smplkit 3.0.59 → 3.0.61

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9567330aa922eab7f0af4eec8d511d5ec123a4dd4c8b1a8c8186e87eecc05337
-  data.tar.gz: d120b23546fc8306431d13db81526b189f91b39fd9eb28448287e426fabb21a4
+  metadata.gz: 43242353842d4384ef5fee09749bb8030fe60d62ed0124a368694470adf7341c
+  data.tar.gz: 9149f6dd070aad95584fba15b9d7ced15b1e1103ef2a845d304854c03a51da6a
 SHA512:
-  metadata.gz: 7a1d433f63c0d94067d36eeee48fcf0dd954a06c649e9a1288c9b37714df77ce713117229e5087f1a744593d44a02e13eeb1b4c16139f4b38327babfec2a9672
-  data.tar.gz: e77a79352fe10237e44519648aaff78002ea0899eb39fd697758e8ea8a3a86e6f2e8956f0c887683a5c7aff3f0525c2052bd2709e8cac598cbd1a900f26ce169
+  metadata.gz: b8fa96a1fbaaf9e0c7d9c8b5d8064c31c9a1115714c3f3e5a5d4771664c3e3cf655b939b26b6fc90fc2166fd73d9b9c425a50bd47adadd98eac1cb21f9927bbb
+  data.tar.gz: 188a87a5c388d4ebc7277dcdef51633c01fc244e58c5bb53b560ee4d2a602afffc5128c079aa523b7a1135ca9fa831898be4861b8ab1736da84f29f9d3c0ec01

data/lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/http_configuration.rb

@@ -28,6 +28,12 @@ module SmplkitGeneratedClient::Audit
     # HTTP response status that indicates a successful delivery. Either a specific status code (e.g. `200`, `204`) or a status class (`1xx`, `2xx`, `3xx`, `4xx`, `5xx`).
     attr_accessor :success_status
 
+    # Whether to verify the destination server's TLS certificate against trusted certificate authorities. Defaults to `true` and should be left on for any production destination. Set to `false` only for development or short-lived testing against a destination that presents an untrusted certificate (e.g. a Splunk Cloud trial stack on `:8088` serving its default self-signed certificate). When `false`, deliveries proceed without certificate verification — they are vulnerable to man-in-the-middle attacks. For long-lived self-signed setups, pin the issuing CA via `ca_cert` instead of disabling verification entirely.
+    attr_accessor :tls_verify
+
+    # Optional PEM-encoded certificate (or bundle) used to verify the destination server's TLS certificate, in addition to the system trust store. Use this to pin a private or self-signed CA (e.g. Splunk's default `SplunkCommonCA`) without disabling verification entirely via `tls_verify`. Must contain one or more `-----BEGIN CERTIFICATE-----` blocks. Ignored when `tls_verify` is `false`.
+    attr_accessor :ca_cert
+
     class EnumAttributeValidator
       attr_reader :datatype
       attr_reader :allowable_values
@@ -56,7 +62,9 @@ module SmplkitGeneratedClient::Audit
         :'method' => :'method',
         :'url' => :'url',
         :'headers' => :'headers',
-        :'success_status' => :'success_status'
+        :'success_status' => :'success_status',
+        :'tls_verify' => :'tls_verify',
+        :'ca_cert' => :'ca_cert'
       }
     end
 
@@ -76,13 +84,16 @@ module SmplkitGeneratedClient::Audit
         :'method' => :'String',
         :'url' => :'String',
         :'headers' => :'Array<HttpHeader>',
-        :'success_status' => :'String'
+        :'success_status' => :'String',
+        :'tls_verify' => :'Boolean',
+        :'ca_cert' => :'String'
       }
     end
 
     # List of attributes with nullable: true
     def self.openapi_nullable
       Set.new([
+        :'ca_cert'
       ])
     end
 
@@ -125,6 +136,16 @@ module SmplkitGeneratedClient::Audit
       else
         self.success_status = '2xx'
       end
+
+      if attributes.key?(:'tls_verify')
+        self.tls_verify = attributes[:'tls_verify']
+      else
+        self.tls_verify = true
+      end
+
+      if attributes.key?(:'ca_cert')
+        self.ca_cert = attributes[:'ca_cert']
+      end
     end
 
     # Show invalid properties with the reasons. Usually used together with valid?
@@ -148,6 +169,10 @@ module SmplkitGeneratedClient::Audit
         invalid_properties.push('invalid value for "success_status", the character length must be smaller than or equal to 3.')
       end
 
+      if !@ca_cert.nil? && @ca_cert.to_s.length > 65536
+        invalid_properties.push('invalid value for "ca_cert", the character length must be smaller than or equal to 65536.')
+      end
+
       invalid_properties
     end
 
@@ -161,6 +186,7 @@ module SmplkitGeneratedClient::Audit
       return false if @url.to_s.length > 2048
       return false if @url.to_s.length < 1
       return false if !@success_status.nil? && @success_status.to_s.length > 3
+      return false if !@ca_cert.nil? && @ca_cert.to_s.length > 65536
       true
     end
 
@@ -206,6 +232,16 @@ module SmplkitGeneratedClient::Audit
       @success_status = success_status
     end
 
+    # Custom attribute writer method with validation
+    # @param [Object] ca_cert Value to be assigned
+    def ca_cert=(ca_cert)
+      if !ca_cert.nil? && ca_cert.to_s.length > 65536
+        fail ArgumentError, 'invalid value for "ca_cert", the character length must be smaller than or equal to 65536.'
+      end
+
+      @ca_cert = ca_cert
+    end
+
     # Checks equality by comparing each attribute.
     # @param [Object] Object to be compared
     def ==(o)
@@ -214,7 +250,9 @@ module SmplkitGeneratedClient::Audit
           method == o.method &&
           url == o.url &&
           headers == o.headers &&
-          success_status == o.success_status
+          success_status == o.success_status &&
+          tls_verify == o.tls_verify &&
+          ca_cert == o.ca_cert
     end
 
     # @see the `==` method
@@ -226,7 +264,7 @@ module SmplkitGeneratedClient::Audit
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [method, url, headers, success_status].hash
+      [method, url, headers, success_status, tls_verify, ca_cert].hash
     end
 
     # Builds the object from hash

data/lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/test_forwarder_request.rb

@@ -31,6 +31,12 @@ module SmplkitGeneratedClient::Audit
     # Per-request timeout in milliseconds. Capped at 30 seconds.
     attr_accessor :timeout_ms
 
+    # Whether to verify the destination server's TLS certificate. Mirrors the parent forwarder field of the same name — see its description for security guidance. Defaults to `true`.
+    attr_accessor :tls_verify
+
+    # Optional PEM-encoded certificate (or bundle) used to verify the destination server's TLS certificate. Mirrors the parent forwarder field. Must contain one or more `-----BEGIN CERTIFICATE-----` blocks.
+    attr_accessor :ca_cert
+
     # Request body sent to the destination. When omitted, an empty body is sent (suitable for connectivity probes). When set, the body is sent verbatim — pair with an appropriate `Content-Type` entry in `headers` so the destination interprets it correctly. Limit 1 MiB.
     attr_accessor :body
 
@@ -64,6 +70,8 @@ module SmplkitGeneratedClient::Audit
         :'headers' => :'headers',
         :'success_status' => :'success_status',
         :'timeout_ms' => :'timeout_ms',
+        :'tls_verify' => :'tls_verify',
+        :'ca_cert' => :'ca_cert',
         :'body' => :'body'
       }
     end
@@ -86,6 +94,8 @@ module SmplkitGeneratedClient::Audit
         :'headers' => :'Array<HttpHeader>',
         :'success_status' => :'String',
         :'timeout_ms' => :'Integer',
+        :'tls_verify' => :'Boolean',
+        :'ca_cert' => :'String',
         :'body' => :'String'
       }
     end
@@ -94,6 +104,7 @@ module SmplkitGeneratedClient::Audit
     def self.openapi_nullable
       Set.new([
         :'timeout_ms',
+        :'ca_cert',
         :'body'
       ])
     end
@@ -142,6 +153,16 @@ module SmplkitGeneratedClient::Audit
         self.timeout_ms = attributes[:'timeout_ms']
       end
 
+      if attributes.key?(:'tls_verify')
+        self.tls_verify = attributes[:'tls_verify']
+      else
+        self.tls_verify = true
+      end
+
+      if attributes.key?(:'ca_cert')
+        self.ca_cert = attributes[:'ca_cert']
+      end
+
       if attributes.key?(:'body')
         self.body = attributes[:'body']
       end
@@ -176,6 +197,10 @@ module SmplkitGeneratedClient::Audit
         invalid_properties.push('invalid value for "timeout_ms", must be greater than or equal to 1.')
       end
 
+      if !@ca_cert.nil? && @ca_cert.to_s.length > 65536
+        invalid_properties.push('invalid value for "ca_cert", the character length must be smaller than or equal to 65536.')
+      end
+
       if !@body.nil? && @body.to_s.length > 1048576
         invalid_properties.push('invalid value for "body", the character length must be smaller than or equal to 1048576.')
       end
@@ -195,6 +220,7 @@ module SmplkitGeneratedClient::Audit
       return false if !@success_status.nil? && @success_status.to_s.length > 3
       return false if !@timeout_ms.nil? && @timeout_ms > 30000
       return false if !@timeout_ms.nil? && @timeout_ms < 1
+      return false if !@ca_cert.nil? && @ca_cert.to_s.length > 65536
       return false if !@body.nil? && @body.to_s.length > 1048576
       true
     end
@@ -255,6 +281,16 @@ module SmplkitGeneratedClient::Audit
       @timeout_ms = timeout_ms
     end
 
+    # Custom attribute writer method with validation
+    # @param [Object] ca_cert Value to be assigned
+    def ca_cert=(ca_cert)
+      if !ca_cert.nil? && ca_cert.to_s.length > 65536
+        fail ArgumentError, 'invalid value for "ca_cert", the character length must be smaller than or equal to 65536.'
+      end
+
+      @ca_cert = ca_cert
+    end
+
     # Custom attribute writer method with validation
     # @param [Object] body Value to be assigned
     def body=(body)
@@ -275,6 +311,8 @@ module SmplkitGeneratedClient::Audit
           headers == o.headers &&
           success_status == o.success_status &&
           timeout_ms == o.timeout_ms &&
+          tls_verify == o.tls_verify &&
+          ca_cert == o.ca_cert &&
           body == o.body
     end
 
@@ -287,7 +325,7 @@ module SmplkitGeneratedClient::Audit
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [method, url, headers, success_status, timeout_ms, body].hash
+      [method, url, headers, success_status, timeout_ms, tls_verify, ca_cert, body].hash
     end
 
     # Builds the object from hash

data/lib/smplkit/_generated/audit/spec/models/http_configuration_spec.rb

@@ -55,4 +55,16 @@ describe SmplkitGeneratedClient::Audit::HttpConfiguration do
     end
   end
 
+  describe 'test attribute "tls_verify"' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  describe 'test attribute "ca_cert"' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
 end

data/lib/smplkit/_generated/audit/spec/models/test_forwarder_request_spec.rb

@@ -61,6 +61,18 @@ describe SmplkitGeneratedClient::Audit::TestForwarderRequest do
     end
   end
 
+  describe 'test attribute "tls_verify"' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  describe 'test attribute "ca_cert"' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
   describe 'test attribute "body"' do
     it 'should work' do
       # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/

data/lib/smplkit/audit/models.rb

@@ -262,12 +262,32 @@ module Smplkit
     #   @return [String] Status the destination must return for delivery to count
     #     as success — an exact code (+"200"+, +"204"+) or a class (+"2xx"+, +"4xx"+).
     #     Defaults to +"2xx"+.
+    # @!attribute [rw] tls_verify
+    #   @return [Boolean] Whether to verify the destination's TLS certificate
+    #     chain. Defaults to +true+; flip to +false+ only for short-lived
+    #     testing against a destination that serves an untrusted certificate.
+    #     Prefer pinning the issuing CA via +ca_cert+ for long-lived self-signed
+    #     setups.
+    # @!attribute [rw] ca_cert
+    #   @return [String, nil] Optional PEM-encoded certificate (or bundle)
+    #     trusted in addition to the system CA store. Ignored when
+    #     +tls_verify+ is +false+. +nil+ (the default) means "use system CAs
+    #     only".
     #
     # rubocop:disable Lint/StructNewOverride -- ``:method`` matches the
     # API attribute and shadowing Struct#method is the expected ergonomics.
-    HttpConfiguration = Struct.new(:method, :url, :headers, :success_status, keyword_init: true) do
-      def initialize(method: HttpMethod::POST, url: "", headers: nil, success_status: "2xx")
-        super(method: HttpMethod.coerce(method), url: url, headers: headers || [], success_status: success_status)
+    HttpConfiguration = Struct.new(
+      :method, :url, :headers, :success_status, :tls_verify, :ca_cert,
+      keyword_init: true
+    ) do
+      def initialize(
+        method: HttpMethod::POST, url: "", headers: nil,
+        success_status: "2xx", tls_verify: true, ca_cert: nil
+      )
+        super(
+          method: HttpMethod.coerce(method), url: url, headers: headers || [],
+          success_status: success_status, tls_verify: tls_verify, ca_cert: ca_cert
+        )
       end
 
       def self.to_wire(src)
@@ -284,18 +304,29 @@ module Smplkit
                           end
             SmplkitGeneratedClient::Audit::HttpHeader.new(name: name, value: value)
           end,
-          success_status: h.success_status
+          success_status: h.success_status,
+          tls_verify: h.tls_verify,
+          ca_cert: h.ca_cert
         )
       end
 
       def self.from_wire(src)
         return new if src.nil?
 
+        # Absent ``tls_verify`` on the wire means a forwarder persisted
+        # before the field landed — default to verifying so its prior
+        # secure behaviour is preserved.
         new(
           method: src.method || HttpMethod::POST,
           url: src.url || "",
           headers: (src.headers || []).map { |h| HttpHeader.new(name: h.name, value: h.value) },
-          success_status: src.success_status || "2xx"
+          success_status: src.success_status || "2xx",
+          # rubocop:disable Style/RedundantCondition -- nil and false are
+          # distinct: nil means "field absent on the wire" (default to true);
+          # explicit false means "verification disabled".
+          tls_verify: src.tls_verify.nil? ? true : src.tls_verify,
+          # rubocop:enable Style/RedundantCondition
+          ca_cert: src.ca_cert
         )
       end
     end
@@ -311,7 +342,10 @@ module Smplkit
     # Re-supply real values before calling {#save}; the SDK does not cache
     # them client-side.
     class Forwarder
-      # @return [String, nil] Server-assigned UUID, +nil+ until {#save} has run.
+      # @return [String, nil] Caller-supplied unique identifier (key) for this
+      #   forwarder. Unique within an account; immutable for the lifetime of
+      #   the forwarder. +nil+ only while the object represents an unsaved
+      #   instance constructed without an id (which {#save} would then reject).
       attr_accessor :id
 
       # @return [String] Display name. Free-form.

data/lib/smplkit/management/audit.rb

@@ -56,13 +56,14 @@ module Smplkit
       #   nil or both set, or when +transform_type+ is +JSONATA+ and +transform+
       #   is not a +String+.
       # @return [Smplkit::Audit::Forwarder]
-      def new_forwarder(name:, forwarder_type:, configuration:,
+      def new_forwarder(id, forwarder_type:, configuration:, name: nil,
                         enabled: true, description: nil,
                         filter: nil, transform: nil, transform_type: nil)
         Smplkit::Audit::Forwarder.send(:validate_transform_pair!, transform, transform_type)
         Smplkit::Audit::Forwarder.new(
           self,
-          name: name,
+          id: id,
+          name: name || id,
           forwarder_type: forwarder_type,
           configuration: configuration,
           enabled: enabled,
@@ -118,7 +119,11 @@ module Smplkit
       # @api private — POST a new forwarder. Called by
       #   {Smplkit::Audit::Forwarder#save} on unsaved instances.
       def _create_forwarder(forwarder)
-        resp = Smplkit::Audit.call_api { @api.create_forwarder(build_body(forwarder)) }
+        if forwarder.id.nil? || forwarder.id.empty?
+          raise ArgumentError, "Forwarder.id is required on create (caller-supplied key)"
+        end
+
+        resp = Smplkit::Audit.call_api { @api.create_forwarder(build_create_body(forwarder)) }
         Smplkit::Audit::Forwarder.from_resource(resp.data, client: self)
       end
 
@@ -138,8 +143,8 @@ module Smplkit
 
       private
 
-      def build_body(forwarder)
-        attrs = SmplkitGeneratedClient::Audit::Forwarder.new(
+      def build_attrs(forwarder)
+        SmplkitGeneratedClient::Audit::Forwarder.new(
           name: forwarder.name,
           description: forwarder.description,
           forwarder_type: Smplkit::Audit::ForwarderType.coerce(forwarder.forwarder_type),
@@ -149,10 +154,26 @@ module Smplkit
           transform: forwarder.transform,
           configuration: Smplkit::Audit::HttpConfiguration.to_wire(forwarder.configuration)
         )
+      end
+
+      def build_create_body(forwarder)
+        # Create uses the distinct ForwarderCreateRequest envelope; the
+        # audit service requires data.id (the customer-supplied key) on
+        # create and 409s on conflict.
+        resource = SmplkitGeneratedClient::Audit::ForwarderCreateResource.new(
+          id: forwarder.id.to_s,
+          type: "forwarder",
+          attributes: build_attrs(forwarder)
+        )
+        SmplkitGeneratedClient::Audit::ForwarderCreateRequest.new(data: resource)
+      end
+
+      def build_body(forwarder)
+        # Update path uses the generic ForwarderRequest envelope.
         resource = SmplkitGeneratedClient::Audit::ForwarderResource.new(
-          id: forwarder.id ? forwarder.id.to_s : "",
+          id: forwarder.id.to_s,
           type: "forwarder",
-          attributes: attrs
+          attributes: build_attrs(forwarder)
         )
         SmplkitGeneratedClient::Audit::ForwarderRequest.new(data: resource)
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smplkit
 version: !ruby/object:Gem::Version
-  version: 3.0.59
+  version: 3.0.61
 platform: ruby
 authors:
 - Smpl Solutions LLC