strongdm 1.0.15 → 1.0.21

data/lib/strongdm.rb

@@ -29,8 +29,11 @@ module SDM
   class Client
     # Creates a new strongDM API client.
     def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false)
-      @api_access_key = api_access_key
-      @api_secret_key = Base64.strict_decode64(api_secret_key)
+      raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String)
+      raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String)
+      raise TypeError, "client host must be a string" unless host.kind_of?(String)
+      @api_access_key = api_access_key.strip
+      @api_secret_key = Base64.strict_decode64(api_secret_key.strip)
       @max_retries = DEFAULT_MAX_RETRIES
       @base_retry_delay = DEFAULT_BASE_RETRY_DELAY
       @max_retry_delay = DEFAULT_MAX_RETRY_DELAY

data/lib/svc.rb

@@ -529,6 +529,36 @@ module SDM
       resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
       resp
     end
+
+    # VerifyJWT reports whether the given JWT token (x-sdm-token) is valid.
+    def verify_jwt(
+      token,
+      deadline: nil
+    )
+      req = V1::ControlPanelVerifyJWTRequest.new()
+
+      req.token = (token)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.verify_jwt(req, metadata: @parent.get_metadata("ControlPanel.VerifyJWT", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception))
+            tries + +@parent.jitterSleep(tries)
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      resp = ControlPanelVerifyJWTResponse.new()
+      resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
+      resp.valid = (plumbing_response.valid)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
   end
 
   # Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
@@ -722,6 +752,43 @@ module SDM
       @parent = parent
     end
 
+    # EnumerateTags gets a list of the filter matching tags.
+    def enumerate_tags(
+      filter,
+      *args,
+      deadline: nil
+    )
+      req = V1::EnumerateTagsRequest.new()
+      req.meta = V1::ListRequestMetadata.new()
+      page_size_option = @parent._test_options["PageSize"]
+      if page_size_option.is_a? Integer
+        req.meta.limit = page_size_option
+      end
+
+      req.filter = Plumbing::quote_filter_args(filter, *args)
+      resp = Enumerator::Generator.new { |g|
+        tries = 0
+        loop do
+          begin
+            plumbing_response = @stub.enumerate_tags(req, metadata: @parent.get_metadata("Resources.EnumerateTags", req), deadline: deadline)
+          rescue => exception
+            if (@parent.shouldRetry(tries, exception))
+              tries + +@parent.jitterSleep(tries)
+              next
+            end
+            raise Plumbing::convert_error_to_porcelain(exception)
+          end
+          tries = 0
+          plumbing_response.matches.each do |plumbing_item|
+            g.yield Plumbing::convert_tag_to_porcelain(plumbing_item)
+          end
+          break if plumbing_response.meta.next_cursor == ""
+          req.meta.cursor = plumbing_response.meta.next_cursor
+        end
+      }
+      resp
+    end
+
     # Create registers a new Resource.
     def create(
       resource,

data/lib/version

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.15"
+  VERSION = "1.0.21"
 end

data/lib/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.15"
+  VERSION = "1.0.21"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: strongdm
 version: !ruby/object:Gem::Version
-  version: 1.0.15
+  version: 1.0.21
 platform: ruby
 authors:
 - strongDM Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-11 00:00:00.000000000 Z
+date: 2021-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
@@ -88,6 +88,8 @@ files:
 - doc/SDM/AKS.html
 - doc/SDM/AKSBasicAuth.html
 - doc/SDM/AKSServiceAccount.html
+- doc/SDM/AKSServiceAccountUserImpersonation.html
+- doc/SDM/AKSUserImpersonation.html
 - doc/SDM/AWS.html
 - doc/SDM/AWSStore.html
 - doc/SDM/AccessRuleCreateResponse.html
@@ -111,6 +113,7 @@ files:
 - doc/SDM/Accounts.html
 - doc/SDM/AlreadyExistsError.html
 - doc/SDM/AmazonEKS.html
+- doc/SDM/AmazonEKSUserImpersonation.html
 - doc/SDM/AmazonES.html
 - doc/SDM/Athena.html
 - doc/SDM/AuroraMysql.html
@@ -125,6 +128,7 @@ files:
 - doc/SDM/Cockroach.html
 - doc/SDM/ControlPanel.html
 - doc/SDM/ControlPanelGetSSHCAPublicKeyResponse.html
+- doc/SDM/ControlPanelVerifyJWTResponse.html
 - doc/SDM/CreateResponseMetadata.html
 - doc/SDM/DB2LUW.html
 - doc/SDM/DB2i.html
@@ -137,6 +141,7 @@ files:
 - doc/SDM/Gateway.html
 - doc/SDM/GetResponseMetadata.html
 - doc/SDM/GoogleGKE.html
+- doc/SDM/GoogleGKEUserImpersonation.html
 - doc/SDM/Greenplum.html
 - doc/SDM/HTTPAuth.html
 - doc/SDM/HTTPBasicAuth.html
@@ -145,6 +150,8 @@ files:
 - doc/SDM/Kubernetes.html
 - doc/SDM/KubernetesBasicAuth.html
 - doc/SDM/KubernetesServiceAccount.html
+- doc/SDM/KubernetesServiceAccountUserImpersonation.html
+- doc/SDM/KubernetesUserImpersonation.html
 - doc/SDM/Maria.html
 - doc/SDM/Memcached.html
 - doc/SDM/Memsql.html
@@ -195,6 +202,7 @@ files:
 - doc/SDM/SQLServer.html
 - doc/SDM/SSH.html
 - doc/SDM/SSHCert.html
+- doc/SDM/SSHCustomerKey.html
 - doc/SDM/SecretStore.html
 - doc/SDM/SecretStoreCreateResponse.html
 - doc/SDM/SecretStoreDeleteResponse.html
@@ -205,6 +213,7 @@ files:
 - doc/SDM/Snowflake.html
 - doc/SDM/Sybase.html
 - doc/SDM/SybaseIQ.html
+- doc/SDM/Tag.html
 - doc/SDM/Teradata.html
 - doc/SDM/UpdateResponseMetadata.html
 - doc/SDM/User.html
@@ -221,12 +230,15 @@ files:
 - doc/V1/Accounts/Service.html
 - doc/V1/Audits.html
 - doc/V1/Audits/Service.html
+- doc/V1/BuildsPrivate.html
+- doc/V1/BuildsPrivate/Service.html
 - doc/V1/ControlPanel.html
 - doc/V1/ControlPanel/Service.html
 - doc/V1/DemoProvisioningRequests.html
 - doc/V1/DemoProvisioningRequests/Service.html
 - doc/V1/Nodes.html
 - doc/V1/Nodes/Service.html
+- doc/V1/Permissions/Service.html
 - doc/V1/Resources.html
 - doc/V1/Resources/Service.html
 - doc/V1/RoleAttachments.html
@@ -295,20 +307,14 @@ files:
 - examples/Gemfile
 - examples/listUsers.rb
 - lib/errors/errors.rb
-- lib/grpc/access_rules_pb.rb
-- lib/grpc/access_rules_services_pb.rb
 - lib/grpc/account_attachments_pb.rb
 - lib/grpc/account_attachments_services_pb.rb
 - lib/grpc/account_grants_pb.rb
 - lib/grpc/account_grants_services_pb.rb
 - lib/grpc/accounts_pb.rb
 - lib/grpc/accounts_services_pb.rb
-- lib/grpc/audits_pb.rb
-- lib/grpc/audits_services_pb.rb
 - lib/grpc/control_panel_pb.rb
 - lib/grpc/control_panel_services_pb.rb
-- lib/grpc/demo_provisioning_requests_pb.rb
-- lib/grpc/demo_provisioning_requests_services_pb.rb
 - lib/grpc/drivers_pb.rb
 - lib/grpc/nodes_pb.rb
 - lib/grpc/nodes_services_pb.rb
@@ -322,8 +328,6 @@ files:
 - lib/grpc/role_grants_services_pb.rb
 - lib/grpc/roles_pb.rb
 - lib/grpc/roles_services_pb.rb
-- lib/grpc/secret_store_healths_pb.rb
-- lib/grpc/secret_store_healths_services_pb.rb
 - lib/grpc/secret_store_types_pb.rb
 - lib/grpc/secret_stores_pb.rb
 - lib/grpc/secret_stores_services_pb.rb

data/lib/grpc/access_rules_pb.rb

@@ -1,115 +0,0 @@
-# Copyright 2020 StrongDM Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Generated by the protocol buffer compiler.  DO NOT EDIT!
-# source: access_rules.proto
-
-require "google/protobuf"
-
-require "options_pb"
-require "spec_pb"
-require "tags_pb"
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("access_rules.proto", :syntax => :proto3) do
-    add_message "v1.AccessRuleCreateRequest" do
-      optional :meta, :message, 1, "v1.CreateRequestMetadata"
-      optional :access_rule, :message, 2, "v1.AccessRule"
-    end
-    add_message "v1.AccessRuleCreateResponse" do
-      optional :meta, :message, 1, "v1.CreateResponseMetadata"
-      optional :access_rule, :message, 2, "v1.AccessRule"
-      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
-    end
-    add_message "v1.AccessRuleGetRequest" do
-      optional :meta, :message, 1, "v1.GetRequestMetadata"
-      optional :id, :string, 2
-    end
-    add_message "v1.AccessRuleGetResponse" do
-      optional :meta, :message, 1, "v1.GetResponseMetadata"
-      optional :access_rule, :message, 2, "v1.AccessRule"
-      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
-    end
-    add_message "v1.AccessRuleUpdateRequest" do
-      optional :meta, :message, 1, "v1.UpdateRequestMetadata"
-      optional :id, :string, 2
-      optional :access_rule, :message, 3, "v1.AccessRule"
-    end
-    add_message "v1.AccessRuleUpdateResponse" do
-      optional :meta, :message, 1, "v1.UpdateResponseMetadata"
-      optional :access_rule, :message, 2, "v1.AccessRule"
-      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
-    end
-    add_message "v1.AccessRuleDeleteRequest" do
-      optional :meta, :message, 1, "v1.DeleteRequestMetadata"
-      optional :id, :string, 2
-    end
-    add_message "v1.AccessRuleDeleteResponse" do
-      optional :meta, :message, 1, "v1.DeleteResponseMetadata"
-      optional :rate_limit, :message, 2, "v1.RateLimitMetadata"
-    end
-    add_message "v1.AccessRuleListRequest" do
-      optional :meta, :message, 1, "v1.ListRequestMetadata"
-      optional :filter, :string, 2
-    end
-    add_message "v1.AccessRuleListResponse" do
-      optional :meta, :message, 1, "v1.ListResponseMetadata"
-      repeated :access_rules, :message, 2, "v1.AccessRule"
-      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
-    end
-    add_message "v1.AccessRule" do
-      optional :id, :string, 1
-      optional :resource_type, :string, 2
-      optional :role_id, :string, 3
-      repeated :resource_ids, :string, 4
-      optional :tags, :message, 5, "v1.Tags"
-      optional :affected_resources, :int64, 6
-    end
-    add_message "v1.AccessRulePlanRequest" do
-      optional :meta, :message, 1, "v1.CreateRequestMetadata"
-      optional :access_rule, :message, 2, "v1.AccessRule"
-    end
-    add_message "v1.AccessRulePlanResponse" do
-      optional :meta, :message, 1, "v1.CreateResponseMetadata"
-      optional :affected_resources, :int64, 2
-      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
-    end
-    add_message "v1.ApplyAccessRuleRequest" do
-      optional :meta, :message, 1, "v1.CreateRequestMetadata"
-      optional :role_id, :string, 2
-      repeated :access_rules, :message, 3, "v1.AccessRule"
-    end
-    add_message "v1.ApplyAccessRuleResponse" do
-      optional :meta, :message, 1, "v1.CreateResponseMetadata"
-      optional :rate_limit, :message, 2, "v1.RateLimitMetadata"
-    end
-  end
-end
-
-module V1
-  AccessRuleCreateRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleCreateRequest").msgclass
-  AccessRuleCreateResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleCreateResponse").msgclass
-  AccessRuleGetRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleGetRequest").msgclass
-  AccessRuleGetResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleGetResponse").msgclass
-  AccessRuleUpdateRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleUpdateRequest").msgclass
-  AccessRuleUpdateResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleUpdateResponse").msgclass
-  AccessRuleDeleteRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleDeleteRequest").msgclass
-  AccessRuleDeleteResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleDeleteResponse").msgclass
-  AccessRuleListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleListRequest").msgclass
-  AccessRuleListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRuleListResponse").msgclass
-  AccessRule = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRule").msgclass
-  AccessRulePlanRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRulePlanRequest").msgclass
-  AccessRulePlanResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRulePlanResponse").msgclass
-  ApplyAccessRuleRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.ApplyAccessRuleRequest").msgclass
-  ApplyAccessRuleResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.ApplyAccessRuleResponse").msgclass
-end

data/lib/grpc/access_rules_services_pb.rb

@@ -1,50 +0,0 @@
-# Copyright 2020 StrongDM Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Generated by the protocol buffer compiler.  DO NOT EDIT!
-# Source: access_rules.proto for package 'v1'
-
-require "grpc"
-require "access_rules_pb"
-
-module V1
-  module AccessRules
-    # AccessRules allows the use of tags and other attributes to grant resources
-    # to roles. Each Role may have several access rules.
-    class Service
-      include GRPC::GenericService
-
-      self.marshal_class_method = :encode
-      self.unmarshal_class_method = :decode
-      self.service_name = "v1.AccessRules"
-
-      # Plan registers a new AccessRule.
-      rpc :Plan, AccessRulePlanRequest, AccessRulePlanResponse
-      # Create registers a new AccessRule.
-      rpc :Create, AccessRuleCreateRequest, AccessRuleCreateResponse
-      # Get reads one AccessRule by ID.
-      rpc :Get, AccessRuleGetRequest, AccessRuleGetResponse
-      # Update patches a AccessRule by ID.
-      rpc :Update, AccessRuleUpdateRequest, AccessRuleUpdateResponse
-      # Delete removes a AccessRule by ID.
-      rpc :Delete, AccessRuleDeleteRequest, AccessRuleDeleteResponse
-      # List gets a list of Access Rules matching a given set of criteria.
-      rpc :List, AccessRuleListRequest, AccessRuleListResponse
-      # Apply resets a role and apply all given access rules.
-      rpc :Apply, ApplyAccessRuleRequest, ApplyAccessRuleResponse
-    end
-
-    Stub = Service.rpc_stub_class
-  end
-end

data/lib/grpc/audits_pb.rb

@@ -1,40 +0,0 @@
-# Copyright 2020 StrongDM Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Generated by the protocol buffer compiler.  DO NOT EDIT!
-# source: audits.proto
-
-require "google/protobuf"
-
-require "options_pb"
-require "spec_pb"
-require "access_rules_pb"
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("audits.proto", :syntax => :proto3) do
-    add_message "v1.GetAccessRulesRequest" do
-      optional :meta, :message, 1, "v1.GetRequestMetadata"
-      optional :when, :string, 2
-    end
-    add_message "v1.GetAccessRulesResponse" do
-      optional :meta, :message, 1, "v1.GetResponseMetadata"
-      repeated :access_rules, :message, 2, "v1.AccessRule"
-      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
-    end
-  end
-end
-
-module V1
-  GetAccessRulesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GetAccessRulesRequest").msgclass
-  GetAccessRulesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GetAccessRulesResponse").msgclass
-end

data/lib/grpc/audits_services_pb.rb

@@ -1,37 +0,0 @@
-# Copyright 2020 StrongDM Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Generated by the protocol buffer compiler.  DO NOT EDIT!
-# Source: audits.proto for package 'v1'
-
-require "grpc"
-require "audits_pb"
-
-module V1
-  module Audits
-    # Audit exposes the endpoints to extract point-in-time snapshot of data.
-    class Service
-      include GRPC::GenericService
-
-      self.marshal_class_method = :encode
-      self.unmarshal_class_method = :decode
-      self.service_name = "v1.Audits"
-
-      # GetAccessRules gets a list of Access Rules at point-in-time.
-      rpc :GetAccessRules, GetAccessRulesRequest, GetAccessRulesResponse
-    end
-
-    Stub = Service.rpc_stub_class
-  end
-end