Class: SDM::ManagedSecrets

Inherits:
Object
  • Object
show all
Extended by:
Gem::Deprecate
Defined in:
lib/svc.rb

Overview

ManagedSecret is a private vertical for creating, reading, updating, deleting, listing and rotating the managed secrets in the secrets engines as an authenticated user.

See ManagedSecret.

Instance Method Summary collapse

Constructor Details

#initialize(channel, parent) ⇒ ManagedSecrets

Returns a new instance of ManagedSecrets.



2925
2926
2927
2928
2929
2930
2931
2932
 
# File 'lib/svc.rb', line 2925

def initialize(channel, parent)
  begin
    @stub = V1::ManagedSecrets::Stub.new(nil, nil, channel_override: channel)
  rescue => exception
    raise Plumbing::convert_error_to_porcelain(exception)
  end
  @parent = parent
end

Instance Method Details

#create(managed_secret, deadline: nil) ⇒ Object

Create creates a Managed Secret



3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
 
# File 'lib/svc.rb', line 3013

def create(
  managed_secret,
  deadline: nil
)
  req = V1::ManagedSecretCreateRequest.new()

  req.managed_secret = Plumbing::convert_managed_secret_to_plumbing(managed_secret)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.create(req, metadata: @parent.get_metadata("ManagedSecrets.Create", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretCreateResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_create_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#delete(id, deadline: nil) ⇒ Object

Delete deletes a Managed Secret



3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
 
# File 'lib/svc.rb', line 3102

def delete(
  id,
  deadline: nil
)
  req = V1::ManagedSecretDeleteRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.delete(req, metadata: @parent.get_metadata("ManagedSecrets.Delete", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretDeleteResponse.new()
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#force_delete(id, deadline: nil) ⇒ Object

ForceDelete deletes a Managed Secret regardless of errors on external system



3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
 
# File 'lib/svc.rb', line 3130

def force_delete(
  id,
  deadline: nil
)
  req = V1::ManagedSecretDeleteRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.force_delete(req, metadata: @parent.get_metadata("ManagedSecrets.ForceDelete", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretDeleteResponse.new()
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#get(id, deadline: nil) ⇒ Object

Get gets details of a Managed Secret without sensitive data



3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
 
# File 'lib/svc.rb', line 3158

def get(
  id,
  deadline: nil
)
  req = V1::ManagedSecretGetRequest.new()
  if not @parent.snapshot_time.nil?
    req.meta = V1::GetRequestMetadata.new()
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.get(req, metadata: @parent.get_metadata("ManagedSecrets.Get", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretGetResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#list(filter, *args, deadline: nil) ⇒ Object

List returns Managed Secrets from a Secret Engine.



2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
 
# File 'lib/svc.rb', line 2935

def list(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretListRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.list(req, metadata: @parent.get_metadata("ManagedSecrets.List", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secrets.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#list_by_actor(filter, *args, deadline: nil) ⇒ Object

List returns Managed Secrets for an Actor from a Secret Engine.



2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
 
# File 'lib/svc.rb', line 2974

def list_by_actor(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretListRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.list_by_actor(req, metadata: @parent.get_metadata("ManagedSecrets.ListByActor", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secrets.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#logs(filter, *args, deadline: nil) ⇒ Object

Logs returns the audit records for the managed secret. This may be replaced in the future.



3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
 
# File 'lib/svc.rb', line 3257

def logs(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretLogsRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.logs(req, metadata: @parent.get_metadata("ManagedSecrets.Logs", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secret_logs.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_log_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#retrieve(id, public_key, deadline: nil) ⇒ Object

Retrieve returns Managed Secret with sensitive data



3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
 
# File 'lib/svc.rb', line 3192

def retrieve(
  id,
  public_key,
  deadline: nil
)
  req = V1::ManagedSecretRetrieveRequest.new()

  req.id = (id)
  req.public_key = (public_key)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.retrieve(req, metadata: @parent.get_metadata("ManagedSecrets.Retrieve", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretRetrieveResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#rotate(id, deadline: nil) ⇒ Object

Rotate forces rotation of Managed Secret



3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
 
# File 'lib/svc.rb', line 3073

def rotate(
  id,
  deadline: nil
)
  req = V1::ManagedSecretRotateRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.rotate(req, metadata: @parent.get_metadata("ManagedSecrets.Rotate", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretRotateResponse.new()
  resp.meta = Plumbing::convert_generic_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#update(managed_secret, deadline: nil) ⇒ Object

Update updates a Managed Secret



3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
 
# File 'lib/svc.rb', line 3043

def update(
  managed_secret,
  deadline: nil
)
  req = V1::ManagedSecretUpdateRequest.new()

  req.managed_secret = Plumbing::convert_managed_secret_to_plumbing(managed_secret)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.update(req, metadata: @parent.get_metadata("ManagedSecrets.Update", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretUpdateResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_update_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#validate(id, deadline: nil) ⇒ Object

Validate returns the result of testing the stored credential against the secret engine.



3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
 
# File 'lib/svc.rb', line 3225

def validate(
  id,
  deadline: nil
)
  req = V1::ManagedSecretValidateRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.validate(req, metadata: @parent.get_metadata("ManagedSecrets.Validate", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretValidateResponse.new()
  resp.invalid_info = (plumbing_response.invalid_info)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp.valid = (plumbing_response.valid)
  resp
end