oso-cloud 1.5.1 → 1.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +32 -2
- data/lib/oso/api.rb +46 -1
- data/lib/oso/oso.rb +61 -2
- data/lib/oso/version.rb +1 -1
- data/oso-cloud.gemspec +2 -0
- metadata +30 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 543c9f70374f12ec330aa655fe0deea23947f36c617dcf25428f0ccc6945b206
|
|
4
|
+
data.tar.gz: 6796fbb6d239a400ea63ef2fe3e8758ada1a5bc13e6acfb2197324956d540125
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 970a457c345a128ae7833bb78405d2f119df5901a59460d93ff29bb9a6f90cd90fca3415cd821097a1689edaffedcd13ea8c8d8ef11a51343e9e6a5fb8fa42dd
|
|
7
|
+
data.tar.gz: 23f7a1318a526e3cf9a2da95f932a68ca69ed655314df1b777b5e449ab0aa64b1b6aa8956196d63027789fa11119d98ca9c9912b8a3cd005eb0a0d861cd211be
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
oso-cloud (1.5.
|
|
4
|
+
oso-cloud (1.5.2)
|
|
5
5
|
faraday (~> 2.5.2)
|
|
6
6
|
faraday-net_http_persistent (~> 2.0)
|
|
7
7
|
faraday-retry (~> 2.0.0)
|
|
@@ -9,7 +9,28 @@ PATH
|
|
|
9
9
|
GEM
|
|
10
10
|
remote: https://rubygems.org/
|
|
11
11
|
specs:
|
|
12
|
+
activemodel (7.1.3)
|
|
13
|
+
activesupport (= 7.1.3)
|
|
14
|
+
activerecord (7.1.3)
|
|
15
|
+
activemodel (= 7.1.3)
|
|
16
|
+
activesupport (= 7.1.3)
|
|
17
|
+
timeout (>= 0.4.0)
|
|
18
|
+
activesupport (7.1.3)
|
|
19
|
+
base64
|
|
20
|
+
bigdecimal
|
|
21
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
22
|
+
connection_pool (>= 2.2.5)
|
|
23
|
+
drb
|
|
24
|
+
i18n (>= 1.6, < 2)
|
|
25
|
+
minitest (>= 5.1)
|
|
26
|
+
mutex_m
|
|
27
|
+
tzinfo (~> 2.0)
|
|
28
|
+
base64 (0.2.0)
|
|
29
|
+
bigdecimal (3.1.6)
|
|
30
|
+
concurrent-ruby (1.2.3)
|
|
12
31
|
connection_pool (2.4.1)
|
|
32
|
+
drb (2.2.0)
|
|
33
|
+
ruby2_keywords
|
|
13
34
|
faraday (2.5.2)
|
|
14
35
|
faraday-net_http (>= 2.0, < 3.1)
|
|
15
36
|
ruby2_keywords (>= 0.0.4)
|
|
@@ -19,19 +40,28 @@ GEM
|
|
|
19
40
|
net-http-persistent (~> 4.0)
|
|
20
41
|
faraday-retry (2.0.0)
|
|
21
42
|
faraday (~> 2.0)
|
|
43
|
+
i18n (1.14.1)
|
|
44
|
+
concurrent-ruby (~> 1.0)
|
|
22
45
|
minitest (5.18.0)
|
|
46
|
+
mutex_m (0.2.0)
|
|
23
47
|
net-http-persistent (4.0.2)
|
|
24
48
|
connection_pool (~> 2.2)
|
|
49
|
+
pg (1.5.4)
|
|
25
50
|
rake (12.3.3)
|
|
26
51
|
ruby2_keywords (0.0.5)
|
|
52
|
+
timeout (0.4.1)
|
|
53
|
+
tzinfo (2.0.6)
|
|
54
|
+
concurrent-ruby (~> 1.0)
|
|
27
55
|
|
|
28
56
|
PLATFORMS
|
|
29
57
|
ruby
|
|
30
58
|
|
|
31
59
|
DEPENDENCIES
|
|
60
|
+
activerecord (~> 7.0)
|
|
32
61
|
minitest (~> 5.15)
|
|
33
62
|
oso-cloud!
|
|
63
|
+
pg (~> 1.0)
|
|
34
64
|
rake (~> 12.0)
|
|
35
65
|
|
|
36
66
|
BUNDLED WITH
|
|
37
|
-
2.
|
|
67
|
+
2.5.6
|
data/lib/oso/api.rb
CHANGED
|
@@ -239,9 +239,39 @@ module OsoCloud
|
|
|
239
239
|
end
|
|
240
240
|
end
|
|
241
241
|
|
|
242
|
+
# @!visibility private
|
|
243
|
+
class LocalAuthQuery
|
|
244
|
+
attr_reader :query, :data_bindings
|
|
245
|
+
|
|
246
|
+
def initialize(query:, data_bindings:)
|
|
247
|
+
@query = query
|
|
248
|
+
@data_bindings = data_bindings
|
|
249
|
+
end
|
|
250
|
+
end
|
|
251
|
+
|
|
252
|
+
# @!visibility private
|
|
253
|
+
class LocalListQuery
|
|
254
|
+
attr_reader :query, :column, :data_bindings
|
|
255
|
+
|
|
256
|
+
def initialize(query:, column:, data_bindings:)
|
|
257
|
+
@query = query
|
|
258
|
+
@column = column
|
|
259
|
+
@data_bindings = data_bindings
|
|
260
|
+
end
|
|
261
|
+
end
|
|
262
|
+
|
|
263
|
+
# @!visibility private
|
|
264
|
+
class LocalQueryResult
|
|
265
|
+
attr_reader :sql
|
|
266
|
+
|
|
267
|
+
def initialize(sql:)
|
|
268
|
+
@sql = sql
|
|
269
|
+
end
|
|
270
|
+
end
|
|
271
|
+
|
|
242
272
|
# @!visibility private
|
|
243
273
|
class Api
|
|
244
|
-
def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
|
|
274
|
+
def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
|
|
245
275
|
@url = url
|
|
246
276
|
@connection = Faraday.new(url: url) do |faraday|
|
|
247
277
|
faraday.request :json
|
|
@@ -291,6 +321,7 @@ module OsoCloud
|
|
|
291
321
|
@api_key = api_key
|
|
292
322
|
@user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
|
|
293
323
|
@last_offset = nil
|
|
324
|
+
@data_bindings = IO.read(data_bindings) unless data_bindings.nil?
|
|
294
325
|
end
|
|
295
326
|
|
|
296
327
|
def fallback_eligible(path)
|
|
@@ -391,6 +422,20 @@ module OsoCloud
|
|
|
391
422
|
StatsResult.new(**result)
|
|
392
423
|
end
|
|
393
424
|
|
|
425
|
+
def post_authorize_query(query)
|
|
426
|
+
url = '/authorize_query'
|
|
427
|
+
data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
|
|
428
|
+
result = POST(url, nil, data, false)
|
|
429
|
+
LocalQueryResult.new(**result)
|
|
430
|
+
end
|
|
431
|
+
|
|
432
|
+
def post_list_query(query:, column:)
|
|
433
|
+
url = '/list_query'
|
|
434
|
+
data = LocalListQuery.new(query: query, column: column, data_bindings: @data_bindings)
|
|
435
|
+
result = POST(url, nil, data, false)
|
|
436
|
+
LocalQueryResult.new(**result)
|
|
437
|
+
end
|
|
438
|
+
|
|
394
439
|
def clear_data
|
|
395
440
|
url = '/clear_data'
|
|
396
441
|
result = POST(url, nil, nil, true)
|
data/lib/oso/oso.rb
CHANGED
|
@@ -28,8 +28,67 @@ module OsoCloud
|
|
|
28
28
|
# Any other elements in the array, which together represent the fact's arguments,
|
|
29
29
|
# can be "OsoCloud::Value" objects or strings.
|
|
30
30
|
class Oso
|
|
31
|
-
|
|
32
|
-
|
|
31
|
+
attr_reader :experimental
|
|
32
|
+
|
|
33
|
+
def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
|
|
34
|
+
@api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
|
|
35
|
+
@experimental = Experimental.new(@api)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
class Experimental
|
|
39
|
+
def initialize(api)
|
|
40
|
+
@api = api
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
##
|
|
44
|
+
# Check a permission depending on data both in Oso Cloud and stored in a local database
|
|
45
|
+
#
|
|
46
|
+
# Returns a SQL query to run against the local database
|
|
47
|
+
#
|
|
48
|
+
# @param actor [OsoCloud::Value]
|
|
49
|
+
# @param action [String]
|
|
50
|
+
# @param resource [OsoCloud::Value]
|
|
51
|
+
# @param column [String]
|
|
52
|
+
# @return [Array<String>]
|
|
53
|
+
def authorize_local(actor, action, resource)
|
|
54
|
+
actor_typed_id = actor.to_api_value
|
|
55
|
+
resource_typed_id = resource.to_api_value
|
|
56
|
+
result = @api.post_authorize_query(
|
|
57
|
+
OsoCloud::Core::AuthorizeQuery.new(
|
|
58
|
+
actor_type: actor_typed_id.type,
|
|
59
|
+
actor_id: actor_typed_id.id,
|
|
60
|
+
action: action,
|
|
61
|
+
resource_type: resource_typed_id.type,
|
|
62
|
+
resource_id: resource_typed_id.id,
|
|
63
|
+
context_facts: []
|
|
64
|
+
)
|
|
65
|
+
)
|
|
66
|
+
result.sql
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
##
|
|
70
|
+
# List authorized resources depending on data both in Oso Cloud and stored in a local database
|
|
71
|
+
#
|
|
72
|
+
# Returns a SQL query to run against the local database
|
|
73
|
+
#
|
|
74
|
+
# @param actor [OsoCloud::Value]
|
|
75
|
+
# @param action [String]
|
|
76
|
+
# @param resource_type [String]
|
|
77
|
+
# @return [Array<String>]
|
|
78
|
+
def list_local(actor, action, resource_type, column)
|
|
79
|
+
actor_typed_id = actor.to_api_value
|
|
80
|
+
result = @api.post_list_query(
|
|
81
|
+
query: OsoCloud::Core::ListQuery.new(
|
|
82
|
+
actor_type: actor_typed_id.type,
|
|
83
|
+
actor_id: actor_typed_id.id,
|
|
84
|
+
action: action,
|
|
85
|
+
resource_type: resource_type,
|
|
86
|
+
context_facts: []
|
|
87
|
+
),
|
|
88
|
+
column: column
|
|
89
|
+
)
|
|
90
|
+
result.sql
|
|
91
|
+
end
|
|
33
92
|
end
|
|
34
93
|
|
|
35
94
|
##
|
data/lib/oso/version.rb
CHANGED
data/oso-cloud.gemspec
CHANGED
|
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_dependency 'faraday-retry', '~> 2.0.0'
|
|
25
25
|
spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
|
|
26
26
|
spec.add_development_dependency 'minitest', '~> 5.15'
|
|
27
|
+
spec.add_development_dependency 'pg', '~> 1.0'
|
|
28
|
+
spec.add_development_dependency 'activerecord', '~> 7.0'
|
|
27
29
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.5.
|
|
4
|
+
version: 1.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -66,6 +66,34 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '5.15'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: pg
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '1.0'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '1.0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: activerecord
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - "~>"
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '7.0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - "~>"
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '7.0'
|
|
69
97
|
description:
|
|
70
98
|
email:
|
|
71
99
|
- support@osohq.com
|