oso-cloud 1.4.1.pre → 1.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -32
- data/lib/oso/api.rb +1 -45
- data/lib/oso/oso.rb +2 -46
- data/lib/oso/version.rb +1 -1
- data/oso-cloud.gemspec +0 -2
- metadata +4 -32
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f65c9e4cafbbd08a93b4c772310d2741bd3a8a7f9f9fe90c15bf06e4f98f3c5
|
4
|
+
data.tar.gz: 0fed4dce1b4043811202203fae204454b086327f6204f88ada6ec9d57710e914
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 59a1e5af09cbcf16f6bcb01b951ad75ff0e80351c94e27968c82f95ecdf308aac98a70b7d6f6e98287a4e6eae9b76276497f47267c8c3c195fcfa80f41843494
|
7
|
+
data.tar.gz: 42d8ac7a9a9366c6e338e86ce27cd8249615b7c268e8c5abda237719e489fc09ffa71743a2c69828a660f27aa67fdde2514eb34206c5c03e502209b4951caf76
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
oso-cloud (1.4.1
|
4
|
+
oso-cloud (1.4.1)
|
5
5
|
faraday (~> 2.5.2)
|
6
6
|
faraday-net_http_persistent (~> 2.0)
|
7
7
|
faraday-retry (~> 2.0.0)
|
@@ -9,28 +9,7 @@ PATH
|
|
9
9
|
GEM
|
10
10
|
remote: https://rubygems.org/
|
11
11
|
specs:
|
12
|
-
activemodel (7.1.3)
|
13
|
-
activesupport (= 7.1.3)
|
14
|
-
activerecord (7.1.3)
|
15
|
-
activemodel (= 7.1.3)
|
16
|
-
activesupport (= 7.1.3)
|
17
|
-
timeout (>= 0.4.0)
|
18
|
-
activesupport (7.1.3)
|
19
|
-
base64
|
20
|
-
bigdecimal
|
21
|
-
concurrent-ruby (~> 1.0, >= 1.0.2)
|
22
|
-
connection_pool (>= 2.2.5)
|
23
|
-
drb
|
24
|
-
i18n (>= 1.6, < 2)
|
25
|
-
minitest (>= 5.1)
|
26
|
-
mutex_m
|
27
|
-
tzinfo (~> 2.0)
|
28
|
-
base64 (0.2.0)
|
29
|
-
bigdecimal (3.1.6)
|
30
|
-
concurrent-ruby (1.2.3)
|
31
12
|
connection_pool (2.4.1)
|
32
|
-
drb (2.2.0)
|
33
|
-
ruby2_keywords
|
34
13
|
faraday (2.5.2)
|
35
14
|
faraday-net_http (>= 2.0, < 3.1)
|
36
15
|
ruby2_keywords (>= 0.0.4)
|
@@ -40,28 +19,19 @@ GEM
|
|
40
19
|
net-http-persistent (~> 4.0)
|
41
20
|
faraday-retry (2.0.0)
|
42
21
|
faraday (~> 2.0)
|
43
|
-
i18n (1.14.1)
|
44
|
-
concurrent-ruby (~> 1.0)
|
45
22
|
minitest (5.18.0)
|
46
|
-
mutex_m (0.2.0)
|
47
23
|
net-http-persistent (4.0.2)
|
48
24
|
connection_pool (~> 2.2)
|
49
|
-
pg (1.5.4)
|
50
25
|
rake (12.3.3)
|
51
26
|
ruby2_keywords (0.0.5)
|
52
|
-
timeout (0.4.1)
|
53
|
-
tzinfo (2.0.6)
|
54
|
-
concurrent-ruby (~> 1.0)
|
55
27
|
|
56
28
|
PLATFORMS
|
57
29
|
ruby
|
58
30
|
|
59
31
|
DEPENDENCIES
|
60
|
-
activerecord (~> 7.0)
|
61
32
|
minitest (~> 5.15)
|
62
33
|
oso-cloud!
|
63
|
-
pg (~> 1.0)
|
64
34
|
rake (~> 12.0)
|
65
35
|
|
66
36
|
BUNDLED WITH
|
67
|
-
2.
|
37
|
+
2.3.13
|
data/lib/oso/api.rb
CHANGED
@@ -202,38 +202,9 @@ module OsoCloud
|
|
202
202
|
end
|
203
203
|
end
|
204
204
|
|
205
|
-
# @!visibility private
|
206
|
-
class LocalAuthQuery
|
207
|
-
attr_reader :query, :data_bindings
|
208
|
-
|
209
|
-
def initialize(query:, data_bindings:)
|
210
|
-
@query = query
|
211
|
-
@data_bindings = data_bindings
|
212
|
-
end
|
213
|
-
end
|
214
|
-
|
215
|
-
# @!visibility private
|
216
|
-
class LocalListQuery
|
217
|
-
attr_reader :query, :data_bindings
|
218
|
-
|
219
|
-
def initialize(query:, data_bindings:)
|
220
|
-
@query = query
|
221
|
-
@data_bindings = data_bindings
|
222
|
-
end
|
223
|
-
end
|
224
|
-
|
225
|
-
# @!visibility private
|
226
|
-
class LocalQueryResult
|
227
|
-
attr_reader :sql
|
228
|
-
|
229
|
-
def initialize(sql:)
|
230
|
-
@sql = sql
|
231
|
-
end
|
232
|
-
end
|
233
|
-
|
234
205
|
# @!visibility private
|
235
206
|
class Api
|
236
|
-
def initialize(url: 'https://api.osohq.com', api_key: nil,
|
207
|
+
def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
|
237
208
|
@url = url
|
238
209
|
@connection = Faraday.new(url: url) do |faraday|
|
239
210
|
faraday.request :json
|
@@ -291,7 +262,6 @@ module OsoCloud
|
|
291
262
|
@api_key = api_key
|
292
263
|
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
293
264
|
@last_offset = nil
|
294
|
-
@data_bindings = IO.read(data_bindings) unless data_bindings.nil?
|
295
265
|
end
|
296
266
|
|
297
267
|
def fallback_eligible(path)
|
@@ -386,20 +356,6 @@ module OsoCloud
|
|
386
356
|
StatsResult.new(**result)
|
387
357
|
end
|
388
358
|
|
389
|
-
def post_authorize_query(query)
|
390
|
-
url = '/authorize_query'
|
391
|
-
data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
|
392
|
-
result = POST(url, nil, data, false)
|
393
|
-
LocalQueryResult.new(**result)
|
394
|
-
end
|
395
|
-
|
396
|
-
def post_list_query(query)
|
397
|
-
url = '/list_query'
|
398
|
-
data = LocalListQuery.new(query: query, data_bindings: @data_bindings)
|
399
|
-
result = POST(url, nil, data, false)
|
400
|
-
LocalQueryResult.new(**result)
|
401
|
-
end
|
402
|
-
|
403
359
|
def clear_data
|
404
360
|
url = '/clear_data'
|
405
361
|
result = POST(url, nil, nil, true)
|
data/lib/oso/oso.rb
CHANGED
@@ -28,8 +28,8 @@ module OsoCloud
|
|
28
28
|
# Any other elements in the array, which together represent the fact's arguments,
|
29
29
|
# can be "OsoCloud::Value" objects or strings.
|
30
30
|
class Oso
|
31
|
-
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil
|
32
|
-
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key,
|
31
|
+
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
|
32
|
+
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
|
33
33
|
end
|
34
34
|
|
35
35
|
##
|
@@ -71,50 +71,6 @@ module OsoCloud
|
|
71
71
|
result.allowed
|
72
72
|
end
|
73
73
|
|
74
|
-
##
|
75
|
-
# Check a permission depending on data both in Oso Cloud and stored in a local database
|
76
|
-
#
|
77
|
-
# Returns a SQL query to run against the local database
|
78
|
-
#
|
79
|
-
# @param actor [OsoCloud::Value]
|
80
|
-
# @param action [String]
|
81
|
-
# @param resource [OsoCloud::Value]
|
82
|
-
# @return [Array<String>]
|
83
|
-
def authorize_local(actor, action, resource)
|
84
|
-
actor_typed_id = actor.to_api_value
|
85
|
-
resource_typed_id = resource.to_api_value
|
86
|
-
result = @api.post_authorize_query(OsoCloud::Core::AuthorizeQuery.new(
|
87
|
-
actor_type: actor_typed_id.type,
|
88
|
-
actor_id: actor_typed_id.id,
|
89
|
-
action: action,
|
90
|
-
resource_type: resource_typed_id.type,
|
91
|
-
resource_id: resource_typed_id.id,
|
92
|
-
context_facts: []
|
93
|
-
))
|
94
|
-
result.sql
|
95
|
-
end
|
96
|
-
|
97
|
-
##
|
98
|
-
# List authorized resources depending on data both in Oso Cloud and stored in a local database
|
99
|
-
#
|
100
|
-
# Returns a SQL query to run against the local database
|
101
|
-
#
|
102
|
-
# @param actor [OsoCloud::Value]
|
103
|
-
# @param action [String]
|
104
|
-
# @param resource_type [String]
|
105
|
-
# @return [Array<String>]
|
106
|
-
def list_local(actor, action, resource_type)
|
107
|
-
actor_typed_id = actor.to_api_value
|
108
|
-
result = @api.post_list_query(OsoCloud::Core::ListQuery.new(
|
109
|
-
actor_type: actor_typed_id.type,
|
110
|
-
actor_id: actor_typed_id.id,
|
111
|
-
action: action,
|
112
|
-
resource_type: resource_type,
|
113
|
-
context_facts: []
|
114
|
-
))
|
115
|
-
result.sql
|
116
|
-
end
|
117
|
-
|
118
74
|
##
|
119
75
|
# Check authorized resources
|
120
76
|
#
|
data/lib/oso/version.rb
CHANGED
data/oso-cloud.gemspec
CHANGED
@@ -24,6 +24,4 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_dependency 'faraday-retry', '~> 2.0.0'
|
25
25
|
spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
|
26
26
|
spec.add_development_dependency 'minitest', '~> 5.15'
|
27
|
-
spec.add_development_dependency 'pg', '~> 1.0'
|
28
|
-
spec.add_development_dependency 'activerecord', '~> 7.0'
|
29
27
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oso-cloud
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.4.1
|
4
|
+
version: 1.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oso Security, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-12-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -66,34 +66,6 @@ dependencies:
|
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '5.15'
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: pg
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - "~>"
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '1.0'
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - "~>"
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '1.0'
|
83
|
-
- !ruby/object:Gem::Dependency
|
84
|
-
name: activerecord
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
86
|
-
requirements:
|
87
|
-
- - "~>"
|
88
|
-
- !ruby/object:Gem::Version
|
89
|
-
version: '7.0'
|
90
|
-
type: :development
|
91
|
-
prerelease: false
|
92
|
-
version_requirements: !ruby/object:Gem::Requirement
|
93
|
-
requirements:
|
94
|
-
- - "~>"
|
95
|
-
- !ruby/object:Gem::Version
|
96
|
-
version: '7.0'
|
97
69
|
description:
|
98
70
|
email:
|
99
71
|
- support@osohq.com
|
@@ -130,9 +102,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
130
102
|
version: 3.0.0
|
131
103
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
132
104
|
requirements:
|
133
|
-
- - "
|
105
|
+
- - ">="
|
134
106
|
- !ruby/object:Gem::Version
|
135
|
-
version:
|
107
|
+
version: '0'
|
136
108
|
requirements: []
|
137
109
|
rubygems_version: 3.2.33
|
138
110
|
signing_key:
|