oso 0.25.1

oso 0.25.1

sqlalchemy-oso 0.25.1

sqlalchemy-oso 0.25.1

flask-oso 0.25.1

flask-oso 0.25.1

django-oso 0.25.1

django-oso 0.25.1

oso 0.25.0

oso 0.25.0

Core

Breaking changes

POLAR_LOG now supports multiple log levels

• Previously we supported POLAR_LOG=trace and POLAR_LOG=on, both of which enabled slightly different but verbose "TRACE"-level logging of the execution of queries and their constituent goals within the Polar VM.
• POLAR_LOG=on was slightly less verbose than POLAR_LOG=trace but still produced a voluminous output which made it hard to parse and follow the execution of a particular query.
• To enable easier query debugging we have broken out POLAR_LOG into new discrete INFO and TRACE levels. Specifying POLAR_LOG=info will cause Polar to emit a more concise log output intended to be consumed by developers as they build and debug their Polar policies. The more verbose TRACE output is still available through POLAR_LOG=trace. Check out our documentation for more information on tracing.

Other bugs & improvements

• Fixed a variable scope bug affecting the forall operator that caused affected
  queries to fail with an UnhandledPartial error.
• Subsequent unification of incompatibly type-constrained variables will now fail
  correctly.
• The operators not, forall, or, <, <=, >, and >= can now be used
  with data filtering.
• Fixed an issue with incompatible types being assigned to variables during rule
  matching.

Node.js

Breaking changes

Second parameter of Oso.query() API changed from bindings to options

Pre-seeding the Polar VM with bindings for a query is a bit of an advanced use
case, but if you were previously passing bindings to Oso.query():

const bindings = new Map([['x', 1]]);
oso.query('f(x)', bindings);

You'll need to update that call to pass bindings as a key in the new
QueryOpts object:

const bindings = new Map([['x', 1]]);
oso.query('f(x)', { bindings });

Other bugs & improvements

• Thanks to @Kn99HN for adding the
  acceptExpression query flag to the Node.js lib!

Python

New Features

New Data Filtering API

The improved data filtering API released for Ruby in 0.24.0 is now available
in the Python library, with a built-in example adapter for the SQLAlchemy ORM.
See the Python API docs for
more details.

sqlalchemy-oso 0.25.0

Bumped the minimum required version of the oso dependency.

Other bugs & improvements

• scoped_session now correctly handles a get_checked_permissions callback that
  returns None.

django-oso 0.25.0

Bumped the minimum required version of the oso dependency.

flask-oso 0.25.0

Bumped the minimum required version of the oso dependency.

sqlalchemy-oso 0.25.0

sqlalchemy-oso 0.25.0

flask-oso 0.25.0

flask-oso 0.25.0

django-oso 0.25.0

django-oso 0.25.0

oso 0.24.0

VSCode Extension 0.24.0

• Our VSCode Extension now displays inline diagnostics (errors & warnings) in the editor as well as in VSCode's Problems pane.
  • The extension immediately highlights errors and warnings encountered while parsing and validating your policy, such as if a rule is missing a trailing semi-colon, a resource block declares "owner" as both a role and a relation, or your policy contains no allow() rule. You would normally see this feedback when running your application, but the extension surfaces it while you edit your policy.
  • The extension collects non-identifiable metrics that we use to improve Oso. We collect data into un-timestamped batches instead of sending it on every policy load since we care about aggregate statistics; not tracking your personal development behavior. We will never sell this data. For more info on exactly what is tracked and why, see this page in our docs.

Oso 0.24.0

Core

Other bugs & improvements

• Oso now allows multiple resource blocks to be declared for the same resource type. The declarations from all resource blocks for a given type are merged together before policy evaluation. This permits rules in one block to reference declarations in another and for resource blocks to be composed over multiple files.
• Fixed a data race in our error handling functionality which resulted in truncated error messages.
• Fixed a regression in the logic for rule matching when using in with data filtering.
• Fixed a regression in rule type checking which prevented using roles with actor blocks.

Rust

Other bugs & improvements

• Implemented ExternalIsSubclass query event. Prevents x matches Foo and x matches Bar
  from panicking. Instead, this will now correctly fail when Foo != Bar.
  Thanks to @davepacheco for the contribution!

Go

Other bugs & improvements

• Added a SetAcceptExpression method to the Query struct which makes
  it possible to get partially-evaluated terms back from the core.
  This is a step towards data filtering in Go.
  Thanks to @joshrotenberg for the PR!

Platform Support

We now support building Oso on ARM-based MacOS systems using Go 1.16 or later.

Ruby

New Features

New Data Filtering API

A new data filtering backend is now available in the Ruby library, which should provide
better performance in most cases. An example ActiveRecord adapter is also included. For
details on how to configure and use the new data filtering code, please see our docs.

django-oso 0.24.0

Bumped the minimum required version of the oso dependency.

flask-oso 0.24.0

Bumped the minimum required version of the oso dependency.

sqlalchemy-oso 0.24.0

Bumped the minimum required version of the oso dependency.

sqlalchemy-oso 0.24.0

sqlalchemy-oso 0.24.0