Class: SDM::Client
- Inherits:
-
Object
- Object
- SDM::Client
- Defined in:
- lib/strongdm.rb
Overview
Client bundles all the services together and initializes them.
Instance Attribute Summary collapse
-
#access_request_events_history ⇒ Object
readonly
AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.
-
#access_requests ⇒ Object
readonly
AccessRequests are requests for access to a resource that may match a Workflow.
-
#access_requests_history ⇒ Object
readonly
AccessRequestsHistory provides records of all changes to the state of an AccessRequest.
-
#account_attachments ⇒ Object
readonly
AccountAttachments assign an account to a role.
-
#account_attachments_history ⇒ Object
readonly
AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
-
#account_grants ⇒ Object
readonly
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#account_grants_history ⇒ Object
readonly
AccountGrantsHistory records all changes to the state of an AccountGrant.
-
#account_permissions ⇒ Object
readonly
AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.
-
#account_resources ⇒ Object
readonly
AccountResources enumerates the resources to which accounts have access.
-
#account_resources_history ⇒ Object
readonly
AccountResourcesHistory records all changes to the state of a AccountResource.
-
#accounts ⇒ Object
readonly
Accounts are users that have access to strongDM.
-
#accounts_history ⇒ Object
readonly
AccountsHistory records all changes to the state of an Account.
-
#activities ⇒ Object
readonly
An Activity is a record of an action taken against a strongDM deployment, e.g.
-
#api_access_key ⇒ Object
readonly
API authentication token (read-only).
-
#base_retry_delay ⇒ Object
readonly
Returns the value of attribute base_retry_delay.
-
#control_panel ⇒ Object
readonly
ControlPanel contains all administrative controls.
-
#max_retries ⇒ Object
readonly
Returns the value of attribute max_retries.
-
#max_retry_delay ⇒ Object
readonly
Returns the value of attribute max_retry_delay.
-
#nodes ⇒ Object
readonly
Nodes make up the strongDM network, and allow your users to connect securely to your resources.
-
#nodes_history ⇒ Object
readonly
NodesHistory records all changes to the state of a Node.
-
#organization_history ⇒ Object
readonly
OrganizationHistory records all changes to the state of an Organization.
-
#page_limit ⇒ Object
Returns the value of attribute page_limit.
-
#peering_group_nodes ⇒ Object
readonly
PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.
-
#peering_group_peers ⇒ Object
readonly
PeeringGroupPeers provides the building blocks necessary to link two peering groups.
-
#peering_group_resources ⇒ Object
readonly
PeeringGroupResources provides the building blocks necessary to obtain attach a resource to a peering group.
-
#peering_groups ⇒ Object
readonly
PeeringGroups provides the building blocks necessary to obtain explicit network topology and routing.
-
#queries ⇒ Object
readonly
A Query is a record of a single client request to a resource, such as a SQL query.
-
#remote_identities ⇒ Object
readonly
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#remote_identities_history ⇒ Object
readonly
RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
-
#remote_identity_groups ⇒ Object
readonly
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
-
#remote_identity_groups_history ⇒ Object
readonly
RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
-
#replays ⇒ Object
readonly
A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query).
-
#resources ⇒ Object
readonly
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
-
#resources_history ⇒ Object
readonly
ResourcesHistory records all changes to the state of a Resource.
-
#role_resources ⇒ Object
readonly
RoleResources enumerates the resources to which roles have access.
-
#role_resources_history ⇒ Object
readonly
RoleResourcesHistory records all changes to the state of a RoleResource.
-
#roles ⇒ Object
readonly
A Role has a list of access rules which determine which Resources the members of the Role have access to.
-
#roles_history ⇒ Object
readonly
RolesHistory records all changes to the state of a Role.
-
#secret_stores ⇒ Object
readonly
SecretStores are servers where resource secrets (passwords, keys) are stored.
-
#secret_stores_history ⇒ Object
readonly
SecretStoresHistory records all changes to the state of a SecretStore.
-
#snapshot_time ⇒ Object
readonly
Optional timestamp at which to provide historical data.
-
#workflow_approvers_history ⇒ Object
readonly
WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.
-
#workflow_assignments_history ⇒ Object
readonly
WorkflowAssignmentsHistory provides records of all changes to the state of a WorkflowAssignment.
-
#workflow_roles_history ⇒ Object
readonly
WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole.
-
#workflows ⇒ Object
readonly
Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either but automatic approval or a set of users authorized to approve the requests.
-
#workflows_history ⇒ Object
readonly
WorkflowsHistory provides records of all changes to the state of a Workflow.
Instance Method Summary collapse
-
#close ⇒ Object
Closes this client and releases all resources held by it.
-
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 50) ⇒ Client
constructor
Creates a new strongDM API client.
- #sign(method_name, msg_bytes) ⇒ Object
-
#snapshot_at(snapshot_time) ⇒ Object
Constructs a read-only client that will provide historical data from the provided timestamp.
Constructor Details
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 50) ⇒ Client
Creates a new strongDM API client.
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/strongdm.rb', line 36 def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 50) raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String) raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String) raise TypeError, "client host must be a string" unless host.kind_of?(String) @api_access_key = api_access_key.strip @api_secret_key = Base64.strict_decode64(api_secret_key.strip) @max_retries = DEFAULT_MAX_RETRIES @base_retry_delay = DEFAULT_BASE_RETRY_DELAY @max_retry_delay = DEFAULT_MAX_RETRY_DELAY @page_limit = page_limit @expose_rate_limit_errors = (not retry_rate_limit_errors) @snapshot_time = nil begin if insecure @channel = GRPC::Core::Channel.new(host, {}, :this_channel_is_insecure) else cred = GRPC::Core::ChannelCredentials.new() @channel = GRPC::Core::Channel.new(host, {}, cred) end rescue => exception raise Plumbing::convert_error_to_porcelain(exception) end @access_requests = AccessRequests.new(@channel, self) @access_request_events_history = AccessRequestEventsHistory.new(@channel, self) @access_requests_history = AccessRequestsHistory.new(@channel, self) @account_attachments = AccountAttachments.new(@channel, self) @account_attachments_history = AccountAttachmentsHistory.new(@channel, self) @account_grants = AccountGrants.new(@channel, self) @account_grants_history = AccountGrantsHistory.new(@channel, self) @account_permissions = AccountPermissions.new(@channel, self) @account_resources = AccountResources.new(@channel, self) @account_resources_history = AccountResourcesHistory.new(@channel, self) @accounts = Accounts.new(@channel, self) @accounts_history = AccountsHistory.new(@channel, self) @activities = Activities.new(@channel, self) @control_panel = ControlPanel.new(@channel, self) @nodes = Nodes.new(@channel, self) @nodes_history = NodesHistory.new(@channel, self) @organization_history = OrganizationHistory.new(@channel, self) @peering_group_nodes = PeeringGroupNodes.new(@channel, self) @peering_group_peers = PeeringGroupPeers.new(@channel, self) @peering_group_resources = PeeringGroupResources.new(@channel, self) @peering_groups = PeeringGroups.new(@channel, self) @queries = Queries.new(@channel, self) @remote_identities = RemoteIdentities.new(@channel, self) @remote_identities_history = RemoteIdentitiesHistory.new(@channel, self) @remote_identity_groups = RemoteIdentityGroups.new(@channel, self) @remote_identity_groups_history = RemoteIdentityGroupsHistory.new(@channel, self) @replays = Replays.new(@channel, self) @resources = Resources.new(@channel, self) @resources_history = ResourcesHistory.new(@channel, self) @role_resources = RoleResources.new(@channel, self) @role_resources_history = RoleResourcesHistory.new(@channel, self) @roles = Roles.new(@channel, self) @roles_history = RolesHistory.new(@channel, self) @secret_stores = SecretStores.new(@channel, self) @secret_stores_history = SecretStoresHistory.new(@channel, self) @workflows = Workflows.new(@channel, self) @workflow_approvers_history = WorkflowApproversHistory.new(@channel, self) @workflow_assignments_history = WorkflowAssignmentsHistory.new(@channel, self) @workflow_roles_history = WorkflowRolesHistory.new(@channel, self) @workflows_history = WorkflowsHistory.new(@channel, self) end |
Instance Attribute Details
#access_request_events_history ⇒ Object (readonly)
AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.
195 196 197 |
# File 'lib/strongdm.rb', line 195 def access_request_events_history @access_request_events_history end |
#access_requests ⇒ Object (readonly)
AccessRequests are requests for access to a resource that may match a Workflow.
See AccessRequests.
191 192 193 |
# File 'lib/strongdm.rb', line 191 def access_requests @access_requests end |
#access_requests_history ⇒ Object (readonly)
AccessRequestsHistory provides records of all changes to the state of an AccessRequest.
199 200 201 |
# File 'lib/strongdm.rb', line 199 def access_requests_history @access_requests_history end |
#account_attachments ⇒ Object (readonly)
AccountAttachments assign an account to a role.
See AccountAttachments.
203 204 205 |
# File 'lib/strongdm.rb', line 203 def @account_attachments end |
#account_attachments_history ⇒ Object (readonly)
AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
207 208 209 |
# File 'lib/strongdm.rb', line 207 def @account_attachments_history end |
#account_grants ⇒ Object (readonly)
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
See AccountGrants.
211 212 213 |
# File 'lib/strongdm.rb', line 211 def account_grants @account_grants end |
#account_grants_history ⇒ Object (readonly)
AccountGrantsHistory records all changes to the state of an AccountGrant.
See AccountGrantsHistory.
215 216 217 |
# File 'lib/strongdm.rb', line 215 def account_grants_history @account_grants_history end |
#account_permissions ⇒ Object (readonly)
AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.
See AccountPermissions.
220 221 222 |
# File 'lib/strongdm.rb', line 220 def @account_permissions end |
#account_resources ⇒ Object (readonly)
AccountResources enumerates the resources to which accounts have access. The AccountResources service is read-only.
See AccountResources.
225 226 227 |
# File 'lib/strongdm.rb', line 225 def account_resources @account_resources end |
#account_resources_history ⇒ Object (readonly)
AccountResourcesHistory records all changes to the state of a AccountResource.
229 230 231 |
# File 'lib/strongdm.rb', line 229 def account_resources_history @account_resources_history end |
#accounts ⇒ Object (readonly)
Accounts are users that have access to strongDM. There are two types of accounts:
- Users: humans who are authenticated through username and password or SSO.
- Service Accounts: machines that are authenticated using a service token.
See Accounts.
235 236 237 |
# File 'lib/strongdm.rb', line 235 def accounts @accounts end |
#accounts_history ⇒ Object (readonly)
AccountsHistory records all changes to the state of an Account.
See AccountsHistory.
239 240 241 |
# File 'lib/strongdm.rb', line 239 def accounts_history @accounts_history end |
#activities ⇒ Object (readonly)
An Activity is a record of an action taken against a strongDM deployment, e.g. a user creation, resource deletion, sso configuration change, etc. The Activities service is read-only.
See Activities.
245 246 247 |
# File 'lib/strongdm.rb', line 245 def activities @activities end |
#api_access_key ⇒ Object (readonly)
API authentication token (read-only).
185 186 187 |
# File 'lib/strongdm.rb', line 185 def api_access_key @api_access_key end |
#base_retry_delay ⇒ Object (readonly)
Returns the value of attribute base_retry_delay.
180 181 182 |
# File 'lib/strongdm.rb', line 180 def base_retry_delay @base_retry_delay end |
#control_panel ⇒ Object (readonly)
ControlPanel contains all administrative controls.
See SDM::ControlPanel.
249 250 251 |
# File 'lib/strongdm.rb', line 249 def control_panel @control_panel end |
#max_retries ⇒ Object (readonly)
Returns the value of attribute max_retries.
179 180 181 |
# File 'lib/strongdm.rb', line 179 def max_retries @max_retries end |
#max_retry_delay ⇒ Object (readonly)
Returns the value of attribute max_retry_delay.
181 182 183 |
# File 'lib/strongdm.rb', line 181 def max_retry_delay @max_retry_delay end |
#nodes ⇒ Object (readonly)
Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
- Gateways are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
- Relays are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
See Nodes.
255 256 257 |
# File 'lib/strongdm.rb', line 255 def nodes @nodes end |
#nodes_history ⇒ Object (readonly)
NodesHistory records all changes to the state of a Node.
See NodesHistory.
259 260 261 |
# File 'lib/strongdm.rb', line 259 def nodes_history @nodes_history end |
#organization_history ⇒ Object (readonly)
OrganizationHistory records all changes to the state of an Organization.
See OrganizationHistory.
263 264 265 |
# File 'lib/strongdm.rb', line 263 def organization_history @organization_history end |
#page_limit ⇒ Object
Returns the value of attribute page_limit.
182 183 184 |
# File 'lib/strongdm.rb', line 182 def page_limit @page_limit end |
#peering_group_nodes ⇒ Object (readonly)
PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.
See PeeringGroupNodes.
267 268 269 |
# File 'lib/strongdm.rb', line 267 def peering_group_nodes @peering_group_nodes end |
#peering_group_peers ⇒ Object (readonly)
PeeringGroupPeers provides the building blocks necessary to link two peering groups.
See PeeringGroupPeers.
271 272 273 |
# File 'lib/strongdm.rb', line 271 def peering_group_peers @peering_group_peers end |
#peering_group_resources ⇒ Object (readonly)
PeeringGroupResources provides the building blocks necessary to obtain attach a resource to a peering group.
275 276 277 |
# File 'lib/strongdm.rb', line 275 def peering_group_resources @peering_group_resources end |
#peering_groups ⇒ Object (readonly)
PeeringGroups provides the building blocks necessary to obtain explicit network topology and routing.
See PeeringGroups.
279 280 281 |
# File 'lib/strongdm.rb', line 279 def peering_groups @peering_groups end |
#queries ⇒ Object (readonly)
A Query is a record of a single client request to a resource, such as a SQL query. Long-running SSH, RDP, or Kubernetes interactive sessions also count as queries. The Queries service is read-only.
See Queries.
285 286 287 |
# File 'lib/strongdm.rb', line 285 def queries @queries end |
#remote_identities ⇒ Object (readonly)
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
See RemoteIdentities.
289 290 291 |
# File 'lib/strongdm.rb', line 289 def remote_identities @remote_identities end |
#remote_identities_history ⇒ Object (readonly)
RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
293 294 295 |
# File 'lib/strongdm.rb', line 293 def remote_identities_history @remote_identities_history end |
#remote_identity_groups ⇒ Object (readonly)
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts. An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
See RemoteIdentityGroups.
298 299 300 |
# File 'lib/strongdm.rb', line 298 def remote_identity_groups @remote_identity_groups end |
#remote_identity_groups_history ⇒ Object (readonly)
RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
302 303 304 |
# File 'lib/strongdm.rb', line 302 def remote_identity_groups_history @remote_identity_groups_history end |
#replays ⇒ Object (readonly)
A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query). The Replays service is read-only.
See Replays.
307 308 309 |
# File 'lib/strongdm.rb', line 307 def replays @replays end |
#resources ⇒ Object (readonly)
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
See Resources.
312 313 314 |
# File 'lib/strongdm.rb', line 312 def resources @resources end |
#resources_history ⇒ Object (readonly)
ResourcesHistory records all changes to the state of a Resource.
See ResourcesHistory.
316 317 318 |
# File 'lib/strongdm.rb', line 316 def resources_history @resources_history end |
#role_resources ⇒ Object (readonly)
RoleResources enumerates the resources to which roles have access. The RoleResources service is read-only.
See RoleResources.
321 322 323 |
# File 'lib/strongdm.rb', line 321 def role_resources @role_resources end |
#role_resources_history ⇒ Object (readonly)
RoleResourcesHistory records all changes to the state of a RoleResource.
See RoleResourcesHistory.
325 326 327 |
# File 'lib/strongdm.rb', line 325 def role_resources_history @role_resources_history end |
#roles ⇒ Object (readonly)
A Role has a list of access rules which determine which Resources the members of the Role have access to. An Account can be a member of multiple Roles via AccountAttachments.
See Roles.
331 332 333 |
# File 'lib/strongdm.rb', line 331 def roles @roles end |
#roles_history ⇒ Object (readonly)
RolesHistory records all changes to the state of a Role.
See RolesHistory.
335 336 337 |
# File 'lib/strongdm.rb', line 335 def roles_history @roles_history end |
#secret_stores ⇒ Object (readonly)
SecretStores are servers where resource secrets (passwords, keys) are stored.
See SecretStores.
339 340 341 |
# File 'lib/strongdm.rb', line 339 def secret_stores @secret_stores end |
#secret_stores_history ⇒ Object (readonly)
SecretStoresHistory records all changes to the state of a SecretStore.
See SecretStoresHistory.
343 344 345 |
# File 'lib/strongdm.rb', line 343 def secret_stores_history @secret_stores_history end |
#snapshot_time ⇒ Object
Optional timestamp at which to provide historical data
187 188 189 |
# File 'lib/strongdm.rb', line 187 def snapshot_time @snapshot_time end |
#workflow_approvers_history ⇒ Object (readonly)
WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.
353 354 355 |
# File 'lib/strongdm.rb', line 353 def workflow_approvers_history @workflow_approvers_history end |
#workflow_assignments_history ⇒ Object (readonly)
WorkflowAssignmentsHistory provides records of all changes to the state of a WorkflowAssignment.
357 358 359 |
# File 'lib/strongdm.rb', line 357 def workflow_assignments_history @workflow_assignments_history end |
#workflow_roles_history ⇒ Object (readonly)
WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole
See WorkflowRolesHistory.
361 362 363 |
# File 'lib/strongdm.rb', line 361 def workflow_roles_history @workflow_roles_history end |
#workflows ⇒ Object (readonly)
Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either but automatic approval or a set of users authorized to approve the requests.
See Workflows.
349 350 351 |
# File 'lib/strongdm.rb', line 349 def workflows @workflows end |
#workflows_history ⇒ Object (readonly)
WorkflowsHistory provides records of all changes to the state of a Workflow.
See WorkflowsHistory.
365 366 367 |
# File 'lib/strongdm.rb', line 365 def workflows_history @workflows_history end |
Instance Method Details
#close ⇒ Object
Closes this client and releases all resources held by it.
101 102 103 104 105 106 107 |
# File 'lib/strongdm.rb', line 101 def close begin @channel.close() rescue => exception raise Plumbing::convert_error_to_porcelain(exception) end end |
#sign(method_name, msg_bytes) ⇒ Object
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'lib/strongdm.rb', line 119 def sign(method_name, msg_bytes) current_utc_date = Time.now.utc date = sprintf("%04d-%02d-%02d", current_utc_date.year, current_utc_date.month, current_utc_date.day) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @api_secret_key, date) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, "sdm_api_v1") sha_req = Digest::SHA256.new sha_req << method_name sha_req << "\n" sha_req << msg_bytes request_hash = sha_req.digest return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash)) end |
#snapshot_at(snapshot_time) ⇒ Object
Constructs a read-only client that will provide historical data from the provided timestamp. See SnapshotClient.
173 174 175 176 177 |
# File 'lib/strongdm.rb', line 173 def snapshot_at(snapshot_time) client = self.clone client.snapshot_time = snapshot_time return SnapshotClient.new(client) end |