oso 0.26.0

Core

Other bugs & improvements

  • Fixed a bug affecting runtime type checking on nested object attributes.
  • When using data filtering, the list of relations returned to the adapter is now topologically sorted.

Go

Breaking changes

Warning

This release contains breaking changes. Be sure to follow migration steps before upgrading.

Updated Go type checking behavior

When evaluating whether a given query variable matches a Go type Polar will now use direct instance comparisons instead of Go’s reflect.ConvertibleTo functionality. This change resolves false-positive type checking results where discrete structs with identical sets of fields were considered to be equivalent.

This change has implications for the use of NewTypes in Polar rule definitions. Rules that are defined using NewTypes will now only match instances of the NewType and no longer match the underlying wrapped type.

Rules which consume NewTypes must now be specialized over the NewType directly and not the underlying wrapped type.

type Action string
const (
    View Action = "view"
    Create Action = "create"
    Update Action = "update"
)

Where previously it was possible to utilize this Action type as interchangeable with that of string:

user_has_action(user: User, action: String, resource: Resource) if ...

This rule definition must be rewritten as follows:

user_has_action(user: User, action: Action, resource: Resource) if ...

New Features

Data Filtering for Go

Data filtering is now officially supported for Go! Check out our docs for more details and usage information.

Other bugs & improvements

  • Fixed regression in Go mod vendoring. Thank you @sourcec0de!

Python

Breaking Changes

@polar_class is deprecated in favor of Oso#register_class

The @polar_class decorator used to register classes with Polar has been deprecated. To register a class with Polar it is now necessary to use the Oso#register_class API.

New data filtering configuration API is now mandatory

The original data filtering configuration API using per-class build_query, exec_query, and combine_query methods has been removed. Data filtering is now configured through the new Adapter API.

Ruby

Breaking Changes

Warning

This release contains breaking changes. Be sure to follow migration steps before upgrading.

New data filtering configuration API is now mandatory

The original data filtering configuration API using per-class build_query, exec_query, and combine_query methods has been removed. Data filtering is now configured through the new Adapter API.

Node.js

Breaking Changes

Warning

This release contains breaking changes. Be sure to follow migration steps before upgrading.

New data filtering configuration API is now mandatory

The original data filtering configuration API using per-class buildQuery, execQuery, and combineQuery methods has been removed. Data filtering is now configured through the new Adapter API.

VS Code extension 0.26.0

New features

Configuring which Polar files are treated as part of the same policy

The oso.polarLanguageServer.projectRoots VS Code workspace configuration setting can be used to control which Polar files in a particular workspace folder are treated as part of the same Oso policy. For more details, see the docs.

Connect with us on Slack

If you have any questions, or just want to talk something through, jump into Slack. An Oso engineer or one of the thousands of developers in the growing community will be happy to help.