strongdm 1.0.1 → 1.0.8

data/lib/version

@@ -1,3 +1,17 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
 module SDM
-  VERSION = "1.0.1"
-end
+  VERSION = "1.0.8"
+end

data/lib/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.1"
+  VERSION = "1.0.8"
 end

metadata

@@ -1,73 +1,73 @@
 --- !ruby/object:Gem::Specification
 name: strongdm
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.8
 platform: ruby
 authors:
 - strongDM Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-23 00:00:00.000000000 Z
+date: 2020-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.27.0
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.27.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.27.0
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.27.0
 - !ruby/object:Gem::Dependency
   name: grpc-tools
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.27.0
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.27.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.27.0
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.27.0
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.1.2
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.1.2
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.2
 description: strongDM Ruby Library for automating interactions with strongDM.
@@ -114,10 +114,14 @@ files:
 - doc/SDM/BadRequestError.html
 - doc/SDM/BigQuery.html
 - doc/SDM/Cassandra.html
+- doc/SDM/Citus.html
 - doc/SDM/Client.html
 - doc/SDM/Clustrix.html
 - doc/SDM/Cockroach.html
 - doc/SDM/CreateResponseMetadata.html
+- doc/SDM/DB2.html
+- doc/SDM/DB2LUW.html
+- doc/SDM/DB2i.html
 - doc/SDM/DeadlineExceededError.html
 - doc/SDM/DeleteResponseMetadata.html
 - doc/SDM/Druid.html
@@ -184,6 +188,7 @@ files:
 - doc/SDM/Roles.html
 - doc/SDM/SQLServer.html
 - doc/SDM/SSH.html
+- doc/SDM/SSHCert.html
 - doc/SDM/Service.html
 - doc/SDM/Snowflake.html
 - doc/SDM/Sybase.html
@@ -208,6 +213,7 @@ files:
 - doc/V1/RoleGrants/Service.html
 - doc/V1/Roles.html
 - doc/V1/Roles/Service.html
+- doc/V1/Tags.html
 - doc/created.rid
 - doc/css/fonts.css
 - doc/css/rdoc.css
@@ -260,15 +266,6 @@ files:
 - doc/lib/version.html
 - doc/strongdm_gemspec.html
 - doc/table_of_contents.html
-- examples/Gemfile
-- examples/Gemfile.lock
-- examples/README.md
-- examples/listUsers.rb
-- examples/okta-sync/Gemfile
-- examples/okta-sync/Gemfile.lock
-- examples/okta-sync/matchers.yml
-- examples/okta-sync/oktaSync.rb
-- examples/panicButton.rb
 - lib/errors/errors.rb
 - lib/grpc/account_attachments_pb.rb
 - lib/grpc/account_attachments_services_pb.rb
@@ -291,6 +288,7 @@ files:
 - lib/grpc/roles_pb.rb
 - lib/grpc/roles_services_pb.rb
 - lib/grpc/spec_pb.rb
+- lib/grpc/tags_pb.rb
 - lib/models/porcelain.rb
 - lib/strongdm.rb
 - lib/svc.rb
@@ -316,7 +314,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.0.3
+rubyforge_project: 
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: strongDM SDK for the Ruby programming language.

data/examples/Gemfile

@@ -1,3 +0,0 @@
-source "https://rubygems.org"
-
-gem "strongdm"

data/examples/Gemfile.lock

@@ -1,14 +0,0 @@
-GEM
-  specs:
-    ipaddr (1.2.2)
-    openssl (2.1.2)
-      ipaddr
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  openssl
-
-BUNDLED WITH
-   1.17.2

data/examples/README.md

@@ -1,5 +0,0 @@
-Prior to running examples, run:
-
-```ShellSession
-$ bundler install
-```

data/examples/listUsers.rb

@@ -1,21 +0,0 @@
-# Copyright 2020 StrongDM Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require "strongdm"
-
-client = SDM::Client.new(ENV["SDM_API_ACCESS_KEY"], ENV["SDM_API_SECRET_KEY"])
-users = client.accounts.list("")
-users.each { |user|
-  p user
-}

data/examples/okta-sync/Gemfile

@@ -1,4 +0,0 @@
-source "https://rubygems.org"
-
-gem "strongdm"
-gem "oktakit"

data/examples/okta-sync/Gemfile.lock

@@ -1,38 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    addressable (2.7.0)
-      public_suffix (>= 2.0.2, < 5.0)
-    faraday (1.0.0)
-      multipart-post (>= 1.2, < 3)
-    google-protobuf (3.11.4)
-    googleapis-common-protos-types (1.0.4)
-      google-protobuf (~> 3.0)
-    grpc (1.27.0)
-      google-protobuf (~> 3.11)
-      googleapis-common-protos-types (~> 1.0)
-    grpc-tools (1.27.0)
-    ipaddr (1.2.2)
-    multipart-post (2.1.1)
-    oktakit (0.2.0)
-      sawyer (~> 0.8.1)
-    openssl (2.1.2)
-      ipaddr
-    public_suffix (4.0.3)
-    sawyer (0.8.2)
-      addressable (>= 2.3.5)
-      faraday (> 0.8, < 2.0)
-    strongdm (1.0.0)
-      grpc (~> 1.27.0, >= 1.27.0)
-      grpc-tools (~> 1.27.0, >= 1.27.0)
-      openssl (~> 2.1.2, >= 2.1.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  oktakit
-  strongdm
-
-BUNDLED WITH
-   1.17.2

data/examples/okta-sync/matchers.yml

@@ -1,11 +0,0 @@
----
-    groups:
-      -
-        name: db/mongo
-        resources:
-          - type:mongo name:don*
-          - type:ssh name:dev*
-      -
-        name: app/web
-        resources:
-          - type:ssh name:dev-web*

data/examples/okta-sync/oktaSync.rb

@@ -1,173 +0,0 @@
-# Copyright 2020 StrongDM Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require "yaml"
-require "strongdm"
-require "oktakit"
-require "optparse"
-
-SDM_API_ACCESS_KEY = ENV.fetch("SDM_API_ACCESS_KEY", "")
-SDM_API_SECRET_KEY = ENV.fetch("SDM_API_SECRET_KEY", "")
-OKTA_CLIENT_TOKEN = ENV.fetch("OKTA_CLIENT_TOKEN", "")
-OKTA_CLIENT_ORGURL = ENV.fetch("OKTA_CLIENT_ORGURL", "")
-
-def okta_sync
-  if SDM_API_ACCESS_KEY == "" || SDM_API_SECRET_KEY == "" || OKTA_CLIENT_TOKEN == "" || OKTA_CLIENT_ORGURL == ""
-    puts "SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, OKTA_CLIENT_TOKEN, and OKTA_CLIENT_ORGURL must be set"
-    exit
-  end
-
-  report = {
-    :start => Time.now,
-
-    :oktaUsersCount => 0,
-    :oktaUsers => [],
-
-    :sdmUsersCount => 0,
-    :sdmUsers => [],
-
-    :bothUsersCount => 0,
-
-    :sdmResourcesCount => 0,
-    :sdmResources => {},
-
-    :permissionsGranted => 0,
-    :permissionsRevoked => 0,
-    :grants => [],
-    :revocations => [],
-
-    :matchers => {},
-  }
-
-  plan = false
-  verbose = false
-  OptionParser.new do |opts|
-    opts.banner = "Usage oktaSync.rb [options]"
-    opts.on("-p", "--plan", "calculate changes but do not apply them") do |p|
-      plan = p
-    end
-    opts.on("-v", "--verbose", "print detailed report") do |v|
-      verbose = v
-    end
-  end.parse!
-
-  client = SDM::Client.new(SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY)
-  okta_client = Oktakit.new(token: OKTA_CLIENT_TOKEN, api_endpoint: OKTA_CLIENT_ORGURL + "/api/v1")
-  matchers = YAML.load(File.read("matchers.yml"))
-  report[:matchers] = matchers
-
-  all_users = okta_client.list_users({
-    'query': {
-      'search': "profile.department eq \"Engineering\" and (status eq \"ACTIVE\")",
-    },
-  })
-
-  okta_users = Array.new()
-  all_users[0].each { |u|
-    groups = okta_client.get_member_groups(u.id)
-    group_names = Array.new()
-    groups[0].each { |ug|
-      group_names.push(ug.profile.name)
-    }
-    okta_users.push({ :login => u.profile.login, :first_name => u.profile.firstName, :last_name => u.profile.LastName, :groups => group_names })
-  }
-  report[:oktaUsers] = okta_users
-  report[:oktaUsersCount] = okta_users.size
-
-  accounts = client.accounts.list("type:user").map { |a| [a.email, a] }.to_h
-  report[:sdmUsers] = accounts
-  report[:sdmUsersCount] = accounts.size
-  grants = client.account_grants.list("").map { |ag| ag }
-
-  current = {}
-  grants.each { |g|
-    current[g.account_id] = [] if not current[g.account_id]
-    current[g.account_id].push({ :resource_id => g.resource_id, :id => g.id })
-  }
-
-  desired = {}
-  overlapping = 0
-  matchers["groups"].each { |group|
-    group["resources"].each { |resourceQuery|
-      client.resources.list(resourceQuery).each { |res|
-        report[:sdmResources][res.id] = res
-        okta_users.each { |u|
-          if u[:groups].include? group["name"]
-            account = accounts[u[:login]]
-            if account != nil
-              overlapping += 1
-              desired[account.id] = [] if not desired[account.id]
-              desired[account.id].push(res.id)
-            end
-          end
-        }
-      }
-    }
-  }
-  report[:bothUsersCount] = overlapping
-  report[:sdmResourcesCount] = report[:sdmResources].size
-
-  revocations = 0
-  current.each { |aid, curRes|
-    desRes = desired[aid]
-    desRes = [] if not desired[aid]
-    curRes.each { |r|
-      if not(desRes.include? r[:resource_id])
-        if plan
-          puts "Plan: revoke %s from user %s\n" % [r[:resource_id], aid]
-        else
-          client.account_grants.delete(r[:id])
-        end
-        report[:revocations].push(r[:id])
-        revocations += 1
-      end
-    }
-  }
-  report[:permissionsRevoked] = revocations
-
-  grants = 0
-  desired.each { |aid, desRes|
-    curRes = current[aid]
-    curRes = [] if not current[aid]
-    desRes.each { |r|
-      if not(curRes.map { |c| c[:resource_id] }.include? r)
-        ag = SDM::AccountGrant.new()
-        ag.account_id = aid
-        ag.resource_id = r
-        if plan
-          puts "Plan: grant %s to user %s\n" % [r, aid]
-        else
-          client.account_grants.create(ag)
-        end
-        report[:grants].push(ag)
-        grants += 1
-      end
-    }
-  }
-  report[:permissionsGranted] = grants
-
-  report[:complete] = Time.now
-
-  if verbose
-    puts report.to_json
-  else
-    puts "%d Okta users, %d strongDM users, %d overlapping users, %d grants, %d revocations" % [okta_users.size, accounts.size, overlapping, grants, revocations]
-  end
-end
-
-begin
-  okta_sync
-rescue StandardError => ex
-  puts "cannot synchronize with okta: " + ex.to_s
-end