Class: SDM::Client
- Inherits:
-
Object
- Object
- SDM::Client
- Defined in:
- lib/strongdm.rb
Overview
Client bundles all the services together and initializes them.
Instance Attribute Summary collapse
-
#account_attachments ⇒ Object
readonly
AccountAttachments assign an account to a role.
-
#account_attachments_history ⇒ Object
readonly
AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
-
#account_grants ⇒ Object
readonly
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#account_grants_history ⇒ Object
readonly
AccountGrantsHistory records all changes to the state of an AccountGrant.
-
#account_permissions ⇒ Object
readonly
AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.
-
#account_resources ⇒ Object
readonly
AccountResources enumerates the resources to which accounts have access.
-
#account_resources_history ⇒ Object
readonly
AccountResourcesHistory records all changes to the state of a AccountResource.
-
#accounts ⇒ Object
readonly
Accounts are users that have access to strongDM.
-
#accounts_history ⇒ Object
readonly
AccountsHistory records all changes to the state of an Account.
-
#activities ⇒ Object
readonly
An Activity is a record of an action taken against a strongDM deployment, e.g.
-
#api_access_key ⇒ Object
readonly
API authentication token (read-only).
-
#base_retry_delay ⇒ Object
readonly
Returns the value of attribute base_retry_delay.
-
#control_panel ⇒ Object
readonly
ControlPanel contains all administrative controls.
-
#max_retries ⇒ Object
readonly
Returns the value of attribute max_retries.
-
#max_retry_delay ⇒ Object
readonly
Returns the value of attribute max_retry_delay.
-
#nodes ⇒ Object
readonly
Nodes make up the strongDM network, and allow your users to connect securely to your resources.
-
#nodes_history ⇒ Object
readonly
NodesHistory records all changes to the state of a Node.
-
#organization_history ⇒ Object
readonly
OrganizationHistory records all changes to the state of an Organization.
-
#queries ⇒ Object
readonly
A Query is a record of a single client request to a resource, such as a SQL query.
-
#remote_identities ⇒ Object
readonly
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#remote_identities_history ⇒ Object
readonly
RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
-
#remote_identity_groups ⇒ Object
readonly
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
-
#remote_identity_groups_history ⇒ Object
readonly
RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
-
#replays ⇒ Object
readonly
A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query).
-
#resources ⇒ Object
readonly
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
-
#resources_history ⇒ Object
readonly
ResourcesHistory records all changes to the state of a Resource.
-
#role_resources ⇒ Object
readonly
RoleResources enumerates the resources to which roles have access.
-
#role_resources_history ⇒ Object
readonly
RoleResourcesHistory records all changes to the state of a RoleResource.
-
#roles ⇒ Object
readonly
A Role has a list of access rules which determine which Resources the members of the Role have access to.
-
#roles_history ⇒ Object
readonly
RolesHistory records all changes to the state of a Role.
-
#secret_stores ⇒ Object
readonly
SecretStores are servers where resource secrets (passwords, keys) are stored.
-
#secret_stores_history ⇒ Object
readonly
SecretStoresHistory records all changes to the state of a SecretStore.
-
#snapshot_time ⇒ Object
readonly
Optional timestamp at which to provide historical data.
Instance Method Summary collapse
-
#close ⇒ Object
Closes this client and releases all resources held by it.
-
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true) ⇒ Client
constructor
Creates a new strongDM API client.
- #sign(method_name, msg_bytes) ⇒ Object
-
#snapshot_at(snapshot_time) ⇒ Object
Constructs a read-only client that will provide historical data from the provided timestamp.
Constructor Details
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true) ⇒ Client
Creates a new strongDM API client.
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/strongdm.rb', line 36 def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true) raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String) raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String) raise TypeError, "client host must be a string" unless host.kind_of?(String) @api_access_key = api_access_key.strip @api_secret_key = Base64.strict_decode64(api_secret_key.strip) @max_retries = DEFAULT_MAX_RETRIES @base_retry_delay = DEFAULT_BASE_RETRY_DELAY @max_retry_delay = DEFAULT_MAX_RETRY_DELAY @expose_rate_limit_errors = (not retry_rate_limit_errors) @snapshot_time = nil begin if insecure @channel = GRPC::Core::Channel.new(host, {}, :this_channel_is_insecure) else cred = GRPC::Core::ChannelCredentials.new() @channel = GRPC::Core::Channel.new(host, {}, cred) end rescue => exception raise Plumbing::convert_error_to_porcelain(exception) end @account_attachments = AccountAttachments.new(@channel, self) @account_attachments_history = AccountAttachmentsHistory.new(@channel, self) @account_grants = AccountGrants.new(@channel, self) @account_grants_history = AccountGrantsHistory.new(@channel, self) @account_permissions = AccountPermissions.new(@channel, self) @account_resources = AccountResources.new(@channel, self) @account_resources_history = AccountResourcesHistory.new(@channel, self) @accounts = Accounts.new(@channel, self) @accounts_history = AccountsHistory.new(@channel, self) @activities = Activities.new(@channel, self) @control_panel = ControlPanel.new(@channel, self) @nodes = Nodes.new(@channel, self) @nodes_history = NodesHistory.new(@channel, self) @organization_history = OrganizationHistory.new(@channel, self) @queries = Queries.new(@channel, self) @remote_identities = RemoteIdentities.new(@channel, self) @remote_identities_history = RemoteIdentitiesHistory.new(@channel, self) @remote_identity_groups = RemoteIdentityGroups.new(@channel, self) @remote_identity_groups_history = RemoteIdentityGroupsHistory.new(@channel, self) @replays = Replays.new(@channel, self) @resources = Resources.new(@channel, self) @resources_history = ResourcesHistory.new(@channel, self) @role_resources = RoleResources.new(@channel, self) @role_resources_history = RoleResourcesHistory.new(@channel, self) @roles = Roles.new(@channel, self) @roles_history = RolesHistory.new(@channel, self) @secret_stores = SecretStores.new(@channel, self) @secret_stores_history = SecretStoresHistory.new(@channel, self) @_test_options = Hash.new end |
Instance Attribute Details
#account_attachments ⇒ Object (readonly)
AccountAttachments assign an account to a role.
See AccountAttachments.
178 179 180 |
# File 'lib/strongdm.rb', line 178 def @account_attachments end |
#account_attachments_history ⇒ Object (readonly)
AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
182 183 184 |
# File 'lib/strongdm.rb', line 182 def @account_attachments_history end |
#account_grants ⇒ Object (readonly)
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
See AccountGrants.
186 187 188 |
# File 'lib/strongdm.rb', line 186 def account_grants @account_grants end |
#account_grants_history ⇒ Object (readonly)
AccountGrantsHistory records all changes to the state of an AccountGrant.
See AccountGrantsHistory.
190 191 192 |
# File 'lib/strongdm.rb', line 190 def account_grants_history @account_grants_history end |
#account_permissions ⇒ Object (readonly)
AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.
See AccountPermissions.
195 196 197 |
# File 'lib/strongdm.rb', line 195 def @account_permissions end |
#account_resources ⇒ Object (readonly)
AccountResources enumerates the resources to which accounts have access. The AccountResources service is read-only.
See AccountResources.
200 201 202 |
# File 'lib/strongdm.rb', line 200 def account_resources @account_resources end |
#account_resources_history ⇒ Object (readonly)
AccountResourcesHistory records all changes to the state of a AccountResource.
204 205 206 |
# File 'lib/strongdm.rb', line 204 def account_resources_history @account_resources_history end |
#accounts ⇒ Object (readonly)
Accounts are users that have access to strongDM. There are two types of accounts:
- Users: humans who are authenticated through username and password or SSO.
- Service Accounts: machines that are authenticated using a service token.
See Accounts.
210 211 212 |
# File 'lib/strongdm.rb', line 210 def accounts @accounts end |
#accounts_history ⇒ Object (readonly)
AccountsHistory records all changes to the state of an Account.
See AccountsHistory.
214 215 216 |
# File 'lib/strongdm.rb', line 214 def accounts_history @accounts_history end |
#activities ⇒ Object (readonly)
An Activity is a record of an action taken against a strongDM deployment, e.g. a user creation, resource deletion, sso configuration change, etc. The Activities service is read-only.
See Activities.
220 221 222 |
# File 'lib/strongdm.rb', line 220 def activities @activities end |
#api_access_key ⇒ Object (readonly)
API authentication token (read-only).
172 173 174 |
# File 'lib/strongdm.rb', line 172 def api_access_key @api_access_key end |
#base_retry_delay ⇒ Object (readonly)
Returns the value of attribute base_retry_delay.
168 169 170 |
# File 'lib/strongdm.rb', line 168 def base_retry_delay @base_retry_delay end |
#control_panel ⇒ Object (readonly)
ControlPanel contains all administrative controls.
See SDM::ControlPanel.
224 225 226 |
# File 'lib/strongdm.rb', line 224 def control_panel @control_panel end |
#max_retries ⇒ Object (readonly)
Returns the value of attribute max_retries.
167 168 169 |
# File 'lib/strongdm.rb', line 167 def max_retries @max_retries end |
#max_retry_delay ⇒ Object (readonly)
Returns the value of attribute max_retry_delay.
169 170 171 |
# File 'lib/strongdm.rb', line 169 def max_retry_delay @max_retry_delay end |
#nodes ⇒ Object (readonly)
Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
- Gateways are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
- Relays are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
See Nodes.
230 231 232 |
# File 'lib/strongdm.rb', line 230 def nodes @nodes end |
#nodes_history ⇒ Object (readonly)
NodesHistory records all changes to the state of a Node.
See NodesHistory.
234 235 236 |
# File 'lib/strongdm.rb', line 234 def nodes_history @nodes_history end |
#organization_history ⇒ Object (readonly)
OrganizationHistory records all changes to the state of an Organization.
See OrganizationHistory.
238 239 240 |
# File 'lib/strongdm.rb', line 238 def organization_history @organization_history end |
#queries ⇒ Object (readonly)
A Query is a record of a single client request to a resource, such as a SQL query. Long-running SSH, RDP, or Kubernetes interactive sessions also count as queries. The Queries service is read-only.
See Queries.
244 245 246 |
# File 'lib/strongdm.rb', line 244 def queries @queries end |
#remote_identities ⇒ Object (readonly)
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
See RemoteIdentities.
248 249 250 |
# File 'lib/strongdm.rb', line 248 def remote_identities @remote_identities end |
#remote_identities_history ⇒ Object (readonly)
RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
252 253 254 |
# File 'lib/strongdm.rb', line 252 def remote_identities_history @remote_identities_history end |
#remote_identity_groups ⇒ Object (readonly)
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts. An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
See RemoteIdentityGroups.
257 258 259 |
# File 'lib/strongdm.rb', line 257 def remote_identity_groups @remote_identity_groups end |
#remote_identity_groups_history ⇒ Object (readonly)
RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
261 262 263 |
# File 'lib/strongdm.rb', line 261 def remote_identity_groups_history @remote_identity_groups_history end |
#replays ⇒ Object (readonly)
A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query). The Replays service is read-only.
See Replays.
266 267 268 |
# File 'lib/strongdm.rb', line 266 def replays @replays end |
#resources ⇒ Object (readonly)
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
See Resources.
271 272 273 |
# File 'lib/strongdm.rb', line 271 def resources @resources end |
#resources_history ⇒ Object (readonly)
ResourcesHistory records all changes to the state of a Resource.
See ResourcesHistory.
275 276 277 |
# File 'lib/strongdm.rb', line 275 def resources_history @resources_history end |
#role_resources ⇒ Object (readonly)
RoleResources enumerates the resources to which roles have access. The RoleResources service is read-only.
See RoleResources.
280 281 282 |
# File 'lib/strongdm.rb', line 280 def role_resources @role_resources end |
#role_resources_history ⇒ Object (readonly)
RoleResourcesHistory records all changes to the state of a RoleResource.
See RoleResourcesHistory.
284 285 286 |
# File 'lib/strongdm.rb', line 284 def role_resources_history @role_resources_history end |
#roles ⇒ Object (readonly)
A Role has a list of access rules which determine which Resources the members of the Role have access to. An Account can be a member of multiple Roles via AccountAttachments.
See Roles.
290 291 292 |
# File 'lib/strongdm.rb', line 290 def roles @roles end |
#roles_history ⇒ Object (readonly)
RolesHistory records all changes to the state of a Role.
See RolesHistory.
294 295 296 |
# File 'lib/strongdm.rb', line 294 def roles_history @roles_history end |
#secret_stores ⇒ Object (readonly)
SecretStores are servers where resource secrets (passwords, keys) are stored.
See SecretStores.
298 299 300 |
# File 'lib/strongdm.rb', line 298 def secret_stores @secret_stores end |
#secret_stores_history ⇒ Object (readonly)
SecretStoresHistory records all changes to the state of a SecretStore.
See SecretStoresHistory.
302 303 304 |
# File 'lib/strongdm.rb', line 302 def secret_stores_history @secret_stores_history end |
#snapshot_time ⇒ Object
Optional timestamp at which to provide historical data
174 175 176 |
# File 'lib/strongdm.rb', line 174 def snapshot_time @snapshot_time end |
Instance Method Details
#close ⇒ Object
Closes this client and releases all resources held by it.
89 90 91 92 93 94 95 |
# File 'lib/strongdm.rb', line 89 def close begin @channel.close() rescue => exception raise Plumbing::convert_error_to_porcelain(exception) end end |
#sign(method_name, msg_bytes) ⇒ Object
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/strongdm.rb', line 107 def sign(method_name, msg_bytes) current_utc_date = Time.now.utc date = sprintf("%04d-%02d-%02d", current_utc_date.year, current_utc_date.month, current_utc_date.day) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @api_secret_key, date) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, "sdm_api_v1") sha_req = Digest::SHA256.new sha_req << method_name sha_req << "\n" sha_req << msg_bytes request_hash = sha_req.digest return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash)) end |
#snapshot_at(snapshot_time) ⇒ Object
Constructs a read-only client that will provide historical data from the provided timestamp. See SnapshotClient.
161 162 163 164 165 |
# File 'lib/strongdm.rb', line 161 def snapshot_at(snapshot_time) client = self.clone client.snapshot_time = snapshot_time return SnapshotClient.new(client) end |