oso-cloud 1.5.1 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +32 -2
  3. data/lib/oso/api.rb +46 -1
  4. data/lib/oso/oso.rb +61 -2
  5. data/lib/oso/version.rb +1 -1
  6. data/oso-cloud.gemspec +2 -0
  7. metadata +30 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c024d83cfedf34c1651af2ae18b55871030b1bceb321503ccb4ad6f431e28e72
4
- data.tar.gz: 6b09b842d1e03a632fb812a874c77a2bbe7ee205daadf12be6f14e9ee3f84430
3
+ metadata.gz: 543c9f70374f12ec330aa655fe0deea23947f36c617dcf25428f0ccc6945b206
4
+ data.tar.gz: 6796fbb6d239a400ea63ef2fe3e8758ada1a5bc13e6acfb2197324956d540125
5
5
  SHA512:
6
- metadata.gz: 05a25bb4a5c6e5bf9634e71c764610c59e04c40fe65b713a89c3f2a921f120ec229d4aa651700aecac3c181227a11b78583b290a3c3fb7c876c706283bf7aaaf
7
- data.tar.gz: 6bb8a131b8024389ce5ff9a18d13d25cfe990bc35ef571a821781567570ba717017ba9485776e767c7faa57966865b11e3a12bad2a91cf97afabbcbcf730977d
6
+ metadata.gz: 970a457c345a128ae7833bb78405d2f119df5901a59460d93ff29bb9a6f90cd90fca3415cd821097a1689edaffedcd13ea8c8d8ef11a51343e9e6a5fb8fa42dd
7
+ data.tar.gz: 23f7a1318a526e3cf9a2da95f932a68ca69ed655314df1b777b5e449ab0aa64b1b6aa8956196d63027789fa11119d98ca9c9912b8a3cd005eb0a0d861cd211be
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (1.5.1)
4
+ oso-cloud (1.5.2)
5
5
  faraday (~> 2.5.2)
6
6
  faraday-net_http_persistent (~> 2.0)
7
7
  faraday-retry (~> 2.0.0)
@@ -9,7 +9,28 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
+ activemodel (7.1.3)
13
+ activesupport (= 7.1.3)
14
+ activerecord (7.1.3)
15
+ activemodel (= 7.1.3)
16
+ activesupport (= 7.1.3)
17
+ timeout (>= 0.4.0)
18
+ activesupport (7.1.3)
19
+ base64
20
+ bigdecimal
21
+ concurrent-ruby (~> 1.0, >= 1.0.2)
22
+ connection_pool (>= 2.2.5)
23
+ drb
24
+ i18n (>= 1.6, < 2)
25
+ minitest (>= 5.1)
26
+ mutex_m
27
+ tzinfo (~> 2.0)
28
+ base64 (0.2.0)
29
+ bigdecimal (3.1.6)
30
+ concurrent-ruby (1.2.3)
12
31
  connection_pool (2.4.1)
32
+ drb (2.2.0)
33
+ ruby2_keywords
13
34
  faraday (2.5.2)
14
35
  faraday-net_http (>= 2.0, < 3.1)
15
36
  ruby2_keywords (>= 0.0.4)
@@ -19,19 +40,28 @@ GEM
19
40
  net-http-persistent (~> 4.0)
20
41
  faraday-retry (2.0.0)
21
42
  faraday (~> 2.0)
43
+ i18n (1.14.1)
44
+ concurrent-ruby (~> 1.0)
22
45
  minitest (5.18.0)
46
+ mutex_m (0.2.0)
23
47
  net-http-persistent (4.0.2)
24
48
  connection_pool (~> 2.2)
49
+ pg (1.5.4)
25
50
  rake (12.3.3)
26
51
  ruby2_keywords (0.0.5)
52
+ timeout (0.4.1)
53
+ tzinfo (2.0.6)
54
+ concurrent-ruby (~> 1.0)
27
55
 
28
56
  PLATFORMS
29
57
  ruby
30
58
 
31
59
  DEPENDENCIES
60
+ activerecord (~> 7.0)
32
61
  minitest (~> 5.15)
33
62
  oso-cloud!
63
+ pg (~> 1.0)
34
64
  rake (~> 12.0)
35
65
 
36
66
  BUNDLED WITH
37
- 2.3.13
67
+ 2.5.6
data/lib/oso/api.rb CHANGED
@@ -239,9 +239,39 @@ module OsoCloud
239
239
  end
240
240
  end
241
241
 
242
+ # @!visibility private
243
+ class LocalAuthQuery
244
+ attr_reader :query, :data_bindings
245
+
246
+ def initialize(query:, data_bindings:)
247
+ @query = query
248
+ @data_bindings = data_bindings
249
+ end
250
+ end
251
+
252
+ # @!visibility private
253
+ class LocalListQuery
254
+ attr_reader :query, :column, :data_bindings
255
+
256
+ def initialize(query:, column:, data_bindings:)
257
+ @query = query
258
+ @column = column
259
+ @data_bindings = data_bindings
260
+ end
261
+ end
262
+
263
+ # @!visibility private
264
+ class LocalQueryResult
265
+ attr_reader :sql
266
+
267
+ def initialize(sql:)
268
+ @sql = sql
269
+ end
270
+ end
271
+
242
272
  # @!visibility private
243
273
  class Api
244
- def initialize(url: 'https://api.osohq.com', api_key: nil, options: nil)
274
+ def initialize(url: 'https://api.osohq.com', api_key: nil, data_bindings: nil, options: nil)
245
275
  @url = url
246
276
  @connection = Faraday.new(url: url) do |faraday|
247
277
  faraday.request :json
@@ -291,6 +321,7 @@ module OsoCloud
291
321
  @api_key = api_key
292
322
  @user_agent = "Oso Cloud (ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}; rv:#{VERSION})"
293
323
  @last_offset = nil
324
+ @data_bindings = IO.read(data_bindings) unless data_bindings.nil?
294
325
  end
295
326
 
296
327
  def fallback_eligible(path)
@@ -391,6 +422,20 @@ module OsoCloud
391
422
  StatsResult.new(**result)
392
423
  end
393
424
 
425
+ def post_authorize_query(query)
426
+ url = '/authorize_query'
427
+ data = LocalAuthQuery.new(query: query, data_bindings: @data_bindings)
428
+ result = POST(url, nil, data, false)
429
+ LocalQueryResult.new(**result)
430
+ end
431
+
432
+ def post_list_query(query:, column:)
433
+ url = '/list_query'
434
+ data = LocalListQuery.new(query: query, column: column, data_bindings: @data_bindings)
435
+ result = POST(url, nil, data, false)
436
+ LocalQueryResult.new(**result)
437
+ end
438
+
394
439
  def clear_data
395
440
  url = '/clear_data'
396
441
  result = POST(url, nil, nil, true)
data/lib/oso/oso.rb CHANGED
@@ -28,8 +28,67 @@ module OsoCloud
28
28
  # Any other elements in the array, which together represent the fact's arguments,
29
29
  # can be "OsoCloud::Value" objects or strings.
30
30
  class Oso
31
- def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil)
32
- @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, options: { :fallback_url => fallback_url })
31
+ attr_reader :experimental
32
+
33
+ def initialize(url: 'https://cloud.osohq.com', api_key: nil, fallback_url: nil, data_bindings: nil)
34
+ @api = OsoCloud::Core::Api.new(url: url, api_key: api_key, data_bindings: data_bindings, options: { :fallback_url => fallback_url })
35
+ @experimental = Experimental.new(@api)
36
+ end
37
+
38
+ class Experimental
39
+ def initialize(api)
40
+ @api = api
41
+ end
42
+
43
+ ##
44
+ # Check a permission depending on data both in Oso Cloud and stored in a local database
45
+ #
46
+ # Returns a SQL query to run against the local database
47
+ #
48
+ # @param actor [OsoCloud::Value]
49
+ # @param action [String]
50
+ # @param resource [OsoCloud::Value]
51
+ # @param column [String]
52
+ # @return [Array<String>]
53
+ def authorize_local(actor, action, resource)
54
+ actor_typed_id = actor.to_api_value
55
+ resource_typed_id = resource.to_api_value
56
+ result = @api.post_authorize_query(
57
+ OsoCloud::Core::AuthorizeQuery.new(
58
+ actor_type: actor_typed_id.type,
59
+ actor_id: actor_typed_id.id,
60
+ action: action,
61
+ resource_type: resource_typed_id.type,
62
+ resource_id: resource_typed_id.id,
63
+ context_facts: []
64
+ )
65
+ )
66
+ result.sql
67
+ end
68
+
69
+ ##
70
+ # List authorized resources depending on data both in Oso Cloud and stored in a local database
71
+ #
72
+ # Returns a SQL query to run against the local database
73
+ #
74
+ # @param actor [OsoCloud::Value]
75
+ # @param action [String]
76
+ # @param resource_type [String]
77
+ # @return [Array<String>]
78
+ def list_local(actor, action, resource_type, column)
79
+ actor_typed_id = actor.to_api_value
80
+ result = @api.post_list_query(
81
+ query: OsoCloud::Core::ListQuery.new(
82
+ actor_type: actor_typed_id.type,
83
+ actor_id: actor_typed_id.id,
84
+ action: action,
85
+ resource_type: resource_type,
86
+ context_facts: []
87
+ ),
88
+ column: column
89
+ )
90
+ result.sql
91
+ end
33
92
  end
34
93
 
35
94
  ##
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OsoCloud
2
- VERSION = '1.5.1'.freeze
2
+ VERSION = '1.5.2'.freeze
3
3
  end
data/oso-cloud.gemspec CHANGED
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
24
24
  spec.add_dependency 'faraday-retry', '~> 2.0.0'
25
25
  spec.add_dependency 'faraday-net_http_persistent', '~> 2.0'
26
26
  spec.add_development_dependency 'minitest', '~> 5.15'
27
+ spec.add_development_dependency 'pg', '~> 1.0'
28
+ spec.add_development_dependency 'activerecord', '~> 7.0'
27
29
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.1
4
+ version: 1.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-03-07 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -66,6 +66,34 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5.15'
69
+ - !ruby/object:Gem::Dependency
70
+ name: pg
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: activerecord
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '7.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '7.0'
69
97
  description:
70
98
  email:
71
99
  - support@osohq.com