strongdm 1.0.12 → 1.0.17

data/lib/strongdm.rb

@@ -29,19 +29,24 @@ module SDM
   class Client
     # Creates a new strongDM API client.
     def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false)
-      @api_access_key = api_access_key
-      @api_secret_key = Base64.strict_decode64(api_secret_key)
+      raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String)
+      raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String)
+      raise TypeError, "client host must be a string" unless host.kind_of?(String)
+      @api_access_key = api_access_key.strip
+      @api_secret_key = Base64.strict_decode64(api_secret_key.strip)
       @max_retries = DEFAULT_MAX_RETRIES
       @base_retry_delay = DEFAULT_BASE_RETRY_DELAY
       @max_retry_delay = DEFAULT_MAX_RETRY_DELAY
       @account_attachments = AccountAttachments.new(host, insecure, self)
       @account_grants = AccountGrants.new(host, insecure, self)
       @accounts = Accounts.new(host, insecure, self)
+      @control_panel = ControlPanel.new(host, insecure, self)
       @nodes = Nodes.new(host, insecure, self)
       @resources = Resources.new(host, insecure, self)
       @role_attachments = RoleAttachments.new(host, insecure, self)
       @role_grants = RoleGrants.new(host, insecure, self)
       @roles = Roles.new(host, insecure, self)
+      @secret_stores = SecretStores.new(host, insecure, self)
       @_test_options = Hash.new
     end
 
@@ -98,6 +103,8 @@ module SDM
     # 1. **Users:** humans who are authenticated through username and password or SSO.
     # 2. **Service Accounts:** machines that are authenticated using a service token.
     attr_reader :accounts
+    # ControlPanel contains all administrative controls.
+    attr_reader :control_panel
     # Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
     # - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
     # - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
@@ -120,6 +127,8 @@ module SDM
     # grant access to the combined resources associated with a set of child roles.
     # Each user can be a member of one Role or composite role.
     attr_reader :roles
+    # SecretStores are servers where resource secrets (passwords, keys) are stored.
+    attr_reader :secret_stores
     attr_reader :_test_options
   end
 end

data/lib/svc.rb

@@ -486,6 +486,51 @@ module SDM
     end
   end
 
+  # ControlPanel contains all administrative controls.
+  class ControlPanel
+    def initialize(host, insecure, parent)
+      begin
+        if insecure
+          @stub = V1::ControlPanel::Stub.new(host, :this_channel_is_insecure)
+        else
+          cred = GRPC::Core::ChannelCredentials.new()
+          @stub = V1::ControlPanel::Stub.new(host, cred)
+        end
+      rescue => exception
+        raise Plumbing::convert_error_to_porcelain(exception)
+      end
+      @parent = parent
+    end
+
+    # GetSSHCAPublicKey retrieves the SSH CA public key.
+    def get_sshca_public_key(
+      deadline: nil
+    )
+      req = V1::ControlPanelGetSSHCAPublicKeyRequest.new()
+
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.get_sshca_public_key(req, metadata: @parent.get_metadata("ControlPanel.GetSSHCAPublicKey", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception))
+            tries + +@parent.jitterSleep(tries)
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      resp = ControlPanelGetSSHCAPublicKeyResponse.new()
+      resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
+      resp.public_key = (plumbing_response.public_key)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+  end
+
   # Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
   # - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
   # - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
@@ -677,6 +722,43 @@ module SDM
       @parent = parent
     end
 
+    # EnumerateTags gets a list of the filter matching tags.
+    def enumerate_tags(
+      filter,
+      *args,
+      deadline: nil
+    )
+      req = V1::EnumerateTagsRequest.new()
+      req.meta = V1::ListRequestMetadata.new()
+      page_size_option = @parent._test_options["PageSize"]
+      if page_size_option.is_a? Integer
+        req.meta.limit = page_size_option
+      end
+
+      req.filter = Plumbing::quote_filter_args(filter, *args)
+      resp = Enumerator::Generator.new { |g|
+        tries = 0
+        loop do
+          begin
+            plumbing_response = @stub.enumerate_tags(req, metadata: @parent.get_metadata("Resources.EnumerateTags", req), deadline: deadline)
+          rescue => exception
+            if (@parent.shouldRetry(tries, exception))
+              tries + +@parent.jitterSleep(tries)
+              next
+            end
+            raise Plumbing::convert_error_to_porcelain(exception)
+          end
+          tries = 0
+          plumbing_response.matches.each do |plumbing_item|
+            g.yield Plumbing::convert_tag_to_porcelain(plumbing_item)
+          end
+          break if plumbing_response.meta.next_cursor == ""
+          req.meta.cursor = plumbing_response.meta.next_cursor
+        end
+      }
+      resp
+    end
+
     # Create registers a new Resource.
     def create(
       resource,
@@ -1302,4 +1384,176 @@ module SDM
       resp
     end
   end
+
+  # SecretStores are servers where resource secrets (passwords, keys) are stored.
+  class SecretStores
+    def initialize(host, insecure, parent)
+      begin
+        if insecure
+          @stub = V1::SecretStores::Stub.new(host, :this_channel_is_insecure)
+        else
+          cred = GRPC::Core::ChannelCredentials.new()
+          @stub = V1::SecretStores::Stub.new(host, cred)
+        end
+      rescue => exception
+        raise Plumbing::convert_error_to_porcelain(exception)
+      end
+      @parent = parent
+    end
+
+    def create(
+      secret_store,
+      deadline: nil
+    )
+      req = V1::SecretStoreCreateRequest.new()
+
+      req.secret_store = Plumbing::convert_secret_store_to_plumbing(secret_store)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.create(req, metadata: @parent.get_metadata("SecretStores.Create", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception))
+            tries + +@parent.jitterSleep(tries)
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      resp = SecretStoreCreateResponse.new()
+      resp.meta = Plumbing::convert_create_response_metadata_to_porcelain(plumbing_response.meta)
+      resp.secret_store = Plumbing::convert_secret_store_to_porcelain(plumbing_response.secret_store)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+
+    # Get reads one SecretStore by ID.
+    def get(
+      id,
+      deadline: nil
+    )
+      req = V1::SecretStoreGetRequest.new()
+
+      req.id = (id)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.get(req, metadata: @parent.get_metadata("SecretStores.Get", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception))
+            tries + +@parent.jitterSleep(tries)
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      resp = SecretStoreGetResponse.new()
+      resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
+      resp.secret_store = Plumbing::convert_secret_store_to_porcelain(plumbing_response.secret_store)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+
+    # Update patches a SecretStore by ID.
+    def update(
+      secret_store,
+      deadline: nil
+    )
+      req = V1::SecretStoreUpdateRequest.new()
+
+      req.secret_store = Plumbing::convert_secret_store_to_plumbing(secret_store)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.update(req, metadata: @parent.get_metadata("SecretStores.Update", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception))
+            tries + +@parent.jitterSleep(tries)
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      resp = SecretStoreUpdateResponse.new()
+      resp.meta = Plumbing::convert_update_response_metadata_to_porcelain(plumbing_response.meta)
+      resp.secret_store = Plumbing::convert_secret_store_to_porcelain(plumbing_response.secret_store)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+
+    # Delete removes a SecretStore by ID.
+    def delete(
+      id,
+      deadline: nil
+    )
+      req = V1::SecretStoreDeleteRequest.new()
+
+      req.id = (id)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.delete(req, metadata: @parent.get_metadata("SecretStores.Delete", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception))
+            tries + +@parent.jitterSleep(tries)
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      resp = SecretStoreDeleteResponse.new()
+      resp.meta = Plumbing::convert_delete_response_metadata_to_porcelain(plumbing_response.meta)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+
+    # List gets a list of SecretStores matching a given set of criteria.
+    def list(
+      filter,
+      *args,
+      deadline: nil
+    )
+      req = V1::SecretStoreListRequest.new()
+      req.meta = V1::ListRequestMetadata.new()
+      page_size_option = @parent._test_options["PageSize"]
+      if page_size_option.is_a? Integer
+        req.meta.limit = page_size_option
+      end
+
+      req.filter = Plumbing::quote_filter_args(filter, *args)
+      resp = Enumerator::Generator.new { |g|
+        tries = 0
+        loop do
+          begin
+            plumbing_response = @stub.list(req, metadata: @parent.get_metadata("SecretStores.List", req), deadline: deadline)
+          rescue => exception
+            if (@parent.shouldRetry(tries, exception))
+              tries + +@parent.jitterSleep(tries)
+              next
+            end
+            raise Plumbing::convert_error_to_porcelain(exception)
+          end
+          tries = 0
+          plumbing_response.secret_stores.each do |plumbing_item|
+            g.yield Plumbing::convert_secret_store_to_porcelain(plumbing_item)
+          end
+          break if plumbing_response.meta.next_cursor == ""
+          req.meta.cursor = plumbing_response.meta.next_cursor
+        end
+      }
+      resp
+    end
+  end
 end

data/lib/version

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.12"
+  VERSION = "1.0.17"
 end

data/lib/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.12"
+  VERSION = "1.0.17"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: strongdm
 version: !ruby/object:Gem::Version
-  version: 1.0.12
+  version: 1.0.17
 platform: ruby
 authors:
 - strongDM Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-31 00:00:00.000000000 Z
+date: 2021-01-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
@@ -88,6 +88,11 @@ files:
 - doc/SDM/AKS.html
 - doc/SDM/AKSBasicAuth.html
 - doc/SDM/AKSServiceAccount.html
+- doc/SDM/AWS.html
+- doc/SDM/AWSStore.html
+- doc/SDM/AccessRuleCreateResponse.html
+- doc/SDM/AccessRuleDeleteResponse.html
+- doc/SDM/AccessRuleUpdateResponse.html
 - doc/SDM/AccountAttachment.html
 - doc/SDM/AccountAttachmentCreateOptions.html
 - doc/SDM/AccountAttachmentCreateResponse.html
@@ -118,8 +123,9 @@ files:
 - doc/SDM/Client.html
 - doc/SDM/Clustrix.html
 - doc/SDM/Cockroach.html
+- doc/SDM/ControlPanel.html
+- doc/SDM/ControlPanelGetSSHCAPublicKeyResponse.html
 - doc/SDM/CreateResponseMetadata.html
-- doc/SDM/DB2.html
 - doc/SDM/DB2LUW.html
 - doc/SDM/DB2i.html
 - doc/SDM/DeadlineExceededError.html
@@ -189,20 +195,39 @@ files:
 - doc/SDM/SQLServer.html
 - doc/SDM/SSH.html
 - doc/SDM/SSHCert.html
+- doc/SDM/SecretStore.html
+- doc/SDM/SecretStoreCreateResponse.html
+- doc/SDM/SecretStoreDeleteResponse.html
+- doc/SDM/SecretStoreGetResponse.html
+- doc/SDM/SecretStoreUpdateResponse.html
+- doc/SDM/SecretStores.html
 - doc/SDM/Service.html
 - doc/SDM/Snowflake.html
 - doc/SDM/Sybase.html
 - doc/SDM/SybaseIQ.html
+- doc/SDM/Tag.html
 - doc/SDM/Teradata.html
 - doc/SDM/UpdateResponseMetadata.html
 - doc/SDM/User.html
+- doc/SDM/VaultTLSStore.html
+- doc/SDM/VaultTokenStore.html
 - doc/V1.html
+- doc/V1/AccessRules.html
+- doc/V1/AccessRules/Service.html
 - doc/V1/AccountAttachments.html
 - doc/V1/AccountAttachments/Service.html
 - doc/V1/AccountGrants.html
 - doc/V1/AccountGrants/Service.html
 - doc/V1/Accounts.html
 - doc/V1/Accounts/Service.html
+- doc/V1/Audits.html
+- doc/V1/Audits/Service.html
+- doc/V1/BuildsPrivate.html
+- doc/V1/BuildsPrivate/Service.html
+- doc/V1/ControlPanel.html
+- doc/V1/ControlPanel/Service.html
+- doc/V1/DemoProvisioningRequests.html
+- doc/V1/DemoProvisioningRequests/Service.html
 - doc/V1/Nodes.html
 - doc/V1/Nodes/Service.html
 - doc/V1/Resources.html
@@ -213,6 +238,10 @@ files:
 - doc/V1/RoleGrants/Service.html
 - doc/V1/Roles.html
 - doc/V1/Roles/Service.html
+- doc/V1/SecretStoreHealths.html
+- doc/V1/SecretStoreHealths/Service.html
+- doc/V1/SecretStores.html
+- doc/V1/SecretStores/Service.html
 - doc/V1/Tags.html
 - doc/created.rid
 - doc/css/fonts.css
@@ -275,12 +304,15 @@ files:
 - lib/grpc/account_grants_services_pb.rb
 - lib/grpc/accounts_pb.rb
 - lib/grpc/accounts_services_pb.rb
+- lib/grpc/control_panel_pb.rb
+- lib/grpc/control_panel_services_pb.rb
+- lib/grpc/demo_provisioning_requests_pb.rb
+- lib/grpc/demo_provisioning_requests_services_pb.rb
 - lib/grpc/drivers_pb.rb
 - lib/grpc/nodes_pb.rb
 - lib/grpc/nodes_services_pb.rb
 - lib/grpc/options_pb.rb
 - lib/grpc/plumbing.rb
-- lib/grpc/protoc-gen-swagger/options/annotations_pb.rb
 - lib/grpc/resources_pb.rb
 - lib/grpc/resources_services_pb.rb
 - lib/grpc/role_attachments_pb.rb
@@ -289,6 +321,9 @@ files:
 - lib/grpc/role_grants_services_pb.rb
 - lib/grpc/roles_pb.rb
 - lib/grpc/roles_services_pb.rb
+- lib/grpc/secret_store_types_pb.rb
+- lib/grpc/secret_stores_pb.rb
+- lib/grpc/secret_stores_services_pb.rb
 - lib/grpc/spec_pb.rb
 - lib/grpc/tags_pb.rb
 - lib/models/porcelain.rb

data/lib/grpc/protoc-gen-swagger/options/annotations_pb.rb

@@ -1,15 +0,0 @@
-# Copyright 2020 StrongDM Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# this file is intentionally left empty