strongdm 1.0.10 → 1.0.15

data/examples/Gemfile

@@ -1,3 +1,3 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gem 'strongdm'
+gem "strongdm"

data/examples/listUsers.rb

@@ -1,21 +1,21 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 require "strongdm"
 
-client = SDM::Client.new(ENV['SDM_API_ACCESS_KEY'], ENV['SDM_API_SECRET_KEY'])
-users = client.accounts.list('')
+client = SDM::Client.new(ENV["SDM_API_ACCESS_KEY"], ENV["SDM_API_SECRET_KEY"])
+users = client.accounts.list("")
 users.each { |user|
-	p user
-}
+  p user
+}

data/lib/errors/errors.rb

@@ -1,85 +1,87 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 # This file was generated by protogen. DO NOT EDIT.
 
 module SDM
 
-    # RPCError is a generic RPC error
-    class RPCError < StandardError
-        attr_reader :code
-        def initialize(msg, code)
-            @code = code
-            super(msg)
-        end
+  # RPCError is a generic RPC error
+  class RPCError < StandardError
+    attr_reader :code
+
+    def initialize(msg, code)
+      @code = code
+      super(msg)
     end
+  end
 
-    # DeadlineExceededError indicates an RPC call timed out
-    class DeadlineExceededError < RPCError
-        def initialize(msg)
-            super(msg, 4)
-        end
+  # DeadlineExceededError indicates an RPC call timed out
+  class DeadlineExceededError < RPCError
+    def initialize(msg)
+      super(msg, 4)
     end
+  end
 
-    # AlreadyExistsError is used when an entity already exists in the system
-    class AlreadyExistsError < RPCError
-        def initialize(msg)
-            super(msg, 6)
-        end
+  # AlreadyExistsError is used when an entity already exists in the system
+  class AlreadyExistsError < RPCError
+    def initialize(msg)
+      super(msg, 6)
     end
+  end
 
-    # NotFoundError is used when an entity does not exist in the system
-    class NotFoundError < RPCError
-        def initialize(msg)
-            super(msg, 5)
-        end
+  # NotFoundError is used when an entity does not exist in the system
+  class NotFoundError < RPCError
+    def initialize(msg)
+      super(msg, 5)
     end
+  end
 
-    # BadRequestError identifies a bad request sent by the client
-    class BadRequestError < RPCError
-        def initialize(msg)
-            super(msg, 3)
-        end
+  # BadRequestError identifies a bad request sent by the client
+  class BadRequestError < RPCError
+    def initialize(msg)
+      super(msg, 3)
     end
+  end
 
-    # AuthenticationError is used to specify an authentication failure condition
-    class AuthenticationError < RPCError
-        def initialize(msg)
-            super(msg, 16)
-        end
+  # AuthenticationError is used to specify an authentication failure condition
+  class AuthenticationError < RPCError
+    def initialize(msg)
+      super(msg, 16)
     end
+  end
 
-    # PermissionError is used to specify a permissions violation
-    class PermissionError < RPCError
-        def initialize(msg)
-            super(msg, 7)
-        end
+  # PermissionError is used to specify a permissions violation
+  class PermissionError < RPCError
+    def initialize(msg)
+      super(msg, 7)
     end
+  end
 
-    # InternalError is used to specify an internal system error
-    class InternalError < RPCError
-        def initialize(msg)
-            super(msg, 13)
-        end
+  # InternalError is used to specify an internal system error
+  class InternalError < RPCError
+    def initialize(msg)
+      super(msg, 13)
     end
+  end
+
+  # RateLimitError is used for rate limit excess condition
+  class RateLimitError < RPCError
+    attr_reader :rate_limit
 
-    # RateLimitError is used for rate limit excess condition
-    class RateLimitError < RPCError
-        attr_reader :rate_limit
-        def initialize(msg, rate_limit)
-            @rate_limit = rate_limit
-            super(msg, 8)
-        end
+    def initialize(msg, rate_limit)
+      @rate_limit = rate_limit
+      super(msg, 8)
     end
+  end
 end

data/lib/grpc/access_rules_pb.rb

@@ -0,0 +1,115 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: access_rules.proto
+
+require "google/protobuf"
+
+require "options_pb"
+require "spec_pb"
+require "tags_pb"
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("access_rules.proto", :syntax => :proto3) do
+    add_message "v1.AccessRuleCreateRequest" do
+      optional :meta, :message, 1, "v1.CreateRequestMetadata"
+      optional :access_rule, :message, 2, "v1.AccessRule"
+    end
+    add_message "v1.AccessRuleCreateResponse" do
+      optional :meta, :message, 1, "v1.CreateResponseMetadata"
+      optional :access_rule, :message, 2, "v1.AccessRule"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.AccessRuleGetRequest" do
+      optional :meta, :message, 1, "v1.GetRequestMetadata"
+      optional :id, :string, 2
+    end
+    add_message "v1.AccessRuleGetResponse" do
+      optional :meta, :message, 1, "v1.GetResponseMetadata"
+      optional :access_rule, :message, 2, "v1.AccessRule"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.AccessRuleUpdateRequest" do
+      optional :meta, :message, 1, "v1.UpdateRequestMetadata"
+      optional :id, :string, 2
+      optional :access_rule, :message, 3, "v1.AccessRule"
+    end
+    add_message "v1.AccessRuleUpdateResponse" do
+      optional :meta, :message, 1, "v1.UpdateResponseMetadata"
+      optional :access_rule, :message, 2, "v1.AccessRule"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.AccessRuleDeleteRequest" do
+      optional :meta, :message, 1, "v1.DeleteRequestMetadata"
+      optional :id, :string, 2
+    end
+    add_message "v1.AccessRuleDeleteResponse" do
+      optional :meta, :message, 1, "v1.DeleteResponseMetadata"
+      optional :rate_limit, :message, 2, "v1.RateLimitMetadata"
+    end
+    add_message "v1.AccessRuleListRequest" do
+      optional :meta, :message, 1, "v1.ListRequestMetadata"
+      optional :filter, :string, 2
+    end
+    add_message "v1.AccessRuleListResponse" do
+      optional :meta, :message, 1, "v1.ListResponseMetadata"
+      repeated :access_rules, :message, 2, "v1.AccessRule"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.AccessRule" do
+      optional :id, :string, 1
+      optional :resource_type, :string, 2
+      optional :role_id, :string, 3
+      repeated :resource_ids, :string, 4
+      optional :tags, :message, 5, "v1.Tags"
+      optional :affected_resources, :int64, 6
+    end
+    add_message "v1.AccessRulePlanRequest" do
+      optional :meta, :message, 1, "v1.CreateRequestMetadata"
+      optional :access_rule, :message, 2, "v1.AccessRule"
+    end
+    add_message "v1.AccessRulePlanResponse" do
+      optional :meta, :message, 1, "v1.CreateResponseMetadata"
+      optional :affected_resources, :int64, 2
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.ApplyAccessRuleRequest" do
+      optional :meta, :message, 1, "v1.CreateRequestMetadata"
+      optional :role_id, :string, 2
+      repeated :access_rules, :message, 3, "v1.AccessRule"
+    end
+    add_message "v1.ApplyAccessRuleResponse" do
+      optional :meta, :message, 1, "v1.CreateResponseMetadata"
+      optional :rate_limit, :message, 2, "v1.RateLimitMetadata"
+    end
+  end
+end
+
+module V1
+  AccessRuleCreateRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleCreateRequest").msgclass
+  AccessRuleCreateResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleCreateResponse").msgclass
+  AccessRuleGetRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleGetRequest").msgclass
+  AccessRuleGetResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleGetResponse").msgclass
+  AccessRuleUpdateRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleUpdateRequest").msgclass
+  AccessRuleUpdateResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleUpdateResponse").msgclass
+  AccessRuleDeleteRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleDeleteRequest").msgclass
+  AccessRuleDeleteResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleDeleteResponse").msgclass
+  AccessRuleListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleListRequest").msgclass
+  AccessRuleListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleListResponse").msgclass
+  AccessRule = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRule").msgclass
+  AccessRulePlanRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRulePlanRequest").msgclass
+  AccessRulePlanResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRulePlanResponse").msgclass
+  ApplyAccessRuleRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.ApplyAccessRuleRequest").msgclass
+  ApplyAccessRuleResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.ApplyAccessRuleResponse").msgclass
+end

data/lib/grpc/access_rules_services_pb.rb

@@ -0,0 +1,50 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: access_rules.proto for package 'v1'
+
+require "grpc"
+require "access_rules_pb"
+
+module V1
+  module AccessRules
+    # AccessRules allows the use of tags and other attributes to grant resources
+    # to roles. Each Role may have several access rules.
+    class Service
+      include GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.AccessRules"
+
+      # Plan registers a new AccessRule.
+      rpc :Plan, AccessRulePlanRequest, AccessRulePlanResponse
+      # Create registers a new AccessRule.
+      rpc :Create, AccessRuleCreateRequest, AccessRuleCreateResponse
+      # Get reads one AccessRule by ID.
+      rpc :Get, AccessRuleGetRequest, AccessRuleGetResponse
+      # Update patches a AccessRule by ID.
+      rpc :Update, AccessRuleUpdateRequest, AccessRuleUpdateResponse
+      # Delete removes a AccessRule by ID.
+      rpc :Delete, AccessRuleDeleteRequest, AccessRuleDeleteResponse
+      # List gets a list of Access Rules matching a given set of criteria.
+      rpc :List, AccessRuleListRequest, AccessRuleListResponse
+      # Apply resets a role and apply all given access rules.
+      rpc :Apply, ApplyAccessRuleRequest, ApplyAccessRuleResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/grpc/account_attachments_pb.rb

@@ -1,26 +1,24 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: account_attachments.proto
 
-require 'google/protobuf'
+require "google/protobuf"
 
-require 'google/api/annotations_pb'
-require 'protoc-gen-swagger/options/annotations_pb'
-require 'options_pb'
-require 'spec_pb'
+require "options_pb"
+require "spec_pb"
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("account_attachments.proto", :syntax => :proto3) do
     add_message "v1.AccountAttachmentCreateRequest" do

data/lib/grpc/account_attachments_services_pb.rb

@@ -1,33 +1,32 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # Source: account_attachments.proto for package 'v1'
 
-require 'grpc'
-require 'account_attachments_pb'
+require "grpc"
+require "account_attachments_pb"
 
 module V1
   module AccountAttachments
-    # AccountAttachments assign an account to a role.
+    # AccountAttachments assign an account to a role or composite role.
     class Service
-
       include GRPC::GenericService
 
       self.marshal_class_method = :encode
       self.unmarshal_class_method = :decode
-      self.service_name = 'v1.AccountAttachments'
+      self.service_name = "v1.AccountAttachments"
 
       # Create registers a new AccountAttachment.
       rpc :Create, AccountAttachmentCreateRequest, AccountAttachmentCreateResponse

data/lib/grpc/account_grants_pb.rb

@@ -1,27 +1,25 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: account_grants.proto
 
-require 'google/protobuf'
+require "google/protobuf"
 
-require 'google/api/annotations_pb'
-require 'protoc-gen-swagger/options/annotations_pb'
-require 'google/protobuf/timestamp_pb'
-require 'options_pb'
-require 'spec_pb'
+require "google/protobuf/timestamp_pb"
+require "options_pb"
+require "spec_pb"
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("account_grants.proto", :syntax => :proto3) do
     add_message "v1.AccountGrantCreateRequest" do