oso-oso 0.2.6 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +6 -9
- data/expense.rb +15 -0
- data/ext/oso-oso/lib/libpolar.dylib +0 -0
- data/ext/oso-oso/lib/libpolar.so +0 -0
- data/ext/oso-oso/lib/polar.dll +0 -0
- data/lib/oso/oso.rb +2 -2
- data/lib/oso/polar/ffi/query.rb +9 -0
- data/lib/oso/polar/host.rb +3 -1
- data/lib/oso/polar/polar.rb +7 -3
- data/lib/oso/polar/query.rb +19 -5
- data/lib/oso/version.rb +1 -1
- data/oso-oso.gemspec +5 -3
- metadata +8 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 946cb3358c69be79685eefbc291b3d0dea8cd04d
|
4
|
+
data.tar.gz: c9877050c9d34d31875bf1d3e55c7218b336833a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3cdf0a2de23b6fbcf36655e4c432ae3146c2f05e016d2560285efbb85eee840aa155c53a95fe16997e074232cea7b0e04fd7152b71319c55182084940620b95f
|
7
|
+
data.tar.gz: 506ca24f5b9ff1c62f69defafb963ac16f9871715f302512dd4791d388495a36cf1dbc8b15a8b8a0e530fad836dc7a5cbba817e0c9b467faa47b7a230f4861b3
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
#
|
1
|
+
# oso-oso
|
2
2
|
|
3
3
|
## Installation
|
4
4
|
|
@@ -18,13 +18,10 @@ Or install it yourself as:
|
|
18
18
|
|
19
19
|
## Development
|
20
20
|
|
21
|
-
After checking out the repo, run `
|
22
|
-
`rake spec` to run the tests. You can also run `
|
23
|
-
|
21
|
+
After checking out the repo, run `bundle install` to install dependencies.
|
22
|
+
Then, run `bundle exec rake spec` to run the tests. You can also run `bundle
|
23
|
+
exec oso` for an interactive REPL that will allow you to experiment.
|
24
24
|
|
25
|
-
To install this gem onto your local machine, run `bundle exec rake install`.
|
26
|
-
release a new version, update the version number in `version.rb`, and then run
|
27
|
-
`bundle exec rake release`, which will create a git tag for the version, push
|
28
|
-
git commits and tags, and push the `.gem` file to
|
29
|
-
[rubygems.org](https://rubygems.org).
|
25
|
+
To install this gem onto your local machine, run `bundle exec rake install`.
|
30
26
|
|
27
|
+
New releases are minted and pushed to RubyGems via GitHub Actions workflows.
|
data/expense.rb
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
class Expense
|
2
|
+
attr_reader :amount, :description, :submitted_by
|
3
|
+
|
4
|
+
def initialize(amount, description, submitted_by)
|
5
|
+
@amount = amount
|
6
|
+
@description = description
|
7
|
+
@submitted_by = submitted_by
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
EXPENSES = {
|
12
|
+
1 => Expense.new(500, 'coffee', 'alice@example.com'),
|
13
|
+
2 => Expense.new(5000, 'software', 'alice@example.com'),
|
14
|
+
3 => Expense.new(50_000, 'flight', 'bhavik@example.com')
|
15
|
+
}.freeze
|
Binary file
|
data/ext/oso-oso/lib/libpolar.so
CHANGED
Binary file
|
data/ext/oso-oso/lib/polar.dll
CHANGED
Binary file
|
data/lib/oso/oso.rb
CHANGED
@@ -11,8 +11,8 @@ module Oso
|
|
11
11
|
register_class(PathMapper, name: 'PathMapper')
|
12
12
|
end
|
13
13
|
|
14
|
-
def
|
15
|
-
|
14
|
+
def allowed?(actor:, action:, resource:)
|
15
|
+
query_rule('allow', actor, action, resource).next
|
16
16
|
true
|
17
17
|
rescue StopIteration
|
18
18
|
false
|
data/lib/oso/polar/ffi/query.rb
CHANGED
@@ -12,6 +12,7 @@ module Oso
|
|
12
12
|
attach_function :debug_command, :polar_debug_command, [FFI::Query, :string], :int32
|
13
13
|
attach_function :call_result, :polar_call_result, [FFI::Query, :uint64, :string], :int32
|
14
14
|
attach_function :question_result, :polar_question_result, [FFI::Query, :uint64, :int32], :int32
|
15
|
+
attach_function :application_error, :polar_application_error, [FFI::Query, :string], :int32
|
15
16
|
attach_function :next_event, :polar_next_query_event, [FFI::Query], FFI::QueryEvent
|
16
17
|
attach_function :free, :query_free, [FFI::Query], :int32
|
17
18
|
end
|
@@ -41,6 +42,14 @@ module Oso
|
|
41
42
|
raise FFI::Error.get if res.zero?
|
42
43
|
end
|
43
44
|
|
45
|
+
# @param result [Boolean]
|
46
|
+
# @param call_id [Integer]
|
47
|
+
# @raise [FFI::Error] if the FFI call returns an error.
|
48
|
+
def application_error(message)
|
49
|
+
res = Rust.application_error(self, message)
|
50
|
+
raise FFI::Error.get if res.zero?
|
51
|
+
end
|
52
|
+
|
44
53
|
# @return [::Oso::Polar::QueryEvent]
|
45
54
|
# @raise [FFI::Error] if the FFI call returns an error.
|
46
55
|
def next_event
|
data/lib/oso/polar/host.rb
CHANGED
@@ -198,7 +198,7 @@ module Oso
|
|
198
198
|
# This is supported so that we can query for unbound variables
|
199
199
|
{ 'Variable' => value }
|
200
200
|
else
|
201
|
-
{ 'ExternalInstance' => { 'instance_id' => cache_instance(value) } }
|
201
|
+
{ 'ExternalInstance' => { 'instance_id' => cache_instance(value), 'repr' => value.to_s } }
|
202
202
|
end
|
203
203
|
{ 'value' => value }
|
204
204
|
end
|
@@ -226,6 +226,8 @@ module Oso
|
|
226
226
|
get_instance(value['instance_id'])
|
227
227
|
when 'Call'
|
228
228
|
Predicate.new(value['name'], args: value['args'].map { |a| to_ruby(a) })
|
229
|
+
when 'Variable'
|
230
|
+
Variable.new(value['name'])
|
229
231
|
else
|
230
232
|
raise UnexpectedPolarTypeError, tag
|
231
233
|
end
|
data/lib/oso/polar/polar.rb
CHANGED
@@ -59,6 +59,10 @@ module Oso
|
|
59
59
|
end
|
60
60
|
|
61
61
|
# Query for a predicate, parsing it if necessary.
|
62
|
+
#
|
63
|
+
# @param query [String or Predicate]
|
64
|
+
# @return Enumerator of resulting bindings
|
65
|
+
# @raise [Error] if the FFI call raises one.
|
62
66
|
def query(query)
|
63
67
|
load_queued_files
|
64
68
|
new_host = host.dup
|
@@ -73,12 +77,12 @@ module Oso
|
|
73
77
|
Query.new(ffi_query, host: new_host).results
|
74
78
|
end
|
75
79
|
|
76
|
-
# Query for a
|
80
|
+
# Query for a rule.
|
77
81
|
#
|
78
82
|
# @param name [String]
|
79
83
|
# @param args [Array<Object>]
|
80
84
|
# @raise [Error] if the FFI call raises one.
|
81
|
-
def
|
85
|
+
def query_rule(name, *args)
|
82
86
|
query(Predicate.new(name, args: args))
|
83
87
|
end
|
84
88
|
|
@@ -90,7 +94,7 @@ module Oso
|
|
90
94
|
load_queued_files
|
91
95
|
|
92
96
|
loop do
|
93
|
-
print('> ')
|
97
|
+
print('query> ')
|
94
98
|
begin
|
95
99
|
query = STDIN.readline.chomp.chomp(';')
|
96
100
|
rescue EOFError
|
data/lib/oso/polar/query.rb
CHANGED
@@ -77,6 +77,15 @@ module Oso
|
|
77
77
|
host.to_polar_term(calls[id].next)
|
78
78
|
end
|
79
79
|
|
80
|
+
# Send result of predicate check across FFI boundary.
|
81
|
+
#
|
82
|
+
# @param result [Boolean]
|
83
|
+
# @param call_id [Integer]
|
84
|
+
# @raise [Error] if the FFI call raises one.
|
85
|
+
def application_error(message)
|
86
|
+
ffi_query.application_error(message)
|
87
|
+
end
|
88
|
+
|
80
89
|
# Fetch the next result from calling a Ruby method and prepare it for
|
81
90
|
# transmission across the FFI boundary.
|
82
91
|
#
|
@@ -89,10 +98,11 @@ module Oso
|
|
89
98
|
register_call(method, call_id: call_id, instance: instance, args: args)
|
90
99
|
result = JSON.dump(next_call_result(call_id))
|
91
100
|
call_result(result, call_id: call_id)
|
92
|
-
rescue InvalidCallError
|
101
|
+
rescue InvalidCallError => e
|
102
|
+
application_error(e.message)
|
103
|
+
call_result(nil, call_id: call_id)
|
104
|
+
rescue StopIteration
|
93
105
|
call_result(nil, call_id: call_id)
|
94
|
-
# @TODO: polar line numbers in errors once polar errors are better.
|
95
|
-
# raise PolarRuntimeError(f"Error calling {attribute}")
|
96
106
|
end
|
97
107
|
|
98
108
|
# Create a generator that can be polled to advance the query loop.
|
@@ -140,8 +150,12 @@ module Oso
|
|
140
150
|
question_result(answer, call_id: event.data['call_id'])
|
141
151
|
when 'Debug'
|
142
152
|
puts event.data['message'] if event.data['message']
|
143
|
-
print '> '
|
144
|
-
|
153
|
+
print 'debug> '
|
154
|
+
begin
|
155
|
+
input = STDIN.readline.chomp.chomp(';')
|
156
|
+
rescue EOFError
|
157
|
+
next
|
158
|
+
end
|
145
159
|
command = JSON.dump(host.to_polar_term(input))
|
146
160
|
ffi_query.debug_command(command)
|
147
161
|
else
|
data/lib/oso/version.rb
CHANGED
data/oso-oso.gemspec
CHANGED
@@ -5,14 +5,16 @@ require_relative 'lib/oso/version'
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = 'oso-oso'
|
7
7
|
spec.version = Oso::VERSION
|
8
|
-
spec.authors = ['Oso Security']
|
8
|
+
spec.authors = ['Oso Security, Inc.']
|
9
9
|
spec.email = ['support@osohq.com']
|
10
|
-
|
11
|
-
spec.summary = '
|
10
|
+
spec.licenses = ['Apache-2.0']
|
11
|
+
spec.summary = 'oso authorization library.'
|
12
12
|
spec.homepage = 'https://www.osohq.com/'
|
13
|
+
|
13
14
|
spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
|
14
15
|
|
15
16
|
spec.metadata['homepage_uri'] = spec.homepage
|
17
|
+
spec.metadata['source_code_uri'] = 'https://github.com/osohq/oso'
|
16
18
|
|
17
19
|
# Specify which files should be added to the gem when it is released.
|
18
20
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oso-oso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
- Oso Security
|
7
|
+
- Oso Security, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-07-
|
11
|
+
date: 2020-07-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -111,6 +111,7 @@ files:
|
|
111
111
|
- README.md
|
112
112
|
- Rakefile
|
113
113
|
- bin/oso
|
114
|
+
- expense.rb
|
114
115
|
- ext/oso-oso/lib/libpolar.dylib
|
115
116
|
- ext/oso-oso/lib/libpolar.so
|
116
117
|
- ext/oso-oso/lib/polar.dll
|
@@ -134,9 +135,11 @@ files:
|
|
134
135
|
- lib/oso/version.rb
|
135
136
|
- oso-oso.gemspec
|
136
137
|
homepage: https://www.osohq.com/
|
137
|
-
licenses:
|
138
|
+
licenses:
|
139
|
+
- Apache-2.0
|
138
140
|
metadata:
|
139
141
|
homepage_uri: https://www.osohq.com/
|
142
|
+
source_code_uri: https://github.com/osohq/oso
|
140
143
|
post_install_message:
|
141
144
|
rdoc_options: []
|
142
145
|
require_paths:
|
@@ -156,5 +159,5 @@ rubyforge_project:
|
|
156
159
|
rubygems_version: 2.6.14.4
|
157
160
|
signing_key:
|
158
161
|
specification_version: 4
|
159
|
-
summary:
|
162
|
+
summary: oso authorization library.
|
160
163
|
test_files: []
|