openapi: 3.0.3 info: title: Oso Cloud HTTP API version: 0.1.0 description: 'Oso Cloud exposes an HTTP API that you can use to make queries directly, without using one of the clients.For endpoints that require authentication, pass your API key as an HTTP Bearer Auth payload.For example, using curl: curl -H "Authorization: Bearer $OSO_AUTH" https://cloud.osohq.com/api/' servers: - url: https://api.osohq.com/api/ paths: /policy: get: tags: - Policy description: Gets the currently active policy in Oso Cloud. The policy is expressed as a string containing [Polar](https://www.osohq.com/docs/modeling-in-polar/reference) code. operationId: get_policy parameters: - name: id in: query schema: type: integer format: int64 nullable: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/GetPolicyResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] post: tags: - Policy description: Updates the policy in Oso Cloud. The policy should be represented as a string containing [Polar](https://www.osohq.com/docs/modeling-in-polar/reference) code. operationId: post_policy parameters: - name: force in: query required: true schema: type: boolean - name: show_suggestions in: query required: true schema: type: boolean - name: fail_fast in: query required: true schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/Policy' required: true responses: '200': description: The policy was updated. content: application/json: schema: $ref: '#/components/schemas/ApiResult' '202': description: The policy was not updated because it is unchanged. content: application/json: schema: $ref: '#/components/schemas/ApiResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/SavePolicyError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Update policy\ \ with Polar code\nconst policyCode = `\n actor User {}\n resource Repository\ \ {\n permissions = [\"read\", \"write\"];\n roles = [\"owner\", \"\ maintainer\"];\n }\n has_role(user: User, \"owner\", repo: Repository)\ \ if\n user.id = repo.owner_id;\n`;\nawait oso.policy(policyCode);\n" - lang: python label: Python source: "import os\nfrom oso_cloud import Oso\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# Update policy with Polar code\npolicy_code = \"\"\"\nactor\ \ User {}\nresource Repository {\n permissions = [\"read\", \"write\"\ ];\n roles = [\"owner\", \"maintainer\"];\n}\nhas_role(user: User, \"\ owner\", repo: Repository) if\n user.id = repo.owner_id;\n\"\"\"\noso.policy(policy_code)\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Update policy with Polar code\npolicyCode := `\nactor User {}\nresource\ \ Repository {\n permissions = [\"read\", \"write\"];\n roles = [\"\ owner\", \"maintainer\"];\n}\nhas_role(user: User, \"owner\", repo: Repository)\ \ if\n user.id = repo.owner_id;\n`\n err := osoClient.Policy(policyCode)\n\ \ if err != nil {\n log.Fatal(err)\n }\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport com.osohq.oso_cloud.Oso;\n\ import com.osohq.oso_cloud.api.ApiException;\n\npublic class App {\n \ \ public static void main(String[] args) {\n String apiKey = System.getenv(\"\ OSO_CLOUD_API_KEY\");\n Oso oso = new Oso(apiKey);\n\n// Update policy\ \ with Polar code\nString policyCode = \"\"\"\n actor User {}\n resource\ \ Repository {\n permissions = [\"read\", \"write\"];\n roles\ \ = [\"owner\", \"maintainer\"];\n }\n has_role(user: User, \"owner\"\ , repo: Repository) if\n user.id = repo.owner_id;\n \"\"\";\n\ \ try {\n oso.policy(policyCode);\n } catch (IOException\ \ | ApiException e) {\n System.err.println(\"Error updating policy:\ \ \" + e.getMessage());\n }\n }\n}\n" - lang: ruby label: Ruby source: "require 'oso-cloud'\n\napi_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)\n\ oso = OsoCloud::Oso.new(url: \"https://cloud.osohq.com\", api_key: api_key)\n\ \n# Update policy with Polar code\npolicy_code = <<~POLAR\n actor User\ \ {}\n resource Repository {\n permissions = [\"read\", \"write\"];\n\ \ roles = [\"owner\", \"maintainer\"];\n }\n has_role(user: User, \"\ owner\", repo: Repository) if\n user.id = repo.owner_id;\nPOLAR\noso.policy(policy_code)\n" - lang: csharp label: C# source: "using OsoCloud;\n\nstring? apiKey = Environment.GetEnvironmentVariable(\"\ OSO_CLOUD_API_KEY\");\nvar oso = new Oso(\"https://api.osohq.com\", apiKey);\n\ \n// Update policy with Polar code\nvar policyCode = @\"\n actor User\ \ {}\n resource Repository {\n permissions = [\"\"read\"\", \"\ \"write\"\"];\n roles = [\"\"owner\"\", \"\"maintainer\"\"];\n \ \ }\n has_role(user: User, \"\"owner\"\", repo: Repository) if\n \ \ user.id = repo.owner_id;\n\";\nawait oso.Policy(policyCode);\n" /policy_metadata: get: tags: - Policy description: Returns metadata about the currently active policy. operationId: get_policy_metadata parameters: - name: id in: query schema: type: integer format: int64 nullable: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/GetPolicyMetadataResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: 'import { Oso } from ''oso-cloud''; const apiKey = process.env.OSO_CLOUD_API_KEY; const oso = new Oso("https://cloud.osohq.com", apiKey); // Get policy metadata const metadata = await oso.getPolicyMetadata(); // Access resource information console.log(metadata.resources.keys()); // List all resources console.log(metadata.resources.get("Repository")); // Get specific resource metadata ' - lang: python label: Python source: 'import os from oso_cloud import Oso oso = Oso(api_key=os.environ.get(''OSO_CLOUD_API_KEY'', None)) # Get policy metadata metadata = oso.get_policy_metadata() # Access resource information print(metadata.resources.keys()) # List all resources print(metadata.resources["Repository"]) # Get specific resource metadata ' - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Get policy metadata\n metadata, err := osoClient.GetPolicyMetadata()\n\ \ if err != nil {\n log.Fatal(err)\n }\n}\n\n// Access resource\ \ information\nfor resourceName := range metadata.Resources {\n fmt.Printf(\"\ Resource: %s\\n\", resourceName)\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport com.osohq.oso_cloud.Oso;\n\ import com.osohq.oso_cloud.api.ApiException;\n\npublic class App {\n \ \ public static void main(String[] args) {\n String apiKey = System.getenv(\"\ OSO_CLOUD_API_KEY\");\n Oso oso = new Oso(apiKey);\n\n //\ \ Get policy metadata\n try {\n PolicyMetadata metadata\ \ = oso.getPolicyMetadata();\n \n // Access resource\ \ information\n System.out.println(metadata.getResources().keySet());\n\ \ } catch (IOException | ApiException e) {\n System.err.println(\"\ Error getting policy metadata: \" + e.getMessage());\n }\n }\n\ }\n" - lang: ruby label: Ruby source: 'require ''oso-cloud'' api_key = ENV.fetch(''OSO_CLOUD_API_KEY'', nil) oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key: api_key) # Get policy metadata metadata = oso.get_policy_metadata # Access resource information puts metadata.resources.keys ' - lang: csharp label: C# source: 'using OsoCloud; string? apiKey = Environment.GetEnvironmentVariable("OSO_CLOUD_API_KEY"); var oso = new Oso("https://api.osohq.com", apiKey); // Get policy metadata var metadata = await oso.GetPolicyMetadata(); // Access resource information Console.WriteLine(string.Join(", ", metadata.Resources.Keys)); ' /facts: post: tags: - Centralized Authorization Data description: 'Adds a new fact. DEPRECATED: Prefer `POST /batch` with payload `[{"inserts": []}]`.' operationId: post_facts requestBody: content: application/json: schema: $ref: '#/components/schemas/Fact' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/Fact' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' deprecated: true security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Insert a\ \ single fact\nawait oso.insert([\n \"has_role\", \n { type: \"User\"\ , id: \"alice\" }, \n \"maintainer\", \n { type: \"Repository\", id: \"\ anvils\" }\n]);\n" - lang: python label: Python source: 'import os from oso_cloud import Oso, Value oso = Oso(api_key=os.environ.get(''OSO_CLOUD_API_KEY'', None)) # Insert a single fact user = Value("User", "alice") repo = Value("Repository", "anvils") oso.insert(("has_role", user, "maintainer", repo)) ' - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ \ // Insert a single fact\n alice := oso.NewValue(\"User\", \"alice\"\ )\n repo := oso.NewValue(\"Repository\", \"anvils\")\n err := osoClient.Insert(oso.NewFact(\"\ has_role\", alice, oso.String(\"maintainer\"), repo))\n if err != nil\ \ {\n log.Fatal(err)\n }\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport com.osohq.oso_cloud.Oso;\n\ import com.osohq.oso_cloud.api.ApiException;\nimport com.osohq.oso_cloud.api.Value;\n\ \npublic class App {\n public static void main(String[] args) {\n \ \ String apiKey = System.getenv(\"OSO_CLOUD_API_KEY\");\n Oso\ \ oso = new Oso(apiKey);\n \n try {\n // Insert\ \ a single fact\n Value user = new Value(\"User\", \"alice\"\ );\n Value repo = new Value(\"Repository\", \"anvils\");\n \ \ oso.insert(\"has_role\", user, \"maintainer\", repo);\n \ \ } catch (IOException | ApiException e) {\n System.err.println(\"\ Error: \" + e.getMessage());\n }\n }\n}\n" - lang: ruby label: Ruby source: 'require ''oso-cloud'' api_key = ENV.fetch(''OSO_CLOUD_API_KEY'', nil) oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key: api_key) # Insert a single fact user = OsoCloud::Value.new(type: "User", id: "alice") repo = OsoCloud::Value.new(type: "Repository", id: "anvils") oso.tell("has_role", user, "maintainer", repo) ' - lang: csharp label: C# source: 'using OsoCloud; string? apiKey = Environment.GetEnvironmentVariable("OSO_CLOUD_API_KEY"); var oso = new Oso("https://api.osohq.com", apiKey); // Insert a single fact var user = new Value("User", "alice"); var repo = new Value("Repository", "anvils"); await oso.Insert("has_role", user, "maintainer", repo); ' delete: tags: - Centralized Authorization Data description: 'Deletes a fact. Does not throw an error when the fact is not found. DEPRECATED: Prefer `POST /batch` with payload `[{"deletes": []}]`.' operationId: delete_facts requestBody: content: application/json: schema: $ref: '#/components/schemas/Fact' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/ApiResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' deprecated: true security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Delete specific\ \ fact\nawait oso.delete([\n \"has_role\", \n { type: \"User\", id: \"\ alice\" }, \n \"maintainer\", \n { type: \"Repository\", id: \"anvils\"\ \ }\n]);\n\n// Delete using patterns (null = wildcard)\nawait oso.delete([\"\ has_role\", { type: \"User\", id: \"alice\" }, null, null]); // All roles\ \ for alice\n" - lang: python label: Python source: 'import os from oso_cloud import Oso, Value oso = Oso(api_key=os.environ.get(''OSO_CLOUD_API_KEY'', None)) # Delete specific fact user = Value("User", "alice") repo = Value("Repository", "anvils") oso.delete(("has_role", user, "maintainer", repo)) # Delete using patterns oso.delete(("has_role", user, None, None)) # All roles for user ' - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Delete specific fact\nuser := oso.NewValue(\"User\", \"alice\")\nrepo\ \ := oso.NewValue(\"Repository\", \"anvils\")\nerr := osoClient.Delete(oso.NewFact(\"\ has_role\", user, oso.String(\"maintainer\"), repo))\n\n// Delete using\ \ patterns\nerr = osoClient.Delete(oso.NewFactPattern(\n \"has_role\",\ \ \n user, \n nil, // Any role\n oso.NewValueOfType(\"Repository\")\ \ // Any repo\n))\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport com.osohq.oso_cloud.Oso;\n\ import com.osohq.oso_cloud.api.ApiException;\nimport com.osohq.oso_cloud.api.Value;\n\ \npublic class App {\n public static void main(String[] args) {\n \ \ String apiKey = System.getenv(\"OSO_CLOUD_API_KEY\");\n Oso\ \ oso = new Oso(apiKey);\n \n try {\n // Delete\ \ specific fact\n Value user = new Value(\"User\", \"alice\"\ );\n Value repo = new Value(\"Repository\", \"anvils\");\n \ \ oso.delete(\"has_role\", user, \"maintainer\", repo);\n \ \ \n // Delete using patterns (null = wildcard)\n \ \ oso.delete(\"has_role\", user, null, null); // All roles for user\n\ \ } catch (IOException | ApiException e) {\n System.err.println(\"\ Error: \" + e.getMessage());\n }\n }\n}\n" - lang: ruby label: Ruby source: 'require ''oso-cloud'' api_key = ENV.fetch(''OSO_CLOUD_API_KEY'', nil) oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key: api_key) # Delete specific fact user = OsoCloud::Value.new(type: "User", id: "alice") repo = OsoCloud::Value.new(type: "Repository", id: "anvils") oso.delete("has_role", user, "maintainer", repo) # Delete using patterns (nil = wildcard) oso.delete("has_role", user, nil, nil) # All roles for user ' - lang: csharp label: C# source: 'using OsoCloud; string? apiKey = Environment.GetEnvironmentVariable("OSO_CLOUD_API_KEY"); var oso = new Oso("https://api.osohq.com", apiKey); // Delete specific fact var user = new Value("User", "alice"); var repo = new Value("Repository", "anvils"); await oso.Delete("has_role", user, "maintainer", repo); // Delete using patterns (null = wildcard) await oso.Delete("has_role", user, null, null); // All roles for user ' /bulk_load: post: tags: - Centralized Authorization Data description: 'Adds many facts at once. DEPRECATED: Prefer `POST /batch` with payload `[{"inserts": }]`.' operationId: post_bulk_load requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/Fact' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/ApiResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' deprecated: true security: - ApiKey: [] /bulk_delete: post: tags: - Centralized Authorization Data description: 'Delete many facts in a single transaction. DEPRECATED: Prefer `POST /batch` with payload `[{"deletes": }]`.' operationId: post_bulk_delete requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/Fact' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/ApiResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' deprecated: true security: - ApiKey: [] /bulk: post: tags: - Centralized Authorization Data description: 'Deletes and adds many facts in one atomic transaction. The deletions are performed before the adds. `null` can be used as a wildcard in facts in delete. Does not throw an error when the facts to delete are not found. DEPRECATED: Prefer `POST /batch` with payload `[{"deletes": }, {"inserts": }]`.' operationId: post_bulk requestBody: content: application/json: schema: $ref: '#/components/schemas/Bulk' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/ApiResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' deprecated: true security: - ApiKey: [] /batch: post: tags: - Centralized Authorization Data description: 'Deletes and adds many facts in one atomic batch. Facts are inserted and deleted in-order (ie: `insert`ed facts may be `delete`d in the same transaction). `null` can be used as a wildcard in deleted facts. Does not throw an error when the facts to delete are not found.' operationId: post_batch requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/FactChangeset' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/ApiResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Batch multiple\ \ operations\nconst user = { type: \"User\", id: \"alice\" };\nconst org\ \ = { type: \"Organization\", id: \"acme\" };\nconst repo = { type: \"Repository\"\ , id: \"anvils\" };\n\nawait oso.batch((tx) => {\n // Insert new facts\n\ \ tx.insert([\"has_role\", user, \"owner\", org]);\n tx.insert([\"has_permission\"\ , user, \"admin\", repo]);\n \n // Delete old facts\n tx.delete([\"has_role\"\ , user, \"maintainer\", repo]);\n tx.delete([\"has_role\", user, \"member\"\ , org]);\n});\n" - lang: python label: Python source: "import os\nfrom oso_cloud import Oso, Value\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# Batch multiple operations\nuser = Value(\"User\", \"alice\"\ )\norg = Value(\"Organization\", \"acme\")\nrepo = Value(\"Repository\"\ , \"anvils\")\n\nwith oso.batch() as tx:\n # Insert new facts\n tx.insert((\"\ has_role\", user, \"owner\", org))\n tx.insert((\"has_permission\", user,\ \ \"admin\", repo))\n \n # Delete old facts\n tx.delete((\"has_role\"\ , user, \"maintainer\", repo))\n tx.delete((\"has_role\", user, \"member\"\ , org))\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Batch multiple operations\nuser := oso.NewValue(\"User\", \"alice\")\n\ org := oso.NewValue(\"Organization\", \"acme\")\nrepo := oso.NewValue(\"\ Repository\", \"anvils\")\n\nerr := osoClient.Batch(func(tx oso.BatchTransaction)\ \ {\n // Insert new facts\n tx.Insert(oso.NewFact(\"has_role\", user,\ \ oso.String(\"owner\"), org))\n tx.Insert(oso.NewFact(\"has_permission\"\ , user, oso.String(\"admin\"), repo))\n \n // Delete old facts\n \ \ tx.Delete(oso.NewFact(\"has_role\", user, oso.String(\"maintainer\"\ ), repo))\n tx.Delete(oso.NewFactPattern(\"has_role\", user, nil, org))\n\ })\nif err != nil {\n log.Fatal(err)\n}\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport com.osohq.oso_cloud.Oso;\n\ import com.osohq.oso_cloud.api.ApiException;\nimport com.osohq.oso_cloud.api.Value;\n\ \npublic class App {\n public static void main(String[] args) {\n \ \ String apiKey = System.getenv(\"OSO_CLOUD_API_KEY\");\n Oso\ \ oso = new Oso(apiKey);\n \n try {\n // Batch\ \ multiple operations\n Value user = new Value(\"User\", \"alice\"\ );\n Value org = new Value(\"Organization\", \"acme\");\n \ \ Value repo = new Value(\"Repository\", \"anvils\");\n \ \ \n oso.batch((tx) -> {\n // Insert new facts\n\ \ tx.insert(\"has_role\", user, \"owner\", org);\n \ \ tx.insert(\"has_permission\", user, \"admin\", repo);\n \ \ \n // Delete old facts\n tx.delete(\"\ has_role\", user, \"maintainer\", repo);\n tx.delete(\"has_role\"\ , user, \"member\", org);\n });\n } catch (IOException\ \ | ApiException e) {\n System.err.println(\"Error: \" + e.getMessage());\n\ \ }\n }\n}\n" - lang: ruby label: Ruby source: "require 'oso-cloud'\n\napi_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)\n\ oso = OsoCloud::Oso.new(url: \"https://cloud.osohq.com\", api_key: api_key)\n\ \n# Batch multiple operations\nuser = OsoCloud::Value.new(type: \"User\"\ , id: \"alice\")\norg = OsoCloud::Value.new(type: \"Organization\", id:\ \ \"acme\")\nrepo = OsoCloud::Value.new(type: \"Repository\", id: \"anvils\"\ )\n\noso.batch do |tx|\n # Insert new facts\n tx.tell(\"has_role\", user,\ \ \"owner\", org)\n tx.tell(\"has_permission\", user, \"admin\", repo)\n\ \ \n # Delete old facts\n tx.delete(\"has_role\", user, \"maintainer\"\ , repo)\n tx.delete(\"has_role\", user, \"member\", org)\nend\n" - lang: csharp label: C# source: "using OsoCloud;\n\nstring? apiKey = Environment.GetEnvironmentVariable(\"\ OSO_CLOUD_API_KEY\");\nvar oso = new Oso(\"https://api.osohq.com\", apiKey);\n\ \n// Batch multiple operations\nvar user = new Value(\"User\", \"alice\"\ );\nvar org = new Value(\"Organization\", \"acme\");\nvar repo = new Value(\"\ Repository\", \"anvils\");\n\nawait oso.Batch(tx => {\n // Insert new\ \ facts\n tx.Insert(\"has_role\", user, \"owner\", org);\n tx.Insert(\"\ has_permission\", user, \"admin\", repo);\n \n // Delete old facts\n\ \ tx.Delete(\"has_role\", user, \"maintainer\", repo);\n tx.Delete(\"\ has_role\", user, \"member\", org);\n});\n" /authorize: post: tags: - Check API description: Determines whether or not an actor can take an action on a resource, based on a combination of authorization data and policy logic. operationId: post_authorize requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthorizeQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/AuthorizeResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Basic authorization\ \ check\nconst alice = { type: \"User\", id: \"alice\" };\nconst repository\ \ = { type: \"Repository\", id: \"anvils\" };\n\nconst authorized = await\ \ oso.authorize(alice, \"read\", repository);\nif (!authorized) {\n throw\ \ new Error(\"Access denied\");\n}\n\n// With context facts for additional\ \ information\nconst issue = { type: \"Issue\", id: \"123\" };\nconst contextAuthorized\ \ = await oso.authorize(\n alice, \n \"read\", \n issue, \n [[\"has_relation\"\ , issue, \"parent\", repository]] // Context facts\n);\n" - lang: python label: Python source: "import os\nfrom oso_cloud import Oso, Value\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# Basic authorization check\nalice = Value(\"User\", \"alice\"\ )\nrepository = Value(\"Repository\", \"anvils\")\n\nif not oso.authorize(alice,\ \ \"read\", repository):\n raise Exception(\"Action is not allowed\"\ )\n\n# With context facts\nissue = Value(\"Issue\", \"123\")\nauthorized\ \ = oso.authorize(\n alice, \n \"read\", \n issue, \n context_facts=[(\"\ has_relation\", issue, \"parent\", repository)]\n)\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Basic authorization check\nuser := oso.NewValue(\"User\", \"alice\")\n\ repository := oso.NewValue(\"Repository\", \"anvils\")\n\nallowed, err :=\ \ osoClient.Authorize(user, \"read\", repository)\nif err != nil {\n \ \ log.Fatal(err)\n}\nif !allowed {\n return fmt.Errorf(\"access denied\"\ )\n}\n\n// With context facts\nissue := oso.NewValue(\"Issue\", \"123\"\ )\ncontextFacts := []oso.Fact{\n oso.NewFact(\"has_relation\", issue,\ \ oso.String(\"parent\"), repository),\n}\nallowed, err = osoClient.AuthorizeWithContext(user,\ \ \"read\", issue, contextFacts)\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport com.osohq.oso_cloud.Oso;\n\ import com.osohq.oso_cloud.api.ApiException;\nimport com.osohq.oso_cloud.api.Value;\n\ \npublic class App {\n public static void main(String[] args) {\n \ \ String apiKey = System.getenv(\"OSO_CLOUD_API_KEY\");\n Oso\ \ oso = new Oso(apiKey);\n \n try {\n // Basic\ \ authorization check\n Value alice = new Value(\"User\", \"\ alice\");\n Value repository = new Value(\"Repository\", \"anvils\"\ );\n \n boolean authorized = oso.authorize(alice,\ \ \"read\", repository);\n if (!authorized) {\n \ \ throw new RuntimeException(\"Access denied\");\n }\n \ \ \n // With context facts for additional information\n\ \ Value issue = new Value(\"Issue\", \"123\");\n boolean\ \ contextAuthorized = oso.authorize(alice, \"read\", issue, \n \ \ Arrays.asList(Arrays.asList(\"has_relation\", issue, \"parent\"\ , repository)));\n } catch (IOException | ApiException e) {\n \ \ System.err.println(\"Error: \" + e.getMessage());\n }\n\ \ }\n}\n" - lang: ruby label: Ruby source: "require 'oso-cloud'\n\napi_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)\n\ oso = OsoCloud::Oso.new(url: \"https://cloud.osohq.com\", api_key: api_key)\n\ \n# Basic authorization check\nalice = OsoCloud::Value.new(type: \"User\"\ , id: \"alice\")\nrepository = OsoCloud::Value.new(type: \"Repository\"\ , id: \"anvils\")\n\nauthorized = oso.authorize(alice, \"read\", repository)\n\ raise \"Access denied\" unless authorized\n\n# With context facts\nissue\ \ = OsoCloud::Value.new(type: \"Issue\", id: \"123\")\ncontext_authorized\ \ = oso.authorize(alice, \"read\", issue, \n context_facts: [[\"has_relation\"\ , issue, \"parent\", repository]])\n" - lang: csharp label: C# source: "using OsoCloud;\n\nstring? apiKey = Environment.GetEnvironmentVariable(\"\ OSO_CLOUD_API_KEY\");\nvar oso = new Oso(\"https://api.osohq.com\", apiKey);\n\ \n// Basic authorization check\nvar alice = new Value(\"User\", \"alice\"\ );\nvar repository = new Value(\"Repository\", \"anvils\");\n\nbool authorized\ \ = await oso.Authorize(alice, \"read\", repository);\nif (!authorized)\ \ {\n throw new UnauthorizedAccessException(\"Access denied\");\n}\n\n\ // With context facts for additional information\nvar issue = new Value(\"\ Issue\", \"123\");\nbool contextAuthorized = await oso.Authorize(alice,\ \ \"read\", issue, \n contextFacts: new[] { new[] { \"has_relation\"\ , issue, \"parent\", repository } });\n" /authorize_resources: post: tags: - Check API description: Returns a subset of resources on which an actor can perform a particular action. Ordering and duplicates, if any exist, are preserved. operationId: post_authorize_resources requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthorizeResourcesQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/AuthorizeResourcesResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] /list: post: tags: - Check API description: 'Fetches a list of resource IDs on which an actor can perform a particular action. Supports pagination: provide `page_size` to receive results in pages, with a `next_page_token` in the response for fetching subsequent pages.' operationId: post_list requestBody: content: application/json: schema: $ref: '#/components/schemas/ListQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/ListResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// List all\ \ repositories the user can read\nconst alice = { type: \"User\", id: \"\ alice\" };\nconst repositoryIds = await oso.list(alice, \"read\", \"Repository\"\ );\nconsole.log(\"Readable repositories:\", repositoryIds);\n\n// With context\ \ facts\nconst issueIds = await oso.list(\n alice, \n \"read\", \n \"\ Issue\",\n [\n [\"has_relation\", { type: \"Issue\", id: \"123\" },\ \ \"parent\", { type: \"Repository\", id: \"anvils\" }],\n [\"has_relation\"\ , { type: \"Issue\", id: \"456\" }, \"parent\", { type: \"Repository\",\ \ id: \"acme\" }]\n ]\n);\n" - lang: python label: Python source: "import os\nfrom oso_cloud import Oso, Value\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# List all repositories the user can read\nalice = Value(\"\ User\", \"alice\")\nrepository_ids = oso.list(alice, \"read\", \"Repository\"\ )\nprint(f\"Readable repositories: {repository_ids}\")\n\n# With context\ \ facts\nissue_ids = oso.list(\n alice, \n \"read\", \n \"Issue\"\ ,\n context_facts=[\n (\"has_relation\", Value(\"Issue\", \"123\"\ ), \"parent\", Value(\"Repository\", \"anvils\")),\n (\"has_relation\"\ , Value(\"Issue\", \"456\"), \"parent\", Value(\"Repository\", \"acme\"\ ))\n ]\n)\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // List all repositories the user can read\nuser := oso.NewValue(\"User\"\ , \"alice\")\nrepositoryIds, err := osoClient.List(user, \"read\", \"Repository\"\ , nil)\nif err != nil {\n log.Fatal(err)\n}\nfmt.Printf(\"Readable repositories:\ \ %v\\n\", repositoryIds)\n\n// With context facts\ncontextFacts := []oso.Fact{\n\ \ oso.NewFact(\"has_relation\", oso.NewValue(\"Issue\", \"123\"), oso.String(\"\ parent\"), oso.NewValue(\"Repository\", \"anvils\")),\n oso.NewFact(\"\ has_relation\", oso.NewValue(\"Issue\", \"456\"), oso.String(\"parent\"\ ), oso.NewValue(\"Repository\", \"acme\")),\n}\nissueIds, err := osoClient.ListWithContext(user,\ \ \"read\", \"Issue\", contextFacts)\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport java.util.Arrays;\n\ import java.util.List;\nimport com.osohq.oso_cloud.Oso;\nimport com.osohq.oso_cloud.api.ApiException;\n\ import com.osohq.oso_cloud.api.Value;\n\npublic class App {\n public\ \ static void main(String[] args) {\n String apiKey = System.getenv(\"\ OSO_CLOUD_API_KEY\");\n Oso oso = new Oso(apiKey);\n \n \ \ try {\n // List all repositories the user can read\n \ \ Value alice = new Value(\"User\", \"alice\");\n List\ \ repositoryIds = oso.list(alice, \"read\", \"Repository\");\n \ \ System.out.println(\"Readable repositories: \" + repositoryIds);\n \ \ \n // With context facts\n Value issue1\ \ = new Value(\"Issue\", \"123\");\n Value issue2 = new Value(\"\ Issue\", \"456\");\n Value repo1 = new Value(\"Repository\",\ \ \"anvils\");\n Value repo2 = new Value(\"Repository\", \"acme\"\ );\n \n List issueIds = oso.list(alice, \"\ read\", \"Issue\", Arrays.asList(\n Arrays.asList(\"has_relation\"\ , issue1, \"parent\", repo1),\n Arrays.asList(\"has_relation\"\ , issue2, \"parent\", repo2)\n ));\n } catch (IOException\ \ | ApiException e) {\n System.err.println(\"Error: \" + e.getMessage());\n\ \ }\n }\n}\n" - lang: ruby label: Ruby source: "require 'oso-cloud'\n\napi_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)\n\ oso = OsoCloud::Oso.new(url: \"https://cloud.osohq.com\", api_key: api_key)\n\ \n# List all repositories the user can read\nalice = OsoCloud::Value.new(type:\ \ \"User\", id: \"alice\")\nrepository_ids = oso.list(alice, \"read\", \"\ Repository\")\nputs \"Readable repositories: #{repository_ids}\"\n\n# With\ \ context facts\nissue_ids = oso.list(alice, \"read\", \"Issue\", \n context_facts:\ \ [\n [\"has_relation\", OsoCloud::Value.new(type: \"Issue\", id: \"\ 123\"), \"parent\", OsoCloud::Value.new(type: \"Repository\", id: \"anvils\"\ )],\n [\"has_relation\", OsoCloud::Value.new(type: \"Issue\", id: \"\ 456\"), \"parent\", OsoCloud::Value.new(type: \"Repository\", id: \"acme\"\ )]\n ]\n)\n" - lang: csharp label: C# source: "using OsoCloud;\n\nstring? apiKey = Environment.GetEnvironmentVariable(\"\ OSO_CLOUD_API_KEY\");\nvar oso = new Oso(\"https://api.osohq.com\", apiKey);\n\ \n// List all repositories the user can read\nvar alice = new Value(\"User\"\ , \"alice\");\nvar repositoryIds = await oso.List(alice, \"read\", \"Repository\"\ );\nConsole.WriteLine($\"Readable repositories: {string.Join(\", \", repositoryIds)}\"\ );\n\n// With context facts\nvar issueIds = await oso.List(alice, \"read\"\ , \"Issue\", \n contextFacts: new[] {\n new[] { \"has_relation\"\ , new Value(\"Issue\", \"123\"), \"parent\", new Value(\"Repository\", \"\ anvils\") },\n new[] { \"has_relation\", new Value(\"Issue\", \"\ 456\"), \"parent\", new Value(\"Repository\", \"acme\") }\n });\n" /actions: post: tags: - Check API description: Fetches a list of actions which an actor can perform on a particular resource. operationId: post_actions requestBody: content: application/json: schema: $ref: '#/components/schemas/ActionsQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/ActionsResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Get all\ \ actions user can perform on repository\nconst user = { type: \"User\"\ , id: \"alice\" };\nconst repository = { type: \"Repository\", id: \"anvils\"\ \ };\nconst actions = await oso.actions(user, repository);\nconsole.log(\"\ Available actions:\", actions);\n\n// With context facts\nconst issue =\ \ { type: \"Issue\", id: \"123\" };\nconst contextActions = await oso.actions(\n\ \ user, \n issue, \n [[\"has_relation\", issue, \"parent\", repository]]\n\ );\n" - lang: python label: Python source: "import os\nfrom oso_cloud import Oso, Value\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# Get all actions user can perform on repository\nalice = Value(\"\ User\", \"alice\")\nrepository = Value(\"Repository\", \"anvils\")\nactions\ \ = oso.actions(alice, repository)\nprint(f\"Available actions: {actions}\"\ )\n\n# With context facts\nissue = Value(\"Issue\", \"123\")\nactions =\ \ oso.actions(\n alice, \n issue, \n context_facts=[(\"has_relation\"\ , issue, \"parent\", repository)]\n)\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Get all actions user can perform on repository\nuser := oso.NewValue(\"\ User\", \"alice\")\nrepository := oso.NewValue(\"Repository\", \"anvils\"\ )\nactions, err := osoClient.Actions(user, repository)\nif err != nil {\n\ \ log.Fatal(err)\n}\nfmt.Printf(\"Available actions: %v\\n\", actions)\n\ \n// With context facts\nissue := oso.NewValue(\"Issue\", \"123\")\ncontextFacts\ \ := []oso.Fact{\n oso.NewFact(\"has_relation\", issue, oso.String(\"\ parent\"), repository),\n}\nactions, err = osoClient.ActionsWithContext(user,\ \ issue, contextFacts)\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport java.util.Arrays;\n\ import java.util.List;\nimport com.osohq.oso_cloud.Oso;\nimport com.osohq.oso_cloud.api.ApiException;\n\ import com.osohq.oso_cloud.api.Value;\n\npublic class App {\n public\ \ static void main(String[] args) {\n String apiKey = System.getenv(\"\ OSO_CLOUD_API_KEY\");\n Oso oso = new Oso(apiKey);\n \n \ \ try {\n // Get all actions user can perform on repository\n\ \ Value user = new Value(\"User\", \"alice\");\n Value\ \ repository = new Value(\"Repository\", \"anvils\");\n List\ \ actions = oso.actions(user, repository);\n System.out.println(\"\ Available actions: \" + actions);\n \n // With context\ \ facts\n Value issue = new Value(\"Issue\", \"123\");\n \ \ List contextActions = oso.actions(user, issue,\n \ \ Arrays.asList(Arrays.asList(\"has_relation\", issue, \"parent\"\ , repository)));\n } catch (IOException | ApiException e) {\n \ \ System.err.println(\"Error: \" + e.getMessage());\n }\n\ \ }\n}\n" - lang: ruby label: Ruby source: "require 'oso-cloud'\n\napi_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)\n\ oso = OsoCloud::Oso.new(url: \"https://cloud.osohq.com\", api_key: api_key)\n\ \n# Get all actions user can perform on repository\nuser = OsoCloud::Value.new(type:\ \ \"User\", id: \"alice\")\nrepository = OsoCloud::Value.new(type: \"Repository\"\ , id: \"anvils\")\nactions = oso.actions(user, repository)\nputs \"Available\ \ actions: #{actions}\"\n\n# With context facts\nissue = OsoCloud::Value.new(type:\ \ \"Issue\", id: \"123\")\ncontext_actions = oso.actions(user, issue,\n\ \ context_facts: [[\"has_relation\", issue, \"parent\", repository]])\n" - lang: csharp label: C# source: "using OsoCloud;\n\nstring? apiKey = Environment.GetEnvironmentVariable(\"\ OSO_CLOUD_API_KEY\");\nvar oso = new Oso(\"https://api.osohq.com\", apiKey);\n\ \n// Get all actions user can perform on repository\nvar user = new Value(\"\ User\", \"alice\");\nvar repository = new Value(\"Repository\", \"anvils\"\ );\nvar actions = await oso.Actions(user, repository);\nConsole.WriteLine($\"\ Available actions: {string.Join(\", \", actions)}\");\n\n// With context\ \ facts\nvar issue = new Value(\"Issue\", \"123\");\nvar contextActions\ \ = await oso.Actions(user, issue,\n contextFacts: new[] { new[] { \"\ has_relation\", issue, \"parent\", repository } });\n" /query: post: tags: - Check API description: 'Query v1: query for any predicate and any combination of concrete and wildcard arguments. Unlike `GET /facts`, which only lists facts you''ve added to Oso Cloud, you can use `POST /query` to list derived information about any rule in your policy.' operationId: post_query requestBody: content: application/json: schema: $ref: '#/components/schemas/QueryDeprecated' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/QueryResultDeprecated' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' deprecated: true security: - ApiKey: [] /evaluate_query: post: tags: - Check API description: 'Query v2: query for any expression. Unlike `GET /facts`, which only lists facts you''ve added to Oso Cloud, you can use `POST /evaluate_query` to list derived information about any rule in your policy.' operationId: post_evaluate_query requestBody: content: application/json: schema: $ref: '#/components/schemas/Query' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/QueryResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Basic query\ \ building\nconst actor = { type: \"User\", id: \"alice\" };\nconst repository\ \ = { type: \"Repository\", id: \"anvils\" };\nconst query = oso.buildQuery([\"\ allow\", actor, \"read\", repository]);\nconst result = await query.evaluate(repository);\n\ \n// Add constraints with 'and'\nconst constrainedQuery = oso.buildQuery([\"\ allow\", actor, \"read\", repository])\n .and([\"has_relation\", repository,\ \ \"folder\", { type: \"Folder\", id: \"docs\" }]);\n\n// Different evaluation\ \ modes\nconst exists = await query.evaluate(); \ \ // Boolean\nconst actions = await query.evaluate(\"action\"); \ \ // Single variable\nconst pairs = await query.evaluate([\"\ action\", \"repository\"]); // Tuple variables\n" - lang: python label: Python source: "import os\nfrom oso_cloud import Oso, Value\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# Basic query building\nactor = Value(\"User\", \"alice\")\n\ repository = Value(\"Repository\", \"anvils\")\nquery = oso.build_query((\"\ allow\", actor, \"read\", repository))\nresult = query.evaluate(repository)\n\ \n# Add constraints with 'and_'\nconstrained_query = oso.build_query((\"\ allow\", actor, \"read\", repository)) \\\n .and_((\"has_relation\",\ \ repository, \"folder\", Value(\"Folder\", \"docs\")))\n\n# Different evaluation\ \ modes\nexists = query.evaluate() # Boolean\n\ actions = query.evaluate(\"action\") # Single variable\n\ pairs = query.evaluate((\"action\", \"repository\")) # Tuple variables\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Basic query building\nactor := oso.NewValue(\"User\", \"alice\")\nrepository\ \ := oso.NewValue(\"Repository\", \"anvils\")\nquery := osoClient.BuildQuery(oso.NewQueryFact(\"\ allow\", actor, oso.String(\"read\"), repository))\nrepos, err := query.EvaluateValues(repository)\n\ \n// Add constraints with 'And'\nfolder := oso.NewValue(\"Folder\", \"docs\"\ )\nconstrainedQuery := osoClient.BuildQuery(oso.NewQueryFact(\"allow\",\ \ actor, oso.String(\"read\"), repository)).\n And(oso.NewQueryFact(\"\ has_relation\", repository, oso.String(\"folder\"), folder))\n\n// Different\ \ evaluation modes\nallowed, err := query.EvaluateExists() \ \ // Boolean\nactions, err := query.EvaluateValues(oso.NewVariable(\"\ action\")) // Values for variable\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport com.osohq.oso_cloud.Oso;\n\ import com.osohq.oso_cloud.api.ApiException;\nimport com.osohq.oso_cloud.api.Value;\n\ \npublic class App {\n public static void main(String[] args) {\n \ \ String apiKey = System.getenv(\"OSO_CLOUD_API_KEY\");\n Oso\ \ oso = new Oso(apiKey);\n \n try {\n // Basic\ \ query building\n Value actor = new Value(\"User\", \"alice\"\ );\n Value repository = new Value(\"Repository\", \"anvils\"\ );\n var query = oso.buildQuery(\"allow\", actor, \"read\", repository);\n\ \ var result = query.evaluate(repository);\n \n \ \ // Add constraints with 'and'\n Value folder = new\ \ Value(\"Folder\", \"docs\");\n var constrainedQuery = oso.buildQuery(\"\ allow\", actor, \"read\", repository)\n .and(\"has_relation\"\ , repository, \"folder\", folder);\n \n // Different\ \ evaluation modes\n boolean exists = query.evaluate(); \ \ // Boolean\n var actions = query.evaluate(\"\ action\"); // Single variable\n var pairs = query.evaluate(\"\ action\", \"repository\"); // Tuple variables\n } catch (IOException\ \ | ApiException e) {\n System.err.println(\"Error: \" + e.getMessage());\n\ \ }\n }\n}\n" - lang: ruby label: Ruby source: "require 'oso-cloud'\n\napi_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)\n\ oso = OsoCloud::Oso.new(url: \"https://cloud.osohq.com\", api_key: api_key)\n\ \n# Basic query building\nactor = OsoCloud::Value.new(type: \"User\", id:\ \ \"alice\")\nrepository = OsoCloud::Value.new(type: \"Repository\", id:\ \ \"anvils\")\nquery = oso.build_query([\"allow\", actor, \"read\", repository])\n\ result = query.evaluate(repository)\n\n# Add constraints with 'and_'\nfolder\ \ = OsoCloud::Value.new(type: \"Folder\", id: \"docs\")\nconstrained_query\ \ = oso.build_query([\"allow\", actor, \"read\", repository])\n .and_([\"\ has_relation\", repository, \"folder\", folder])\n\n# Different evaluation\ \ modes\nexists = query.evaluate() # Boolean\n\ actions = query.evaluate(\"action\") # Single variable\n\ pairs = query.evaluate([\"action\", \"repository\"]) # Tuple variables\n" - lang: csharp label: C# source: "using OsoCloud;\n\nstring? apiKey = Environment.GetEnvironmentVariable(\"\ OSO_CLOUD_API_KEY\");\nvar oso = new Oso(\"https://api.osohq.com\", apiKey);\n\ \n// Basic query building\nvar actor = new Value(\"User\", \"alice\");\n\ var repository = new Value(\"Repository\", \"anvils\");\nvar query = oso.BuildQuery(\"\ allow\", actor, \"read\", repository);\nvar result = await query.Evaluate(repository);\n\ \n// Add constraints with 'And'\nvar folder = new Value(\"Folder\", \"docs\"\ );\nvar constrainedQuery = oso.BuildQuery(\"allow\", actor, \"read\", repository)\n\ \ .And(\"has_relation\", repository, \"folder\", folder);\n\n// Different\ \ evaluation modes\nbool exists = await query.Evaluate(); \ \ // Boolean\nvar actions = await query.Evaluate(\"action\");\ \ // Single variable\nvar pairs = await query.Evaluate(new[]\ \ { \"action\", \"repository\" }); // Tuple variables\n" /clear_data: post: tags: - Centralized Authorization Data operationId: clear_data responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/ApiResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] /actions_query: post: tags: - Local Check API operationId: post_actions_query requestBody: content: application/json: schema: $ref: '#/components/schemas/LocalActionsQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/LocalActionsResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: 'import { Oso } from ''oso-cloud''; const apiKey = process.env.OSO_CLOUD_API_KEY; const oso = new Oso("https://cloud.osohq.com", apiKey); // Generate actions query SQL const alice = { type: "User", id: "alice" }; const issue = { type: "Issue", id: "123" }; const query = await oso.actionsLocal(alice, issue); // Execute with database const result = await sql.raw(query).execute(db); const actions = result.rows.map(row => row.actions); console.log("Available actions:", actions); ' - lang: python label: Python source: 'from oso_cloud import Oso, Value import os from sqlalchemy import text from oso_cloud import Oso, Value oso = Oso(api_key=os.environ.get(''OSO_CLOUD_API_KEY'', None)) # Generate actions query SQL alice = Value("User", "alice") issue = Value("Issue", "123") query = oso.actions_local(alice, issue) # Execute with SQLAlchemy actions = list(session.execute(text(query)).scalars()) print(f"Available actions: {actions}") ' - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ \ // Generate actions query SQL\n alice := oso.NewValue(\"User\",\ \ \"alice\")\n issue := oso.NewValue(\"Issue\", \"123\")\nquery, err\ \ := osoClient.ActionsLocal(alice, issue)\nif err != nil {\n log.Fatal(err)\n\ }\n\n// Execute with GORM\nvar actions []string\ndb.Raw(query).Pluck(\"\ actions\", &actions)\n\nfmt.Printf(\"Available actions: %v\\n\", actions)\n\ }\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport java.util.List;\n\ import com.osohq.oso_cloud.Oso;\nimport com.osohq.oso_cloud.api.ApiException;\n\ import com.osohq.oso_cloud.api.Value;\n\npublic class App {\n public\ \ static void main(String[] args) {\n String apiKey = System.getenv(\"\ OSO_CLOUD_API_KEY\");\n Oso oso = new Oso(apiKey);\n \n \ \ try {\n // Generate actions query SQL\n Value\ \ alice = new Value(\"User\", \"alice\");\n Value issue = new\ \ Value(\"Issue\", \"123\");\n String query = oso.actionsLocal(alice,\ \ issue);\n \n // Execute with database (example with\ \ JPA/Hibernate)\n List actions = entityManager.createNativeQuery(query)\n\ \ .getResultList();\n \n System.out.println(\"\ Available actions: \" + actions);\n } catch (IOException | ApiException\ \ e) {\n System.err.println(\"Error: \" + e.getMessage());\n\ \ }\n }\n}\n" - lang: ruby label: Ruby source: 'require ''oso-cloud'' api_key = ENV.fetch(''OSO_CLOUD_API_KEY'', nil) oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key: api_key) # Generate actions query SQL alice = OsoCloud::Value.new(type: "User", id: "alice") issue = OsoCloud::Value.new(type: "Issue", id: "123") query = oso.actions_local(alice, issue) # Execute with ActiveRecord actions = ActiveRecord::Base.connection.execute(query).values.flatten puts "Available actions: #{actions}" ' - lang: csharp label: C# source: 'using OsoCloud; using System.Data; string? apiKey = Environment.GetEnvironmentVariable("OSO_CLOUD_API_KEY"); var oso = new Oso("https://api.osohq.com", apiKey); // Generate actions query SQL var alice = new Value("User", "alice"); var issue = new Value("Issue", "123"); string query = await oso.ActionsLocal(alice, issue); // Execute with Entity Framework var actions = await context.Database.SqlQueryRaw(query).ToListAsync(); Console.WriteLine($"Available actions: {string.Join(", ", actions)}"); ' /authorize_query: post: tags: - Local Check API description: Fetches a query that can be run against your database to determine whether an actor can perform an action on a resource. operationId: post_authorize_query requestBody: content: application/json: schema: $ref: '#/components/schemas/LocalAuthQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/LocalAuthResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Generate\ \ authorization check SQL\nconst alice = { type: \"User\", id: \"alice\"\ \ };\nconst issue = { type: \"Issue\", id: \"123\" };\nconst query = await\ \ oso.authorizeLocal(alice, \"read\", issue);\n\n// Execute with database\ \ (example with raw SQL)\nconst result = await sql.raw(query).execute(db);\n\ const { allowed } = result.rows[0];\n\nif (!allowed) {\n throw new Error(\"\ Access denied\");\n}\n" - lang: python label: Python source: "from oso_cloud import Oso, Value\nimport os\nfrom sqlalchemy import\ \ text\nfrom oso_cloud import Oso, Value\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# Generate authorization check SQL\nalice = Value(\"User\",\ \ \"alice\")\nissue = Value(\"Issue\", \"123\")\nquery = oso.authorize_local(alice,\ \ \"read\", issue)\n\n# Execute with SQLAlchemy\nauthorized = session.execute(text(query)).scalar()\n\ \nif not authorized:\n raise Exception(\"Access denied\")\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ \ // Generate authorization check SQL\n alice := oso.NewValue(\"User\"\ , \"alice\")\n issue := oso.NewValue(\"Issue\", \"123\")\nquery, err\ \ := osoClient.AuthorizeLocal(alice, \"read\", issue)\nif err != nil {\n\ \ log.Fatal(err)\n}\n\n// Execute with GORM\nvar authorizeResult AuthorizeResult\n\ db.Raw(query).Scan(&authorizeResult)\n\nif !authorizeResult.Allowed {\n\ \ return fmt.Errorf(\"access denied\")\n}\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport com.osohq.oso_cloud.Oso;\n\ import com.osohq.oso_cloud.api.ApiException;\nimport com.osohq.oso_cloud.api.Value;\n\ \npublic class App {\n public static void main(String[] args) {\n \ \ String apiKey = System.getenv(\"OSO_CLOUD_API_KEY\");\n Oso\ \ oso = new Oso(apiKey);\n \n try {\n // Generate\ \ authorization check SQL\n Value alice = new Value(\"User\"\ , \"alice\");\n Value issue = new Value(\"Issue\", \"123\");\n\ \ String query = oso.authorizeLocal(alice, \"read\", issue);\n\ \ \n // Execute with database (example with JPA/Hibernate)\n\ \ Boolean authorized = (Boolean) entityManager.createNativeQuery(query)\n\ \ .getSingleResult();\n \n if (!authorized)\ \ {\n throw new SecurityException(\"Access denied\");\n \ \ }\n } catch (IOException | ApiException e) {\n \ \ System.err.println(\"Error: \" + e.getMessage());\n }\n \ \ }\n}\n" - lang: ruby label: Ruby source: 'require ''oso-cloud'' api_key = ENV.fetch(''OSO_CLOUD_API_KEY'', nil) oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key: api_key) # Generate authorization check SQL alice = OsoCloud::Value.new(type: "User", id: "alice") issue = OsoCloud::Value.new(type: "Issue", id: "123") query = oso.authorize_local(alice, "read", issue) # Execute with ActiveRecord authorized = ActiveRecord::Base.connection.execute(query).values.first.first raise "Access denied" unless authorized ' - lang: csharp label: C# source: "using OsoCloud;\n\nstring? apiKey = Environment.GetEnvironmentVariable(\"\ OSO_CLOUD_API_KEY\");\nvar oso = new Oso(\"https://api.osohq.com\", apiKey);\n\ \n// Generate authorization check SQL\nvar alice = new Value(\"User\", \"\ alice\");\nvar issue = new Value(\"Issue\", \"123\");\nstring query = await\ \ oso.AuthorizeLocal(alice, \"read\", issue);\n\n// Execute with Entity\ \ Framework\nbool authorized = await context.Database.SqlQueryRaw(query).FirstAsync();\n\ \nif (!authorized) {\n throw new UnauthorizedAccessException(\"Access\ \ denied\");\n}\n" /list_query: post: tags: - Local Check API description: Fetches a filter that can be applied to a database query to return just the resources on which an actor can perform an action. operationId: post_list_query requestBody: content: application/json: schema: $ref: '#/components/schemas/LocalListQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/LocalListResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Generate\ \ SQL condition for authorized resources\nconst alice = { type: \"User\"\ , id: \"alice\" };\nconst sqlCondition = await oso.listLocal(alice, \"read\"\ , \"Issue\", \"id\");\n\n// Use with database query (example with Kysely)\n\ const authorized_issues = await db\n .selectFrom(\"issues\")\n .where(sql.raw(sqlCondition))\n\ \ .selectAll()\n .execute();\n\nconsole.log(\"Authorized issues:\", authorized_issues.length);\n" - lang: python label: Python source: "from oso_cloud import Oso, Value\nimport os\nfrom sqlalchemy import\ \ select, text\nfrom oso_cloud import Oso, Value\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# Generate SQL condition for authorized resources\nalice = Value(\"\ User\", \"alice\")\nsql_condition = oso.list_local(alice, \"read\", \"Issue\"\ , \"id\")\n\n# Use with SQLAlchemy\nauthorized_issues = session.scalars(\n\ \ select(Issues).filter(text(sql_condition))\n).all()\n\nprint(f\"Found\ \ {len(authorized_issues)} authorized issues\")\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Generate SQL condition for authorized resources\nuser := oso.NewValue(\"\ User\", \"alice\")\nsqlCondition, err := osoClient.ListLocal(user, \"read\"\ , \"Issue\", \"id\")\nif err != nil {\n log.Fatal(err)\n}\n\n// Use with\ \ GORM\nvar issues []Issue\ndb.Find(&issues, sqlCondition)\n\nfmt.Printf(\"\ Found %d authorized issues\\n\", len(issues))\n}\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport java.util.List;\n\ import com.osohq.oso_cloud.Oso;\nimport com.osohq.oso_cloud.api.ApiException;\n\ import com.osohq.oso_cloud.api.Value;\n\npublic class App {\n public\ \ static void main(String[] args) {\n String apiKey = System.getenv(\"\ OSO_CLOUD_API_KEY\");\n Oso oso = new Oso(apiKey);\n \n \ \ try {\n // Generate SQL condition for authorized resources\n\ \ Value alice = new Value(\"User\", \"alice\");\n \ \ String sqlCondition = oso.listLocal(alice, \"read\", \"Issue\", \"id\"\ );\n \n // Use with JPA/Hibernate\n List\ \ authorizedIssues = entityManager.createQuery(\n \"SELECT\ \ i FROM Issue i WHERE \" + sqlCondition, Issue.class)\n \ \ .getResultList();\n \n System.out.println(\"Found\ \ \" + authorizedIssues.size() + \" authorized issues\");\n } catch\ \ (IOException | ApiException e) {\n System.err.println(\"Error:\ \ \" + e.getMessage());\n }\n }\n}\n" - lang: ruby label: Ruby source: 'require ''oso-cloud'' api_key = ENV.fetch(''OSO_CLOUD_API_KEY'', nil) oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key: api_key) # Generate SQL condition for authorized resources alice = OsoCloud::Value.new(type: "User", id: "alice") sql_condition = oso.list_local(alice, "read", "Issue", "id") # Use with ActiveRecord authorized_issues = Issue.where(sql_condition) puts "Found #{authorized_issues.count} authorized issues" ' - lang: csharp label: C# source: "using OsoCloud;\nusing Microsoft.EntityFrameworkCore;\n\nstring?\ \ apiKey = Environment.GetEnvironmentVariable(\"OSO_CLOUD_API_KEY\");\n\ var oso = new Oso(\"https://api.osohq.com\", apiKey);\n\n// Generate SQL\ \ condition for authorized resources\nvar alice = new Value(\"User\", \"\ alice\");\nstring sqlCondition = await oso.ListLocal(alice, \"read\", \"\ Issue\", \"id\");\n\n// Use with Entity Framework\nvar authorizedIssues\ \ = await context.Issues\n .FromSqlRaw($\"SELECT * FROM Issues WHERE\ \ {sqlCondition}\")\n .ToListAsync();\n\nConsole.WriteLine($\"Found {authorizedIssues.Count}\ \ authorized issues\");\n" /evaluate_query_local: post: tags: - Local Check API description: Fetches a SQL query that can be run against your database to answer arbitrary questions about authorization. operationId: post_evaluate_query_local requestBody: content: application/json: schema: $ref: '#/components/schemas/LocalQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/LocalQueryResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: "import { Oso } from 'oso-cloud';\n\nconst apiKey = process.env.OSO_CLOUD_API_KEY;\n\ const oso = new Oso(\"https://cloud.osohq.com\", apiKey);\n\n// Generate\ \ SQL for field-level authorization\nconst actor = { type: \"User\", id:\ \ \"alice\" };\nconst resource = { type: \"Issue\", id: \"123\" };\nconst\ \ field = \"description\";\n\nconst sqlQuery = await oso.buildQuery([\n\ \ \"allow_field\", \n actor, \n \"read\", \n resource, \n field\n]).evaluateLocalSelect({\ \ field_name: field });\n\n// Execute field authorization query\nconst fieldResult\ \ = await sql.raw(sqlQuery).execute(db);\n" - lang: python label: Python source: "from oso_cloud import Oso, Value\nimport os\nfrom sqlalchemy import\ \ text\nfrom oso_cloud import Oso, Value\n\noso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY',\ \ None))\n\n# Generate SQL for field-level authorization\nactor = Value(\"\ User\", \"alice\")\nresource = Value(\"Issue\", \"123\")\nfield = \"description\"\ \n\nsql_query = oso.build_query((\n \"allow_field\", \n actor, \n \"\ read\", \n resource, \n field\n)).evaluate_local_select({\"field_name\"\ : field})\n\n# Execute field authorization query\nfield_result = session.execute(text(sql_query)).fetchall()\n" - lang: go label: Go source: "package main\n\nimport (\n \"log\"\n \"os\"\n oso \"github.com/osohq/go-oso-cloud/v2\"\ \n)\n\nfunc main() {\n apiKey := os.Getenv(\"OSO_CLOUD_API_KEY\")\n \ \ osoClient := oso.NewClient(\"https://cloud.osohq.com\", apiKey)\n\n\ // Generate SQL for field-level authorization\nactor := oso.NewValue(\"\ User\", \"alice\")\nresource := oso.NewValue(\"Issue\", \"123\")\nfieldVar\ \ := oso.NewVariable(\"field\")\n\nsqlQuery, err := osoClient.BuildQuery(\n\ \ oso.NewQueryFact(\"allow_field\", actor, oso.String(\"read\"), resource,\ \ fieldVar),\n).EvaluateLocalSelect(map[string]oso.Variable{\"field_name\"\ : fieldVar})\nif err != nil {\n log.Fatal(err)\n}\n\n// Execute field\ \ authorization query\nvar fieldResult []map[string]interface{}\ndb.Raw(sqlQuery).Scan(&fieldResult)\n\ }\n" - lang: java label: Java source: "package com.mycompany;\n\nimport java.io.IOException;\nimport java.util.List;\n\ import java.util.Map;\nimport com.osohq.oso_cloud.Oso;\nimport com.osohq.oso_cloud.api.ApiException;\n\ import com.osohq.oso_cloud.api.Value;\n\npublic class App {\n public\ \ static void main(String[] args) {\n String apiKey = System.getenv(\"\ OSO_CLOUD_API_KEY\");\n Oso oso = new Oso(apiKey);\n \n \ \ try {\n // Generate SQL for field-level authorization\n\ \ Value actor = new Value(\"User\", \"alice\");\n \ \ Value resource = new Value(\"Issue\", \"123\");\n String field\ \ = \"description\";\n \n String sqlQuery = oso.buildQuery(\"\ allow_field\", actor, \"read\", resource, field)\n .evaluateLocalSelect(Map.of(\"\ field_name\", field));\n \n // Execute field authorization\ \ query\n List> fieldResult = entityManager.createNativeQuery(sqlQuery)\n\ \ .getResultList();\n } catch (IOException | ApiException\ \ e) {\n System.err.println(\"Error: \" + e.getMessage());\n\ \ }\n }\n}\n" - lang: ruby label: Ruby source: "require 'oso-cloud'\n\napi_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)\n\ oso = OsoCloud::Oso.new(url: \"https://cloud.osohq.com\", api_key: api_key)\n\ \n# Generate SQL for field-level authorization\nactor = OsoCloud::Value.new(type:\ \ \"User\", id: \"alice\")\nresource = OsoCloud::Value.new(type: \"Issue\"\ , id: \"123\")\nfield = \"description\"\n\nsql_query = oso.build_query([\"\ allow_field\", actor, \"read\", resource, field])\n .evaluate_local_select({\"\ field_name\" => field})\n\n# Execute field authorization query\nfield_result\ \ = ActiveRecord::Base.connection.execute(sql_query)\n" - lang: csharp label: C# source: "using OsoCloud;\nusing System.Collections.Generic;\n\nstring? apiKey\ \ = Environment.GetEnvironmentVariable(\"OSO_CLOUD_API_KEY\");\nvar oso\ \ = new Oso(\"https://api.osohq.com\", apiKey);\n\n// Generate SQL for field-level\ \ authorization\nvar actor = new Value(\"User\", \"alice\");\nvar resource\ \ = new Value(\"Issue\", \"123\");\nstring field = \"description\";\n\n\ string sqlQuery = await oso.BuildQuery(\"allow_field\", actor, \"read\"\ , resource, field)\n .EvaluateLocalSelect(new Dictionary\ \ { { \"field_name\", field } });\n\n// Execute field authorization query\n\ var fieldResult = await context.Database.SqlQueryRaw(sqlQuery).ToListAsync();\n" components: schemas: ApiResult: type: object required: - message properties: message: type: string SavePolicyError: oneOf: - type: object required: - error_type - message properties: error_type: type: string enum: - Generic message: type: string - type: object required: - error_type - errors - message properties: error_type: type: string enum: - Validation message: type: string errors: type: array items: $ref: '#/components/schemas/PolicyError' - type: object required: - error_type - message - test_results properties: error_type: type: string enum: - TestsFailed message: type: string test_results: $ref: '#/components/schemas/PolicyTestResult' PolicyError: description: Error report for a failed Polar policy test, to be displayed to user. Sent to `oso-cloud` CLI as JSON. type: object required: - error_type - message properties: error_type: description: Type of error encountered. allOf: - $ref: '#/components/schemas/PolicyFailure' message: description: Error message to display to the user. type: string PolicyFailure: description: All known failure modes for a submitted policy test. Encountering any of these scenarios means the policy test has failed. oneOf: - description: Polar file failed validation. type: string enum: - ValidationFailed - description: An assertion failed in an executed test. type: string enum: - AssertionFailed - description: Server hit an unexpected error. type: string enum: - ServerError PolicyTestResult: description: Result of a Policy test API request. Sent to `oso-cloud` CLI as JSON. type: object required: - errors - success - tests properties: success: description: Did the policy test succeed? type: boolean errors: description: What errors did we encounter? type: array items: $ref: '#/components/schemas/PolicyError' tests: description: What tests did we execute? type: array items: $ref: '#/components/schemas/TestSummary' TestSummary: description: Results of executing a single test. Sent to `oso-cloud` CLI as JSON. type: object required: - name - passed - total properties: name: description: Name of test. type: string passed: description: How many assertions passed? type: integer format: uint minimum: 0 total: description: How many assertions in total? type: integer format: uint minimum: 0 Policy: type: object required: - src properties: filename: type: string nullable: true src: type: string GetPolicyResult: type: object properties: policy: allOf: - $ref: '#/components/schemas/Policy' nullable: true ApiError: type: object required: - message properties: message: type: string GetPolicyMetadataResult: type: object required: - metadata properties: metadata: $ref: '#/components/schemas/PolicyMetadata' PolicyMetadata: type: object required: - resources properties: resources: type: object additionalProperties: $ref: '#/components/schemas/ResourceBlockData' ResourceBlockData: type: object required: - permissions - relations - roles properties: roles: type: array items: type: string permissions: type: array items: type: string relations: type: object additionalProperties: type: string Fact: description: 'A pattern object for matching authorization-relevant data, ie: facts.' type: object required: - args - predicate properties: predicate: type: string args: type: array items: $ref: '#/components/schemas/Value' Value: type: object properties: type: type: string nullable: true id: type: string nullable: true Bulk: type: object required: - delete - tell properties: delete: type: array items: $ref: '#/components/schemas/Fact' tell: type: array items: $ref: '#/components/schemas/Fact' FactChangeset: description: A grouped run of facts to insert or delete. Inserted facts must contain concrete fact args, but deleted facts may contain wildcards. anyOf: - type: object required: - inserts properties: inserts: type: array items: $ref: '#/components/schemas/Fact' - type: object required: - deletes properties: deletes: type: array items: $ref: '#/components/schemas/Fact' AuthorizeResult: type: object required: - allowed properties: allowed: type: boolean AuthorizeQuery: type: object required: - action - actor_id - actor_type - resource_id - resource_type properties: actor_type: type: string actor_id: type: string action: type: string resource_type: type: string resource_id: type: string context_facts: default: [] type: array items: $ref: '#/components/schemas/Fact' AuthorizeResourcesResult: type: object required: - results properties: results: type: array items: $ref: '#/components/schemas/Value' AuthorizeResourcesQuery: type: object required: - action - actor_id - actor_type - resources properties: actor_type: type: string actor_id: type: string action: type: string resources: type: array items: $ref: '#/components/schemas/Value' context_facts: default: [] type: array items: $ref: '#/components/schemas/Fact' ListResult: type: object required: - results - next_page_token properties: results: type: array items: type: string next_page_token: description: Optional token for fetching the next page of results. Present when more results are available. type: string nullable: true ListQuery: type: object required: - action - actor_id - actor_type - resource_type - page_size properties: actor_type: type: string actor_id: type: string action: type: string resource_type: type: string context_facts: default: [] type: array items: $ref: '#/components/schemas/Fact' page_size: description: Required. Page size for pagination. Must be at least 10,000. Results will be paginated and a `next_page_token` will be included in the response if more results are available. Ignored when `page_token` is provided, since the page size is determined by the original request. default: 10000 type: integer format: uint minimum: 10000 page_token: description: Page token for fetching subsequent pages of results. Use the `next_page_token` from a previous response. When provided, `page_size` is ignored. default: null type: string nullable: true ActionsResult: type: object required: - results properties: results: type: array items: type: string ActionsQuery: type: object required: - actor_id - actor_type - resource_id - resource_type properties: actor_type: type: string actor_id: type: string resource_type: type: string resource_id: type: string context_facts: default: [] type: array items: $ref: '#/components/schemas/Fact' QueryResultDeprecated: type: object required: - results properties: results: type: array items: $ref: '#/components/schemas/Fact' QueryDeprecated: type: object required: - fact properties: fact: $ref: '#/components/schemas/Fact' context_facts: default: [] type: array items: $ref: '#/components/schemas/Fact' QueryResult: type: object required: - results properties: results: type: array items: type: object additionalProperties: type: string nullable: true Query: description: A generic query comprising 1+ predicates conjuncted together. type: object required: - calls - constraints - context_facts - predicate properties: predicate: description: 'Predicate name and variable names. INVARIANT: all variable names must exist in `constraints`. This ensures that all variables at least have a type.' type: array items: - type: string - type: array items: type: string maxItems: 2 minItems: 2 calls: description: 'Predicate name and variable names. INVARIANT: all variable names must exist in `constraints`. This ensures that all variables at least have a type.' type: array items: type: array items: - type: string - type: array items: type: string maxItems: 2 minItems: 2 constraints: description: Map of variable names to their type and value(s). Every variable is at least typed and may also be constrained to a set of values. type: object additionalProperties: $ref: '#/components/schemas/Constraint' context_facts: type: array items: $ref: '#/components/schemas/ConcreteFact' Constraint: description: Constraints on a variable. All variables must have a type, and they may also be constrained to a set of values. type: object required: - type properties: type: description: The type of the variable. type: string ids: description: The possible values of the variable. `None` means the variable can be any value. `Some(["foo"])` means the variable must be exactly `"foo"`. `Some(["foo", "bar"])` means the variable can be either `"foo"` or `"bar"`. The latter is how we represent `In` expressions in the new Query API. type: array items: type: string nullable: true ConcreteFact: description: 'A specific piece of authorization-relevant data, ie: a fact. `ConcreteFact`s are suitable for storing in the database, since they represent the information in a specific, fully-qualified fact. To represent the set of facts matching a pattern instead, see [`Fact`].' type: object required: - args - predicate properties: predicate: type: string args: type: array items: $ref: '#/components/schemas/TypedId' TypedId: type: object required: - id - type properties: type: type: string id: type: string LocalActionsResult: type: object required: - sql properties: sql: type: string LocalActionsQuery: type: object required: - data_bindings - query properties: query: $ref: '#/components/schemas/ActionsQuery' data_bindings: type: string LocalAuthResult: type: object required: - sql properties: sql: type: string LocalAuthQuery: type: object required: - data_bindings - query properties: query: $ref: '#/components/schemas/AuthorizeQuery' data_bindings: type: string LocalListResult: type: object required: - sql properties: sql: type: string LocalListQuery: type: object required: - column - data_bindings - query properties: query: $ref: '#/components/schemas/ListQuery' column: type: string data_bindings: type: string LocalQueryResult: type: object required: - sql properties: sql: type: string LocalQuery: type: object required: - data_bindings - mode - query properties: query: $ref: '#/components/schemas/Query' data_bindings: type: string mode: $ref: '#/components/schemas/LocalQueryMode' LocalQueryMode: oneOf: - type: object required: - mode - query_vars_to_output_column_names properties: mode: type: string enum: - select query_vars_to_output_column_names: type: object additionalProperties: type: string - type: object required: - mode - output_column_name - query_var properties: mode: type: string enum: - filter query_var: type: string output_column_name: type: string securitySchemes: ApiKey: description: Requires an API key to access. type: http scheme: bearer bearerFormat: Bearer e_0123_123_token0123