strongdm 1.0.1 → 1.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (169) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +26 -7
  3. data/doc/LICENSE.html +1 -11
  4. data/doc/Object.html +1 -356
  5. data/doc/README_md.html +31 -20
  6. data/doc/SDM.html +1 -1
  7. data/doc/SDM/AKS.html +40 -4
  8. data/doc/SDM/AKSBasicAuth.html +40 -4
  9. data/doc/SDM/AKSServiceAccount.html +40 -4
  10. data/doc/SDM/AccountAttachment.html +3 -3
  11. data/doc/SDM/AccountAttachmentCreateResponse.html +3 -3
  12. data/doc/SDM/AccountAttachmentDeleteResponse.html +3 -3
  13. data/doc/SDM/AccountAttachmentGetResponse.html +3 -3
  14. data/doc/SDM/AccountAttachments.html +22 -24
  15. data/doc/SDM/AccountCreateResponse.html +3 -3
  16. data/doc/SDM/AccountDeleteResponse.html +3 -3
  17. data/doc/SDM/AccountGetResponse.html +3 -3
  18. data/doc/SDM/AccountGrant.html +3 -3
  19. data/doc/SDM/AccountGrantCreateResponse.html +3 -3
  20. data/doc/SDM/AccountGrantDeleteResponse.html +3 -3
  21. data/doc/SDM/AccountGrantGetResponse.html +3 -3
  22. data/doc/SDM/AccountGrants.html +24 -24
  23. data/doc/SDM/AccountUpdateResponse.html +3 -3
  24. data/doc/SDM/Accounts.html +30 -30
  25. data/doc/SDM/AlreadyExistsError.html +1 -1
  26. data/doc/SDM/AmazonEKS.html +58 -4
  27. data/doc/SDM/AmazonES.html +22 -4
  28. data/doc/SDM/Athena.html +22 -4
  29. data/doc/SDM/AuroraMysql.html +22 -4
  30. data/doc/SDM/AuroraPostgres.html +22 -4
  31. data/doc/SDM/AuthenticationError.html +1 -1
  32. data/doc/SDM/BadRequestError.html +1 -1
  33. data/doc/SDM/BigQuery.html +22 -4
  34. data/doc/SDM/Cassandra.html +22 -4
  35. data/doc/SDM/Citus.html +409 -0
  36. data/doc/SDM/Client.html +2 -2
  37. data/doc/SDM/Clustrix.html +22 -4
  38. data/doc/SDM/Cockroach.html +22 -4
  39. data/doc/SDM/CreateResponseMetadata.html +1 -1
  40. data/doc/SDM/DB2.html +391 -0
  41. data/doc/SDM/DB2LUW.html +391 -0
  42. data/doc/SDM/DB2i.html +391 -0
  43. data/doc/SDM/DeadlineExceededError.html +1 -1
  44. data/doc/SDM/DeleteResponseMetadata.html +1 -1
  45. data/doc/SDM/Druid.html +22 -4
  46. data/doc/SDM/DynamoDB.html +22 -4
  47. data/doc/SDM/Elastic.html +22 -4
  48. data/doc/SDM/ElasticacheRedis.html +22 -4
  49. data/doc/SDM/Gateway.html +22 -4
  50. data/doc/SDM/GetResponseMetadata.html +1 -1
  51. data/doc/SDM/GoogleGKE.html +40 -4
  52. data/doc/SDM/Greenplum.html +22 -4
  53. data/doc/SDM/HTTPAuth.html +22 -4
  54. data/doc/SDM/HTTPBasicAuth.html +22 -4
  55. data/doc/SDM/HTTPNoAuth.html +22 -4
  56. data/doc/SDM/InternalError.html +1 -1
  57. data/doc/SDM/Kubernetes.html +40 -4
  58. data/doc/SDM/KubernetesBasicAuth.html +40 -4
  59. data/doc/SDM/KubernetesServiceAccount.html +40 -4
  60. data/doc/SDM/Maria.html +22 -4
  61. data/doc/SDM/Memcached.html +22 -4
  62. data/doc/SDM/Memsql.html +22 -4
  63. data/doc/SDM/MongoHost.html +22 -4
  64. data/doc/SDM/MongoLegacyHost.html +22 -4
  65. data/doc/SDM/MongoLegacyReplicaset.html +22 -4
  66. data/doc/SDM/MongoReplicaSet.html +22 -4
  67. data/doc/SDM/Mysql.html +22 -4
  68. data/doc/SDM/NodeCreateResponse.html +3 -3
  69. data/doc/SDM/NodeDeleteResponse.html +3 -3
  70. data/doc/SDM/NodeGetResponse.html +3 -3
  71. data/doc/SDM/NodeUpdateResponse.html +3 -3
  72. data/doc/SDM/Nodes.html +30 -30
  73. data/doc/SDM/NotFoundError.html +1 -1
  74. data/doc/SDM/Oracle.html +22 -4
  75. data/doc/SDM/PermissionError.html +1 -1
  76. data/doc/SDM/Plumbing.html +4355 -3574
  77. data/doc/SDM/Postgres.html +22 -4
  78. data/doc/SDM/Presto.html +22 -4
  79. data/doc/SDM/RDP.html +22 -4
  80. data/doc/SDM/RPCError.html +1 -1
  81. data/doc/SDM/RateLimitError.html +1 -1
  82. data/doc/SDM/RateLimitMetadata.html +1 -1
  83. data/doc/SDM/Redis.html +22 -4
  84. data/doc/SDM/Redshift.html +22 -4
  85. data/doc/SDM/Relay.html +23 -5
  86. data/doc/SDM/ResourceCreateResponse.html +3 -3
  87. data/doc/SDM/ResourceDeleteResponse.html +3 -3
  88. data/doc/SDM/ResourceGetResponse.html +3 -3
  89. data/doc/SDM/ResourceUpdateResponse.html +3 -3
  90. data/doc/SDM/Resources.html +29 -29
  91. data/doc/SDM/Role.html +22 -4
  92. data/doc/SDM/RoleAttachment.html +3 -3
  93. data/doc/SDM/RoleAttachmentCreateResponse.html +3 -3
  94. data/doc/SDM/RoleAttachmentDeleteResponse.html +3 -3
  95. data/doc/SDM/RoleAttachmentGetResponse.html +3 -3
  96. data/doc/SDM/RoleAttachments.html +23 -23
  97. data/doc/SDM/RoleCreateResponse.html +3 -3
  98. data/doc/SDM/RoleDeleteResponse.html +3 -3
  99. data/doc/SDM/RoleGetResponse.html +3 -3
  100. data/doc/SDM/RoleGrant.html +3 -3
  101. data/doc/SDM/RoleGrantCreateResponse.html +3 -3
  102. data/doc/SDM/RoleGrantDeleteResponse.html +3 -3
  103. data/doc/SDM/RoleGrantGetResponse.html +3 -3
  104. data/doc/SDM/RoleGrants.html +23 -23
  105. data/doc/SDM/RoleUpdateResponse.html +3 -3
  106. data/doc/SDM/Roles.html +29 -29
  107. data/doc/SDM/SQLServer.html +22 -4
  108. data/doc/SDM/SSH.html +40 -4
  109. data/doc/SDM/SSHCert.html +373 -0
  110. data/doc/SDM/Service.html +22 -4
  111. data/doc/SDM/Snowflake.html +22 -4
  112. data/doc/SDM/Sybase.html +22 -4
  113. data/doc/SDM/SybaseIQ.html +22 -4
  114. data/doc/SDM/Teradata.html +22 -4
  115. data/doc/SDM/UpdateResponseMetadata.html +1 -1
  116. data/doc/SDM/User.html +22 -4
  117. data/doc/V1.html +31 -6
  118. data/doc/V1/AccountAttachments.html +1 -1
  119. data/doc/V1/AccountAttachments/Service.html +1 -1
  120. data/doc/V1/AccountGrants.html +1 -1
  121. data/doc/V1/AccountGrants/Service.html +2 -2
  122. data/doc/V1/Accounts.html +1 -1
  123. data/doc/V1/Accounts/Service.html +1 -1
  124. data/doc/V1/Nodes.html +1 -1
  125. data/doc/V1/Nodes/Service.html +1 -1
  126. data/doc/V1/Resources.html +1 -1
  127. data/doc/V1/Resources/Service.html +1 -1
  128. data/doc/V1/RoleAttachments.html +1 -1
  129. data/doc/V1/RoleAttachments/Service.html +1 -1
  130. data/doc/V1/RoleGrants.html +1 -1
  131. data/doc/V1/RoleGrants/Service.html +1 -1
  132. data/doc/V1/Roles.html +1 -1
  133. data/doc/V1/Roles/Service.html +1 -1
  134. data/doc/V1/Tags.html +113 -0
  135. data/doc/created.rid +35 -41
  136. data/doc/css/rdoc.css +13 -5
  137. data/doc/examples/Gemfile.html +1 -11
  138. data/doc/index.html +11 -13
  139. data/doc/js/navigation.js.gz +0 -0
  140. data/doc/js/search_index.js +1 -1
  141. data/doc/js/search_index.js.gz +0 -0
  142. data/doc/js/searcher.js.gz +0 -0
  143. data/doc/lib/version.html +3 -13
  144. data/doc/table_of_contents.html +1028 -933
  145. data/lib/grpc/account_attachments_pb.rb +0 -5
  146. data/lib/grpc/account_grants_services_pb.rb +1 -1
  147. data/lib/grpc/accounts_pb.rb +3 -0
  148. data/lib/grpc/drivers_pb.rb +111 -0
  149. data/lib/grpc/nodes_pb.rb +3 -0
  150. data/lib/grpc/options_pb.rb +11 -0
  151. data/lib/grpc/plumbing.rb +2024 -1682
  152. data/lib/grpc/roles_pb.rb +2 -0
  153. data/lib/grpc/spec_pb.rb +0 -1
  154. data/lib/grpc/tags_pb.rb +36 -0
  155. data/lib/models/porcelain.rb +670 -38
  156. data/lib/strongdm.rb +1 -1
  157. data/lib/svc.rb +159 -161
  158. data/lib/version +16 -2
  159. data/lib/version.rb +1 -1
  160. metadata +23 -24
  161. data/examples/Gemfile +0 -3
  162. data/examples/Gemfile.lock +0 -14
  163. data/examples/README.md +0 -5
  164. data/examples/listUsers.rb +0 -21
  165. data/examples/okta-sync/Gemfile +0 -4
  166. data/examples/okta-sync/Gemfile.lock +0 -38
  167. data/examples/okta-sync/matchers.yml +0 -11
  168. data/examples/okta-sync/oktaSync.rb +0 -173
  169. data/examples/panicButton.rb +0 -138
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e52f4868813476da740349095c7e130ef595894f3174b9a1ec26a0b9d9e8c515
4
- data.tar.gz: 8d6550036b3bcb59dfe84d304da375bd91d34808e92f6d53918e24d709db19ca
3
+ metadata.gz: 5aaee007fbddd2f157fa3ef68da1d3909e76b904c34fc09076f89dc7a42d4b56
4
+ data.tar.gz: b88f7eb1c6b52611179d21ceb71df3f745ad3e8b1cf49c0722783638584be0bd
5
5
  SHA512:
6
- metadata.gz: 67aa4c5a0f3a6ca8c21a3fbe8aba455ca171866f2d4bb4dd26c93f4bc2f2392b484f49ae4fcfe640b455fac2bd384526ecf159c001625be2482245d9fc3918d1
7
- data.tar.gz: b34b1e5c819bf50092aebcc7f8736fc4402be787a71bae244988544facbd3fd8331241f27c12c7774b86421ef8976d9476e6eda85e1056095efd4603d1df062a
6
+ metadata.gz: 4dfddf1ccb527a371e08e455c456353d84fa0c45a9b1259487aa1163d54fa2429fecc4e7a377d3f24ccc6b4555ed793ffa204e4d5b18f085732b5c989b059b73
7
+ data.tar.gz: 916c4ad7ca06d80cfc58fda32c7093f6729809f6e413653b96fac02d2e9765f6a92adfcdb2f05711ca460462cf172bb848ca3c1618df98db09eb5bf6bb99f880
data/README.md CHANGED
@@ -1,23 +1,25 @@
1
1
  # strongDM SDK for Ruby
2
2
 
3
- The official strongDM SDK for the Ruby programming language.
3
+ This is the official [strongDM](https://www.strongdm.com/) SDK for the Ruby programming language.
4
4
 
5
- ## Quick Start
6
-
7
- First, install the gem:
5
+ ## Installation
8
6
 
9
7
  ```bash
10
8
  $ gem install strongdm
11
9
  ```
12
10
 
13
- Next, go to https://app.strongdm.com and create an API key. Set the `SDM_API_ACCESS_KEY` and `SDM_API_SECRET_KEY` environment variables.
11
+ ## Authentication
12
+
13
+ If you don't already have them you will need to generate a set of API keys, instructions are here: [API Credentials](https://www.strongdm.com/docs/admin-guide/api-credentials/)
14
14
 
15
+ Add the keys as environment variables; the SDK will need to access these keys for every request.
15
16
  ```bash
16
17
  $ export SDM_API_ACCESS_KEY=<YOUR ACCESS KEY>
17
18
  $ export SDM_API_SECRET_KEY=<YOUR SECRET KEY>
18
19
  ```
19
20
 
20
- Run some example code.
21
+ ## List Users
22
+ The following code lists all registered users:
21
23
 
22
24
  ```ruby
23
25
  require "strongdm"
@@ -27,4 +29,21 @@ users = client.accounts.list('')
27
29
  users.each do |user|
28
30
  p user
29
31
  end
30
- ```
32
+ ```
33
+
34
+ ## Useful Links
35
+
36
+ * Documentation: [strongdm gem](https://www.rubydoc.info/gems/strongdm)
37
+ * Examples: [GitHub - strongdm/strongdm-sdk-ruby-examples](https://github.com/strongdm/strongdm-sdk-ruby-examples)
38
+ 1. [Managing Resources](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/1_managing_resources)
39
+ 2. [Managing Accounts](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/2_managing_accounts)
40
+ 3. [Managing Roles](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/3_managing_roles)
41
+ 4. [Managing Gateways](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/4_managing_gateways)
42
+
43
+ ## License
44
+
45
+ [Apache 2](https://github.com/strongdm/strongdm-sdk-ruby/blob/master/LICENSE)
46
+
47
+ ## Contributing
48
+
49
+ Currently, we are not accepting pull requests directly to this repository, but our users are some of the most resourceful and ambitious folks out there. So, if you have something to contribute, find a bug, or just want to give us some feedback, please email <support@strongdm.com>.
@@ -69,18 +69,8 @@
69
69
 
70
70
  <li><a href="./examples/Gemfile.html">Gemfile</a>
71
71
 
72
- <li><a href="./examples/Gemfile_lock.html">Gemfile.lock</a>
73
-
74
- <li><a href="./examples/README_md.html">README</a>
75
-
76
- <li><a href="./examples/okta-sync/Gemfile.html">Gemfile</a>
77
-
78
- <li><a href="./examples/okta-sync/Gemfile_lock.html">Gemfile.lock</a>
79
-
80
72
  <li><a href="./lib/version.html">version</a>
81
73
 
82
- <li><a href="./strongdm_gemspec.html">strongdm.gemspec</a>
83
-
84
74
  </ul>
85
75
  </div>
86
76
 
@@ -197,7 +187,7 @@ identification within third-party archives.
197
187
 
198
188
  <footer id="validator-badges" role="contentinfo">
199
189
  <p><a href="https://validator.w3.org/check/referer">Validate</a>
200
- <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.2.
190
+ <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.2.1.
201
191
  <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
202
192
  </footer>
203
193
 
@@ -69,19 +69,7 @@
69
69
 
70
70
 
71
71
 
72
- <!-- Method Quickref -->
73
- <div id="method-list-section" class="nav-section">
74
- <h3>Methods</h3>
75
-
76
- <ul class="link-list" role="directory">
77
-
78
- <li ><a href="#method-i-main">#main</a>
79
-
80
- <li ><a href="#method-i-okta_sync">#okta_sync</a>
81
72
 
82
- </ul>
83
- </div>
84
-
85
73
  </div>
86
74
  </nav>
87
75
 
@@ -122,26 +110,6 @@
122
110
  <dd>
123
111
 
124
112
 
125
- <dt id="OKTA_CLIENT_ORGURL">OKTA_CLIENT_ORGURL
126
-
127
- <dd>
128
-
129
-
130
- <dt id="OKTA_CLIENT_TOKEN">OKTA_CLIENT_TOKEN
131
-
132
- <dd>
133
-
134
-
135
- <dt id="SDM_API_ACCESS_KEY">SDM_API_ACCESS_KEY
136
-
137
- <dd>
138
-
139
-
140
- <dt id="SDM_API_SECRET_KEY">SDM_API_SECRET_KEY
141
-
142
- <dd>
143
-
144
-
145
113
  </dl>
146
114
  </section>
147
115
 
@@ -149,329 +117,6 @@
149
117
 
150
118
 
151
119
 
152
- <section id="public-instance-5Buntitled-5D-method-details" class="method-section">
153
- <header>
154
- <h3>Public Instance Methods</h3>
155
- </header>
156
-
157
-
158
- <div id="method-i-main" class="method-detail ">
159
-
160
- <div class="method-heading">
161
- <span class="method-name">main</span><span
162
- class="method-args">()</span>
163
-
164
- <span class="method-click-advice">click to toggle source</span>
165
-
166
- </div>
167
-
168
-
169
- <div class="method-description">
170
-
171
- <p>panicButton.rb suspends all users except for one admin, in the fake use case of a critical break in or something usage: ruby panicButton.rb adminuser@email.com to revert back to pre-panic state: ruby panicButton.rb revert</p>
172
-
173
-
174
-
175
-
176
- <div class="method-source-code" id="main-source">
177
- <pre><span class="ruby-comment"># File examples/panicButton.rb, line 25</span>
178
- <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">main</span>
179
- <span class="ruby-identifier">access_key</span> = <span class="ruby-constant">ENV</span>[<span class="ruby-string">&quot;SDM_API_ACCESS_KEY&quot;</span>]
180
- <span class="ruby-identifier">secret_key</span> = <span class="ruby-constant">ENV</span>[<span class="ruby-string">&quot;SDM_API_SECRET_KEY&quot;</span>]
181
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">access_key</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">secret_key</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
182
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;SDM_API_ACCESS_KEY and SDM_API_SECRET_KEY must be provided&quot;</span>
183
- <span class="ruby-keyword">return</span>
184
- <span class="ruby-keyword">end</span>
185
- <span class="ruby-identifier">client</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">access_key</span>, <span class="ruby-identifier">secret_key</span>)
186
-
187
- <span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span> <span class="ruby-keyword">and</span> <span class="ruby-constant">ARGV</span>[<span class="ruby-value">0</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;revert&quot;</span>
188
- <span class="ruby-identifier">state_file</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">&quot;state.json&quot;</span>)
189
- <span class="ruby-identifier">state</span> = <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">load</span>(<span class="ruby-identifier">state_file</span>)
190
-
191
- <span class="ruby-identifier">reinstated_count</span> = <span class="ruby-value">0</span>
192
-
193
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
194
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
195
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span>
196
- <span class="ruby-identifier">reinstated_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
197
- <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span> = <span class="ruby-keyword">false</span>
198
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">user</span>)
199
- <span class="ruby-keyword">end</span>
200
- }
201
- <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;attachments&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
202
- <span class="ruby-keyword">begin</span>
203
- <span class="ruby-identifier">a</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountAttachment</span>.<span class="ruby-identifier">new</span>()
204
- <span class="ruby-identifier">a</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;account_id&quot;</span>]
205
- <span class="ruby-identifier">a</span>.<span class="ruby-identifier">role_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;role_id&quot;</span>]
206
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">a</span>)
207
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AlreadyExistsError</span>
208
- <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
209
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping creation of attachment due to error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
210
- <span class="ruby-keyword">end</span>
211
- }
212
- <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;grants&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
213
- <span class="ruby-keyword">begin</span>
214
- <span class="ruby-identifier">g</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountGrant</span>.<span class="ruby-identifier">new</span>()
215
- <span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;account_id&quot;</span>]
216
- <span class="ruby-identifier">g</span>.<span class="ruby-identifier">resource_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;resource_id&quot;</span>]
217
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">g</span>)
218
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AlreadyExistsError</span>
219
- <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
220
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping creation of grant due to error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
221
- <span class="ruby-keyword">end</span>
222
- }
223
-
224
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;reinstated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">reinstated_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; users&quot;</span>
225
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;recreated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;attachments&quot;</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account attachments&quot;</span>
226
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;recreated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;grants&quot;</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account grants&quot;</span>
227
-
228
- <span class="ruby-keyword">return</span>
229
- <span class="ruby-keyword">end</span>
230
-
231
- <span class="ruby-identifier">admin_email</span> = <span class="ruby-string">&quot;&quot;</span>
232
- <span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>
233
- <span class="ruby-identifier">admin_email</span> = <span class="ruby-constant">ARGV</span>[<span class="ruby-value">0</span>]
234
- <span class="ruby-keyword">else</span>
235
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;please provide an admin email to preserve&quot;</span>
236
- <span class="ruby-keyword">return</span> <span class="ruby-value">1</span>
237
- <span class="ruby-keyword">end</span>
238
-
239
- <span class="ruby-identifier">admin_user_id</span> = <span class="ruby-string">&quot;&quot;</span>
240
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;email:?&quot;</span>, <span class="ruby-identifier">admin_email</span>)
241
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
242
- <span class="ruby-identifier">admin_user_id</span> = <span class="ruby-identifier">user</span>.<span class="ruby-identifier">id</span>
243
- }
244
-
245
- <span class="ruby-identifier">account_attachments</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
246
- <span class="ruby-identifier">account_grants</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
247
-
248
- <span class="ruby-identifier">state</span> = {
249
- <span class="ruby-value">&#39;attachments&#39;:</span> <span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span>
250
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">admin_user_id</span>
251
- <span class="ruby-identifier">out</span> = {
252
- <span class="ruby-value">&#39;account_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span>,
253
- <span class="ruby-value">&#39;role_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">role_id</span>,
254
- }
255
- <span class="ruby-keyword">end</span>
256
- }.<span class="ruby-identifier">reject</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span> <span class="ruby-identifier">x</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> },
257
- <span class="ruby-value">&#39;grants&#39;:</span> <span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span>
258
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">admin_user_id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">valid_until</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
259
- <span class="ruby-identifier">out</span> = {
260
- <span class="ruby-value">&#39;account_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span>,
261
- <span class="ruby-value">&#39;resource_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">resource_id</span>,
262
- }
263
- <span class="ruby-keyword">end</span>
264
- }.<span class="ruby-identifier">reject</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span> <span class="ruby-identifier">x</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> },
265
- }
266
-
267
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;storing &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-value">:attachments</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account attachments in state&quot;</span>
268
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;storing &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-value">:grants</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account grants in state&quot;</span>
269
-
270
- <span class="ruby-identifier">state_file</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">&quot;state.json&quot;</span>, <span class="ruby-string">&quot;w&quot;</span>)
271
- <span class="ruby-identifier">state_file</span>.<span class="ruby-identifier">write</span>(<span class="ruby-identifier">state</span>.<span class="ruby-identifier">to_json</span>)
272
-
273
- <span class="ruby-identifier">suspended_count</span> = <span class="ruby-value">0</span>
274
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
275
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
276
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">instance_of?</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">User</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">email</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">admin_email</span>
277
- <span class="ruby-keyword">next</span>
278
- <span class="ruby-keyword">end</span>
279
- <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span> = <span class="ruby-keyword">true</span>
280
- <span class="ruby-keyword">begin</span>
281
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">user</span>)
282
- <span class="ruby-identifier">suspended_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
283
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">StandardError</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
284
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping user &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; on account of error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
285
- <span class="ruby-keyword">end</span>
286
- }
287
-
288
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;suspended &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">suspended_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; users&quot;</span>
289
- <span class="ruby-keyword">end</span></pre>
290
- </div>
291
-
292
- </div>
293
-
294
-
295
-
296
-
297
- </div>
298
-
299
-
300
- <div id="method-i-okta_sync" class="method-detail ">
301
-
302
- <div class="method-heading">
303
- <span class="method-name">okta_sync</span><span
304
- class="method-args">()</span>
305
-
306
- <span class="method-click-advice">click to toggle source</span>
307
-
308
- </div>
309
-
310
-
311
- <div class="method-description">
312
-
313
-
314
-
315
-
316
-
317
-
318
- <div class="method-source-code" id="okta_sync-source">
319
- <pre><span class="ruby-comment"># File examples/okta-sync/oktaSync.rb, line 25</span>
320
- <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">okta_sync</span>
321
- <span class="ruby-keyword">if</span> <span class="ruby-constant">SDM_API_ACCESS_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">SDM_API_SECRET_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">OKTA_CLIENT_TOKEN</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">OKTA_CLIENT_ORGURL</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span>
322
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, OKTA_CLIENT_TOKEN, and OKTA_CLIENT_ORGURL must be set&quot;</span>
323
- <span class="ruby-identifier">exit</span>
324
- <span class="ruby-keyword">end</span>
325
-
326
- <span class="ruby-identifier">report</span> = {
327
- <span class="ruby-value">:start</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>,
328
-
329
- <span class="ruby-value">:oktaUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
330
- <span class="ruby-value">:oktaUsers</span> <span class="ruby-operator">=&gt;</span> [],
331
-
332
- <span class="ruby-value">:sdmUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
333
- <span class="ruby-value">:sdmUsers</span> <span class="ruby-operator">=&gt;</span> [],
334
-
335
- <span class="ruby-value">:bothUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
336
-
337
- <span class="ruby-value">:sdmResourcesCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
338
- <span class="ruby-value">:sdmResources</span> <span class="ruby-operator">=&gt;</span> {},
339
-
340
- <span class="ruby-value">:permissionsGranted</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
341
- <span class="ruby-value">:permissionsRevoked</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
342
- <span class="ruby-value">:grants</span> <span class="ruby-operator">=&gt;</span> [],
343
- <span class="ruby-value">:revocations</span> <span class="ruby-operator">=&gt;</span> [],
344
-
345
- <span class="ruby-value">:matchers</span> <span class="ruby-operator">=&gt;</span> {},
346
- }
347
-
348
- <span class="ruby-identifier">plan</span> = <span class="ruby-keyword">false</span>
349
- <span class="ruby-identifier">verbose</span> = <span class="ruby-keyword">false</span>
350
- <span class="ruby-constant">OptionParser</span>.<span class="ruby-identifier">new</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">opts</span><span class="ruby-operator">|</span>
351
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">banner</span> = <span class="ruby-string">&quot;Usage oktaSync.rb [options]&quot;</span>
352
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-p&quot;</span>, <span class="ruby-string">&quot;--plan&quot;</span>, <span class="ruby-string">&quot;calculate changes but do not apply them&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span>
353
- <span class="ruby-identifier">plan</span> = <span class="ruby-identifier">p</span>
354
- <span class="ruby-keyword">end</span>
355
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-v&quot;</span>, <span class="ruby-string">&quot;--verbose&quot;</span>, <span class="ruby-string">&quot;print detailed report&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span>
356
- <span class="ruby-identifier">verbose</span> = <span class="ruby-identifier">v</span>
357
- <span class="ruby-keyword">end</span>
358
- <span class="ruby-keyword">end</span>.<span class="ruby-identifier">parse!</span>
359
-
360
- <span class="ruby-identifier">client</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">SDM_API_ACCESS_KEY</span>, <span class="ruby-constant">SDM_API_SECRET_KEY</span>)
361
- <span class="ruby-identifier">okta_client</span> = <span class="ruby-constant">Oktakit</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">token:</span> <span class="ruby-constant">OKTA_CLIENT_TOKEN</span>, <span class="ruby-value">api_endpoint:</span> <span class="ruby-constant">OKTA_CLIENT_ORGURL</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/api/v1&quot;</span>)
362
- <span class="ruby-identifier">matchers</span> = <span class="ruby-constant">YAML</span>.<span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">&quot;matchers.yml&quot;</span>))
363
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:matchers</span>] = <span class="ruby-identifier">matchers</span>
364
-
365
- <span class="ruby-identifier">all_users</span> = <span class="ruby-identifier">okta_client</span>.<span class="ruby-identifier">list_users</span>({
366
- <span class="ruby-value">&#39;query&#39;:</span> {
367
- <span class="ruby-value">&#39;search&#39;:</span> <span class="ruby-string">&quot;profile.department eq \&quot;Engineering\&quot; and (status eq \&quot;ACTIVE\&quot;)&quot;</span>,
368
- },
369
- })
370
-
371
- <span class="ruby-identifier">okta_users</span> = <span class="ruby-constant">Array</span>.<span class="ruby-identifier">new</span>()
372
- <span class="ruby-identifier">all_users</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
373
- <span class="ruby-identifier">groups</span> = <span class="ruby-identifier">okta_client</span>.<span class="ruby-identifier">get_member_groups</span>(<span class="ruby-identifier">u</span>.<span class="ruby-identifier">id</span>)
374
- <span class="ruby-identifier">group_names</span> = <span class="ruby-constant">Array</span>.<span class="ruby-identifier">new</span>()
375
- <span class="ruby-identifier">groups</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">ug</span><span class="ruby-operator">|</span>
376
- <span class="ruby-identifier">group_names</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ug</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">name</span>)
377
- }
378
- <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">push</span>({ <span class="ruby-value">:login</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">login</span>, <span class="ruby-value">:first_name</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">firstName</span>, <span class="ruby-value">:last_name</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-constant">LastName</span>, <span class="ruby-value">:groups</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">group_names</span> })
379
- }
380
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:oktaUsers</span>] = <span class="ruby-identifier">okta_users</span>
381
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:oktaUsersCount</span>] = <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">size</span>
382
-
383
- <span class="ruby-identifier">accounts</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;type:user&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">a</span><span class="ruby-operator">|</span> [<span class="ruby-identifier">a</span>.<span class="ruby-identifier">email</span>, <span class="ruby-identifier">a</span>] }.<span class="ruby-identifier">to_h</span>
384
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmUsers</span>] = <span class="ruby-identifier">accounts</span>
385
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmUsersCount</span>] = <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">size</span>
386
- <span class="ruby-identifier">grants</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">ag</span><span class="ruby-operator">|</span> <span class="ruby-identifier">ag</span> }
387
-
388
- <span class="ruby-identifier">current</span> = {}
389
- <span class="ruby-identifier">grants</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">g</span><span class="ruby-operator">|</span>
390
- <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>] = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>]
391
- <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:resource_id</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">g</span>.<span class="ruby-identifier">resource_id</span>, <span class="ruby-value">:id</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">g</span>.<span class="ruby-identifier">id</span> })
392
- }
393
-
394
- <span class="ruby-identifier">desired</span> = {}
395
- <span class="ruby-identifier">overlapping</span> = <span class="ruby-value">0</span>
396
- <span class="ruby-identifier">matchers</span>[<span class="ruby-string">&quot;groups&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">group</span><span class="ruby-operator">|</span>
397
- <span class="ruby-identifier">group</span>[<span class="ruby-string">&quot;resources&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">resourceQuery</span><span class="ruby-operator">|</span>
398
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">resources</span>.<span class="ruby-identifier">list</span>(<span class="ruby-identifier">resourceQuery</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">res</span><span class="ruby-operator">|</span>
399
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResources</span>][<span class="ruby-identifier">res</span>.<span class="ruby-identifier">id</span>] = <span class="ruby-identifier">res</span>
400
- <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
401
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">u</span>[<span class="ruby-value">:groups</span>].<span class="ruby-identifier">include?</span> <span class="ruby-identifier">group</span>[<span class="ruby-string">&quot;name&quot;</span>]
402
- <span class="ruby-identifier">account</span> = <span class="ruby-identifier">accounts</span>[<span class="ruby-identifier">u</span>[<span class="ruby-value">:login</span>]]
403
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">account</span> <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
404
- <span class="ruby-identifier">overlapping</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
405
- <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>] = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>]
406
- <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">res</span>.<span class="ruby-identifier">id</span>)
407
- <span class="ruby-keyword">end</span>
408
- <span class="ruby-keyword">end</span>
409
- }
410
- }
411
- }
412
- }
413
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:bothUsersCount</span>] = <span class="ruby-identifier">overlapping</span>
414
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResourcesCount</span>] = <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResources</span>].<span class="ruby-identifier">size</span>
415
-
416
- <span class="ruby-identifier">revocations</span> = <span class="ruby-value">0</span>
417
- <span class="ruby-identifier">current</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aid</span>, <span class="ruby-identifier">curRes</span><span class="ruby-operator">|</span>
418
- <span class="ruby-identifier">desRes</span> = <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">aid</span>]
419
- <span class="ruby-identifier">desRes</span> = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">aid</span>]
420
- <span class="ruby-identifier">curRes</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
421
- <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span>(<span class="ruby-identifier">desRes</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:resource_id</span>])
422
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
423
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Plan: revoke %s from user %s\n&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">r</span>[<span class="ruby-value">:resource_id</span>], <span class="ruby-identifier">aid</span>]
424
- <span class="ruby-keyword">else</span>
425
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">r</span>[<span class="ruby-value">:id</span>])
426
- <span class="ruby-keyword">end</span>
427
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:revocations</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">r</span>[<span class="ruby-value">:id</span>])
428
- <span class="ruby-identifier">revocations</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
429
- <span class="ruby-keyword">end</span>
430
- }
431
- }
432
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:permissionsRevoked</span>] = <span class="ruby-identifier">revocations</span>
433
-
434
- <span class="ruby-identifier">grants</span> = <span class="ruby-value">0</span>
435
- <span class="ruby-identifier">desired</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aid</span>, <span class="ruby-identifier">desRes</span><span class="ruby-operator">|</span>
436
- <span class="ruby-identifier">curRes</span> = <span class="ruby-identifier">current</span>[<span class="ruby-identifier">aid</span>]
437
- <span class="ruby-identifier">curRes</span> = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">current</span>[<span class="ruby-identifier">aid</span>]
438
- <span class="ruby-identifier">desRes</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
439
- <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span>(<span class="ruby-identifier">curRes</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">c</span><span class="ruby-operator">|</span> <span class="ruby-identifier">c</span>[<span class="ruby-value">:resource_id</span>] }.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">r</span>)
440
- <span class="ruby-identifier">ag</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountGrant</span>.<span class="ruby-identifier">new</span>()
441
- <span class="ruby-identifier">ag</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">aid</span>
442
- <span class="ruby-identifier">ag</span>.<span class="ruby-identifier">resource_id</span> = <span class="ruby-identifier">r</span>
443
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
444
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Plan: grant %s to user %s\n&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">r</span>, <span class="ruby-identifier">aid</span>]
445
- <span class="ruby-keyword">else</span>
446
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">ag</span>)
447
- <span class="ruby-keyword">end</span>
448
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:grants</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ag</span>)
449
- <span class="ruby-identifier">grants</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
450
- <span class="ruby-keyword">end</span>
451
- }
452
- }
453
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:permissionsGranted</span>] = <span class="ruby-identifier">grants</span>
454
-
455
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:complete</span>] = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>
456
-
457
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">verbose</span>
458
- <span class="ruby-identifier">puts</span> <span class="ruby-identifier">report</span>.<span class="ruby-identifier">to_json</span>
459
- <span class="ruby-keyword">else</span>
460
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;%d Okta users, %d strongDM users, %d overlapping users, %d grants, %d revocations&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">size</span>, <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">size</span>, <span class="ruby-identifier">overlapping</span>, <span class="ruby-identifier">grants</span>, <span class="ruby-identifier">revocations</span>]
461
- <span class="ruby-keyword">end</span>
462
- <span class="ruby-keyword">end</span></pre>
463
- </div>
464
-
465
- </div>
466
-
467
-
468
-
469
-
470
- </div>
471
-
472
-
473
- </section>
474
-
475
120
  </section>
476
121
 
477
122
  </main>
@@ -479,7 +124,7 @@
479
124
 
480
125
  <footer id="validator-badges" role="contentinfo">
481
126
  <p><a href="https://validator.w3.org/check/referer">Validate</a>
482
- <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.2.
127
+ <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.2.1.
483
128
  <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
484
129
  </footer>
485
130