Class: SDM::Client
- Inherits:
-
Object
- Object
- SDM::Client
- Defined in:
- lib/strongdm.rb
Overview
Client bundles all the services together and initializes them.
Instance Attribute Summary collapse
-
#access_request_events_history ⇒ Object
readonly
AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.
-
#access_requests ⇒ Object
readonly
AccessRequests are requests for access to a resource that may match a Workflow.
-
#access_requests_history ⇒ Object
readonly
AccessRequestsHistory provides records of all changes to the state of an AccessRequest.
-
#account_attachments ⇒ Object
readonly
AccountAttachments assign an account to a role.
-
#account_attachments_history ⇒ Object
readonly
AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
-
#account_grants ⇒ Object
readonly
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#account_grants_history ⇒ Object
readonly
AccountGrantsHistory records all changes to the state of an AccountGrant.
-
#account_permissions ⇒ Object
readonly
AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.
-
#account_resources ⇒ Object
readonly
AccountResources enumerates the resources to which accounts have access.
-
#account_resources_history ⇒ Object
readonly
AccountResourcesHistory records all changes to the state of a AccountResource.
-
#accounts ⇒ Object
readonly
Accounts are users that have access to strongDM.
-
#accounts_history ⇒ Object
readonly
AccountsHistory records all changes to the state of an Account.
-
#activities ⇒ Object
readonly
An Activity is a record of an action taken against a strongDM deployment, e.g.
-
#api_access_key ⇒ Object
readonly
API authentication token (read-only).
-
#approval_workflow_approvers ⇒ Object
readonly
ApprovalWorkflowApprovers link approval workflow approvers to an ApprovalWorkflowStep.
-
#approval_workflow_approvers_history ⇒ Object
readonly
ApprovalWorkflowApproversHistory records all changes to the state of an ApprovalWorkflowApprover.
-
#approval_workflow_steps ⇒ Object
readonly
ApprovalWorkflowSteps link approval workflow steps to an ApprovalWorkflow.
-
#approval_workflow_steps_history ⇒ Object
readonly
ApprovalWorkflowStepsHistory records all changes to the state of an ApprovalWorkflowStep.
-
#approval_workflows ⇒ Object
readonly
ApprovalWorkflows are the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied.
-
#approval_workflows_history ⇒ Object
readonly
ApprovalWorkflowsHistory records all changes to the state of an ApprovalWorkflow.
-
#base_retry_delay ⇒ Object
readonly
Returns the value of attribute base_retry_delay.
-
#control_panel ⇒ Object
readonly
ControlPanel contains all administrative controls.
-
#health_checks ⇒ Object
readonly
HealthChecks lists the last healthcheck between each node and resource.
-
#identity_aliases ⇒ Object
readonly
IdentityAliases assign an alias to an account within an IdentitySet.
-
#identity_aliases_history ⇒ Object
readonly
IdentityAliasesHistory records all changes to the state of a IdentityAlias.
-
#identity_sets ⇒ Object
readonly
A IdentitySet is a named grouping of Identity Aliases for Accounts.
-
#identity_sets_history ⇒ Object
readonly
IdentitySetsHistory records all changes to the state of a IdentitySet.
-
#managed_secrets ⇒ Object
readonly
ManagedSecret is a private vertical for creating, reading, updating, deleting, listing and rotating the managed secrets in the secrets engines as an authenticated user.
-
#max_retry_delay ⇒ Object
readonly
Returns the value of attribute max_retry_delay.
-
#nodes ⇒ Object
readonly
Nodes make up the strongDM network, and allow your users to connect securely to your resources.
-
#nodes_history ⇒ Object
readonly
NodesHistory records all changes to the state of a Node.
-
#organization_history ⇒ Object
readonly
OrganizationHistory records all changes to the state of an Organization.
-
#page_limit ⇒ Object
Returns the value of attribute page_limit.
-
#peering_group_nodes ⇒ Object
readonly
PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.
-
#peering_group_peers ⇒ Object
readonly
PeeringGroupPeers provides the building blocks necessary to link two peering groups.
-
#peering_group_resources ⇒ Object
readonly
PeeringGroupResources provides the building blocks necessary to obtain attach a resource to a peering group.
-
#peering_groups ⇒ Object
readonly
PeeringGroups provides the building blocks necessary to obtain explicit network topology and routing.
-
#policies ⇒ Object
readonly
Policies are the collection of one or more statements that enforce fine-grained access control for the users of an organization.
-
#policies_history ⇒ Object
readonly
PoliciesHistory records all changes to the state of a Policy.
-
#proxy_cluster_keys ⇒ Object
readonly
Proxy Cluster Keys are authentication keys for all proxies within a cluster.
-
#queries ⇒ Object
readonly
A Query is a record of a single client request to a resource, such as a SQL query.
-
#remote_identities ⇒ Object
readonly
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#remote_identities_history ⇒ Object
readonly
RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
-
#remote_identity_groups ⇒ Object
readonly
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
-
#remote_identity_groups_history ⇒ Object
readonly
RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
-
#replays ⇒ Object
readonly
A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query).
-
#resources ⇒ Object
readonly
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
-
#resources_history ⇒ Object
readonly
ResourcesHistory records all changes to the state of a Resource.
-
#role_resources ⇒ Object
readonly
RoleResources enumerates the resources to which roles have access.
-
#role_resources_history ⇒ Object
readonly
RoleResourcesHistory records all changes to the state of a RoleResource.
-
#roles ⇒ Object
readonly
A Role has a list of access rules which determine which Resources the members of the Role have access to.
-
#roles_history ⇒ Object
readonly
RolesHistory records all changes to the state of a Role.
-
#secret_engines ⇒ Object
readonly
See SecretEngines.
-
#secret_store_healths ⇒ Object
readonly
SecretStoreHealths exposes health states for secret stores.
-
#secret_stores ⇒ Object
readonly
SecretStores are servers where resource secrets (passwords, keys) are stored.
-
#secret_stores_history ⇒ Object
readonly
SecretStoresHistory records all changes to the state of a SecretStore.
-
#snapshot_time ⇒ Object
readonly
Optional timestamp at which to provide historical data.
-
#workflow_approvers ⇒ Object
readonly
WorkflowApprovers is an account or a role with the ability to approve requests bound to a workflow.
-
#workflow_approvers_history ⇒ Object
readonly
WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.
-
#workflow_assignments ⇒ Object
readonly
WorkflowAssignments links a Resource to a Workflow.
-
#workflow_assignments_history ⇒ Object
readonly
WorkflowAssignmentsHistory provides records of all changes to the state of a WorkflowAssignment.
-
#workflow_roles ⇒ Object
readonly
WorkflowRole links a role to a workflow.
-
#workflow_roles_history ⇒ Object
readonly
WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole.
-
#workflows ⇒ Object
readonly
Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.
-
#workflows_history ⇒ Object
readonly
WorkflowsHistory provides records of all changes to the state of a Workflow.
Instance Method Summary collapse
-
#close ⇒ Object
Closes this client and releases all resources held by it.
-
#initialize(api_access_key, api_secret_key, host: "app.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 0) ⇒ Client
constructor
Creates a new strongDM API client.
- #max_retries ⇒ Object deprecated Deprecated.
- #sign(method_name, msg_bytes) ⇒ Object
-
#snapshot_at(snapshot_time) ⇒ Object
Constructs a read-only client that will provide historical data from the provided timestamp.
Constructor Details
#initialize(api_access_key, api_secret_key, host: "app.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 0) ⇒ Client
Creates a new strongDM API client.
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/strongdm.rb', line 37 def initialize(api_access_key, api_secret_key, host: "app.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 0) raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String) raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String) raise TypeError, "client host must be a string" unless host.kind_of?(String) @api_access_key = api_access_key.strip @api_secret_key = Base64.strict_decode64(api_secret_key.strip) @base_retry_delay = DEFAULT_BASE_RETRY_DELAY @max_retry_delay = DEFAULT_MAX_RETRY_DELAY @retry_factor = DEFAULT_RETRY_FACTOR @retry_jitter = DEFAULT_RETRY_JITTER @page_limit = page_limit @retry_rate_limit_errors = retry_rate_limit_errors @snapshot_time = nil begin if insecure @channel = GRPC::Core::Channel.new(host, {}, :this_channel_is_insecure) else cred = GRPC::Core::ChannelCredentials.new() @channel = GRPC::Core::Channel.new(host, {}, cred) end rescue => exception raise Plumbing::convert_error_to_porcelain(exception) end @access_requests = AccessRequests.new(@channel, self) @access_request_events_history = AccessRequestEventsHistory.new(@channel, self) @access_requests_history = AccessRequestsHistory.new(@channel, self) = AccountAttachments.new(@channel, self) = AccountAttachmentsHistory.new(@channel, self) @account_grants = AccountGrants.new(@channel, self) @account_grants_history = AccountGrantsHistory.new(@channel, self) = AccountPermissions.new(@channel, self) @account_resources = AccountResources.new(@channel, self) @account_resources_history = AccountResourcesHistory.new(@channel, self) @accounts = Accounts.new(@channel, self) @accounts_history = AccountsHistory.new(@channel, self) @activities = Activities.new(@channel, self) @approval_workflow_approvers = ApprovalWorkflowApprovers.new(@channel, self) @approval_workflow_approvers_history = ApprovalWorkflowApproversHistory.new(@channel, self) @approval_workflow_steps = ApprovalWorkflowSteps.new(@channel, self) @approval_workflow_steps_history = ApprovalWorkflowStepsHistory.new(@channel, self) @approval_workflows = ApprovalWorkflows.new(@channel, self) @approval_workflows_history = ApprovalWorkflowsHistory.new(@channel, self) @control_panel = ControlPanel.new(@channel, self) @health_checks = HealthChecks.new(@channel, self) @identity_aliases = IdentityAliases.new(@channel, self) @identity_aliases_history = IdentityAliasesHistory.new(@channel, self) @identity_sets = IdentitySets.new(@channel, self) @identity_sets_history = IdentitySetsHistory.new(@channel, self) @managed_secrets = ManagedSecrets.new(@channel, self) @nodes = Nodes.new(@channel, self) @nodes_history = NodesHistory.new(@channel, self) @organization_history = OrganizationHistory.new(@channel, self) @peering_group_nodes = PeeringGroupNodes.new(@channel, self) @peering_group_peers = PeeringGroupPeers.new(@channel, self) @peering_group_resources = PeeringGroupResources.new(@channel, self) @peering_groups = PeeringGroups.new(@channel, self) @policies = Policies.new(@channel, self) @policies_history = PoliciesHistory.new(@channel, self) @proxy_cluster_keys = ProxyClusterKeys.new(@channel, self) @queries = Queries.new(@channel, self) @remote_identities = RemoteIdentities.new(@channel, self) @remote_identities_history = RemoteIdentitiesHistory.new(@channel, self) @remote_identity_groups = RemoteIdentityGroups.new(@channel, self) @remote_identity_groups_history = RemoteIdentityGroupsHistory.new(@channel, self) @replays = Replays.new(@channel, self) @resources = Resources.new(@channel, self) @resources_history = ResourcesHistory.new(@channel, self) @role_resources = RoleResources.new(@channel, self) @role_resources_history = RoleResourcesHistory.new(@channel, self) @roles = Roles.new(@channel, self) @roles_history = RolesHistory.new(@channel, self) @secret_stores = SecretStores.new(@channel, self) @secret_engines = SecretEngines.new(@channel, self) @secret_store_healths = SecretStoreHealths.new(@channel, self) @secret_stores_history = SecretStoresHistory.new(@channel, self) @workflow_approvers = WorkflowApprovers.new(@channel, self) @workflow_approvers_history = WorkflowApproversHistory.new(@channel, self) @workflow_assignments = WorkflowAssignments.new(@channel, self) @workflow_assignments_history = WorkflowAssignmentsHistory.new(@channel, self) @workflow_roles = WorkflowRoles.new(@channel, self) @workflow_roles_history = WorkflowRolesHistory.new(@channel, self) @workflows = Workflows.new(@channel, self) @workflows_history = WorkflowsHistory.new(@channel, self) end |
Instance Attribute Details
#access_request_events_history ⇒ Object (readonly)
AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.
239 240 241 |
# File 'lib/strongdm.rb', line 239 def access_request_events_history @access_request_events_history end |
#access_requests ⇒ Object (readonly)
AccessRequests are requests for access to a resource that may match a Workflow.
See AccessRequests.
235 236 237 |
# File 'lib/strongdm.rb', line 235 def access_requests @access_requests end |
#access_requests_history ⇒ Object (readonly)
AccessRequestsHistory provides records of all changes to the state of an AccessRequest.
243 244 245 |
# File 'lib/strongdm.rb', line 243 def access_requests_history @access_requests_history end |
#account_attachments ⇒ Object (readonly)
AccountAttachments assign an account to a role.
See AccountAttachments.
247 248 249 |
# File 'lib/strongdm.rb', line 247 def end |
#account_attachments_history ⇒ Object (readonly)
AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
251 252 253 |
# File 'lib/strongdm.rb', line 251 def end |
#account_grants ⇒ Object (readonly)
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
See AccountGrants.
255 256 257 |
# File 'lib/strongdm.rb', line 255 def account_grants @account_grants end |
#account_grants_history ⇒ Object (readonly)
AccountGrantsHistory records all changes to the state of an AccountGrant.
See AccountGrantsHistory.
259 260 261 |
# File 'lib/strongdm.rb', line 259 def account_grants_history @account_grants_history end |
#account_permissions ⇒ Object (readonly)
AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.
See AccountPermissions.
264 265 266 |
# File 'lib/strongdm.rb', line 264 def end |
#account_resources ⇒ Object (readonly)
AccountResources enumerates the resources to which accounts have access. The AccountResources service is read-only.
See AccountResources.
269 270 271 |
# File 'lib/strongdm.rb', line 269 def account_resources @account_resources end |
#account_resources_history ⇒ Object (readonly)
AccountResourcesHistory records all changes to the state of a AccountResource.
273 274 275 |
# File 'lib/strongdm.rb', line 273 def account_resources_history @account_resources_history end |
#accounts ⇒ Object (readonly)
Accounts are users that have access to strongDM. There are two types of accounts:
- Users: humans who are authenticated through username and password or SSO.
- Service Accounts: machines that are authenticated using a service token.
- Tokens are access keys with permissions that can be used for authentication.
See Accounts.
280 281 282 |
# File 'lib/strongdm.rb', line 280 def accounts @accounts end |
#accounts_history ⇒ Object (readonly)
AccountsHistory records all changes to the state of an Account.
See AccountsHistory.
284 285 286 |
# File 'lib/strongdm.rb', line 284 def accounts_history @accounts_history end |
#activities ⇒ Object (readonly)
An Activity is a record of an action taken against a strongDM deployment, e.g. a user creation, resource deletion, sso configuration change, etc. The Activities service is read-only.
See Activities.
290 291 292 |
# File 'lib/strongdm.rb', line 290 def activities @activities end |
#api_access_key ⇒ Object (readonly)
API authentication token (read-only).
229 230 231 |
# File 'lib/strongdm.rb', line 229 def api_access_key @api_access_key end |
#approval_workflow_approvers ⇒ Object (readonly)
ApprovalWorkflowApprovers link approval workflow approvers to an ApprovalWorkflowStep
294 295 296 |
# File 'lib/strongdm.rb', line 294 def approval_workflow_approvers @approval_workflow_approvers end |
#approval_workflow_approvers_history ⇒ Object (readonly)
ApprovalWorkflowApproversHistory records all changes to the state of an ApprovalWorkflowApprover.
298 299 300 |
# File 'lib/strongdm.rb', line 298 def approval_workflow_approvers_history @approval_workflow_approvers_history end |
#approval_workflow_steps ⇒ Object (readonly)
ApprovalWorkflowSteps link approval workflow steps to an ApprovalWorkflow
302 303 304 |
# File 'lib/strongdm.rb', line 302 def approval_workflow_steps @approval_workflow_steps end |
#approval_workflow_steps_history ⇒ Object (readonly)
ApprovalWorkflowStepsHistory records all changes to the state of an ApprovalWorkflowStep.
306 307 308 |
# File 'lib/strongdm.rb', line 306 def approval_workflow_steps_history @approval_workflow_steps_history end |
#approval_workflows ⇒ Object (readonly)
ApprovalWorkflows are the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied.
See ApprovalWorkflows.
311 312 313 |
# File 'lib/strongdm.rb', line 311 def approval_workflows @approval_workflows end |
#approval_workflows_history ⇒ Object (readonly)
ApprovalWorkflowsHistory records all changes to the state of an ApprovalWorkflow.
315 316 317 |
# File 'lib/strongdm.rb', line 315 def approval_workflows_history @approval_workflows_history end |
#base_retry_delay ⇒ Object (readonly)
Returns the value of attribute base_retry_delay.
224 225 226 |
# File 'lib/strongdm.rb', line 224 def base_retry_delay @base_retry_delay end |
#control_panel ⇒ Object (readonly)
ControlPanel contains all administrative controls.
See SDM::ControlPanel.
319 320 321 |
# File 'lib/strongdm.rb', line 319 def control_panel @control_panel end |
#health_checks ⇒ Object (readonly)
HealthChecks lists the last healthcheck between each node and resource. Note the unconventional capitalization here is to prevent having a collision with GRPC
See HealthChecks.
324 325 326 |
# File 'lib/strongdm.rb', line 324 def health_checks @health_checks end |
#identity_aliases ⇒ Object (readonly)
IdentityAliases assign an alias to an account within an IdentitySet. The alias is used as the username when connecting to a identity supported resource.
See IdentityAliases.
329 330 331 |
# File 'lib/strongdm.rb', line 329 def identity_aliases @identity_aliases end |
#identity_aliases_history ⇒ Object (readonly)
IdentityAliasesHistory records all changes to the state of a IdentityAlias.
333 334 335 |
# File 'lib/strongdm.rb', line 333 def identity_aliases_history @identity_aliases_history end |
#identity_sets ⇒ Object (readonly)
A IdentitySet is a named grouping of Identity Aliases for Accounts. An Account's relationship to a IdentitySet is defined via IdentityAlias objects.
See IdentitySets.
338 339 340 |
# File 'lib/strongdm.rb', line 338 def identity_sets @identity_sets end |
#identity_sets_history ⇒ Object (readonly)
IdentitySetsHistory records all changes to the state of a IdentitySet.
See IdentitySetsHistory.
342 343 344 |
# File 'lib/strongdm.rb', line 342 def identity_sets_history @identity_sets_history end |
#managed_secrets ⇒ Object (readonly)
ManagedSecret is a private vertical for creating, reading, updating, deleting, listing and rotating the managed secrets in the secrets engines as an authenticated user.
See ManagedSecrets.
348 349 350 |
# File 'lib/strongdm.rb', line 348 def managed_secrets @managed_secrets end |
#max_retry_delay ⇒ Object (readonly)
Returns the value of attribute max_retry_delay.
225 226 227 |
# File 'lib/strongdm.rb', line 225 def max_retry_delay @max_retry_delay end |
#nodes ⇒ Object (readonly)
Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
- Gateways are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
- Relays are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
See Nodes.
354 355 356 |
# File 'lib/strongdm.rb', line 354 def nodes @nodes end |
#nodes_history ⇒ Object (readonly)
NodesHistory records all changes to the state of a Node.
See NodesHistory.
358 359 360 |
# File 'lib/strongdm.rb', line 358 def nodes_history @nodes_history end |
#organization_history ⇒ Object (readonly)
OrganizationHistory records all changes to the state of an Organization.
See OrganizationHistory.
362 363 364 |
# File 'lib/strongdm.rb', line 362 def organization_history @organization_history end |
#page_limit ⇒ Object
Returns the value of attribute page_limit.
226 227 228 |
# File 'lib/strongdm.rb', line 226 def page_limit @page_limit end |
#peering_group_nodes ⇒ Object (readonly)
PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.
See PeeringGroupNodes.
366 367 368 |
# File 'lib/strongdm.rb', line 366 def peering_group_nodes @peering_group_nodes end |
#peering_group_peers ⇒ Object (readonly)
PeeringGroupPeers provides the building blocks necessary to link two peering groups.
See PeeringGroupPeers.
370 371 372 |
# File 'lib/strongdm.rb', line 370 def peering_group_peers @peering_group_peers end |
#peering_group_resources ⇒ Object (readonly)
PeeringGroupResources provides the building blocks necessary to obtain attach a resource to a peering group.
374 375 376 |
# File 'lib/strongdm.rb', line 374 def peering_group_resources @peering_group_resources end |
#peering_groups ⇒ Object (readonly)
PeeringGroups provides the building blocks necessary to obtain explicit network topology and routing.
See PeeringGroups.
378 379 380 |
# File 'lib/strongdm.rb', line 378 def peering_groups @peering_groups end |
#policies ⇒ Object (readonly)
Policies are the collection of one or more statements that enforce fine-grained access control for the users of an organization.
See Policies.
383 384 385 |
# File 'lib/strongdm.rb', line 383 def policies @policies end |
#policies_history ⇒ Object (readonly)
PoliciesHistory records all changes to the state of a Policy.
See PoliciesHistory.
387 388 389 |
# File 'lib/strongdm.rb', line 387 def policies_history @policies_history end |
#proxy_cluster_keys ⇒ Object (readonly)
Proxy Cluster Keys are authentication keys for all proxies within a cluster. The proxies within a cluster share the same key. One cluster can have multiple keys in order to facilitate key rotation.
See ProxyClusterKeys.
393 394 395 |
# File 'lib/strongdm.rb', line 393 def proxy_cluster_keys @proxy_cluster_keys end |
#queries ⇒ Object (readonly)
A Query is a record of a single client request to a resource, such as a SQL query. Long-running SSH, RDP, or Kubernetes interactive sessions also count as queries. The Queries service is read-only.
See Queries.
399 400 401 |
# File 'lib/strongdm.rb', line 399 def queries @queries end |
#remote_identities ⇒ Object (readonly)
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
See RemoteIdentities.
403 404 405 |
# File 'lib/strongdm.rb', line 403 def remote_identities @remote_identities end |
#remote_identities_history ⇒ Object (readonly)
RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
407 408 409 |
# File 'lib/strongdm.rb', line 407 def remote_identities_history @remote_identities_history end |
#remote_identity_groups ⇒ Object (readonly)
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts. An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
See RemoteIdentityGroups.
412 413 414 |
# File 'lib/strongdm.rb', line 412 def remote_identity_groups @remote_identity_groups end |
#remote_identity_groups_history ⇒ Object (readonly)
RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
416 417 418 |
# File 'lib/strongdm.rb', line 416 def remote_identity_groups_history @remote_identity_groups_history end |
#replays ⇒ Object (readonly)
A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session (otherwise referred to as a query). The Replays service is read-only.
See Replays.
421 422 423 |
# File 'lib/strongdm.rb', line 421 def replays @replays end |
#resources ⇒ Object (readonly)
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
See Resources.
426 427 428 |
# File 'lib/strongdm.rb', line 426 def resources @resources end |
#resources_history ⇒ Object (readonly)
ResourcesHistory records all changes to the state of a Resource.
See ResourcesHistory.
430 431 432 |
# File 'lib/strongdm.rb', line 430 def resources_history @resources_history end |
#role_resources ⇒ Object (readonly)
RoleResources enumerates the resources to which roles have access. The RoleResources service is read-only.
See RoleResources.
435 436 437 |
# File 'lib/strongdm.rb', line 435 def role_resources @role_resources end |
#role_resources_history ⇒ Object (readonly)
RoleResourcesHistory records all changes to the state of a RoleResource.
See RoleResourcesHistory.
439 440 441 |
# File 'lib/strongdm.rb', line 439 def role_resources_history @role_resources_history end |
#roles ⇒ Object (readonly)
A Role has a list of access rules which determine which Resources the members of the Role have access to. An Account can be a member of multiple Roles via AccountAttachments.
See Roles.
445 446 447 |
# File 'lib/strongdm.rb', line 445 def roles @roles end |
#roles_history ⇒ Object (readonly)
RolesHistory records all changes to the state of a Role.
See RolesHistory.
449 450 451 |
# File 'lib/strongdm.rb', line 449 def roles_history @roles_history end |
#secret_engines ⇒ Object (readonly)
See SecretEngines.
457 458 459 |
# File 'lib/strongdm.rb', line 457 def secret_engines @secret_engines end |
#secret_store_healths ⇒ Object (readonly)
SecretStoreHealths exposes health states for secret stores.
See SecretStoreHealths.
461 462 463 |
# File 'lib/strongdm.rb', line 461 def secret_store_healths @secret_store_healths end |
#secret_stores ⇒ Object (readonly)
SecretStores are servers where resource secrets (passwords, keys) are stored.
See SecretStores.
453 454 455 |
# File 'lib/strongdm.rb', line 453 def secret_stores @secret_stores end |
#secret_stores_history ⇒ Object (readonly)
SecretStoresHistory records all changes to the state of a SecretStore.
See SecretStoresHistory.
465 466 467 |
# File 'lib/strongdm.rb', line 465 def secret_stores_history @secret_stores_history end |
#snapshot_time ⇒ Object
Optional timestamp at which to provide historical data
231 232 233 |
# File 'lib/strongdm.rb', line 231 def snapshot_time @snapshot_time end |
#workflow_approvers ⇒ Object (readonly)
WorkflowApprovers is an account or a role with the ability to approve requests bound to a workflow.
See WorkflowApprovers.
469 470 471 |
# File 'lib/strongdm.rb', line 469 def workflow_approvers @workflow_approvers end |
#workflow_approvers_history ⇒ Object (readonly)
WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.
473 474 475 |
# File 'lib/strongdm.rb', line 473 def workflow_approvers_history @workflow_approvers_history end |
#workflow_assignments ⇒ Object (readonly)
WorkflowAssignments links a Resource to a Workflow. The assigned resources are those that a user can request access to via the workflow.
See WorkflowAssignments.
478 479 480 |
# File 'lib/strongdm.rb', line 478 def workflow_assignments @workflow_assignments end |
#workflow_assignments_history ⇒ Object (readonly)
WorkflowAssignmentsHistory provides records of all changes to the state of a WorkflowAssignment.
482 483 484 |
# File 'lib/strongdm.rb', line 482 def workflow_assignments_history @workflow_assignments_history end |
#workflow_roles ⇒ Object (readonly)
WorkflowRole links a role to a workflow. The linked roles indicate which roles a user must be a part of to request access to a resource via the workflow.
See WorkflowRoles.
487 488 489 |
# File 'lib/strongdm.rb', line 487 def workflow_roles @workflow_roles end |
#workflow_roles_history ⇒ Object (readonly)
WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole
See WorkflowRolesHistory.
491 492 493 |
# File 'lib/strongdm.rb', line 491 def workflow_roles_history @workflow_roles_history end |
#workflows ⇒ Object (readonly)
Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.
See Workflows.
497 498 499 |
# File 'lib/strongdm.rb', line 497 def workflows @workflows end |
#workflows_history ⇒ Object (readonly)
WorkflowsHistory provides records of all changes to the state of a Workflow.
See WorkflowsHistory.
501 502 503 |
# File 'lib/strongdm.rb', line 501 def workflows_history @workflows_history end |
Instance Method Details
#close ⇒ Object
Closes this client and releases all resources held by it.
123 124 125 126 127 128 129 |
# File 'lib/strongdm.rb', line 123 def close begin @channel.close() rescue => exception raise Plumbing::convert_error_to_porcelain(exception) end end |
#max_retries ⇒ Object
220 221 222 |
# File 'lib/strongdm.rb', line 220 def max_retries 3 end |
#sign(method_name, msg_bytes) ⇒ Object
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'lib/strongdm.rb', line 141 def sign(method_name, msg_bytes) current_utc_date = Time.now.utc date = sprintf("%04d-%02d-%02d", current_utc_date.year, current_utc_date.month, current_utc_date.day) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @api_secret_key, date) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, "sdm_api_v1") sha_req = Digest::SHA256.new sha_req << method_name sha_req << "\n" sha_req << msg_bytes request_hash = sha_req.digest return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash)) end |
#snapshot_at(snapshot_time) ⇒ Object
Constructs a read-only client that will provide historical data from the provided timestamp. See SnapshotClient.
213 214 215 216 217 |
# File 'lib/strongdm.rb', line 213 def snapshot_at(snapshot_time) client = self.clone client.snapshot_time = snapshot_time return SnapshotClient.new(client) end |