Class: SDM::ManagedSecrets

Inherits:
Object
  • Object
show all
Extended by:
Gem::Deprecate
Defined in:
lib/svc.rb

Overview

ManagedSecret is a private vertical for creating, reading, updating, deleting, listing and rotating the managed secrets in the secrets engines as an authenticated user.

See ManagedSecret.

Instance Method Summary collapse

Constructor Details

#initialize(channel, parent) ⇒ ManagedSecrets

Returns a new instance of ManagedSecrets.



3907
3908
3909
3910
3911
3912
3913
3914
 
# File 'lib/svc.rb', line 3907

def initialize(channel, parent)
  begin
    @stub = V1::ManagedSecrets::Stub.new(nil, nil, channel_override: channel)
  rescue => exception
    raise Plumbing::convert_error_to_porcelain(exception)
  end
  @parent = parent
end

Instance Method Details

#create(managed_secret, deadline: nil) ⇒ Object

Create creates a Managed Secret



3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
 
# File 'lib/svc.rb', line 3995

def create(
  managed_secret,
  deadline: nil
)
  req = V1::ManagedSecretCreateRequest.new()

  req.managed_secret = Plumbing::convert_managed_secret_to_plumbing(managed_secret)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.create(req, metadata: @parent.get_metadata("ManagedSecrets.Create", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretCreateResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_create_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#delete(id, deadline: nil) ⇒ Object

Delete deletes a Managed Secret



4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
 
# File 'lib/svc.rb', line 4084

def delete(
  id,
  deadline: nil
)
  req = V1::ManagedSecretDeleteRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.delete(req, metadata: @parent.get_metadata("ManagedSecrets.Delete", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretDeleteResponse.new()
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#force_delete(id, deadline: nil) ⇒ Object

ForceDelete deletes a Managed Secret regardless of errors on external system



4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
 
# File 'lib/svc.rb', line 4112

def force_delete(
  id,
  deadline: nil
)
  req = V1::ManagedSecretDeleteRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.force_delete(req, metadata: @parent.get_metadata("ManagedSecrets.ForceDelete", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretDeleteResponse.new()
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#get(id, deadline: nil) ⇒ Object

Get gets details of a Managed Secret without sensitive data



4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
 
# File 'lib/svc.rb', line 4140

def get(
  id,
  deadline: nil
)
  req = V1::ManagedSecretGetRequest.new()
  if not @parent.snapshot_time.nil?
    req.meta = V1::GetRequestMetadata.new()
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.get(req, metadata: @parent.get_metadata("ManagedSecrets.Get", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretGetResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#list(filter, *args, deadline: nil) ⇒ Object

List returns Managed Secrets from a Secret Engine.



3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
 
# File 'lib/svc.rb', line 3917

def list(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretListRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.list(req, metadata: @parent.get_metadata("ManagedSecrets.List", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secrets.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#list_by_actor(filter, *args, deadline: nil) ⇒ Object

List returns Managed Secrets for an Actor from a Secret Engine.



3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
 
# File 'lib/svc.rb', line 3956

def list_by_actor(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretListRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.list_by_actor(req, metadata: @parent.get_metadata("ManagedSecrets.ListByActor", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secrets.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#logs(filter, *args, deadline: nil) ⇒ Object

Logs returns the audit records for the managed secret. This may be replaced in the future.



4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
 
# File 'lib/svc.rb', line 4239

def logs(
  filter,
  *args,
  deadline: nil
)
  req = V1::ManagedSecretLogsRequest.new()
  req.meta = V1::ListRequestMetadata.new()
  if not @parent.page_limit.nil?
    req.meta.limit = @parent.page_limit
  end
  if not @parent.snapshot_time.nil?
    req.meta.snapshot_at = @parent.snapshot_time
  end

  req.filter = Plumbing::quote_filter_args(filter, *args)
  resp = Enumerator::Generator.new { |g|
    tries = 0
    loop do
      begin
        plumbing_response = @stub.logs(req, metadata: @parent.get_metadata("ManagedSecrets.Logs", req), deadline: deadline)
      rescue => exception
        if (@parent.shouldRetry(tries, exception, deadline))
          tries + +sleep(@parent.exponentialBackoff(tries, deadline))
          next
        end
        raise Plumbing::convert_error_to_porcelain(exception)
      end
      tries = 0
      plumbing_response.managed_secret_logs.each do |plumbing_item|
        g.yield Plumbing::convert_managed_secret_log_to_porcelain(plumbing_item)
      end
      break if plumbing_response.meta.next_cursor == ""
      req.meta.cursor = plumbing_response.meta.next_cursor
    end
  }
  resp
end

#retrieve(id, public_key, deadline: nil) ⇒ Object

Retrieve returns Managed Secret with sensitive data



4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
 
# File 'lib/svc.rb', line 4174

def retrieve(
  id,
  public_key,
  deadline: nil
)
  req = V1::ManagedSecretRetrieveRequest.new()

  req.id = (id)
  req.public_key = (public_key)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.retrieve(req, metadata: @parent.get_metadata("ManagedSecrets.Retrieve", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretRetrieveResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#rotate(id, deadline: nil) ⇒ Object

Rotate forces rotation of Managed Secret



4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
 
# File 'lib/svc.rb', line 4055

def rotate(
  id,
  deadline: nil
)
  req = V1::ManagedSecretRotateRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.rotate(req, metadata: @parent.get_metadata("ManagedSecrets.Rotate", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretRotateResponse.new()
  resp.meta = Plumbing::convert_generic_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#update(managed_secret, deadline: nil) ⇒ Object

Update updates a Managed Secret



4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
 
# File 'lib/svc.rb', line 4025

def update(
  managed_secret,
  deadline: nil
)
  req = V1::ManagedSecretUpdateRequest.new()

  req.managed_secret = Plumbing::convert_managed_secret_to_plumbing(managed_secret)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.update(req, metadata: @parent.get_metadata("ManagedSecrets.Update", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretUpdateResponse.new()
  resp.managed_secret = Plumbing::convert_managed_secret_to_porcelain(plumbing_response.managed_secret)
  resp.meta = Plumbing::convert_update_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp
end

#validate(id, deadline: nil) ⇒ Object

Validate returns the result of testing the stored credential against the secret engine.



4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
 
# File 'lib/svc.rb', line 4207

def validate(
  id,
  deadline: nil
)
  req = V1::ManagedSecretValidateRequest.new()

  req.id = (id)
  tries = 0
  plumbing_response = nil
  loop do
    begin
      plumbing_response = @stub.validate(req, metadata: @parent.get_metadata("ManagedSecrets.Validate", req), deadline: deadline)
    rescue => exception
      if (@parent.shouldRetry(tries, exception, deadline))
        tries + +sleep(@parent.exponentialBackoff(tries, deadline))
        next
      end
      raise Plumbing::convert_error_to_porcelain(exception)
    end
    break
  end

  resp = ManagedSecretValidateResponse.new()
  resp.invalid_info = (plumbing_response.invalid_info)
  resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
  resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
  resp.valid = (plumbing_response.valid)
  resp
end