A bear playing hopscotch

Release: Oso 0.26.0 is out, including the data filtering adapter API in Python, Ruby, Node, and Go

Oso 0.26.0 is out! It includes:

  • a new adapter API for data filtering that allows you to easily use data filtering with your own ORM or database
  • a new setting in the VSCode extension that allows you to configure which Polar files are considered part of a policy.

New Data Filtering Adapter API

The new adapter API allows you to integrate data filtering with your ORM. Data filtering allows you to efficiently retrieve a list of authorized objects by pushing down filters to your database.

You write an adapter to process Filters from Oso, like this:

class SqlAlchemyAdapter(DataAdapter):
    def __init__(self, session):
        self.session = session

    def build_query(self, filter):
        types = filter.types

                # Join relations into the query.
        def re(q, rel):
            typ = types[rel.left]
            rec = typ.fields[rel.name]
            left = typ.cls
            right = types[rec.other_type].cls
            return q.join(
                right, getattr(left, rec.my_field) == getattr(right, rec.other_field)

        query = reduce(re, filter.relations, self.session.query(filter.model))

                # Translate conditions.
        disj = reduce(
            lambda a, b: a | b,
                    lambda a, b: a & b,
                    [SqlAlchemyAdapter.sqlize(conj) for conj in conjs],
                for conjs in filter.conditions
        return query.filter(disj).distinct()

        # ... snip ...

The adapter translates a Filter object from Oso into a query in your ORM. Then you can use your policy with the authorized_query and authorized_resources enforcement APIs.

See our documentation for more information on using data filtering, with example adapters. The previous filter plan API has been removed in Oso 0.26.0. Chat with us in Slack for help migrating.

Configurable Policy Roots in VSCode Extension

The VSCode extension now allows you to configure your Polar project roots using the oso.polarLanguageServer.projectRoots configuration setting. This is particularly helpful in TypeScript projects which may include compiled versions of of the source in the VSCode workspace directory. Previously Oso would detect the compiled and original source as a project root, resulting in spurious Duplicate File errors.

See the docs for more on using this new feature.

Other Bug Fixes and Improvements

We’ve also fixed a few bugs in this release:

  • An issue with Go module vendoring was fixed by @sourcec0de.
  • A bug in runtime type checking on nested attributes was fixed.
  • The data filtering Filter.relations list is now topographically sorted, making integrations with some ORMs easier.

For more details on these and other changes, read the changelog.

Set up a 1x1 with an Oso engineer

Our team is happy to help you get started with Oso. If you'd like to try out any of these new features, or if you're interested in learning how to use Oso in your app, schedule a 1x1 with an Oso engineers.

Our team is also available to help in Slack.

Want us to remind you?
We'll email you before the event with a friendly reminder.

Write your first policy