Oso 0.26.0 is out! It includes:
- a new adapter API for data filtering that allows you to easily use data filtering with your own ORM or database
- a new setting in the VSCode extension that allows you to configure which Polar files are considered part of a policy.
New Data Filtering Adapter API
The new adapter API allows you to integrate data filtering with your ORM. Data filtering allows you to efficiently retrieve a list of authorized objects by pushing down filters to your database.
You write an adapter to process Filters from Oso, like this:
class SqlAlchemyAdapter(DataAdapter): def __init__(self, session): self.session = session def build_query(self, filter): types = filter.types # Join relations into the query. def re(q, rel): typ = types[rel.left] rec = typ.fields[rel.name] left = typ.cls right = types[rec.other_type].cls return q.join( right, getattr(left, rec.my_field) == getattr(right, rec.other_field) ) query = reduce(re, filter.relations, self.session.query(filter.model)) # Translate conditions. disj = reduce( lambda a, b: a | b, [ reduce( lambda a, b: a & b, [SqlAlchemyAdapter.sqlize(conj) for conj in conjs], true(), ) for conjs in filter.conditions ], false(), ) return query.filter(disj).distinct() # ... snip ...
The adapter translates a
Filter object from Oso into a query in your ORM. Then you can use your policy with the
authorized_resources enforcement APIs.
Configurable Policy Roots in VSCode Extension
The VSCode extension now allows you to configure your Polar project roots using the
oso.polarLanguageServer.projectRoots configuration setting. This is particularly helpful in TypeScript projects which may include compiled versions of of the source in the VSCode workspace directory. Previously Oso would detect the compiled and original source as a project root, resulting in spurious
Duplicate File errors.
See the docs for more on using this new feature.
Other Bug Fixes and Improvements
We’ve also fixed a few bugs in this release:
- An issue with Go module vendoring was fixed by @sourcec0de.
- A bug in runtime type checking on nested attributes was fixed.
- The data filtering
Filter.relationslist is now topographically sorted, making integrations with some ORMs easier.
Set up a 1x1 with an Oso engineer
Our team is happy to help you get started with Oso. If you'd like to try out any of these new features, or if you're interested in learning how to use Oso in your app, schedule a 1x1 with an Oso engineers.
Our team is also available to help in Slack.