oso-oso 0.14.2 → 0.20.1.pre.beta

data/lib/oso/polar/polar.rb

@@ -27,6 +27,35 @@ def print_error(error)
   warn error.message
 end
 
+# Polar source string with optional filename.
+class Source
+  # @return [String]
+  attr_reader :src, :filename
+
+  # @param src [String]
+  # @param filename [String]
+  def initialize(src, filename: nil)
+    @src = src
+    @filename = filename
+  end
+
+  def to_json(*_args)
+    { src: src, filename: filename }.to_json
+  end
+end
+
+def filename_to_source(filename)
+  raise Oso::Polar::PolarFileExtensionError, filename unless File.extname(filename) == '.polar'
+
+  src = File.open(filename, &:read)
+
+  raise Oso::Polar::NullByteInPolarFileError if src.chomp("\0").include?("\0")
+
+  Source.new(src, filename: filename)
+rescue Errno::ENOENT
+  raise Oso::Polar::PolarFileNotFoundError, filename
+end
+
 module Oso
   module Polar
     # Create and manage an instance of the Polar runtime.
@@ -34,11 +63,10 @@ module Oso
       # @return [Host]
       attr_reader :host
 
-      def initialize # rubocop:disable Metrics/MethodLength
+      def initialize
         @ffi_polar = FFI::Polar.create
         @host = Host.new(ffi_polar)
         @ffi_polar.enrich_message = @host.method(:enrich_message)
-        @polar_roles_enabled = false
 
         # Register global constants.
         register_constant nil, name: 'nil'
@@ -52,40 +80,24 @@ module Oso
         register_class String
       end
 
-      def enable_roles # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-        return if polar_roles_enabled
-
-        roles_helper = Class.new do
-          def self.join(separator, left, right)
-            [left, right].join(separator)
-          end
-        end
-        register_constant(roles_helper, name: '__oso_internal_roles_helpers__')
-        ffi_polar.enable_roles
-        self.polar_roles_enabled = true
-
-        # validate config
-        validation_query_results = []
-        loop do
-          query = ffi_polar.next_inline_query
-          break if query.nil?
-
-          new_host = host.dup
-          new_host.accept_expression = true
-          results = Query.new(query, host: new_host).to_a
-          raise InlineQueryFailedError, query.source if results.empty?
+      def ffi
+        @ffi_polar
+      end
 
-          validation_query_results.push results
-        end
+      # get the (maybe user-supplied) name of a class.
+      # kind of a hack because of class autoreloading.
+      def get_class_name(klass) # rubocop:disable Metrics/AbcSize
+        if host.types.key? klass
+          host.types[klass].name
+        elsif host.types.key? klass.name
+          host.types[klass.name].name
+        else
+          rec = host.types.values.find { |v| v.klass.get == klass }
+          raise "Unknown class `#{klass}`" if rec.nil?
 
-        # turn bindings back into polar
-        validation_query_results = validation_query_results.map do |results|
-          results.map do |result|
-            { 'bindings' => result.transform_values { |v| host.to_polar(v) } }
-          end
+          host.types[klass] = rec
+          rec.name
         end
-
-        ffi_polar.validate_roles_config(validation_query_results)
       end
 
       # Clear all rules and rule sources from the current Polar instance
@@ -93,23 +105,47 @@ module Oso
       # @return [self] for chaining.
       def clear_rules
         ffi_polar.clear_rules
-        ffi_polar.enable_roles if polar_roles_enabled
         self
       end
 
-      # Load a Polar policy file.
+      # Load Polar policy files.
       #
-      # @param name [String]
-      # @raise [PolarFileExtensionError] if provided filename has invalid extension.
-      # @raise [PolarFileNotFoundError] if provided filename does not exist.
+      # @param filenames [Array<String>]
+      # @raise [PolarFileExtensionError] if any filename has an invalid extension.
+      # @raise [PolarFileNotFoundError] if any filename does not exist.
+      # @raise [NullByteInPolarFileError] if any file contains a non-terminating null byte.
+      # @raise [Error] if any of the FFI calls raise one.
+      # @raise [InlineQueryFailedError] on the first failed inline query.
       # @return [self] for chaining.
-      def load_file(name)
-        raise PolarFileExtensionError, name unless File.extname(name) == '.polar'
+      def load_files(filenames = [])
+        return if filenames.empty?
 
-        file_data = File.open(name, &:read)
-        load_str(file_data, filename: name)
-      rescue Errno::ENOENT
-        raise PolarFileNotFoundError, name
+        sources = filenames.map { |f| filename_to_source f }
+        load_sources(sources)
+        self
+      end
+
+      # Load a Polar policy file.
+      #
+      # @param filename [String]
+      # @raise [PolarFileExtensionError] if filename has an invalid extension.
+      # @raise [PolarFileNotFoundError] if filename does not exist.
+      # @raise [NullByteInPolarFileError] if file contains a non-terminating null byte.
+      # @raise [Error] if any of the FFI calls raise one.
+      # @raise [InlineQueryFailedError] on the first failed inline query.
+      # @return [self] for chaining.
+      #
+      # @deprecated {#load_file} has been deprecated in favor of {#load_files}
+      #   as of the 0.20.0 release. Please see changelog for migration
+      #   instructions:
+      #   https://docs.osohq.com/project/changelogs/2021-09-15.html
+      def load_file(filename)
+        warn <<~WARNING
+          `Oso#load_file` has been deprecated in favor of `Oso#load_files` as of the 0.20.0 release.
+
+          Please see changelog for migration instructions: https://docs.osohq.com/project/changelogs/2021-09-15.html
+        WARNING
+        load_files([filename])
       end
 
       # Load a Polar string into the KB.
@@ -117,26 +153,13 @@ module Oso
       # @param str [String] Polar string to load.
       # @param filename [String] Name of Polar source file.
       # @raise [NullByteInPolarFileError] if str includes a non-terminating null byte.
-      # @raise [InlineQueryFailedError] on the first failed inline query.
       # @raise [Error] if any of the FFI calls raise one.
+      # @raise [InlineQueryFailedError] on the first failed inline query.
       # @return [self] for chaining.
-      def load_str(str, filename: nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      def load_str(str, filename: nil)
         raise NullByteInPolarFileError if str.chomp("\0").include?("\0")
 
-        ffi_polar.load(str, filename: filename)
-        loop do
-          next_query = ffi_polar.next_inline_query
-          break if next_query.nil?
-
-          raise InlineQueryFailedError, next_query.source if Query.new(next_query, host: host).first.nil?
-        end
-
-        # If roles are enabled, re-validate config when new rules are loaded.
-        if polar_roles_enabled
-          self.polar_roles_enabled = false
-          enable_roles
-        end
-
+        load_sources([Source.new(str, filename: filename)])
         self
       end
 
@@ -150,17 +173,16 @@ module Oso
       #   @param query [Predicate]
       #   @return [Enumerator] of resulting bindings
       #   @raise [Error] if the FFI call raises one.
-      def query(query)
-        new_host = host.dup
+      def query(query, host: self.host.dup, bindings: {})
         case query
         when String
           ffi_query = ffi_polar.new_query_from_str(query)
         when Predicate
-          ffi_query = ffi_polar.new_query_from_term(new_host.to_polar(query))
+          ffi_query = ffi_polar.new_query_from_term(host.to_polar(query))
         else
           raise InvalidQueryTypeError
         end
-        Query.new(ffi_query, host: new_host)
+        Query.new(ffi_query, host: host, bindings: bindings)
       end
 
       # Query for a rule.
@@ -169,8 +191,20 @@ module Oso
       # @param args [Array<Object>]
       # @return [Enumerator] of resulting bindings
       # @raise [Error] if the FFI call raises one.
-      def query_rule(name, *args)
-        query(Predicate.new(name, args: args))
+      def query_rule(name, *args, accept_expression: false, bindings: {})
+        host = self.host.dup
+        host.accept_expression = accept_expression
+        query(Predicate.new(name, args: args), host: host, bindings: bindings)
+      end
+
+      # Query for a rule, returning true if it has any results.
+      #
+      # @param name [String]
+      # @param args [Array<Object>]
+      # @return [Boolean] indicating whether the query found at least one result.
+      # @raise [Error] if the FFI call raises one.
+      def query_rule_once(name, *args)
+        query_rule(name, *args).any?
       end
 
       # Register a Ruby class with Polar.
@@ -181,8 +215,15 @@ module Oso
       # under a previously-registered name.
       # @raise [FFI::Error] if the FFI call returns an error.
       # @return [self] for chaining.
-      def register_class(cls, name: nil)
-        name = host.cache_class(cls, name: name || cls.name)
+      def register_class(cls, name: nil, fields: nil, combine_query: nil, build_query: nil, exec_query: nil) # rubocop:disable Metrics/ParameterLists
+        name = host.cache_class(
+          cls,
+          name: name || cls.name,
+          fields: fields,
+          build_query: build_query || maybe_mtd(cls, :build_query),
+          combine_query: combine_query || maybe_mtd(cls, :combine_query),
+          exec_query: exec_query || maybe_mtd(cls, :exec_query)
+        )
         register_constant(cls, name: name)
       end
 
@@ -202,7 +243,7 @@ module Oso
       # @param files [Array<String>]
       # @raise [Error] if the FFI call raises one.
       def repl(files = [])
-        files.map { |f| load_file(f) }
+        load_files(files)
         prompt = "#{FG_BLUE}query>#{RESET} "
         # Try loading the readline module from the Ruby stdlib. If we get a
         # LoadError, fall back to the standard REPL with no readline support.
@@ -214,9 +255,36 @@ module Oso
 
       private
 
+      def type_constraint(var, cls)
+        Expression.new(
+          'And',
+          [Expression.new('Isa', [var, Pattern.new(get_class_name(cls), {})])]
+        )
+      end
+
+      def maybe_mtd(cls, mtd)
+        cls.respond_to?(mtd) && cls.method(mtd) || nil
+      end
+
       # @return [FFI::Polar]
       attr_reader :ffi_polar
-      attr_accessor :polar_roles_enabled
+
+      # Register MROs, load Polar code, and check inline queries.
+      # @param sources [Array<Source>] Polar sources to load.
+      def load_sources(sources)
+        host.register_mros
+        ffi_polar.load(sources)
+        check_inline_queries
+      end
+
+      def check_inline_queries
+        loop do
+          next_query = ffi_polar.next_inline_query
+          break if next_query.nil?
+
+          raise InlineQueryFailedError, next_query.source if Query.new(next_query, host: host).none?
+        end
+      end
 
       # The R and L in REPL for systems where readline is available.
       def repl_readline(prompt)

data/lib/oso/polar/query.rb

@@ -10,11 +10,22 @@ module Oso
 
       # @param ffi_query [FFI::Query]
       # @param host [Oso::Polar::Host]
-      def initialize(ffi_query, host:)
+      def initialize(ffi_query, host:, bindings: {})
         @calls = {}
         @ffi_query = ffi_query
         ffi_query.enrich_message = host.method(:enrich_message)
         @host = host
+        bindings.each { |k, v| ffi_query.bind k, host.to_polar(v) }
+      end
+
+      # Create an enumerator that can be polled to advance the query loop. Yields
+      # results one by one.
+      #
+      # @yieldparam [Hash<String, Object>]
+      # @return [Enumerator]
+      # @raise [Error] if any of the FFI calls raise one.
+      def each(&block)
+        run(&block)
       end
 
       private
@@ -64,13 +75,17 @@ module Oso
       # Fetch the next result from calling a Ruby method and prepare it for
       # transmission across the FFI boundary.
       #
-      # @param method [#to_sym]
-      # @param args [Array<Hash>]
+      # @param attribute [#to_sym]
       # @param call_id [Integer]
       # @param instance [Hash<String, Object>]
+      # @param args [Array<Hash>]
+      # @param kwargs [Hash<String, Object>]
       # @raise [Error] if the FFI call raises one.
       def handle_call(attribute, call_id:, instance:, args:, kwargs:) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
         instance = host.to_ruby(instance)
+        rel = get_relationship(instance.class, attribute)
+        return handle_relationship(call_id, instance, rel) unless rel.nil?
+
         args = args.map { |a| host.to_ruby(a) }
         kwargs = Hash[kwargs.map { |k, v| [k.to_sym, host.to_ruby(v)] }]
         # The kwargs.empty? check is for Ruby < 2.7.
@@ -86,6 +101,40 @@ module Oso
         call_result(nil, call_id: call_id)
       end
 
+      # Get the type information for a field on a class.
+      #
+      # @param cls [UserType]
+      # @param tag [String]
+      # @return [UserType]
+      # @raise [Error] if no information is found
+      def get_field(cls, tag) # rubocop:disable Metrics/AbcSize
+        raise unless cls.fields.key? tag
+
+        ref = cls.fields[tag]
+        return host.types[ref] unless ref.is_a? ::Oso::Polar::DataFiltering::Relation
+
+        case ref.kind
+        when 'one'
+          host.types[ref.other_type]
+        when 'many'
+          host.types[Array]
+        end
+      end
+
+      # Check if a series of dot operations on a base class yield an
+      # instance of another class.
+      def handle_external_isa_with_path(data) # rubocop:disable Metrics/AbcSize
+        sup = host.types[data['class_tag']]
+        bas = host.types[data['base_tag']]
+        path = data['path'].map(&host.method(:to_ruby))
+        sub = path.reduce(bas) { |cls, tag| get_field(cls, tag) }
+        answer = sub.klass.get <= sup.klass.get
+        question_result(answer, call_id: data['call_id'])
+      rescue StandardError => e
+        application_error e.message
+        question_result(nil, call_id: data['call_id'])
+      end
+
       def handle_next_external(call_id, iterable)
         unless calls.key? call_id
           value = host.to_ruby iterable
@@ -114,12 +163,12 @@ module Oso
         host.make_instance(cls_name, args: args, kwargs: kwargs, id: id)
       end
 
-      # Create a generator that can be polled to advance the query loop.
+      # Run the main Polar loop, yielding results as they are emitted from the VM.
       #
       # @yieldparam [Hash<String, Object>]
       # @return [Enumerator]
       # @raise [Error] if any of the FFI calls raise one.
-      def each # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+      def run # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
         loop do # rubocop:disable Metrics/BlockLength
           event = ffi_query.next_event
           case event.kind
@@ -129,6 +178,8 @@ module Oso
             yield event.data['bindings'].transform_values { |v| host.to_ruby(v) }
           when 'MakeExternal'
             handle_make_external(event.data)
+          when 'ExternalIsaWithPath'
+            handle_external_isa_with_path(event.data)
           when 'ExternalCall'
             call_id = event.data['call_id']
             instance = event.data['instance']
@@ -142,6 +193,12 @@ module Oso
             right_tag = event.data['right_class_tag']
             answer = host.subspecializer?(instance_id, left_tag: left_tag, right_tag: right_tag)
             question_result(answer, call_id: event.data['call_id'])
+          when 'ExternalIsSubclass'
+            call_id = event.data['call_id']
+            left = event.data['left_class_tag']
+            right = event.data['right_class_tag']
+            answer = host.subclass?(left_tag: left, right_tag: right)
+            question_result(answer, call_id: call_id)
           when 'ExternalIsa'
             instance = event.data['instance']
             class_tag = event.data['class_tag']
@@ -175,6 +232,35 @@ module Oso
           end
         end
       end
+
+      def get_relationship(cls, attr)
+        typ = host.types[cls]
+        return unless typ
+
+        rel = typ.fields[attr]
+        return unless rel.is_a? ::Oso::Polar::DataFiltering::Relation
+
+        rel
+      end
+
+      def handle_relationship(call_id, instance, rel) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        typ = host.types[rel.other_type]
+        constraint = ::Oso::Polar::DataFiltering::Filter.new(
+          kind: 'Eq',
+          field: rel.other_field,
+          value: instance.send(rel.my_field)
+        )
+        res = typ.exec_query[typ.build_query[[constraint]]]
+
+        if rel.kind == 'one'
+          raise "multiple parents: #{res}" unless res.length == 1
+
+          res = res[0]
+        end
+
+        res = JSON.dump host.to_polar res
+        call_result(res, call_id: call_id)
+      end
     end
   end
 end