smplkit 3.0.97 → 3.0.98
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/smplkit/audit/client.rb +35 -3
- data/lib/smplkit/audit/events.rb +19 -6
- data/lib/smplkit/flags/models.rb +9 -8
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6e45e17931c6cadc44da209a05f0c043d9fb0d7e08ce28058f6c1ddc67cc7e05
|
|
4
|
+
data.tar.gz: 97e9506623904814d1272b57e1558959b9be4ecc6d3f68609a69e251f820ccbb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 516b5e35d4441a7ae9a4b5944f8b79292dae8a3b4b8e4979cf20a3b09b513fc399260c68141ff53e886547f71acdd4c07ba0188ab46380cace4e53beeca97352
|
|
7
|
+
data.tar.gz: 61d0c381f68966b90e08167cc629f259ced3200fec6c16d29d76bbcab7163f8df7321edb32e8dc574b8c6dbefcd055d0d553e59945247044f8a1fe681712f379
|
data/lib/smplkit/audit/client.rb
CHANGED
|
@@ -10,12 +10,25 @@ module Smplkit
|
|
|
10
10
|
# listings (+resource_types+, +event_types+, +categories+), plus SIEM
|
|
11
11
|
# forwarder CRUD on +#forwarders+.
|
|
12
12
|
#
|
|
13
|
-
#
|
|
14
|
-
#
|
|
13
|
+
# Reachable as +client.audit+ (+Smplkit::Client+) or constructed directly —
|
|
14
|
+
# +AuditClient.new+ resolves credentials from +~/.smplkit+ / env vars and
|
|
15
|
+
# derives the audit base URL from +base_domain+/+scheme+ when +base_url+ is
|
|
16
|
+
# omitted.
|
|
17
|
+
#
|
|
18
|
+
# @param api_key [String, nil] API key used to authenticate every request.
|
|
19
|
+
# When omitted, resolved from +SMPLKIT_API_KEY+ or +~/.smplkit+.
|
|
20
|
+
# @param base_url [String, nil] Full audit-service base URL. Usually resolved
|
|
21
|
+
# from +base_domain+/+scheme+; supplied directly by the top-level clients
|
|
22
|
+
# which have already computed it.
|
|
15
23
|
# @param environment [String, nil] Deployment environment to scope recording
|
|
16
24
|
# and reads to. Optional — forwarder CRUD and discovery are
|
|
17
25
|
# environment-agnostic, and reads accept an explicit +environments: [...]+
|
|
18
26
|
# filter.
|
|
27
|
+
# @param profile [String, nil] Named +~/.smplkit+ profile section.
|
|
28
|
+
# @param base_domain [String, nil] Base domain for API requests (default
|
|
29
|
+
# +"smplkit.com"+).
|
|
30
|
+
# @param scheme [String, nil] URL scheme (default +"https"+).
|
|
31
|
+
# @param debug [Boolean, nil] Enable SDK debug logging.
|
|
19
32
|
# @param timeout [Float] Per-request timeout, in seconds. Defaults to +10.0+.
|
|
20
33
|
# @param extra_headers [Hash{String => String}, nil] Extra headers attached
|
|
21
34
|
# to every request. SDK-owned headers (authorization, content-type,
|
|
@@ -25,12 +38,29 @@ module Smplkit
|
|
|
25
38
|
|
|
26
39
|
SDK_OWNED_HEADERS = %w[authorization content-type user-agent].freeze
|
|
27
40
|
|
|
28
|
-
def initialize(api_key
|
|
41
|
+
def initialize(api_key: nil, base_url: nil, environment: nil, profile: nil,
|
|
42
|
+
base_domain: nil, scheme: nil, debug: nil, timeout: 10.0,
|
|
43
|
+
extra_headers: nil)
|
|
44
|
+
# +base_url+/+api_key+ are used directly when both are supplied (the
|
|
45
|
+
# path the top-level client takes after it has already resolved them);
|
|
46
|
+
# otherwise the config resolver fills in whatever is missing
|
|
47
|
+
# (+~/.smplkit+ / env vars / defaults) and the audit base URL is derived
|
|
48
|
+
# from +base_domain+/+scheme+ via +service_url+.
|
|
49
|
+
if api_key.nil? || base_url.nil?
|
|
50
|
+
resolved = ConfigResolution.resolve_client_config(
|
|
51
|
+
profile: profile, api_key: api_key, base_domain: base_domain,
|
|
52
|
+
scheme: scheme, debug: debug
|
|
53
|
+
)
|
|
54
|
+
api_key = resolved.api_key if api_key.nil?
|
|
55
|
+
base_url = ConfigResolution.service_url(resolved.scheme, "audit", resolved.base_domain) if base_url.nil?
|
|
56
|
+
debug = resolved.debug if debug.nil?
|
|
57
|
+
end
|
|
29
58
|
cfg = SmplkitGeneratedClient::Audit::Configuration.new
|
|
30
59
|
cfg.host = URI.parse(base_url).host
|
|
31
60
|
cfg.scheme = URI.parse(base_url).scheme
|
|
32
61
|
cfg.access_token = api_key
|
|
33
62
|
cfg.timeout = timeout
|
|
63
|
+
cfg.debugging = debug unless debug.nil?
|
|
34
64
|
HttpPool.configure(cfg)
|
|
35
65
|
api_client = SmplkitGeneratedClient::Audit::ApiClient.new(cfg)
|
|
36
66
|
api_client.default_headers["User-Agent"] = "smplkit-ruby-sdk/#{Smplkit::VERSION}"
|
|
@@ -57,4 +87,6 @@ module Smplkit
|
|
|
57
87
|
end
|
|
58
88
|
end
|
|
59
89
|
end
|
|
90
|
+
|
|
91
|
+
AuditClient = Audit::AuditClient
|
|
60
92
|
end
|
data/lib/smplkit/audit/events.rb
CHANGED
|
@@ -4,9 +4,10 @@ module Smplkit
|
|
|
4
4
|
module Audit
|
|
5
5
|
# Audit events surface — accessed via +client.audit.events+.
|
|
6
6
|
#
|
|
7
|
-
# +#record+ is fire-and-forget — the call enqueues the event
|
|
8
|
-
# in-memory bounded buffer and returns immediately.
|
|
9
|
-
#
|
|
7
|
+
# +#record+ is fire-and-forget by default — the call enqueues the event
|
|
8
|
+
# onto an in-memory bounded buffer and returns immediately. Pass
|
|
9
|
+
# +flush: true+ to block until the event is durable before continuing.
|
|
10
|
+
# +#list+ and +#get+ are synchronous reads.
|
|
10
11
|
class Events
|
|
11
12
|
def initialize(api)
|
|
12
13
|
@api = api
|
|
@@ -15,8 +16,12 @@ module Smplkit
|
|
|
15
16
|
|
|
16
17
|
# Enqueue an audit event for asynchronous delivery.
|
|
17
18
|
#
|
|
18
|
-
# Returns immediately
|
|
19
|
-
# POST with retry on
|
|
19
|
+
# Returns immediately when +flush+ is +false+ (the default) — the
|
|
20
|
+
# buffer's worker thread performs the actual POST with retry on
|
|
21
|
+
# transient failures. When +flush: true+, this call blocks until the
|
|
22
|
+
# buffer has drained or +flush_timeout+ elapses; use it when the caller
|
|
23
|
+
# needs the event durable before continuing (CLI tools, in-test
|
|
24
|
+
# assertions, or any flow about to terminate the process).
|
|
20
25
|
#
|
|
21
26
|
# Actor attribution (+actor_type+, +actor_id+, +actor_label+) is
|
|
22
27
|
# customer-supplied and free-form. The audit service stores
|
|
@@ -58,11 +63,17 @@ module Smplkit
|
|
|
58
63
|
# the event normally but does NOT POST it through any configured SIEM
|
|
59
64
|
# forwarder. A +skipped_do_not_forward+ delivery row is recorded for each
|
|
60
65
|
# enabled forwarder so the skip is visible in the forwarder delivery log.
|
|
66
|
+
# @param flush [Boolean] When +true+, block until the buffer has drained
|
|
67
|
+
# (or +flush_timeout+ elapses) before returning. Defaults to +false+
|
|
68
|
+
# (fire-and-forget).
|
|
69
|
+
# @param flush_timeout [Float, nil] Upper bound on the blocking flush, in
|
|
70
|
+
# seconds. Ignored when +flush+ is +false+. +nil+ blocks indefinitely.
|
|
71
|
+
# Defaults to +5.0+.
|
|
61
72
|
# @return [void]
|
|
62
73
|
def record(event_type:, resource_type:, resource_id:,
|
|
63
74
|
occurred_at: nil, actor_type: nil, actor_id: nil,
|
|
64
75
|
actor_label: nil, category: nil, data: nil, idempotency_key: nil,
|
|
65
|
-
do_not_forward: false)
|
|
76
|
+
do_not_forward: false, flush: false, flush_timeout: 5.0)
|
|
66
77
|
raise ArgumentError, "event_type is required" if event_type.nil? || event_type.to_s.empty?
|
|
67
78
|
raise ArgumentError, "resource_type is required" if resource_type.nil? || resource_type.to_s.empty?
|
|
68
79
|
raise ArgumentError, "resource_id is required" if resource_id.nil? || resource_id.to_s.empty?
|
|
@@ -101,6 +112,8 @@ module Smplkit
|
|
|
101
112
|
)
|
|
102
113
|
body = SmplkitGeneratedClient::Audit::EventRequest.new(data: resource)
|
|
103
114
|
@buffer.enqueue(body, idempotency_key)
|
|
115
|
+
@buffer.flush(timeout: flush_timeout) if flush
|
|
116
|
+
nil
|
|
104
117
|
end
|
|
105
118
|
|
|
106
119
|
# Single-event retrieval.
|
data/lib/smplkit/flags/models.rb
CHANGED
|
@@ -241,23 +241,24 @@ module Smplkit
|
|
|
241
241
|
|
|
242
242
|
# Append a constrained value to the flag's values list. Call +save+ to persist.
|
|
243
243
|
#
|
|
244
|
-
# @param
|
|
244
|
+
# @param name [String] human-readable label for the value entry.
|
|
245
|
+
# @param value [Object] the value to allow the flag to serve.
|
|
245
246
|
# @return [self] this flag, so calls can be chained.
|
|
246
|
-
def add_value(
|
|
247
|
+
def add_value(name, value)
|
|
247
248
|
@values ||= []
|
|
248
|
-
@values <<
|
|
249
|
+
@values << FlagValue.new(name: name, value: value)
|
|
249
250
|
self
|
|
250
251
|
end
|
|
251
252
|
|
|
252
|
-
# Remove the first values entry whose +
|
|
253
|
+
# Remove the first values entry whose +value+ matches.
|
|
253
254
|
#
|
|
254
|
-
# @param
|
|
255
|
-
# removed and others are left in place.
|
|
255
|
+
# @param value [Object] the value to remove. Entries are matched on their
|
|
256
|
+
# +value+ field; the first match is removed and others are left in place.
|
|
256
257
|
# @return [self] this flag, so calls can be chained.
|
|
257
|
-
def remove_value(
|
|
258
|
+
def remove_value(value)
|
|
258
259
|
return self unless @values
|
|
259
260
|
|
|
260
|
-
@values = @values.reject { |v| v.
|
|
261
|
+
@values = @values.reject { |v| v.value == value }
|
|
261
262
|
self
|
|
262
263
|
end
|
|
263
264
|
|