oso-oso 0.2.6 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8c00a51f40789d269beb2d63e29ad12b76565d94
-  data.tar.gz: 8f66dfdb31532125fd3593ddcfb7c3e76fd81df5
+  metadata.gz: 946cb3358c69be79685eefbc291b3d0dea8cd04d
+  data.tar.gz: c9877050c9d34d31875bf1d3e55c7218b336833a
 SHA512:
-  metadata.gz: 6ac0a230d40ecab86a7896249eb875fa43a16705a0594c9b55acd9d21215bff572ce1abb18da0593455f1a3c749354453808b779bed3dbf14e171f8b26b7511c
-  data.tar.gz: 910cccfb441f515b20bcd1c21fc02a3f293b4445ed4526e2b8a2a921d97062df23156bc2726587269139a79edd687bd8d5b9fa79776bbc5910045f2205e58923
+  metadata.gz: 3cdf0a2de23b6fbcf36655e4c432ae3146c2f05e016d2560285efbb85eee840aa155c53a95fe16997e074232cea7b0e04fd7152b71319c55182084940620b95f
+  data.tar.gz: 506ca24f5b9ff1c62f69defafb963ac16f9871715f302512dd4791d388495a36cf1dbc8b15a8b8a0e530fad836dc7a5cbba817e0c9b467faa47b7a230f4861b3

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-oso (0.2.6)
+    oso-oso (0.3.0)
       ffi (~> 1.0)
 
 GEM

data/README.md

@@ -1,4 +1,4 @@
-# Oso::Oso
+# oso-oso
 
 ## Installation
 
@@ -18,13 +18,10 @@ Or install it yourself as:
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run
-`rake spec` to run the tests. You can also run `bin/console` for an interactive
-prompt that will allow you to experiment.
+After checking out the repo, run `bundle install` to install dependencies.
+Then, run `bundle exec rake spec` to run the tests. You can also run `bundle
+exec oso` for an interactive REPL that will allow you to experiment.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To
-release a new version, update the version number in `version.rb`, and then run
-`bundle exec rake release`, which will create a git tag for the version, push
-git commits and tags, and push the `.gem` file to
-[rubygems.org](https://rubygems.org).
+To install this gem onto your local machine, run `bundle exec rake install`.
 
+New releases are minted and pushed to RubyGems via GitHub Actions workflows.

data/expense.rb

@@ -0,0 +1,15 @@
+class Expense
+  attr_reader :amount, :description, :submitted_by
+
+  def initialize(amount, description, submitted_by)
+    @amount = amount
+    @description = description
+    @submitted_by = submitted_by
+  end
+end
+
+EXPENSES = {
+  1 => Expense.new(500,   'coffee',   'alice@example.com'),
+  2 => Expense.new(5000,  'software', 'alice@example.com'),
+  3 => Expense.new(50_000, 'flight', 'bhavik@example.com')
+}.freeze

data/lib/oso/oso.rb

@@ -11,8 +11,8 @@ module Oso
       register_class(PathMapper, name: 'PathMapper')
     end
 
-    def allow(actor:, action:, resource:)
-      query_predicate('allow', actor, action, resource).next
+    def allowed?(actor:, action:, resource:)
+      query_rule('allow', actor, action, resource).next
       true
     rescue StopIteration
       false

data/lib/oso/polar/ffi/query.rb

@@ -12,6 +12,7 @@ module Oso
           attach_function :debug_command, :polar_debug_command, [FFI::Query, :string], :int32
           attach_function :call_result, :polar_call_result, [FFI::Query, :uint64, :string], :int32
           attach_function :question_result, :polar_question_result, [FFI::Query, :uint64, :int32], :int32
+          attach_function :application_error, :polar_application_error, [FFI::Query, :string], :int32
           attach_function :next_event, :polar_next_query_event, [FFI::Query], FFI::QueryEvent
           attach_function :free, :query_free, [FFI::Query], :int32
         end
@@ -41,6 +42,14 @@ module Oso
           raise FFI::Error.get if res.zero?
         end
 
+        # @param result [Boolean]
+        # @param call_id [Integer]
+        # @raise [FFI::Error] if the FFI call returns an error.
+        def application_error(message)
+          res = Rust.application_error(self, message)
+          raise FFI::Error.get if res.zero?
+        end
+
         # @return [::Oso::Polar::QueryEvent]
         # @raise [FFI::Error] if the FFI call returns an error.
         def next_event

data/lib/oso/polar/host.rb

@@ -198,7 +198,7 @@ module Oso
                   # This is supported so that we can query for unbound variables
                   { 'Variable' => value }
                 else
-                  { 'ExternalInstance' => { 'instance_id' => cache_instance(value) } }
+                  { 'ExternalInstance' => { 'instance_id' => cache_instance(value), 'repr' => value.to_s } }
                 end
         { 'value' => value }
       end
@@ -226,6 +226,8 @@ module Oso
           get_instance(value['instance_id'])
         when 'Call'
           Predicate.new(value['name'], args: value['args'].map { |a| to_ruby(a) })
+        when 'Variable'
+          Variable.new(value['name'])
         else
           raise UnexpectedPolarTypeError, tag
         end

data/lib/oso/polar/polar.rb

@@ -59,6 +59,10 @@ module Oso
       end
 
       # Query for a predicate, parsing it if necessary.
+      #
+      # @param query [String or Predicate]
+      # @return Enumerator of resulting bindings
+      # @raise [Error] if the FFI call raises one.
       def query(query)
         load_queued_files
         new_host = host.dup
@@ -73,12 +77,12 @@ module Oso
         Query.new(ffi_query, host: new_host).results
       end
 
-      # Query for a predicate.
+      # Query for a rule.
       #
       # @param name [String]
       # @param args [Array<Object>]
       # @raise [Error] if the FFI call raises one.
-      def query_predicate(name, *args)
+      def query_rule(name, *args)
         query(Predicate.new(name, args: args))
       end
 
@@ -90,7 +94,7 @@ module Oso
         load_queued_files
 
         loop do
-          print('> ')
+          print('query> ')
           begin
             query = STDIN.readline.chomp.chomp(';')
           rescue EOFError

data/lib/oso/polar/query.rb

@@ -77,6 +77,15 @@ module Oso
         host.to_polar_term(calls[id].next)
       end
 
+      # Send result of predicate check across FFI boundary.
+      #
+      # @param result [Boolean]
+      # @param call_id [Integer]
+      # @raise [Error] if the FFI call raises one.
+      def application_error(message)
+        ffi_query.application_error(message)
+      end
+
       # Fetch the next result from calling a Ruby method and prepare it for
       # transmission across the FFI boundary.
       #
@@ -89,10 +98,11 @@ module Oso
         register_call(method, call_id: call_id, instance: instance, args: args)
         result = JSON.dump(next_call_result(call_id))
         call_result(result, call_id: call_id)
-      rescue InvalidCallError, StopIteration
+      rescue InvalidCallError => e
+        application_error(e.message)
+        call_result(nil, call_id: call_id)
+      rescue StopIteration
         call_result(nil, call_id: call_id)
-        # @TODO: polar line numbers in errors once polar errors are better.
-        # raise PolarRuntimeError(f"Error calling {attribute}")
       end
 
       # Create a generator that can be polled to advance the query loop.
@@ -140,8 +150,12 @@ module Oso
               question_result(answer, call_id: event.data['call_id'])
             when 'Debug'
               puts event.data['message'] if event.data['message']
-              print '> '
-              input = $stdin.gets.chomp!
+              print 'debug> '
+              begin
+                input = STDIN.readline.chomp.chomp(';')
+              rescue EOFError
+                next
+              end
               command = JSON.dump(host.to_polar_term(input))
               ffi_query.debug_command(command)
             else

data/lib/oso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Oso
-  VERSION = '0.2.6'
+  VERSION = '0.3.0'
 end

data/oso-oso.gemspec

@@ -5,14 +5,16 @@ require_relative 'lib/oso/version'
 Gem::Specification.new do |spec|
   spec.name          = 'oso-oso'
   spec.version       = Oso::VERSION
-  spec.authors       = ['Oso Security']
+  spec.authors       = ['Oso Security, Inc.']
   spec.email         = ['support@osohq.com']
-
-  spec.summary       = 'Oso authorization API.'
+  spec.licenses      = ['Apache-2.0']
+  spec.summary       = 'oso authorization library.'
   spec.homepage      = 'https://www.osohq.com/'
+
   spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
 
   spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/osohq/oso'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oso-oso
 version: !ruby/object:Gem::Version
-  version: 0.2.6
+  version: 0.3.0
 platform: ruby
 authors:
-- Oso Security
+- Oso Security, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-25 00:00:00.000000000 Z
+date: 2020-07-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -111,6 +111,7 @@ files:
 - README.md
 - Rakefile
 - bin/oso
+- expense.rb
 - ext/oso-oso/lib/libpolar.dylib
 - ext/oso-oso/lib/libpolar.so
 - ext/oso-oso/lib/polar.dll
@@ -134,9 +135,11 @@ files:
 - lib/oso/version.rb
 - oso-oso.gemspec
 homepage: https://www.osohq.com/
-licenses: []
+licenses:
+- Apache-2.0
 metadata:
   homepage_uri: https://www.osohq.com/
+  source_code_uri: https://github.com/osohq/oso
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -156,5 +159,5 @@ rubyforge_project:
 rubygems_version: 2.6.14.4
 signing_key: 
 specification_version: 4
-summary: Oso authorization API.
+summary: oso authorization library.
 test_files: []