req.params = params unless params.nil?
@@ -522,13 +542,12 @@ module OsoCloud
             req.headers = headers
           end
 
-          if isMutation
-            @last_offset = response.headers[:OsoOffset]
-          end
+          @last_offset = response.headers[:OsoOffset] if isMutation
           response.body
         # only attempt fallback on 5xx, and connection failure conditions
-        rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError, Faraday::SSLError => e
-          raise e unless fallback_eligible(path)
+        rescue Faraday::BadRequestError, Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
+               Faraday::SSLError => e
+          raise e unless fallback_eligible(path, method: 'post')
 
           response = @fallback_connection.post("api#{path}") do |req|
             req.params = params unless params.nil?
@@ -542,6 +561,14 @@ module OsoCloud
       end
 
       def DELETE(path, body)
+        max_body_size = 10 * 1024 * 1024
+        hash = OsoCloud::Helpers.to_hash(body) unless body.nil?
+        json_str = JSON.generate(hash)
+        body_size_bytes = json_str&.bytesize || 0
+        if body_size_bytes > max_body_size
+          raise ApiError.new(message: "Request payload too large (body_size_bytes: #{body_size_bytes}, max_body_size #{max_body_size})")
+        end
+
         response = @connection.delete("api#{path}") do |req|
           req.headers = headers
           req.body = OsoCloud::Helpers.to_hash(body) unless body.nil?
@@ -554,16 +581,16 @@ module OsoCloud
       def handle_faraday_error(error)
         resp = error.response
         formatted_request_id = if resp.nil? || resp[:headers].nil? || resp[:headers]['X-Request-ID'].nil?
-          ""
-        else
-          " (Request ID: " + resp[:headers]['X-Request-ID'] + ")"
-        end
+                                 ''
+                               else
+                                 ' (Request ID: ' + resp[:headers]['X-Request-ID'] + ')'
+                               end
 
         err = if resp.nil? || resp[:body].nil? || resp[:body][:message].nil?
-          error.message
-        else
-          resp[:body][:message]
-        end
+                error.message
+              else
+                resp[:body][:message]
+              end
         raise ApiError.new(message: err + formatted_request_id)
       end
     end

data/lib/oso/version.rb

@@ -1,3 +1,3 @@
 module OsoCloud
-  VERSION = '1.7.1'.freeze
+  VERSION = '1.8.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oso-cloud
 version: !ruby/object:Gem::Version
-  version: 1.7.1
+  version: 1.8.0
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-06-06 00:00:00.000000000 Z
+date: 2024-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday