Oso 0.24.0 is out! It includes:
- A VSCode Extension (!), with syntax highlighting and support for diagnostics (errors & warnings)
- New features for resource block organization
- Data filtering performance improvements in Ruby
- Support for Go on ARM-based MacOS systems
VSCode support for Oso
We are excited to announce the release of our VSCode extension for Oso. The VSCode extension provides the best development experience for writing Polar policies by surfacing immediate and actionable feedback to users from directly within their editor. The extension includes syntax highlighting and displays rich warnings and errors inline in your Polar policies as well as in VSCode's "Problems" pane.
Previously this validation feedback was only visible to users when they executed Oso within their application process. In scenarios such as syntax issues, incomplete resource block declarations, or missing rules users will now receive realtime feedback in their editor.
Reopen resource blocks
Resource blocks now support being declared multiple times. This allows you to compose them together from different policy files in your codebase. Polar merges resource blocks before policy execution allowing rules in blocks to reference contents in others. This allows for services to share a common Organization
definition which they extend with service-specific relationships and roles.
# base.polar
resource Organization {
roles = ["member", "admin"];
}
# invoices-service.polar
resource Organization {
roles = ["billing_admin"];
"billing_admin" if "admin";
}
resource Invoices {
relations = { org: Organization };
permissions = ["view", "pay"];
"view" if "member" on "org";
"pay" if "billing_admin" on "org";
"view" if "pay";
}
Data Filtering in Ruby (Preview)
A new data filtering backend is available in the Ruby library that provides better performance for queries involving multiple models. This backend includes a new filter format that has support for joins. Using joins enables the policy to run a single query for authorized_resources
.
To enable this new data filtering backend specify the data_filtering_adapter
attribute when initializing Oso as below:
def init_oso
oso = Oso.new
oso.data_filtering_adapter = ::Oso::Polar::Data::Adapter::ActiveRecordAcapter.new
...
For more information about using this new backend, see this page in our documentation. If you're trying out this backend, we'd love to hear from you in our Slack community.
Support for Go on ARM-based MacOS
We now support building Oso on ARM-based (M1) MacOS systems with Go versions 1.16 and later.
Other fixes and improvements
- Fixed a data race in our error handling functionality which resulted in truncated error messages.
- Fixed a regression in the logic for rule matching when using
in
with data filtering. - Fixed a regression in rule type checking which prevented using roles with
actor
blocks.
For more details on these and other changes, read the changelog.
Set up a 1x1 with an Oso engineer
Our team is happy to help you get started with Oso. If you'd like to try out any of these new features, or if you're interested in learning how to use Oso in your app, schedule a 1x1 with an Oso engineers.
Our team is also available to help in Slack.