Class: SDM::Client
- Inherits:
-
Object
- Object
- SDM::Client
- Defined in:
- lib/strongdm.rb
Overview
Client bundles all the services together and initializes them.
Instance Attribute Summary collapse
-
#access_request_events_history ⇒ Object
readonly
AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.
-
#access_requests ⇒ Object
readonly
AccessRequests are requests for access to a resource that may match a Workflow.
-
#access_requests_history ⇒ Object
readonly
AccessRequestsHistory provides records of all changes to the state of an AccessRequest.
-
#account_attachments ⇒ Object
readonly
AccountAttachments assign an account to a role.
-
#account_attachments_history ⇒ Object
readonly
AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
-
#account_grants ⇒ Object
readonly
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#account_grants_history ⇒ Object
readonly
AccountGrantsHistory records all changes to the state of an AccountGrant.
-
#account_permissions ⇒ Object
readonly
AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.
-
#account_resources ⇒ Object
readonly
AccountResources enumerates the resources to which accounts have access.
-
#account_resources_history ⇒ Object
readonly
AccountResourcesHistory records all changes to the state of a AccountResource.
-
#accounts ⇒ Object
readonly
Accounts are users that have access to strongDM.
-
#accounts_history ⇒ Object
readonly
AccountsHistory records all changes to the state of an Account.
-
#activities ⇒ Object
readonly
An Activity is a record of an action taken against a strongDM deployment, e.g.
-
#api_access_key ⇒ Object
readonly
API authentication token (read-only).
-
#base_retry_delay ⇒ Object
readonly
Returns the value of attribute base_retry_delay.
-
#control_panel ⇒ Object
readonly
ControlPanel contains all administrative controls.
-
#max_retries ⇒ Object
readonly
Returns the value of attribute max_retries.
-
#max_retry_delay ⇒ Object
readonly
Returns the value of attribute max_retry_delay.
-
#nodes ⇒ Object
readonly
Nodes make up the strongDM network, and allow your users to connect securely to your resources.
-
#nodes_history ⇒ Object
readonly
NodesHistory records all changes to the state of a Node.
-
#organization_history ⇒ Object
readonly
OrganizationHistory records all changes to the state of an Organization.
-
#page_limit ⇒ Object
Returns the value of attribute page_limit.
-
#peering_group_nodes ⇒ Object
readonly
PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.
-
#peering_group_peers ⇒ Object
readonly
PeeringGroupPeers provides the building blocks necessary to link two peering groups.
-
#peering_group_resources ⇒ Object
readonly
PeeringGroupResources provides the building blocks necessary to obtain attach a resource to a peering group.
-
#peering_groups ⇒ Object
readonly
PeeringGroups provides the building blocks necessary to obtain explicit network topology and routing.
-
#queries ⇒ Object
readonly
A Query is a record of a single client request to a resource, such as a SQL query.
-
#remote_identities ⇒ Object
readonly
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#remote_identities_history ⇒ Object
readonly
RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
-
#remote_identity_groups ⇒ Object
readonly
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
-
#remote_identity_groups_history ⇒ Object
readonly
RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
-
#replays ⇒ Object
readonly
A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query).
-
#resources ⇒ Object
readonly
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
-
#resources_history ⇒ Object
readonly
ResourcesHistory records all changes to the state of a Resource.
-
#role_resources ⇒ Object
readonly
RoleResources enumerates the resources to which roles have access.
-
#role_resources_history ⇒ Object
readonly
RoleResourcesHistory records all changes to the state of a RoleResource.
-
#roles ⇒ Object
readonly
A Role has a list of access rules which determine which Resources the members of the Role have access to.
-
#roles_history ⇒ Object
readonly
RolesHistory records all changes to the state of a Role.
-
#secret_stores ⇒ Object
readonly
SecretStores are servers where resource secrets (passwords, keys) are stored.
-
#secret_stores_history ⇒ Object
readonly
SecretStoresHistory records all changes to the state of a SecretStore.
-
#snapshot_time ⇒ Object
readonly
Optional timestamp at which to provide historical data.
-
#workflow_approvers ⇒ Object
readonly
WorkflowApprovers is an account with the ability to approve requests bound to a workflow.
-
#workflow_approvers_history ⇒ Object
readonly
WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.
-
#workflow_assignments ⇒ Object
readonly
WorkflowAssignments links a Resource to a Workflow.
-
#workflow_assignments_history ⇒ Object
readonly
WorkflowAssignmentsHistory provides records of all changes to the state of a WorkflowAssignment.
-
#workflow_roles ⇒ Object
readonly
WorkflowRole links a role to a workflow.
-
#workflow_roles_history ⇒ Object
readonly
WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole.
-
#workflows ⇒ Object
readonly
Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.
-
#workflows_history ⇒ Object
readonly
WorkflowsHistory provides records of all changes to the state of a Workflow.
Instance Method Summary collapse
-
#close ⇒ Object
Closes this client and releases all resources held by it.
-
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 50) ⇒ Client
constructor
Creates a new strongDM API client.
- #sign(method_name, msg_bytes) ⇒ Object
-
#snapshot_at(snapshot_time) ⇒ Object
Constructs a read-only client that will provide historical data from the provided timestamp.
Constructor Details
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 50) ⇒ Client
Creates a new strongDM API client.
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/strongdm.rb', line 36 def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 50) raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String) raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String) raise TypeError, "client host must be a string" unless host.kind_of?(String) @api_access_key = api_access_key.strip @api_secret_key = Base64.strict_decode64(api_secret_key.strip) @max_retries = DEFAULT_MAX_RETRIES @base_retry_delay = DEFAULT_BASE_RETRY_DELAY @max_retry_delay = DEFAULT_MAX_RETRY_DELAY @page_limit = page_limit @expose_rate_limit_errors = (not retry_rate_limit_errors) @snapshot_time = nil begin if insecure @channel = GRPC::Core::Channel.new(host, {}, :this_channel_is_insecure) else cred = GRPC::Core::ChannelCredentials.new() @channel = GRPC::Core::Channel.new(host, {}, cred) end rescue => exception raise Plumbing::convert_error_to_porcelain(exception) end @access_requests = AccessRequests.new(@channel, self) @access_request_events_history = AccessRequestEventsHistory.new(@channel, self) @access_requests_history = AccessRequestsHistory.new(@channel, self) @account_attachments = AccountAttachments.new(@channel, self) @account_attachments_history = AccountAttachmentsHistory.new(@channel, self) @account_grants = AccountGrants.new(@channel, self) @account_grants_history = AccountGrantsHistory.new(@channel, self) @account_permissions = AccountPermissions.new(@channel, self) @account_resources = AccountResources.new(@channel, self) @account_resources_history = AccountResourcesHistory.new(@channel, self) @accounts = Accounts.new(@channel, self) @accounts_history = AccountsHistory.new(@channel, self) @activities = Activities.new(@channel, self) @control_panel = ControlPanel.new(@channel, self) @nodes = Nodes.new(@channel, self) @nodes_history = NodesHistory.new(@channel, self) @organization_history = OrganizationHistory.new(@channel, self) @peering_group_nodes = PeeringGroupNodes.new(@channel, self) @peering_group_peers = PeeringGroupPeers.new(@channel, self) @peering_group_resources = PeeringGroupResources.new(@channel, self) @peering_groups = PeeringGroups.new(@channel, self) @queries = Queries.new(@channel, self) @remote_identities = RemoteIdentities.new(@channel, self) @remote_identities_history = RemoteIdentitiesHistory.new(@channel, self) @remote_identity_groups = RemoteIdentityGroups.new(@channel, self) @remote_identity_groups_history = RemoteIdentityGroupsHistory.new(@channel, self) @replays = Replays.new(@channel, self) @resources = Resources.new(@channel, self) @resources_history = ResourcesHistory.new(@channel, self) @role_resources = RoleResources.new(@channel, self) @role_resources_history = RoleResourcesHistory.new(@channel, self) @roles = Roles.new(@channel, self) @roles_history = RolesHistory.new(@channel, self) @secret_stores = SecretStores.new(@channel, self) @secret_stores_history = SecretStoresHistory.new(@channel, self) @workflow_approvers = WorkflowApprovers.new(@channel, self) @workflow_approvers_history = WorkflowApproversHistory.new(@channel, self) @workflow_assignments = WorkflowAssignments.new(@channel, self) @workflow_assignments_history = WorkflowAssignmentsHistory.new(@channel, self) @workflow_roles = WorkflowRoles.new(@channel, self) @workflow_roles_history = WorkflowRolesHistory.new(@channel, self) @workflows = Workflows.new(@channel, self) @workflows_history = WorkflowsHistory.new(@channel, self) end |
Instance Attribute Details
#access_request_events_history ⇒ Object (readonly)
AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.
198 199 200 |
# File 'lib/strongdm.rb', line 198 def access_request_events_history @access_request_events_history end |
#access_requests ⇒ Object (readonly)
AccessRequests are requests for access to a resource that may match a Workflow.
See AccessRequests.
194 195 196 |
# File 'lib/strongdm.rb', line 194 def access_requests @access_requests end |
#access_requests_history ⇒ Object (readonly)
AccessRequestsHistory provides records of all changes to the state of an AccessRequest.
202 203 204 |
# File 'lib/strongdm.rb', line 202 def access_requests_history @access_requests_history end |
#account_attachments ⇒ Object (readonly)
AccountAttachments assign an account to a role.
See AccountAttachments.
206 207 208 |
# File 'lib/strongdm.rb', line 206 def @account_attachments end |
#account_attachments_history ⇒ Object (readonly)
AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
210 211 212 |
# File 'lib/strongdm.rb', line 210 def @account_attachments_history end |
#account_grants ⇒ Object (readonly)
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
See AccountGrants.
214 215 216 |
# File 'lib/strongdm.rb', line 214 def account_grants @account_grants end |
#account_grants_history ⇒ Object (readonly)
AccountGrantsHistory records all changes to the state of an AccountGrant.
See AccountGrantsHistory.
218 219 220 |
# File 'lib/strongdm.rb', line 218 def account_grants_history @account_grants_history end |
#account_permissions ⇒ Object (readonly)
AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.
See AccountPermissions.
223 224 225 |
# File 'lib/strongdm.rb', line 223 def @account_permissions end |
#account_resources ⇒ Object (readonly)
AccountResources enumerates the resources to which accounts have access. The AccountResources service is read-only.
See AccountResources.
228 229 230 |
# File 'lib/strongdm.rb', line 228 def account_resources @account_resources end |
#account_resources_history ⇒ Object (readonly)
AccountResourcesHistory records all changes to the state of a AccountResource.
232 233 234 |
# File 'lib/strongdm.rb', line 232 def account_resources_history @account_resources_history end |
#accounts ⇒ Object (readonly)
Accounts are users that have access to strongDM. There are two types of accounts:
- Users: humans who are authenticated through username and password or SSO.
- Service Accounts: machines that are authenticated using a service token.
See Accounts.
238 239 240 |
# File 'lib/strongdm.rb', line 238 def accounts @accounts end |
#accounts_history ⇒ Object (readonly)
AccountsHistory records all changes to the state of an Account.
See AccountsHistory.
242 243 244 |
# File 'lib/strongdm.rb', line 242 def accounts_history @accounts_history end |
#activities ⇒ Object (readonly)
An Activity is a record of an action taken against a strongDM deployment, e.g. a user creation, resource deletion, sso configuration change, etc. The Activities service is read-only.
See Activities.
248 249 250 |
# File 'lib/strongdm.rb', line 248 def activities @activities end |
#api_access_key ⇒ Object (readonly)
API authentication token (read-only).
188 189 190 |
# File 'lib/strongdm.rb', line 188 def api_access_key @api_access_key end |
#base_retry_delay ⇒ Object (readonly)
Returns the value of attribute base_retry_delay.
183 184 185 |
# File 'lib/strongdm.rb', line 183 def base_retry_delay @base_retry_delay end |
#control_panel ⇒ Object (readonly)
ControlPanel contains all administrative controls.
See SDM::ControlPanel.
252 253 254 |
# File 'lib/strongdm.rb', line 252 def control_panel @control_panel end |
#max_retries ⇒ Object (readonly)
Returns the value of attribute max_retries.
182 183 184 |
# File 'lib/strongdm.rb', line 182 def max_retries @max_retries end |
#max_retry_delay ⇒ Object (readonly)
Returns the value of attribute max_retry_delay.
184 185 186 |
# File 'lib/strongdm.rb', line 184 def max_retry_delay @max_retry_delay end |
#nodes ⇒ Object (readonly)
Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
- Gateways are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
- Relays are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
See Nodes.
258 259 260 |
# File 'lib/strongdm.rb', line 258 def nodes @nodes end |
#nodes_history ⇒ Object (readonly)
NodesHistory records all changes to the state of a Node.
See NodesHistory.
262 263 264 |
# File 'lib/strongdm.rb', line 262 def nodes_history @nodes_history end |
#organization_history ⇒ Object (readonly)
OrganizationHistory records all changes to the state of an Organization.
See OrganizationHistory.
266 267 268 |
# File 'lib/strongdm.rb', line 266 def organization_history @organization_history end |
#page_limit ⇒ Object
Returns the value of attribute page_limit.
185 186 187 |
# File 'lib/strongdm.rb', line 185 def page_limit @page_limit end |
#peering_group_nodes ⇒ Object (readonly)
PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.
See PeeringGroupNodes.
270 271 272 |
# File 'lib/strongdm.rb', line 270 def peering_group_nodes @peering_group_nodes end |
#peering_group_peers ⇒ Object (readonly)
PeeringGroupPeers provides the building blocks necessary to link two peering groups.
See PeeringGroupPeers.
274 275 276 |
# File 'lib/strongdm.rb', line 274 def peering_group_peers @peering_group_peers end |
#peering_group_resources ⇒ Object (readonly)
PeeringGroupResources provides the building blocks necessary to obtain attach a resource to a peering group.
278 279 280 |
# File 'lib/strongdm.rb', line 278 def peering_group_resources @peering_group_resources end |
#peering_groups ⇒ Object (readonly)
PeeringGroups provides the building blocks necessary to obtain explicit network topology and routing.
See PeeringGroups.
282 283 284 |
# File 'lib/strongdm.rb', line 282 def peering_groups @peering_groups end |
#queries ⇒ Object (readonly)
A Query is a record of a single client request to a resource, such as a SQL query. Long-running SSH, RDP, or Kubernetes interactive sessions also count as queries. The Queries service is read-only.
See Queries.
288 289 290 |
# File 'lib/strongdm.rb', line 288 def queries @queries end |
#remote_identities ⇒ Object (readonly)
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
See RemoteIdentities.
292 293 294 |
# File 'lib/strongdm.rb', line 292 def remote_identities @remote_identities end |
#remote_identities_history ⇒ Object (readonly)
RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
296 297 298 |
# File 'lib/strongdm.rb', line 296 def remote_identities_history @remote_identities_history end |
#remote_identity_groups ⇒ Object (readonly)
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts. An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
See RemoteIdentityGroups.
301 302 303 |
# File 'lib/strongdm.rb', line 301 def remote_identity_groups @remote_identity_groups end |
#remote_identity_groups_history ⇒ Object (readonly)
RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
305 306 307 |
# File 'lib/strongdm.rb', line 305 def remote_identity_groups_history @remote_identity_groups_history end |
#replays ⇒ Object (readonly)
A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query). The Replays service is read-only.
See Replays.
310 311 312 |
# File 'lib/strongdm.rb', line 310 def replays @replays end |
#resources ⇒ Object (readonly)
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
See Resources.
315 316 317 |
# File 'lib/strongdm.rb', line 315 def resources @resources end |
#resources_history ⇒ Object (readonly)
ResourcesHistory records all changes to the state of a Resource.
See ResourcesHistory.
319 320 321 |
# File 'lib/strongdm.rb', line 319 def resources_history @resources_history end |
#role_resources ⇒ Object (readonly)
RoleResources enumerates the resources to which roles have access. The RoleResources service is read-only.
See RoleResources.
324 325 326 |
# File 'lib/strongdm.rb', line 324 def role_resources @role_resources end |
#role_resources_history ⇒ Object (readonly)
RoleResourcesHistory records all changes to the state of a RoleResource.
See RoleResourcesHistory.
328 329 330 |
# File 'lib/strongdm.rb', line 328 def role_resources_history @role_resources_history end |
#roles ⇒ Object (readonly)
A Role has a list of access rules which determine which Resources the members of the Role have access to. An Account can be a member of multiple Roles via AccountAttachments.
See Roles.
334 335 336 |
# File 'lib/strongdm.rb', line 334 def roles @roles end |
#roles_history ⇒ Object (readonly)
RolesHistory records all changes to the state of a Role.
See RolesHistory.
338 339 340 |
# File 'lib/strongdm.rb', line 338 def roles_history @roles_history end |
#secret_stores ⇒ Object (readonly)
SecretStores are servers where resource secrets (passwords, keys) are stored.
See SecretStores.
342 343 344 |
# File 'lib/strongdm.rb', line 342 def secret_stores @secret_stores end |
#secret_stores_history ⇒ Object (readonly)
SecretStoresHistory records all changes to the state of a SecretStore.
See SecretStoresHistory.
346 347 348 |
# File 'lib/strongdm.rb', line 346 def secret_stores_history @secret_stores_history end |
#snapshot_time ⇒ Object
Optional timestamp at which to provide historical data
190 191 192 |
# File 'lib/strongdm.rb', line 190 def snapshot_time @snapshot_time end |
#workflow_approvers ⇒ Object (readonly)
WorkflowApprovers is an account with the ability to approve requests bound to a workflow.
See WorkflowApprovers.
350 351 352 |
# File 'lib/strongdm.rb', line 350 def workflow_approvers @workflow_approvers end |
#workflow_approvers_history ⇒ Object (readonly)
WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.
354 355 356 |
# File 'lib/strongdm.rb', line 354 def workflow_approvers_history @workflow_approvers_history end |
#workflow_assignments ⇒ Object (readonly)
WorkflowAssignments links a Resource to a Workflow. The assigned resources are those that a user can request access to via the workflow.
See WorkflowAssignments.
359 360 361 |
# File 'lib/strongdm.rb', line 359 def workflow_assignments @workflow_assignments end |
#workflow_assignments_history ⇒ Object (readonly)
WorkflowAssignmentsHistory provides records of all changes to the state of a WorkflowAssignment.
363 364 365 |
# File 'lib/strongdm.rb', line 363 def workflow_assignments_history @workflow_assignments_history end |
#workflow_roles ⇒ Object (readonly)
WorkflowRole links a role to a workflow. The linked roles indicate which roles a user must be a part of to request access to a resource via the workflow.
See WorkflowRoles.
368 369 370 |
# File 'lib/strongdm.rb', line 368 def workflow_roles @workflow_roles end |
#workflow_roles_history ⇒ Object (readonly)
WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole
See WorkflowRolesHistory.
372 373 374 |
# File 'lib/strongdm.rb', line 372 def workflow_roles_history @workflow_roles_history end |
#workflows ⇒ Object (readonly)
Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.
See Workflows.
378 379 380 |
# File 'lib/strongdm.rb', line 378 def workflows @workflows end |
#workflows_history ⇒ Object (readonly)
WorkflowsHistory provides records of all changes to the state of a Workflow.
See WorkflowsHistory.
382 383 384 |
# File 'lib/strongdm.rb', line 382 def workflows_history @workflows_history end |
Instance Method Details
#close ⇒ Object
Closes this client and releases all resources held by it.
104 105 106 107 108 109 110 |
# File 'lib/strongdm.rb', line 104 def close begin @channel.close() rescue => exception raise Plumbing::convert_error_to_porcelain(exception) end end |
#sign(method_name, msg_bytes) ⇒ Object
122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'lib/strongdm.rb', line 122 def sign(method_name, msg_bytes) current_utc_date = Time.now.utc date = sprintf("%04d-%02d-%02d", current_utc_date.year, current_utc_date.month, current_utc_date.day) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @api_secret_key, date) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, "sdm_api_v1") sha_req = Digest::SHA256.new sha_req << method_name sha_req << "\n" sha_req << msg_bytes request_hash = sha_req.digest return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash)) end |
#snapshot_at(snapshot_time) ⇒ Object
Constructs a read-only client that will provide historical data from the provided timestamp. See SnapshotClient.
176 177 178 179 180 |
# File 'lib/strongdm.rb', line 176 def snapshot_at(snapshot_time) client = self.clone client.snapshot_time = snapshot_time return SnapshotClient.new(client) end |