Class: SDM::Client
- Inherits:
-
Object
- Object
- SDM::Client
- Defined in:
- lib/strongdm.rb
Overview
Client bundles all the services together and initializes them.
Instance Attribute Summary collapse
-
#_test_options ⇒ Object
readonly
Returns the value of attribute _test_options.
-
#account_attachments ⇒ Object
readonly
AccountAttachments assign an account to a role.
-
#account_grants ⇒ Object
readonly
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#accounts ⇒ Object
readonly
Accounts are users that have access to strongDM.
-
#api_access_key ⇒ Object
readonly
API authentication token (read-only).
-
#base_retry_delay ⇒ Object
readonly
Returns the value of attribute base_retry_delay.
-
#max_retries ⇒ Object
readonly
Returns the value of attribute max_retries.
-
#max_retry_delay ⇒ Object
readonly
Returns the value of attribute max_retry_delay.
-
#nodes ⇒ Object
readonly
Nodes make up the strongDM network, and allow your users to connect securely to your resources.
-
#resources ⇒ Object
readonly
Returns the value of attribute resources.
-
#role_attachments ⇒ Object
readonly
RoleAttachments represent relationships between composite roles and the roles that make up those composite roles.
-
#role_grants ⇒ Object
readonly
RoleGrants represent relationships between composite roles and the roles that make up those composite roles.
-
#roles ⇒ Object
readonly
Roles are tools for controlling user access to resources.
Instance Method Summary collapse
- #get_metadata(method_name, req) ⇒ Object
-
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false) ⇒ Client
constructor
Creates a new strongDM API client.
- #jitterSleep(iter) ⇒ Object
- #shouldRetry(iter, err) ⇒ Object
- #sign(method_name, msg_bytes) ⇒ Object
Constructor Details
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false) ⇒ Client
Creates a new strongDM API client.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/strongdm.rb', line 31 def initialize(api_access_key, api_secret_key, host:"api.strongdm.com:443", insecure:false) @api_access_key = api_access_key @api_secret_key = Base64.strict_decode64(api_secret_key) @max_retries = DEFAULT_MAX_RETRIES @base_retry_delay = DEFAULT_BASE_RETRY_DELAY @max_retry_delay = DEFAULT_MAX_RETRY_DELAY @account_attachments = AccountAttachments.new(host, insecure, self) @account_grants = AccountGrants.new(host, insecure, self) @accounts = Accounts.new(host, insecure, self) @nodes = Nodes.new(host, insecure, self) @resources = Resources.new(host, insecure, self) @role_attachments = RoleAttachments.new(host, insecure, self) @role_grants = RoleGrants.new(host, insecure, self) @roles = Roles.new(host, insecure, self) @_test_options = Hash.new end |
Instance Attribute Details
#_test_options ⇒ Object (readonly)
Returns the value of attribute _test_options.
125 126 127 |
# File 'lib/strongdm.rb', line 125 def @_test_options end |
#account_attachments ⇒ Object (readonly)
AccountAttachments assign an account to a role.
94 95 96 |
# File 'lib/strongdm.rb', line 94 def @account_attachments end |
#account_grants ⇒ Object (readonly)
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
96 97 98 |
# File 'lib/strongdm.rb', line 96 def account_grants @account_grants end |
#accounts ⇒ Object (readonly)
Accounts are users that have access to strongDM. There are two types of accounts:
-
**Regular users:** humans who are authenticated through username and password or SSO
-
**Service users:** machines that are authneticated using a service token
101 102 103 |
# File 'lib/strongdm.rb', line 101 def accounts @accounts end |
#api_access_key ⇒ Object (readonly)
API authentication token (read-only).
92 93 94 |
# File 'lib/strongdm.rb', line 92 def api_access_key @api_access_key end |
#base_retry_delay ⇒ Object (readonly)
Returns the value of attribute base_retry_delay.
88 89 90 |
# File 'lib/strongdm.rb', line 88 def base_retry_delay @base_retry_delay end |
#max_retries ⇒ Object (readonly)
Returns the value of attribute max_retries.
87 88 89 |
# File 'lib/strongdm.rb', line 87 def max_retries @max_retries end |
#max_retry_delay ⇒ Object (readonly)
Returns the value of attribute max_retry_delay.
89 90 91 |
# File 'lib/strongdm.rb', line 89 def max_retry_delay @max_retry_delay end |
#nodes ⇒ Object (readonly)
Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
-
Relay: creates connectivity to your datasources, while maintaining the egress-only nature of your firewall
-
Gateways: a relay that also listens for connections from strongDM clients
106 107 108 |
# File 'lib/strongdm.rb', line 106 def nodes @nodes end |
#resources ⇒ Object (readonly)
Returns the value of attribute resources.
108 109 110 |
# File 'lib/strongdm.rb', line 108 def resources @resources end |
#role_attachments ⇒ Object (readonly)
RoleAttachments represent relationships between composite roles and the roles that make up those composite roles. When a composite role is attached to another role, the permissions granted to members of the composite role are augmented to include the permissions granted to members of the attached role.
113 114 115 |
# File 'lib/strongdm.rb', line 113 def @role_attachments end |
#role_grants ⇒ Object (readonly)
RoleGrants represent relationships between composite roles and the roles that make up those composite roles. When a composite role is attached to another role, the permissions granted to members of the composite role are augmented to include the permissions granted to members of the attached role.
118 119 120 |
# File 'lib/strongdm.rb', line 118 def role_grants @role_grants end |
#roles ⇒ Object (readonly)
Roles are tools for controlling user access to resources. Each Role holds a list of resources which they grant access to. Composite roles are a special type of Role which have no resource associations of their own, but instead grant access to the combined resources associated with a set of child roles. Each user can be a member of one Role or composite role.
124 125 126 |
# File 'lib/strongdm.rb', line 124 def roles @roles end |
Instance Method Details
#get_metadata(method_name, req) ⇒ Object
48 49 50 |
# File 'lib/strongdm.rb', line 48 def (method_name, req) return { 'x-sdm-authentication': @api_access_key,'x-sdm-signature': self.sign(method_name, req.to_proto)} end |
#jitterSleep(iter) ⇒ Object
68 69 70 71 72 73 74 75 |
# File 'lib/strongdm.rb', line 68 def jitterSleep(iter) dur_max = @base_retry_delay * 2**iter if (dur_max > @max_retry_delay) dur_max = @max_retry_delay end dur = rand() * dur_max sleep(dur) end |
#shouldRetry(iter, err) ⇒ Object
77 78 79 80 81 82 83 84 85 |
# File 'lib/strongdm.rb', line 77 def shouldRetry(iter, err) if (iter >= @max_retries-1) return false end if not err .is_a? GRPC::BadStatus return true end return err.code() == 13 end |
#sign(method_name, msg_bytes) ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/strongdm.rb', line 52 def sign(method_name, msg_bytes) current_utc_date = Time.now.utc date = sprintf("%04d-%02d-%02d",current_utc_date.year, current_utc_date.month, current_utc_date.day) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @api_secret_key, date) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, 'sdm_api_v1') sha_req = Digest::SHA256.new sha_req << method_name sha_req << "\n" sha_req << msg_bytes request_hash = sha_req.digest return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash)) end |