Class: SDM::ManagedSecrets

Inherits:
Object
  • Object
show all
Extended by:
Gem::Deprecate
Defined in:
lib/svc.rb

Overview

ManagedSecret is a private vertical for creating, reading, updating, deleting, listing and rotating the managed secrets in the secrets engines as an authenticated user.

See ManagedSecret.

Instance Method Summary collapse

Constructor Details

#initialize(channel, parent) ⇒ ManagedSecrets

Returns a new instance of ManagedSecrets.



4162
4163
4164
4165
4166
4167
4168
4169
 
# File 'lib/svc.rb', line 4162

def initialize(channel, parent)
  begin
    @stub = V1::ManagedSecrets::Stub.new(nil, nil, channel_override: channel)
  rescue => exception
    raise Plumbing::convert_error_to_porcelain(exception)
  end
  @parent = parent
end

Instance Method Details

#create(managed_secret, deadline: nil) ⇒ Object

Create creates a Managed Secret



4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
 
# File 'lib/svc.rb', line 4250

def create(
  managed_secret,
  deadline: nil
)
  req = V1::ManagedSecretCreateRequest.new()

  req.managed_secret = Plumbing::convert_managed_secret_to_plumbing(managed_secret)
  # Execute before interceptor hooks
  req = @parent.interceptor.execute_before("ManagedSecrets.Create", self, req)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.create(req, metadata: @parent.get_metadata("ManagedSecrets.Create", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  # Execute after interceptor hooks
  plumbing_response = @parent.interceptor.execute_after("ManagedSecrets.Create", self, req, plumbing_response)

  resp = ManagedSecretCreateResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_create_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#delete(id, deadline: nil) ⇒ Object

Delete deletes a Managed Secret



4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
 
# File 'lib/svc.rb', line 4354

def delete(
  id,
  deadline: nil
)
  req = V1::ManagedSecretDeleteRequest.new()

  req.id = (id)
  # Execute before interceptor hooks
  req = @parent.interceptor.execute_before("ManagedSecrets.Delete", self, req)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.delete(req, metadata: @parent.get_metadata("ManagedSecrets.Delete", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  # Execute after interceptor hooks
  plumbing_response = @parent.interceptor.execute_after("ManagedSecrets.Delete", self, req, plumbing_response)

  resp = ManagedSecretDeleteResponse.new()
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#force_delete(id, deadline: nil) ⇒ Object

ForceDelete deletes a Managed Secret regardless of errors on external system



4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
 
# File 'lib/svc.rb', line 4387

def force_delete(
  id,
  deadline: nil
)
  req = V1::ManagedSecretDeleteRequest.new()

  req.id = (id)
  # Execute before interceptor hooks
  req = @parent.interceptor.execute_before("ManagedSecrets.ForceDelete", self, req)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.force_delete(req, metadata: @parent.get_metadata("ManagedSecrets.ForceDelete", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  # Execute after interceptor hooks
  plumbing_response = @parent.interceptor.execute_after("ManagedSecrets.ForceDelete", self, req, plumbing_response)

  resp = ManagedSecretDeleteResponse.new()
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#get(id, deadline: nil) ⇒ Object

Get gets details of a Managed Secret without sensitive data



4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
 
# File 'lib/svc.rb', line 4420

def get(
  id,
  deadline: nil
)
  req = V1::ManagedSecretGetRequest.new()
  if not @parent.snapshot_time.nil?
    req.meta = V1::GetRequestMetadata.new()
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.id = (id)
  # Execute before interceptor hooks
  req = @parent.interceptor.execute_before("ManagedSecrets.Get", self, req)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.get(req, metadata: @parent.get_metadata("ManagedSecrets.Get", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  # Execute after interceptor hooks
  plumbing_response = @parent.interceptor.execute_after("ManagedSecrets.Get", self, req, plumbing_response)

  resp = ManagedSecretGetResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#list(filter, *args, deadline: nil) ⇒ Object

List returns Managed Secrets from a Secret Engine.



4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
 
# File 'lib/svc.rb', line 4172

def list(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretListRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.list(req, metadata: @parent.get_metadata("ManagedSecrets.List", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secrets.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#list_by_actor(filter, *args, deadline: nil) ⇒ Object

List returns Managed Secrets for an Actor from a Secret Engine.



4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
 
# File 'lib/svc.rb', line 4211

def list_by_actor(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretListRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.list_by_actor(req, metadata: @parent.get_metadata("ManagedSecrets.ListByActor", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secrets.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#logs(filter, *args, deadline: nil) ⇒ Object

Logs returns the audit records for the managed secret. This may be replaced in the future.



4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
 
# File 'lib/svc.rb', line 4534

def logs(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretLogsRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.logs(req, metadata: @parent.get_metadata("ManagedSecrets.Logs", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secret_logs.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_log_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#retrieve(id, public_key, deadline: nil) ⇒ Object

Retrieve returns Managed Secret with sensitive data



4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
 
# File 'lib/svc.rb', line 4459

def retrieve(
  id,
  public_key,
  deadline: nil
)
  req = V1::ManagedSecretRetrieveRequest.new()

  req.id = (id)
  req.public_key = (public_key)
  # Execute before interceptor hooks
  req = @parent.interceptor.execute_before("ManagedSecrets.Retrieve", self, req)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.retrieve(req, metadata: @parent.get_metadata("ManagedSecrets.Retrieve", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  # Execute after interceptor hooks
  plumbing_response = @parent.interceptor.execute_after("ManagedSecrets.Retrieve", self, req, plumbing_response)

  resp = ManagedSecretRetrieveResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#rotate(id, deadline: nil) ⇒ Object

Rotate forces rotation of Managed Secret



4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
 
# File 'lib/svc.rb', line 4320

def rotate(
  id,
  deadline: nil
)
  req = V1::ManagedSecretRotateRequest.new()

  req.id = (id)
  # Execute before interceptor hooks
  req = @parent.interceptor.execute_before("ManagedSecrets.Rotate", self, req)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.rotate(req, metadata: @parent.get_metadata("ManagedSecrets.Rotate", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  # Execute after interceptor hooks
  plumbing_response = @parent.interceptor.execute_after("ManagedSecrets.Rotate", self, req, plumbing_response)

  resp = ManagedSecretRotateResponse.new()
  resp.meta = Plumbing::convert_generic_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#update(managed_secret, deadline: nil) ⇒ Object

Update updates a Managed Secret



4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
 
# File 'lib/svc.rb', line 4285

def update(
  managed_secret,
  deadline: nil
)
  req = V1::ManagedSecretUpdateRequest.new()

  req.managed_secret = Plumbing::convert_managed_secret_to_plumbing(managed_secret)
  # Execute before interceptor hooks
  req = @parent.interceptor.execute_before("ManagedSecrets.Update", self, req)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.update(req, metadata: @parent.get_metadata("ManagedSecrets.Update", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  # Execute after interceptor hooks
  plumbing_response = @parent.interceptor.execute_after("ManagedSecrets.Update", self, req, plumbing_response)

  resp = ManagedSecretUpdateResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_update_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#validate(id, deadline: nil) ⇒ Object

Validate returns the result of testing the stored credential against the secret engine.



4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
 
# File 'lib/svc.rb', line 4497

def validate(
  id,
  deadline: nil
)
  req = V1::ManagedSecretValidateRequest.new()

  req.id = (id)
  # Execute before interceptor hooks
  req = @parent.interceptor.execute_before("ManagedSecrets.Validate", self, req)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.validate(req, metadata: @parent.get_metadata("ManagedSecrets.Validate", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  # Execute after interceptor hooks
  plumbing_response = @parent.interceptor.execute_after("ManagedSecrets.Validate", self, req, plumbing_response)

  resp = ManagedSecretValidateResponse.new()
  resp.invalid_info = (plumbing_response.invalid_info)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp.valid = (plumbing_response.valid)
  resp
end