strongdm 1.0.0 → 1.0.7

data/examples/panicButton.rb

@@ -1,18 +1,4 @@
 # Copyright 2020 StrongDM Inc
-# 
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-# 
-#     http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# 
-# Copyright 2020 StrongDM Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -26,7 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-
 require "strongdm"
 require "OpenSSL"
 require "JSON"
@@ -38,117 +23,116 @@ require "JSON"
 # to revert back to pre-panic state:
 # ruby panicButton.rb revert
 def main
-    access_key = ENV["SDM_API_ACCESS_KEY"]
-    secret_key = ENV["SDM_API_SECRET_KEY"]
-    if access_key == nil or secret_key == nil
-        puts "SDM_API_ACCESS_KEY and SDM_API_SECRET_KEY must be provided"
-        return
-    end
-    client = SDM::Client.new(access_key, secret_key)
-
-    if ARGV.size == 1 and ARGV[0] == "revert"
-        state_file = File.open("state.json")
-        state = JSON.load(state_file)
-
-        reinstated_count = 0
+  access_key = ENV["SDM_API_ACCESS_KEY"]
+  secret_key = ENV["SDM_API_SECRET_KEY"]
+  if access_key == nil or secret_key == nil
+    puts "SDM_API_ACCESS_KEY and SDM_API_SECRET_KEY must be provided"
+    return
+  end
+  client = SDM::Client.new(access_key, secret_key)
+
+  if ARGV.size == 1 and ARGV[0] == "revert"
+    state_file = File.open("state.json")
+    state = JSON.load(state_file)
+
+    reinstated_count = 0
+
+    users = client.accounts.list("")
+    users.each { |user|
+      if user.suspended
+        reinstated_count += 1
+        user.suspended = false
+        client.accounts.update(user)
+      end
+    }
+    state["attachments"].each { |attachment|
+      begin
+        a = SDM::AccountAttachment.new()
+        a.account_id = attachment["account_id"]
+        a.role_id = attachment["role_id"]
+        client.account_attachments.create(a)
+      rescue SDM::AlreadyExistsError
+      rescue => ex
+        puts "skipping creation of attachment due to error: " + ex.to_s
+      end
+    }
+    state["grants"].each { |attachment|
+      begin
+        g = SDM::AccountGrant.new()
+        g.account_id = attachment["account_id"]
+        g.resource_id = attachment["resource_id"]
+        client.account_grants.create(g)
+      rescue SDM::AlreadyExistsError
+      rescue => ex
+        puts "skipping creation of grant due to error: " + ex.to_s
+      end
+    }
 
-        users = client.accounts.list('')
-        users.each{ |user|
-            if user.suspended
-                reinstated_count += 1
-                user.suspended = false
-                client.accounts.update(user)
-            end
+    puts "reinstated " + reinstated_count.to_s + " users"
+    puts "recreated " + state["attachments"].size.to_s + " account attachments"
+    puts "recreated " + state["grants"].size.to_s + " account grants"
+
+    return
+  end
+
+  admin_email = ""
+  if ARGV.size == 1
+    admin_email = ARGV[0]
+  else
+    puts "please provide an admin email to preserve"
+    return 1
+  end
+
+  admin_user_id = ""
+  users = client.accounts.list("email:?", admin_email)
+  users.each { |user|
+    admin_user_id = user.id
+  }
+
+  account_attachments = client.account_attachments.list("")
+  account_grants = client.account_grants.list("")
+
+  state = {
+    'attachments': account_attachments.map { |x|
+      if x.account_id != admin_user_id
+        out = {
+          'account_id': x.account_id,
+          'role_id': x.role_id,
         }
-        state["attachments"].each { |attachment|
-            begin
-                a = SDM::AccountAttachment.new()
-                a.account_id = attachment["account_id"]
-                a.role_id = attachment["role_id"]
-                client.account_attachments.create(a)
-            rescue SDM::AlreadyExistsError
-            rescue => ex
-                puts "skipping creation of attachment due to error: " + ex.to_s
-            end
-        }
-        state["grants"].each { |attachment|
-            begin
-                g = SDM::AccountGrant.new()
-                g.account_id = attachment["account_id"]
-                g.resource_id = attachment["resource_id"]
-                client.account_grants.create(g)
-            rescue SDM::AlreadyExistsError
-            rescue => ex
-                puts "skipping creation of grant due to error: " + ex.to_s
-            end
+      end
+    }.reject { |x| x == nil },
+    'grants': account_grants.map { |x|
+      if x.account_id != admin_user_id and x.valid_until == nil
+        out = {
+          'account_id': x.account_id,
+          'resource_id': x.resource_id,
         }
+      end
+    }.reject { |x| x == nil },
+  }
 
-        puts "reinstated " + reinstated_count.to_s + " users"
-        puts "recreated " + state["attachments"].size.to_s + " account attachments"
-        puts "recreated " + state["grants"].size.to_s + " account grants"
+  puts "storing " + state[:attachments].size.to_s + " account attachments in state"
+  puts "storing " + state[:grants].size.to_s + " account grants in state"
 
-        return
-    end
+  state_file = File.open("state.json", "w")
+  state_file.write(state.to_json)
 
-    admin_email = ""
-    if ARGV.size == 1
-        admin_email = ARGV[0]
-    else
-        puts "please provide an admin email to preserve"
-        return 1
+  suspended_count = 0
+  users = client.accounts.list("")
+  users.each { |user|
+    if user.instance_of? SDM::User and user.email == admin_email
+      next
     end
+    user.suspended = true
+    begin
+      client.accounts.update(user)
+      suspended_count += 1
+    rescue StandardError => ex
+      puts "skipping user " + user.id + " on account of error: " + ex.to_s
+    end
+  }
 
-    admin_user_id = ""
-    users = client.accounts.list("email:?", admin_email)
-    users.each{ |user|
-        admin_user_id = user.id
-    }
-
-    account_attachments = client.account_attachments.list('')
-    account_grants = client.account_grants.list('')
-
-    state = {
-        'attachments': account_attachments.map{|x|
-            if x.account_id != admin_user_id
-                out = {
-                    'account_id': x.account_id,
-                    'role_id': x.role_id,
-                }
-            end
-        }.reject{|x| x == nil},
-        'grants': account_grants.map{|x|
-            if x.account_id != admin_user_id and x.valid_until == nil
-                out = {
-                    'account_id': x.account_id,
-                    'resource_id': x.resource_id,
-                }
-            end
-        }.reject{|x| x == nil},
-    }
-
-    puts "storing " + state[:attachments].size.to_s + " account attachments in state"
-    puts "storing " + state[:grants].size.to_s + " account grants in state"
-
-    state_file = File.open("state.json", "w")
-    state_file.write(state.to_json)
-
-    suspended_count = 0
-    users = client.accounts.list('')
-    users.each{ |user|
-        if user.instance_of? SDM::User and user.email == admin_email
-            next
-        end
-        user.suspended = true
-        begin
-            client.accounts.update(user)
-            suspended_count += 1
-        rescue StandardError => ex
-            puts "skipping user " + user.id + " on account of error: " + ex.to_s
-        end
-    }
-
-    puts "suspended " + suspended_count.to_s + " users"
-
+  puts "suspended " + suspended_count.to_s + " users"
 end
 
-main()
+main()

data/lib/errors/errors.rb

@@ -1,85 +1,87 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 # This file was generated by protogen. DO NOT EDIT.
 
 module SDM
 
-    # RPCError is a generic RPC error
-    class RPCError < StandardError
-        attr_reader :code
-        def initialize(msg, code)
-            @code = code
-            super(msg)
-        end
+  # RPCError is a generic RPC error
+  class RPCError < StandardError
+    attr_reader :code
+
+    def initialize(msg, code)
+      @code = code
+      super(msg)
     end
+  end
 
-    # DeadlineExceededError indicates an RPC call timed out
-    class DeadlineExceededError < RPCError
-        def initialize(msg)
-            super(msg, 4)
-        end
+  # DeadlineExceededError indicates an RPC call timed out
+  class DeadlineExceededError < RPCError
+    def initialize(msg)
+      super(msg, 4)
     end
+  end
 
-    # AlreadyExistsError is used when an entity already exists in the system
-    class AlreadyExistsError < RPCError
-        def initialize(msg)
-            super(msg, 6)
-        end
+  # AlreadyExistsError is used when an entity already exists in the system
+  class AlreadyExistsError < RPCError
+    def initialize(msg)
+      super(msg, 6)
     end
+  end
 
-    # NotFoundError is used when an entity does not exist in the system
-    class NotFoundError < RPCError
-        def initialize(msg)
-            super(msg, 5)
-        end
+  # NotFoundError is used when an entity does not exist in the system
+  class NotFoundError < RPCError
+    def initialize(msg)
+      super(msg, 5)
     end
+  end
 
-    # BadRequestError identifies a bad request sent by the client
-    class BadRequestError < RPCError
-        def initialize(msg)
-            super(msg, 3)
-        end
+  # BadRequestError identifies a bad request sent by the client
+  class BadRequestError < RPCError
+    def initialize(msg)
+      super(msg, 3)
     end
+  end
 
-    # AuthenticationError is used to specify an authentication failure condition
-    class AuthenticationError < RPCError
-        def initialize(msg)
-            super(msg, 16)
-        end
+  # AuthenticationError is used to specify an authentication failure condition
+  class AuthenticationError < RPCError
+    def initialize(msg)
+      super(msg, 16)
     end
+  end
 
-    # PermissionError is used to specify a permissions violation
-    class PermissionError < RPCError
-        def initialize(msg)
-            super(msg, 7)
-        end
+  # PermissionError is used to specify a permissions violation
+  class PermissionError < RPCError
+    def initialize(msg)
+      super(msg, 7)
     end
+  end
 
-    # InternalError is used to specify an internal system error
-    class InternalError < RPCError
-        def initialize(msg)
-            super(msg, 13)
-        end
+  # InternalError is used to specify an internal system error
+  class InternalError < RPCError
+    def initialize(msg)
+      super(msg, 13)
     end
+  end
+
+  # RateLimitError is used for rate limit excess condition
+  class RateLimitError < RPCError
+    attr_reader :rate_limit
 
-    # RateLimitError is used for rate limit excess condition
-    class RateLimitError < RPCError
-        attr_reader :rate_limit
-        def initialize(msg, rate_limit)
-            @rate_limit = rate_limit
-            super(msg, 8)
-        end
+    def initialize(msg, rate_limit)
+      @rate_limit = rate_limit
+      super(msg, 8)
     end
+  end
 end

data/lib/grpc/account_attachments_pb.rb

@@ -1,35 +1,31 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: account_attachments.proto
 
-require 'google/protobuf'
+require "google/protobuf"
 
-require 'google/api/annotations_pb'
-require 'protoc-gen-swagger/options/annotations_pb'
-require 'options_pb'
-require 'spec_pb'
+require "google/api/annotations_pb"
+require "protoc-gen-swagger/options/annotations_pb"
+require "options_pb"
+require "spec_pb"
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("account_attachments.proto", :syntax => :proto3) do
     add_message "v1.AccountAttachmentCreateRequest" do
       optional :meta, :message, 1, "v1.CreateRequestMetadata"
       optional :account_attachment, :message, 2, "v1.AccountAttachment"
-      optional :options, :message, 3, "v1.AccountAttachmentCreateOptions"
-    end
-    add_message "v1.AccountAttachmentCreateOptions" do
-      optional :overwrite, :bool, 1
     end
     add_message "v1.AccountAttachmentCreateResponse" do
       optional :meta, :message, 1, "v1.CreateResponseMetadata"
@@ -72,7 +68,6 @@ end
 
 module V1
   AccountAttachmentCreateRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentCreateRequest").msgclass
-  AccountAttachmentCreateOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentCreateOptions").msgclass
   AccountAttachmentCreateResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentCreateResponse").msgclass
   AccountAttachmentGetRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentGetRequest").msgclass
   AccountAttachmentGetResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentGetResponse").msgclass

data/lib/grpc/account_attachments_services_pb.rb

@@ -1,33 +1,32 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # Source: account_attachments.proto for package 'v1'
 
-require 'grpc'
-require 'account_attachments_pb'
+require "grpc"
+require "account_attachments_pb"
 
 module V1
   module AccountAttachments
     # AccountAttachments assign an account to a role.
     class Service
-
       include GRPC::GenericService
 
       self.marshal_class_method = :encode
       self.unmarshal_class_method = :decode
-      self.service_name = 'v1.AccountAttachments'
+      self.service_name = "v1.AccountAttachments"
 
       # Create registers a new AccountAttachment.
       rpc :Create, AccountAttachmentCreateRequest, AccountAttachmentCreateResponse