Class: SDM::Client

Inherits:

Object

• Object
• SDM::Client

Defined in:

lib/strongdm.rb

Overview

Client bundles all the services together and initializes them.

Instance Attribute Summary

• #access_request_events_history ⇒ Object readonly

  AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.

• #access_requests ⇒ Object readonly

  AccessRequests are requests for access to a resource that may match a Workflow.

• #access_requests_history ⇒ Object readonly

  AccessRequestsHistory provides records of all changes to the state of an AccessRequest.

• #account_attachments ⇒ Object readonly

  AccountAttachments assign an account to a role.

• #account_attachments_history ⇒ Object readonly

  AccountAttachmentsHistory records all changes to the state of an AccountAttachment.

• #account_grants ⇒ Object readonly

  AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.

• #account_grants_history ⇒ Object readonly

  AccountGrantsHistory records all changes to the state of an AccountGrant.

• #account_permissions ⇒ Object readonly

  AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.

• #account_resources ⇒ Object readonly

  AccountResources enumerates the resources to which accounts have access.

• #account_resources_history ⇒ Object readonly

  AccountResourcesHistory records all changes to the state of a AccountResource.

• #accounts ⇒ Object readonly

  Accounts are users that have access to strongDM.

• #accounts_groups ⇒ Object readonly

  An AccountGroup links an account and a group.

• #accounts_groups_history ⇒ Object readonly

  AccountsGroupsHistory records all changes to the state of an AccountGroup.

• #accounts_history ⇒ Object readonly

  AccountsHistory records all changes to the state of an Account.

• #activities ⇒ Object readonly

  An Activity is a record of an action taken against a strongDM deployment, e.g.

• #api_access_key ⇒ Object readonly

  API authentication token (read-only).

• #approval_workflow_approvers ⇒ Object readonly

  ApprovalWorkflowApprovers link approval workflow approvers to an ApprovalWorkflowStep.

• #approval_workflow_approvers_history ⇒ Object readonly

  ApprovalWorkflowApproversHistory records all changes to the state of an ApprovalWorkflowApprover.

• #approval_workflow_steps ⇒ Object readonly

  ApprovalWorkflowSteps link approval workflow steps to an ApprovalWorkflow.

• #approval_workflow_steps_history ⇒ Object readonly

  ApprovalWorkflowStepsHistory records all changes to the state of an ApprovalWorkflowStep.

• #approval_workflows ⇒ Object readonly

  ApprovalWorkflows are the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied.

• #approval_workflows_history ⇒ Object readonly

  ApprovalWorkflowsHistory records all changes to the state of an ApprovalWorkflow.

• #base_retry_delay ⇒ Object readonly

  Returns the value of attribute base_retry_delay.

• #control_panel ⇒ Object readonly

  ControlPanel contains all administrative controls.

• #discovery_connectors ⇒ Object readonly

  A Discovery Connector is a configuration object for performing Resource Scans in remote systems such as AWS, GCP, Azure, and other systems.

• #groups ⇒ Object readonly

  A Group is a set of principals.

• #groups_history ⇒ Object readonly

  GroupsHistory records all changes to the state of a Group.

• #groups_roles ⇒ Object readonly

  A GroupRole is an assignment of a Group to a Role.

• #groups_roles_history ⇒ Object readonly

  GroupsRolesHistory records all changes to the state of a GroupRole.

• #health_checks ⇒ Object readonly

  HealthChecks lists the last healthcheck between each node and resource.

• #identity_aliases ⇒ Object readonly

  IdentityAliases assign an alias to an account within an IdentitySet.

• #identity_aliases_history ⇒ Object readonly

  IdentityAliasesHistory records all changes to the state of a IdentityAlias.

• #identity_sets ⇒ Object readonly

  A IdentitySet is a named grouping of Identity Aliases for Accounts.

• #identity_sets_history ⇒ Object readonly

  IdentitySetsHistory records all changes to the state of a IdentitySet.

• #interceptor ⇒ Object readonly

  Method interceptor for request/response hooks (read-only).

• #managed_secrets ⇒ Object readonly

  ManagedSecret is a private vertical for creating, reading, updating, deleting, listing and rotating the managed secrets in the secrets engines as an authenticated user.

• #max_retry_delay ⇒ Object readonly

  Returns the value of attribute max_retry_delay.

• #nodes ⇒ Object readonly

  Nodes make up the StrongDM network, and allow your users to connect securely to your resources.

• #nodes_history ⇒ Object readonly

  NodesHistory records all changes to the state of a Node.

• #organization_history ⇒ Object readonly

  OrganizationHistory records all changes to the state of an Organization.

• #page_limit ⇒ Object

  Returns the value of attribute page_limit.

• #peering_group_nodes ⇒ Object readonly

  PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.

• #peering_group_peers ⇒ Object readonly

  PeeringGroupPeers provides the building blocks necessary to link two peering groups.

• #peering_group_resources ⇒ Object readonly

  PeeringGroupResources provides the building blocks necessary to obtain attach a resource to a peering group.

• #peering_groups ⇒ Object readonly

  PeeringGroups provides the building blocks necessary to obtain explicit network topology and routing.

• #policies ⇒ Object readonly

  Policies are the collection of one or more statements that enforce fine-grained access control for the users of an organization.

• #policies_history ⇒ Object readonly

  PoliciesHistory records all changes to the state of a Policy.

• #proxy_cluster_keys ⇒ Object readonly

  Proxy Cluster Keys are authentication keys for all proxies within a cluster.

• #queries ⇒ Object readonly

  A Query is a record of a single client request to a resource, such as a SQL query.

• #remote_identities ⇒ Object readonly

  RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.

• #remote_identities_history ⇒ Object readonly

  RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.

• #remote_identity_groups ⇒ Object readonly

  A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.

• #remote_identity_groups_history ⇒ Object readonly

  RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.

• #replays ⇒ Object readonly

  A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query).

• #resources ⇒ Object readonly

  Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.

• #resources_history ⇒ Object readonly

  ResourcesHistory records all changes to the state of a Resource.

• #role_resources ⇒ Object readonly

  RoleResources enumerates the resources to which roles have access.

• #role_resources_history ⇒ Object readonly

  RoleResourcesHistory records all changes to the state of a RoleResource.

• #roles ⇒ Object readonly

  A Role has a list of access rules which determine which Resources the members of the Role have access to.

• #roles_history ⇒ Object readonly

  RolesHistory records all changes to the state of a Role.

• #secret_engines ⇒ Object readonly

  See SecretEngines.

• #secret_store_healths ⇒ Object readonly

  SecretStoreHealths exposes health states for secret stores.

• #secret_stores ⇒ Object readonly

  SecretStores are servers where resource secrets (passwords, keys) are stored.

• #secret_stores_history ⇒ Object readonly

  SecretStoresHistory records all changes to the state of a SecretStore.

• #snapshot_time ⇒ Object readonly

  Optional timestamp at which to provide historical data.

• #workflow_approvers ⇒ Object readonly

  WorkflowApprovers is an account or a role with the ability to approve requests bound to a workflow.

• #workflow_approvers_history ⇒ Object readonly

  WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.

• #workflow_roles ⇒ Object readonly

  WorkflowRole links a role to a workflow.

• #workflow_roles_history ⇒ Object readonly

  WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole.

• #workflows ⇒ Object readonly

  Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.

• #workflows_history ⇒ Object readonly

  WorkflowsHistory provides records of all changes to the state of a Workflow.

Instance Method Summary

• #close ⇒ Object

  Closes this client and releases all resources held by it.

• #initialize(api_access_key, api_secret_key, host: "app.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 0) ⇒ Client constructor

  Creates a new strongDM API client.

• #max_retries ⇒ Object deprecated Deprecated.
• #sign(method_name, msg_bytes) ⇒ Object
• #snapshot_at(snapshot_time) ⇒ Object

  Constructs a read-only client that will provide historical data from the provided timestamp.

Constructor Details

#initialize(api_access_key, api_secret_key, host: "app.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 0) ⇒ Client

Creates a new strongDM API client.

Raises:

• (TypeError)

# File 'lib/strongdm.rb', line 38

def initialize(api_access_key, api_secret_key, host: "app.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 0)
  raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String)
  raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String)
  raise TypeError, "client host must be a string" unless host.kind_of?(String)
  @api_access_key = api_access_key.strip
  @api_secret_key = Base64.strict_decode64(api_secret_key.strip)
  @base_retry_delay = DEFAULT_BASE_RETRY_DELAY
  @max_retry_delay = DEFAULT_MAX_RETRY_DELAY
  @retry_factor = DEFAULT_RETRY_FACTOR
  @retry_jitter = DEFAULT_RETRY_JITTER
  @page_limit = page_limit
  @retry_rate_limit_errors = retry_rate_limit_errors
  @snapshot_time = nil
  # Initialize method interceptor for request/response hooks
  @interceptor = MethodInterceptor.new(self)
  @encryption_interceptor = SecretEncryptionInterceptor.new(self)
  @encryption_interceptor.setup(@interceptor)
  begin
    if insecure
      @channel = GRPC::Core::Channel.new(host, {}, :this_channel_is_insecure)
    else
      cred = GRPC::Core::ChannelCredentials.new()
      @channel = GRPC::Core::Channel.new(host, {}, cred)
    end
  rescue => exception
    raise Plumbing::convert_error_to_porcelain(exception)
  end
  @access_requests = AccessRequests.new(@channel, self)
  @access_request_events_history = AccessRequestEventsHistory.new(@channel, self)
  @access_requests_history = AccessRequestsHistory.new(@channel, self)
  @account_attachments = AccountAttachments.new(@channel, self)
  @account_attachments_history = AccountAttachmentsHistory.new(@channel, self)
  @account_grants = AccountGrants.new(@channel, self)
  @account_grants_history = AccountGrantsHistory.new(@channel, self)
  @account_permissions = AccountPermissions.new(@channel, self)
  @account_resources = AccountResources.new(@channel, self)
  @account_resources_history = AccountResourcesHistory.new(@channel, self)
  @accounts = Accounts.new(@channel, self)
  @accounts_groups = AccountsGroups.new(@channel, self)
  @accounts_groups_history = AccountsGroupsHistory.new(@channel, self)
  @accounts_history = AccountsHistory.new(@channel, self)
  @activities = Activities.new(@channel, self)
  @approval_workflow_approvers = ApprovalWorkflowApprovers.new(@channel, self)
  @approval_workflow_approvers_history = ApprovalWorkflowApproversHistory.new(@channel, self)
  @approval_workflow_steps = ApprovalWorkflowSteps.new(@channel, self)
  @approval_workflow_steps_history = ApprovalWorkflowStepsHistory.new(@channel, self)
  @approval_workflows = ApprovalWorkflows.new(@channel, self)
  @approval_workflows_history = ApprovalWorkflowsHistory.new(@channel, self)
  @control_panel = ControlPanel.new(@channel, self)
  @discovery_connectors = DiscoveryConnectors.new(@channel, self)
  @roles = Roles.new(@channel, self)
  @groups = Groups.new(@channel, self)
  @groups_history = GroupsHistory.new(@channel, self)
  @groups_roles = GroupsRoles.new(@channel, self)
  @groups_roles_history = GroupsRolesHistory.new(@channel, self)
  @health_checks = HealthChecks.new(@channel, self)
  @identity_aliases = IdentityAliases.new(@channel, self)
  @identity_aliases_history = IdentityAliasesHistory.new(@channel, self)
  @identity_sets = IdentitySets.new(@channel, self)
  @identity_sets_history = IdentitySetsHistory.new(@channel, self)
  @managed_secrets = ManagedSecrets.new(@channel, self)
  @nodes = Nodes.new(@channel, self)
  @nodes_history = NodesHistory.new(@channel, self)
  @organization_history = OrganizationHistory.new(@channel, self)
  @peering_group_nodes = PeeringGroupNodes.new(@channel, self)
  @peering_group_peers = PeeringGroupPeers.new(@channel, self)
  @peering_group_resources = PeeringGroupResources.new(@channel, self)
  @peering_groups = PeeringGroups.new(@channel, self)
  @policies = Policies.new(@channel, self)
  @policies_history = PoliciesHistory.new(@channel, self)
  @proxy_cluster_keys = ProxyClusterKeys.new(@channel, self)
  @queries = Queries.new(@channel, self)
  @remote_identities = RemoteIdentities.new(@channel, self)
  @remote_identities_history = RemoteIdentitiesHistory.new(@channel, self)
  @remote_identity_groups = RemoteIdentityGroups.new(@channel, self)
  @remote_identity_groups_history = RemoteIdentityGroupsHistory.new(@channel, self)
  @replays = Replays.new(@channel, self)
  @resources = Resources.new(@channel, self)
  @resources_history = ResourcesHistory.new(@channel, self)
  @role_resources = RoleResources.new(@channel, self)
  @role_resources_history = RoleResourcesHistory.new(@channel, self)
  @roles_history = RolesHistory.new(@channel, self)
  @secret_stores = SecretStores.new(@channel, self)
  @secret_engines = SecretEngines.new(@channel, self)
  @secret_store_healths = SecretStoreHealths.new(@channel, self)
  @secret_stores_history = SecretStoresHistory.new(@channel, self)
  @workflow_approvers = WorkflowApprovers.new(@channel, self)
  @workflow_approvers_history = WorkflowApproversHistory.new(@channel, self)
  @workflow_roles = WorkflowRoles.new(@channel, self)
  @workflow_roles_history = WorkflowRolesHistory.new(@channel, self)
  @workflows = Workflows.new(@channel, self)
  @workflows_history = WorkflowsHistory.new(@channel, self)
end

Instance Attribute Details

#access_request_events_history ⇒ Object (readonly)

AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.

See AccessRequestEventsHistory.

# File 'lib/strongdm.rb', line 251

def access_request_events_history
  @access_request_events_history
end

#access_requests ⇒ Object (readonly)

AccessRequests are requests for access to a resource that may match a Workflow.

See AccessRequests.

# File 'lib/strongdm.rb', line 247

def access_requests
  @access_requests
end

#access_requests_history ⇒ Object (readonly)

AccessRequestsHistory provides records of all changes to the state of an AccessRequest.

See AccessRequestsHistory.

# File 'lib/strongdm.rb', line 255

def access_requests_history
  @access_requests_history
end

#account_attachments ⇒ Object (readonly)

AccountAttachments assign an account to a role.

See AccountAttachments.

# File 'lib/strongdm.rb', line 259

def account_attachments
  @account_attachments
end

#account_attachments_history ⇒ Object (readonly)

AccountAttachmentsHistory records all changes to the state of an AccountAttachment.

See AccountAttachmentsHistory.

# File 'lib/strongdm.rb', line 263

def account_attachments_history
  @account_attachments_history
end

#account_grants ⇒ Object (readonly)

AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.

See AccountGrants.

# File 'lib/strongdm.rb', line 267

def account_grants
  @account_grants
end

#account_grants_history ⇒ Object (readonly)

AccountGrantsHistory records all changes to the state of an AccountGrant.

See AccountGrantsHistory.

# File 'lib/strongdm.rb', line 271

def account_grants_history
  @account_grants_history
end

#account_permissions ⇒ Object (readonly)

AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.

See AccountPermissions.

# File 'lib/strongdm.rb', line 276

def account_permissions
  @account_permissions
end

#account_resources ⇒ Object (readonly)

AccountResources enumerates the resources to which accounts have access. The AccountResources service is read-only.

See AccountResources.

# File 'lib/strongdm.rb', line 281

def account_resources
  @account_resources
end

#account_resources_history ⇒ Object (readonly)

AccountResourcesHistory records all changes to the state of a AccountResource.

See AccountResourcesHistory.

# File 'lib/strongdm.rb', line 285

def account_resources_history
  @account_resources_history
end

#accounts ⇒ Object (readonly)

Accounts are users that have access to strongDM. There are two types of accounts:

1. Users: humans who are authenticated through username and password or SSO.
2. Service Accounts: machines that are authenticated using a service token.
3. Tokens are access keys with permissions that can be used for authentication.

See Accounts.

# File 'lib/strongdm.rb', line 292

def accounts
  @accounts
end

#accounts_groups ⇒ Object (readonly)

An AccountGroup links an account and a group.

See AccountsGroups.

# File 'lib/strongdm.rb', line 296

def accounts_groups
  @accounts_groups
end

#accounts_groups_history ⇒ Object (readonly)

AccountsGroupsHistory records all changes to the state of an AccountGroup.

See AccountsGroupsHistory.

# File 'lib/strongdm.rb', line 300

def accounts_groups_history
  @accounts_groups_history
end

#accounts_history ⇒ Object (readonly)

AccountsHistory records all changes to the state of an Account.

See AccountsHistory.

# File 'lib/strongdm.rb', line 304

def accounts_history
  @accounts_history
end

#activities ⇒ Object (readonly)

An Activity is a record of an action taken against a strongDM deployment, e.g. a user creation, resource deletion, sso configuration change, etc. The Activities service is read-only.

See Activities.

# File 'lib/strongdm.rb', line 310

def activities
  @activities
end

#api_access_key ⇒ Object (readonly)

API authentication token (read-only).

# File 'lib/strongdm.rb', line 239

def api_access_key
  @api_access_key
end

#approval_workflow_approvers ⇒ Object (readonly)

ApprovalWorkflowApprovers link approval workflow approvers to an ApprovalWorkflowStep

See ApprovalWorkflowApprovers.

# File 'lib/strongdm.rb', line 314

def approval_workflow_approvers
  @approval_workflow_approvers
end

#approval_workflow_approvers_history ⇒ Object (readonly)

ApprovalWorkflowApproversHistory records all changes to the state of an ApprovalWorkflowApprover.

See ApprovalWorkflowApproversHistory.

# File 'lib/strongdm.rb', line 318

def approval_workflow_approvers_history
  @approval_workflow_approvers_history
end

#approval_workflow_steps ⇒ Object (readonly)

ApprovalWorkflowSteps link approval workflow steps to an ApprovalWorkflow

See ApprovalWorkflowSteps.

# File 'lib/strongdm.rb', line 322

def approval_workflow_steps
  @approval_workflow_steps
end

#approval_workflow_steps_history ⇒ Object (readonly)

ApprovalWorkflowStepsHistory records all changes to the state of an ApprovalWorkflowStep.

See ApprovalWorkflowStepsHistory.

# File 'lib/strongdm.rb', line 326

def approval_workflow_steps_history
  @approval_workflow_steps_history
end

#approval_workflows ⇒ Object (readonly)

ApprovalWorkflows are the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied.

See ApprovalWorkflows.

# File 'lib/strongdm.rb', line 331

def approval_workflows
  @approval_workflows
end

#approval_workflows_history ⇒ Object (readonly)

ApprovalWorkflowsHistory records all changes to the state of an ApprovalWorkflow.

See ApprovalWorkflowsHistory.

# File 'lib/strongdm.rb', line 335

def approval_workflows_history
  @approval_workflows_history
end

#base_retry_delay ⇒ Object (readonly)

Returns the value of attribute base_retry_delay.

# File 'lib/strongdm.rb', line 234

def base_retry_delay
  @base_retry_delay
end

#control_panel ⇒ Object (readonly)

ControlPanel contains all administrative controls.

See SDM::ControlPanel.

# File 'lib/strongdm.rb', line 339

def control_panel
  @control_panel
end

#discovery_connectors ⇒ Object (readonly)

A Discovery Connector is a configuration object for performing Resource Scans in remote systems such as AWS, GCP, Azure, and other systems.

See DiscoveryConnectors.

# File 'lib/strongdm.rb', line 344

def discovery_connectors
  @discovery_connectors
end

#groups ⇒ Object (readonly)

A Group is a set of principals.

See Groups.

# File 'lib/strongdm.rb', line 354

def groups
  @groups
end

#groups_history ⇒ Object (readonly)

GroupsHistory records all changes to the state of a Group.

See GroupsHistory.

# File 'lib/strongdm.rb', line 358

def groups_history
  @groups_history
end

#groups_roles ⇒ Object (readonly)

A GroupRole is an assignment of a Group to a Role.

See GroupsRoles.

# File 'lib/strongdm.rb', line 362

def groups_roles
  @groups_roles
end

#groups_roles_history ⇒ Object (readonly)

GroupsRolesHistory records all changes to the state of a GroupRole.

See GroupsRolesHistory.

# File 'lib/strongdm.rb', line 366

def groups_roles_history
  @groups_roles_history
end

#health_checks ⇒ Object (readonly)

HealthChecks lists the last healthcheck between each node and resource. Note the unconventional capitalization here is to prevent having a collision with GRPC

See HealthChecks.

# File 'lib/strongdm.rb', line 371

def health_checks
  @health_checks
end

#identity_aliases ⇒ Object (readonly)

IdentityAliases assign an alias to an account within an IdentitySet. The alias is used as the username when connecting to a identity supported resource.

See IdentityAliases.

# File 'lib/strongdm.rb', line 376

def identity_aliases
  @identity_aliases
end

#identity_aliases_history ⇒ Object (readonly)

IdentityAliasesHistory records all changes to the state of a IdentityAlias.

See IdentityAliasesHistory.

# File 'lib/strongdm.rb', line 380

def identity_aliases_history
  @identity_aliases_history
end

#identity_sets ⇒ Object (readonly)

A IdentitySet is a named grouping of Identity Aliases for Accounts. An Account's relationship to a IdentitySet is defined via IdentityAlias objects.

See IdentitySets.

# File 'lib/strongdm.rb', line 385

def identity_sets
  @identity_sets
end

#identity_sets_history ⇒ Object (readonly)

IdentitySetsHistory records all changes to the state of a IdentitySet.

See IdentitySetsHistory.

# File 'lib/strongdm.rb', line 389

def identity_sets_history
  @identity_sets_history
end

#interceptor ⇒ Object (readonly)

Method interceptor for request/response hooks (read-only).

# File 'lib/strongdm.rb', line 243

def interceptor
  @interceptor
end

#managed_secrets ⇒ Object (readonly)

ManagedSecret is a private vertical for creating, reading, updating, deleting, listing and rotating the managed secrets in the secrets engines as an authenticated user.

See ManagedSecrets.

# File 'lib/strongdm.rb', line 395

def managed_secrets
  @managed_secrets
end

#max_retry_delay ⇒ Object (readonly)

Returns the value of attribute max_retry_delay.

# File 'lib/strongdm.rb', line 235

def max_retry_delay
  @max_retry_delay
end

#nodes ⇒ Object (readonly)

Nodes make up the StrongDM network, and allow your users to connect securely to your resources. There are three types of nodes:

1. Relay: creates connectivity to your datasources, while maintaining the egress-only nature of your firewall
2. Gateway: a relay that also listens for connections from StrongDM clients
3. Proxy Cluster: a cluster of workers that together mediate access from clients to resources

See Nodes.

# File 'lib/strongdm.rb', line 403

def nodes
  @nodes
end

#nodes_history ⇒ Object (readonly)

NodesHistory records all changes to the state of a Node.

See NodesHistory.

# File 'lib/strongdm.rb', line 407

def nodes_history
  @nodes_history
end

#organization_history ⇒ Object (readonly)

OrganizationHistory records all changes to the state of an Organization.

See OrganizationHistory.

# File 'lib/strongdm.rb', line 411

def organization_history
  @organization_history
end

#page_limit ⇒ Object

Returns the value of attribute page_limit.

# File 'lib/strongdm.rb', line 236

def page_limit
  @page_limit
end

#peering_group_nodes ⇒ Object (readonly)

PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.

See PeeringGroupNodes.

# File 'lib/strongdm.rb', line 415

def peering_group_nodes
  @peering_group_nodes
end

#peering_group_peers ⇒ Object (readonly)

PeeringGroupPeers provides the building blocks necessary to link two peering groups.

See PeeringGroupPeers.

# File 'lib/strongdm.rb', line 419

def peering_group_peers
  @peering_group_peers
end

#peering_group_resources ⇒ Object (readonly)

PeeringGroupResources provides the building blocks necessary to obtain attach a resource to a peering group.

See PeeringGroupResources.

# File 'lib/strongdm.rb', line 423

def peering_group_resources
  @peering_group_resources
end

#peering_groups ⇒ Object (readonly)

PeeringGroups provides the building blocks necessary to obtain explicit network topology and routing.

See PeeringGroups.

# File 'lib/strongdm.rb', line 427

def peering_groups
  @peering_groups
end

#policies ⇒ Object (readonly)

Policies are the collection of one or more statements that enforce fine-grained access control for the users of an organization.

See Policies.

# File 'lib/strongdm.rb', line 432

def policies
  @policies
end

#policies_history ⇒ Object (readonly)

PoliciesHistory records all changes to the state of a Policy.

See PoliciesHistory.

# File 'lib/strongdm.rb', line 436

def policies_history
  @policies_history
end

#proxy_cluster_keys ⇒ Object (readonly)

Proxy Cluster Keys are authentication keys for all proxies within a cluster. The proxies within a cluster share the same key. One cluster can have multiple keys in order to facilitate key rotation.

See ProxyClusterKeys.

# File 'lib/strongdm.rb', line 442

def proxy_cluster_keys
  @proxy_cluster_keys
end

#queries ⇒ Object (readonly)

A Query is a record of a single client request to a resource, such as a SQL query. Long-running SSH, RDP, or Kubernetes interactive sessions also count as queries. The Queries service is read-only.

See Queries.

# File 'lib/strongdm.rb', line 448

def queries
  @queries
end

#remote_identities ⇒ Object (readonly)

RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.

See RemoteIdentities.

# File 'lib/strongdm.rb', line 452

def remote_identities
  @remote_identities
end

#remote_identities_history ⇒ Object (readonly)

RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.

See RemoteIdentitiesHistory.

# File 'lib/strongdm.rb', line 456

def remote_identities_history
  @remote_identities_history
end

#remote_identity_groups ⇒ Object (readonly)

A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts. An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.

See RemoteIdentityGroups.

# File 'lib/strongdm.rb', line 461

def remote_identity_groups
  @remote_identity_groups
end

#remote_identity_groups_history ⇒ Object (readonly)

RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.

See RemoteIdentityGroupsHistory.

# File 'lib/strongdm.rb', line 465

def remote_identity_groups_history
  @remote_identity_groups_history
end

#replays ⇒ Object (readonly)

A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query). The Replays service is read-only.

See Replays.

# File 'lib/strongdm.rb', line 470

def replays
  @replays
end

#resources ⇒ Object (readonly)

Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.

See Resources.

# File 'lib/strongdm.rb', line 475

def resources
  @resources
end

#resources_history ⇒ Object (readonly)

ResourcesHistory records all changes to the state of a Resource.

See ResourcesHistory.

# File 'lib/strongdm.rb', line 479

def resources_history
  @resources_history
end

#role_resources ⇒ Object (readonly)

RoleResources enumerates the resources to which roles have access. The RoleResources service is read-only.

See RoleResources.

# File 'lib/strongdm.rb', line 484

def role_resources
  @role_resources
end

#role_resources_history ⇒ Object (readonly)

RoleResourcesHistory records all changes to the state of a RoleResource.

See RoleResourcesHistory.

# File 'lib/strongdm.rb', line 488

def role_resources_history
  @role_resources_history
end

#roles ⇒ Object (readonly)

A Role has a list of access rules which determine which Resources the members of the Role have access to. An Account can be a member of multiple Roles via AccountAttachments.

See Roles.

# File 'lib/strongdm.rb', line 350

def roles
  @roles
end

#roles_history ⇒ Object (readonly)

RolesHistory records all changes to the state of a Role.

See RolesHistory.

# File 'lib/strongdm.rb', line 492

def roles_history
  @roles_history
end

#secret_engines ⇒ Object (readonly)

See SecretEngines.

# File 'lib/strongdm.rb', line 500

def secret_engines
  @secret_engines
end

#secret_store_healths ⇒ Object (readonly)

SecretStoreHealths exposes health states for secret stores.

See SecretStoreHealths.

# File 'lib/strongdm.rb', line 504

def secret_store_healths
  @secret_store_healths
end

#secret_stores ⇒ Object (readonly)

SecretStores are servers where resource secrets (passwords, keys) are stored.

See SecretStores.

# File 'lib/strongdm.rb', line 496

def secret_stores
  @secret_stores
end

#secret_stores_history ⇒ Object (readonly)

SecretStoresHistory records all changes to the state of a SecretStore.

See SecretStoresHistory.

# File 'lib/strongdm.rb', line 508

def secret_stores_history
  @secret_stores_history
end

#snapshot_time ⇒ Object

Optional timestamp at which to provide historical data

# File 'lib/strongdm.rb', line 241

def snapshot_time
  @snapshot_time
end

#workflow_approvers ⇒ Object (readonly)

WorkflowApprovers is an account or a role with the ability to approve requests bound to a workflow.

See WorkflowApprovers.

# File 'lib/strongdm.rb', line 512

def workflow_approvers
  @workflow_approvers
end

#workflow_approvers_history ⇒ Object (readonly)

WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.

See WorkflowApproversHistory.

# File 'lib/strongdm.rb', line 516

def workflow_approvers_history
  @workflow_approvers_history
end

#workflow_roles ⇒ Object (readonly)

WorkflowRole links a role to a workflow. The linked roles indicate which roles a user must be a part of to request access to a resource via the workflow.

See WorkflowRoles.

# File 'lib/strongdm.rb', line 521

def workflow_roles
  @workflow_roles
end

#workflow_roles_history ⇒ Object (readonly)

WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole

See WorkflowRolesHistory.

# File 'lib/strongdm.rb', line 525

def workflow_roles_history
  @workflow_roles_history
end

#workflows ⇒ Object (readonly)

Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.

See Workflows.

# File 'lib/strongdm.rb', line 531

def workflows
  @workflows
end

#workflows_history ⇒ Object (readonly)

WorkflowsHistory provides records of all changes to the state of a Workflow.

See WorkflowsHistory.

# File 'lib/strongdm.rb', line 535

def workflows_history
  @workflows_history
end

Instance Method Details

#close ⇒ Object

Closes this client and releases all resources held by it.

# File 'lib/strongdm.rb', line 133

def close
  begin
    @channel.close()
  rescue => exception
    raise Plumbing::convert_error_to_porcelain(exception)
  end
end

#max_retries ⇒ Object

Deprecated.

# File 'lib/strongdm.rb', line 230

def max_retries
  3
end

#sign(method_name, msg_bytes) ⇒ Object

# File 'lib/strongdm.rb', line 151

def sign(method_name, msg_bytes)
  current_utc_date = Time.now.utc
  date = sprintf("%04d-%02d-%02d", current_utc_date.year, current_utc_date.month, current_utc_date.day)

  signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @api_secret_key, date)
  signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, "sdm_api_v1")

  sha_req = Digest::SHA256.new
  sha_req << method_name
  sha_req << "\n"
  sha_req << msg_bytes
  request_hash = sha_req.digest

  return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash))
end

#snapshot_at(snapshot_time) ⇒ Object

Constructs a read-only client that will provide historical data from the provided timestamp. See SnapshotClient.

# File 'lib/strongdm.rb', line 223

def snapshot_at(snapshot_time)
  client = self.clone
  client.snapshot_time = snapshot_time
  return SnapshotClient.new(client)
end