Class: SDM::ManagedSecrets

Inherits:
Object
  • Object
show all
Extended by:
Gem::Deprecate
Defined in:
lib/svc.rb

Overview

ManagedSecret is a private vertical for creating, reading, updating, deleting, listing and rotating the managed secrets in the secrets engines as an authenticated user.

See ManagedSecret.

Instance Method Summary collapse

Constructor Details

#initialize(channel, parent) ⇒ ManagedSecrets

Returns a new instance of ManagedSecrets.



3693
3694
3695
3696
3697
3698
3699
3700
 
# File 'lib/svc.rb', line 3693

def initialize(channel, parent)
  begin
    @stub = V1::ManagedSecrets::Stub.new(nil, nil, channel_override: channel)
  rescue => exception
    raise Plumbing::convert_error_to_porcelain(exception)
  end
  @parent = parent
end

Instance Method Details

#create(managed_secret, deadline: nil) ⇒ Object

Create creates a Managed Secret



3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
 
# File 'lib/svc.rb', line 3781

def create(
  managed_secret,
  deadline: nil
)
  req = V1::ManagedSecretCreateRequest.new()

  req.managed_secret = Plumbing::convert_managed_secret_to_plumbing(managed_secret)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.create(req, metadata: @parent.get_metadata("ManagedSecrets.Create", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretCreateResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_create_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#delete(id, deadline: nil) ⇒ Object

Delete deletes a Managed Secret



3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
 
# File 'lib/svc.rb', line 3870

def delete(
  id,
  deadline: nil
)
  req = V1::ManagedSecretDeleteRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.delete(req, metadata: @parent.get_metadata("ManagedSecrets.Delete", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretDeleteResponse.new()
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#force_delete(id, deadline: nil) ⇒ Object

ForceDelete deletes a Managed Secret regardless of errors on external system



3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
 
# File 'lib/svc.rb', line 3898

def force_delete(
  id,
  deadline: nil
)
  req = V1::ManagedSecretDeleteRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.force_delete(req, metadata: @parent.get_metadata("ManagedSecrets.ForceDelete", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretDeleteResponse.new()
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#get(id, deadline: nil) ⇒ Object

Get gets details of a Managed Secret without sensitive data



3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
 
# File 'lib/svc.rb', line 3926

def get(
  id,
  deadline: nil
)
  req = V1::ManagedSecretGetRequest.new()
  if not @parent.snapshot_time.nil?
    req.meta = V1::GetRequestMetadata.new()
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.get(req, metadata: @parent.get_metadata("ManagedSecrets.Get", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretGetResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#list(filter, *args, deadline: nil) ⇒ Object

List returns Managed Secrets from a Secret Engine.



3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
 
# File 'lib/svc.rb', line 3703

def list(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretListRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.list(req, metadata: @parent.get_metadata("ManagedSecrets.List", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secrets.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#list_by_actor(filter, *args, deadline: nil) ⇒ Object

List returns Managed Secrets for an Actor from a Secret Engine.



3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
 
# File 'lib/svc.rb', line 3742

def list_by_actor(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretListRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.list_by_actor(req, metadata: @parent.get_metadata("ManagedSecrets.ListByActor", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secrets.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#logs(filter, *args, deadline: nil) ⇒ Object

Logs returns the audit records for the managed secret. This may be replaced in the future.



4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
 
# File 'lib/svc.rb', line 4025

def logs(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretLogsRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.logs(req, metadata: @parent.get_metadata("ManagedSecrets.Logs", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secret_logs.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_log_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#retrieve(id, public_key, deadline: nil) ⇒ Object

Retrieve returns Managed Secret with sensitive data



3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
 
# File 'lib/svc.rb', line 3960

def retrieve(
  id,
  public_key,
  deadline: nil
)
  req = V1::ManagedSecretRetrieveRequest.new()

  req.id = (id)
  req.public_key = (public_key)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.retrieve(req, metadata: @parent.get_metadata("ManagedSecrets.Retrieve", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretRetrieveResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#rotate(id, deadline: nil) ⇒ Object

Rotate forces rotation of Managed Secret



3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
 
# File 'lib/svc.rb', line 3841

def rotate(
  id,
  deadline: nil
)
  req = V1::ManagedSecretRotateRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.rotate(req, metadata: @parent.get_metadata("ManagedSecrets.Rotate", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretRotateResponse.new()
  resp.meta = Plumbing::convert_generic_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#update(managed_secret, deadline: nil) ⇒ Object

Update updates a Managed Secret



3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
 
# File 'lib/svc.rb', line 3811

def update(
  managed_secret,
  deadline: nil
)
  req = V1::ManagedSecretUpdateRequest.new()

  req.managed_secret = Plumbing::convert_managed_secret_to_plumbing(managed_secret)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.update(req, metadata: @parent.get_metadata("ManagedSecrets.Update", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretUpdateResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_update_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#validate(id, deadline: nil) ⇒ Object

Validate returns the result of testing the stored credential against the secret engine.



3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
 
# File 'lib/svc.rb', line 3993

def validate(
  id,
  deadline: nil
)
  req = V1::ManagedSecretValidateRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.validate(req, metadata: @parent.get_metadata("ManagedSecrets.Validate", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretValidateResponse.new()
  resp.invalid_info = (plumbing_response.invalid_info)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp.valid = (plumbing_response.valid)
  resp
end