strongdm 1.0.2 → 1.0.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (193) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +28 -6
  3. data/doc/LICENSE.html +6 -11
  4. data/doc/Object.html +6 -361
  5. data/doc/README_md.html +37 -19
  6. data/doc/SDM.html +6 -3
  7. data/doc/SDM/AKS.html +45 -6
  8. data/doc/SDM/AKSBasicAuth.html +45 -6
  9. data/doc/SDM/AKSServiceAccount.html +45 -6
  10. data/doc/SDM/AccountAttachment.html +8 -5
  11. data/doc/SDM/AccountAttachmentCreateOptions.html +6 -3
  12. data/doc/SDM/AccountAttachmentCreateResponse.html +8 -5
  13. data/doc/SDM/AccountAttachmentDeleteResponse.html +8 -5
  14. data/doc/SDM/AccountAttachmentGetResponse.html +8 -5
  15. data/doc/SDM/AccountAttachments.html +27 -26
  16. data/doc/SDM/AccountCreateResponse.html +8 -5
  17. data/doc/SDM/AccountDeleteResponse.html +8 -5
  18. data/doc/SDM/AccountGetResponse.html +8 -5
  19. data/doc/SDM/AccountGrant.html +8 -5
  20. data/doc/SDM/AccountGrantCreateResponse.html +8 -5
  21. data/doc/SDM/AccountGrantDeleteResponse.html +8 -5
  22. data/doc/SDM/AccountGrantGetResponse.html +8 -5
  23. data/doc/SDM/AccountGrants.html +29 -26
  24. data/doc/SDM/AccountUpdateResponse.html +8 -5
  25. data/doc/SDM/Accounts.html +35 -32
  26. data/doc/SDM/AlreadyExistsError.html +6 -3
  27. data/doc/SDM/AmazonEKS.html +45 -6
  28. data/doc/SDM/AmazonES.html +27 -6
  29. data/doc/SDM/Athena.html +27 -6
  30. data/doc/SDM/AuroraMysql.html +27 -6
  31. data/doc/SDM/AuroraPostgres.html +27 -6
  32. data/doc/SDM/AuthenticationError.html +6 -3
  33. data/doc/SDM/BadRequestError.html +6 -3
  34. data/doc/SDM/BigQuery.html +27 -6
  35. data/doc/SDM/Cassandra.html +27 -6
  36. data/doc/SDM/Citus.html +409 -0
  37. data/doc/SDM/Client.html +7 -4
  38. data/doc/SDM/Clustrix.html +27 -6
  39. data/doc/SDM/Cockroach.html +27 -6
  40. data/doc/SDM/CreateResponseMetadata.html +6 -3
  41. data/doc/SDM/DB2.html +391 -0
  42. data/doc/SDM/DB2LUW.html +391 -0
  43. data/doc/SDM/DB2i.html +391 -0
  44. data/doc/SDM/DeadlineExceededError.html +6 -3
  45. data/doc/SDM/DeleteResponseMetadata.html +6 -3
  46. data/doc/SDM/Druid.html +27 -6
  47. data/doc/SDM/DynamoDB.html +27 -6
  48. data/doc/SDM/Elastic.html +27 -6
  49. data/doc/SDM/ElasticacheRedis.html +27 -6
  50. data/doc/SDM/Gateway.html +27 -6
  51. data/doc/SDM/GetResponseMetadata.html +6 -3
  52. data/doc/SDM/GoogleGKE.html +45 -6
  53. data/doc/SDM/Greenplum.html +27 -6
  54. data/doc/SDM/HTTPAuth.html +27 -6
  55. data/doc/SDM/HTTPBasicAuth.html +27 -6
  56. data/doc/SDM/HTTPNoAuth.html +27 -6
  57. data/doc/SDM/InternalError.html +6 -3
  58. data/doc/SDM/Kubernetes.html +45 -6
  59. data/doc/SDM/KubernetesBasicAuth.html +45 -6
  60. data/doc/SDM/KubernetesServiceAccount.html +45 -6
  61. data/doc/SDM/Maria.html +27 -6
  62. data/doc/SDM/Memcached.html +27 -6
  63. data/doc/SDM/Memsql.html +27 -6
  64. data/doc/SDM/MongoHost.html +27 -6
  65. data/doc/SDM/MongoLegacyHost.html +27 -6
  66. data/doc/SDM/MongoLegacyReplicaset.html +27 -6
  67. data/doc/SDM/MongoReplicaSet.html +27 -6
  68. data/doc/SDM/Mysql.html +27 -6
  69. data/doc/SDM/NodeCreateResponse.html +8 -5
  70. data/doc/SDM/NodeDeleteResponse.html +8 -5
  71. data/doc/SDM/NodeGetResponse.html +8 -5
  72. data/doc/SDM/NodeUpdateResponse.html +8 -5
  73. data/doc/SDM/Nodes.html +35 -32
  74. data/doc/SDM/NotFoundError.html +6 -3
  75. data/doc/SDM/Oracle.html +27 -6
  76. data/doc/SDM/PermissionError.html +6 -3
  77. data/doc/SDM/Plumbing.html +4351 -3569
  78. data/doc/SDM/Postgres.html +27 -6
  79. data/doc/SDM/Presto.html +27 -6
  80. data/doc/SDM/RDP.html +27 -6
  81. data/doc/SDM/RPCError.html +6 -3
  82. data/doc/SDM/RateLimitError.html +6 -3
  83. data/doc/SDM/RateLimitMetadata.html +6 -3
  84. data/doc/SDM/Redis.html +27 -6
  85. data/doc/SDM/Redshift.html +27 -6
  86. data/doc/SDM/Relay.html +28 -7
  87. data/doc/SDM/ResourceCreateResponse.html +8 -5
  88. data/doc/SDM/ResourceDeleteResponse.html +8 -5
  89. data/doc/SDM/ResourceGetResponse.html +8 -5
  90. data/doc/SDM/ResourceUpdateResponse.html +8 -5
  91. data/doc/SDM/Resources.html +34 -31
  92. data/doc/SDM/Role.html +27 -6
  93. data/doc/SDM/RoleAttachment.html +8 -5
  94. data/doc/SDM/RoleAttachmentCreateResponse.html +8 -5
  95. data/doc/SDM/RoleAttachmentDeleteResponse.html +8 -5
  96. data/doc/SDM/RoleAttachmentGetResponse.html +8 -5
  97. data/doc/SDM/RoleAttachments.html +28 -25
  98. data/doc/SDM/RoleCreateResponse.html +8 -5
  99. data/doc/SDM/RoleDeleteResponse.html +8 -5
  100. data/doc/SDM/RoleGetResponse.html +8 -5
  101. data/doc/SDM/RoleGrant.html +8 -5
  102. data/doc/SDM/RoleGrantCreateResponse.html +8 -5
  103. data/doc/SDM/RoleGrantDeleteResponse.html +8 -5
  104. data/doc/SDM/RoleGrantGetResponse.html +8 -5
  105. data/doc/SDM/RoleGrants.html +28 -25
  106. data/doc/SDM/RoleUpdateResponse.html +8 -5
  107. data/doc/SDM/Roles.html +34 -31
  108. data/doc/SDM/SQLServer.html +27 -6
  109. data/doc/SDM/SSH.html +45 -6
  110. data/doc/SDM/SSHCert.html +373 -0
  111. data/doc/SDM/Service.html +27 -6
  112. data/doc/SDM/Snowflake.html +27 -6
  113. data/doc/SDM/Sybase.html +27 -6
  114. data/doc/SDM/SybaseIQ.html +27 -6
  115. data/doc/SDM/Teradata.html +27 -6
  116. data/doc/SDM/UpdateResponseMetadata.html +6 -3
  117. data/doc/SDM/User.html +27 -6
  118. data/doc/V1.html +36 -8
  119. data/doc/V1/AccountAttachments.html +6 -3
  120. data/doc/V1/AccountAttachments/Service.html +6 -3
  121. data/doc/V1/AccountGrants.html +6 -3
  122. data/doc/V1/AccountGrants/Service.html +7 -4
  123. data/doc/V1/Accounts.html +6 -3
  124. data/doc/V1/Accounts/Service.html +6 -3
  125. data/doc/V1/Nodes.html +6 -3
  126. data/doc/V1/Nodes/Service.html +6 -3
  127. data/doc/V1/Resources.html +6 -3
  128. data/doc/V1/Resources/Service.html +6 -3
  129. data/doc/V1/RoleAttachments.html +6 -3
  130. data/doc/V1/RoleAttachments/Service.html +6 -3
  131. data/doc/V1/RoleGrants.html +6 -3
  132. data/doc/V1/RoleGrants/Service.html +6 -3
  133. data/doc/V1/Roles.html +6 -3
  134. data/doc/V1/Roles/Service.html +6 -3
  135. data/doc/V1/Tags.html +113 -0
  136. data/doc/created.rid +38 -41
  137. data/doc/css/rdoc.css +22 -1
  138. data/doc/examples/Gemfile.html +6 -11
  139. data/doc/examples/Gemfile_lock.html +6 -3
  140. data/doc/examples/README_md.html +6 -3
  141. data/doc/examples/okta-sync/Gemfile.html +6 -3
  142. data/doc/examples/okta-sync/Gemfile_lock.html +6 -3
  143. data/doc/index.html +16 -13
  144. data/doc/js/darkfish.js +22 -99
  145. data/doc/js/navigation.js +4 -40
  146. data/doc/js/navigation.js.gz +0 -0
  147. data/doc/js/search.js +32 -31
  148. data/doc/js/search_index.js +1 -1
  149. data/doc/js/search_index.js.gz +0 -0
  150. data/doc/js/searcher.js +6 -6
  151. data/doc/js/searcher.js.gz +0 -0
  152. data/doc/lib/version.html +8 -13
  153. data/doc/strongdm_gemspec.html +6 -11
  154. data/doc/table_of_contents.html +1035 -932
  155. data/examples/Gemfile +2 -2
  156. data/examples/listUsers.rb +8 -8
  157. data/lib/errors/errors.rb +53 -55
  158. data/lib/grpc/account_attachments_pb.rb +9 -14
  159. data/lib/grpc/account_attachments_services_pb.rb +8 -7
  160. data/lib/grpc/account_grants_pb.rb +10 -10
  161. data/lib/grpc/account_grants_services_pb.rb +9 -8
  162. data/lib/grpc/accounts_pb.rb +12 -9
  163. data/lib/grpc/accounts_services_pb.rb +8 -7
  164. data/lib/grpc/drivers_pb.rb +117 -7
  165. data/lib/grpc/nodes_pb.rb +12 -9
  166. data/lib/grpc/nodes_services_pb.rb +8 -7
  167. data/lib/grpc/options_pb.rb +16 -5
  168. data/lib/grpc/plumbing.rb +4426 -4085
  169. data/lib/grpc/protoc-gen-swagger/options/annotations_pb.rb +4 -4
  170. data/lib/grpc/resources_pb.rb +9 -9
  171. data/lib/grpc/resources_services_pb.rb +8 -7
  172. data/lib/grpc/role_attachments_pb.rb +9 -9
  173. data/lib/grpc/role_attachments_services_pb.rb +8 -7
  174. data/lib/grpc/role_grants_pb.rb +9 -9
  175. data/lib/grpc/role_grants_services_pb.rb +8 -7
  176. data/lib/grpc/roles_pb.rb +11 -9
  177. data/lib/grpc/roles_services_pb.rb +8 -7
  178. data/lib/grpc/spec_pb.rb +7 -8
  179. data/lib/grpc/tags_pb.rb +36 -0
  180. data/lib/models/porcelain.rb +5348 -4415
  181. data/lib/strongdm.rb +95 -94
  182. data/lib/svc.rb +1222 -1202
  183. data/lib/version +16 -2
  184. data/lib/version.rb +1 -1
  185. data/strongdm.gemspec +10 -10
  186. metadata +9 -9
  187. data/examples/Gemfile.lock +0 -14
  188. data/examples/README.md +0 -5
  189. data/examples/okta-sync/Gemfile +0 -4
  190. data/examples/okta-sync/Gemfile.lock +0 -38
  191. data/examples/okta-sync/matchers.yml +0 -11
  192. data/examples/okta-sync/oktaSync.rb +0 -215
  193. data/examples/panicButton.rb +0 -180
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7de282c56f9520a15970d80af5979317acb7bdc923cee738e74c3f1f6bbe225a
4
- data.tar.gz: 42a4d24ebf4b89bbbb376b1c09419e06ce3cb218331deb4c752e4c04fb08ec33
3
+ metadata.gz: c4ba2cfaeace974f49f68b9a8c3a18c188bf5a1c2696d422db4353f9b64dff46
4
+ data.tar.gz: 1b10ce78d4581ddf2507c9a6475d09ebf092127b5fd8474dbe372dc4697bba1c
5
5
  SHA512:
6
- metadata.gz: f8babd9237e549ebd623185bc9d3be7477f5bdfdff0e0fac99c4f0664a1be7ec27d2b1de2fb46a21d1a920575ff53d7609e71fbdcd4a030134300274f2000626
7
- data.tar.gz: fa74cce3c0d1a591769db03605fb4c2561caf6958d48921a19d9b482e11d5a3a3f0ff04731c4d05b2912d26c33cc207a8574fc3f1fe66114a1f5eb2b6743c11b
6
+ metadata.gz: 18caeb1e500291d741ffae81a6aaf82388fd53543e860e79d0082fdb3854b4162708ef9385c1d1edf2bcf7ad2781adb56c89818675587e0f551c0c1e2a986fd0
7
+ data.tar.gz: c584d2646722f757fffd9648c76c0b38705a7b6945148a59119635cc92fc9caca2c1c754d98cf14f51390c85205b1a9f3ca9ce73a9f74909e5507a38f8e2fe13
data/README.md CHANGED
@@ -1,23 +1,28 @@
1
1
  # strongDM SDK for Ruby
2
2
 
3
- The official strongDM SDK for the Ruby programming language.
3
+ This is the official [strongDM](https://www.strongdm.com/) SDK for the Ruby programming language.
4
4
 
5
- ## Quick Start
5
+ Learn more with our [📚strongDM API docs](https://www.strongdm.com/docs/api/) or [📓browse the SDK reference](https://www.rubydoc.info/gems/strongdm).
6
6
 
7
- First, install the gem:
7
+
8
+ ## Installation
8
9
 
9
10
  ```bash
10
11
  $ gem install strongdm
11
12
  ```
12
13
 
13
- Next, go to https://app.strongdm.com and create an API key. Set the `SDM_API_ACCESS_KEY` and `SDM_API_SECRET_KEY` environment variables.
14
+ ## Authentication
15
+
16
+ If you don't already have them you will need to generate a set of API keys, instructions are here: [API Credentials](https://www.strongdm.com/docs/admin-guide/api-credentials/)
14
17
 
18
+ Add the keys as environment variables; the SDK will need to access these keys for every request.
15
19
  ```bash
16
20
  $ export SDM_API_ACCESS_KEY=<YOUR ACCESS KEY>
17
21
  $ export SDM_API_SECRET_KEY=<YOUR SECRET KEY>
18
22
  ```
19
23
 
20
- Run some example code.
24
+ ## List Users
25
+ The following code lists all registered users:
21
26
 
22
27
  ```ruby
23
28
  require "strongdm"
@@ -27,4 +32,21 @@ users = client.accounts.list('')
27
32
  users.each do |user|
28
33
  p user
29
34
  end
30
- ```
35
+ ```
36
+
37
+ ## Useful Links
38
+
39
+ * Documentation: [strongdm gem](https://www.rubydoc.info/gems/strongdm)
40
+ * Examples: [GitHub - strongdm/strongdm-sdk-ruby-examples](https://github.com/strongdm/strongdm-sdk-ruby-examples)
41
+ 1. [Managing Resources](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/1_managing_resources)
42
+ 2. [Managing Accounts](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/2_managing_accounts)
43
+ 3. [Managing Roles](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/3_managing_roles)
44
+ 4. [Managing Gateways](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/4_managing_gateways)
45
+
46
+ ## License
47
+
48
+ [Apache 2](https://github.com/strongdm/strongdm-sdk-ruby/blob/master/LICENSE)
49
+
50
+ ## Contributing
51
+
52
+ Currently, we are not accepting pull requests directly to this repository, but our users are some of the most resourceful and ambitious folks out there. So, if you have something to contribute, find a bug, or just want to give us some feedback, please email <support@strongdm.com>.
@@ -11,8 +11,11 @@
11
11
  var index_rel_prefix = "./";
12
12
  </script>
13
13
 
14
- <script src="./js/jquery.js"></script>
15
- <script src="./js/darkfish.js"></script>
14
+ <script src="./js/navigation.js" defer></script>
15
+ <script src="./js/search.js" defer></script>
16
+ <script src="./js/search_index.js" defer></script>
17
+ <script src="./js/searcher.js" defer></script>
18
+ <script src="./js/darkfish.js" defer></script>
16
19
 
17
20
  <link href="./css/fonts.css" rel="stylesheet">
18
21
  <link href="./css/rdoc.css" rel="stylesheet">
@@ -66,14 +69,6 @@
66
69
 
67
70
  <li><a href="./examples/Gemfile.html">Gemfile</a>
68
71
 
69
- <li><a href="./examples/Gemfile_lock.html">Gemfile.lock</a>
70
-
71
- <li><a href="./examples/README_md.html">README</a>
72
-
73
- <li><a href="./examples/okta-sync/Gemfile.html">Gemfile</a>
74
-
75
- <li><a href="./examples/okta-sync/Gemfile_lock.html">Gemfile.lock</a>
76
-
77
72
  <li><a href="./lib/version.html">version</a>
78
73
 
79
74
  <li><a href="./strongdm_gemspec.html">strongdm.gemspec</a>
@@ -194,7 +189,7 @@ identification within third-party archives.</pre>
194
189
 
195
190
  <footer id="validator-badges" role="contentinfo">
196
191
  <p><a href="https://validator.w3.org/check/referer">Validate</a>
197
- <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.0.
192
+ <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.2.
198
193
  <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
199
194
  </footer>
200
195
 
@@ -11,8 +11,11 @@
11
11
  var index_rel_prefix = "./";
12
12
  </script>
13
13
 
14
- <script src="./js/jquery.js"></script>
15
- <script src="./js/darkfish.js"></script>
14
+ <script src="./js/navigation.js" defer></script>
15
+ <script src="./js/search.js" defer></script>
16
+ <script src="./js/search_index.js" defer></script>
17
+ <script src="./js/searcher.js" defer></script>
18
+ <script src="./js/darkfish.js" defer></script>
16
19
 
17
20
  <link href="./css/fonts.css" rel="stylesheet">
18
21
  <link href="./css/rdoc.css" rel="stylesheet">
@@ -66,19 +69,7 @@
66
69
 
67
70
 
68
71
 
69
- <!-- Method Quickref -->
70
- <div id="method-list-section" class="nav-section">
71
- <h3>Methods</h3>
72
-
73
- <ul class="link-list" role="directory">
74
-
75
- <li ><a href="#method-i-main">#main</a>
76
-
77
- <li ><a href="#method-i-okta_sync">#okta_sync</a>
78
72
 
79
- </ul>
80
- </div>
81
-
82
73
  </div>
83
74
  </nav>
84
75
 
@@ -119,26 +110,6 @@
119
110
  <dd>
120
111
 
121
112
 
122
- <dt id="OKTA_CLIENT_ORGURL">OKTA_CLIENT_ORGURL
123
-
124
- <dd>
125
-
126
-
127
- <dt id="OKTA_CLIENT_TOKEN">OKTA_CLIENT_TOKEN
128
-
129
- <dd>
130
-
131
-
132
- <dt id="SDM_API_ACCESS_KEY">SDM_API_ACCESS_KEY
133
-
134
- <dd>
135
-
136
-
137
- <dt id="SDM_API_SECRET_KEY">SDM_API_SECRET_KEY
138
-
139
- <dd>
140
-
141
-
142
113
  </dl>
143
114
  </section>
144
115
 
@@ -146,332 +117,6 @@
146
117
 
147
118
 
148
119
 
149
- <section id="public-instance-5Buntitled-5D-method-details" class="method-section">
150
- <header>
151
- <h3>Public Instance Methods</h3>
152
- </header>
153
-
154
-
155
- <div id="method-i-main" class="method-detail ">
156
-
157
- <div class="method-heading">
158
- <span class="method-name">main</span><span
159
- class="method-args">()</span>
160
-
161
- <span class="method-click-advice">click to toggle source</span>
162
-
163
- </div>
164
-
165
-
166
- <div class="method-description">
167
-
168
- <p>panicButton.rb suspends all users except for one admin, in the fake use case of a critical break in or something usage: ruby panicButton.rb adminuser@email.com to revert back to pre-panic state: ruby panicButton.rb revert</p>
169
-
170
-
171
-
172
-
173
- <div class="method-source-code" id="main-source">
174
- <pre><span class="ruby-comment"># File examples/panicButton.rb, line 67</span>
175
- <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">main</span>
176
- <span class="ruby-identifier">access_key</span> = <span class="ruby-constant">ENV</span>[<span class="ruby-string">&quot;SDM_API_ACCESS_KEY&quot;</span>]
177
- <span class="ruby-identifier">secret_key</span> = <span class="ruby-constant">ENV</span>[<span class="ruby-string">&quot;SDM_API_SECRET_KEY&quot;</span>]
178
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">access_key</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">secret_key</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
179
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;SDM_API_ACCESS_KEY and SDM_API_SECRET_KEY must be provided&quot;</span>
180
- <span class="ruby-keyword">return</span>
181
- <span class="ruby-keyword">end</span>
182
- <span class="ruby-identifier">client</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">access_key</span>, <span class="ruby-identifier">secret_key</span>)
183
-
184
- <span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span> <span class="ruby-keyword">and</span> <span class="ruby-constant">ARGV</span>[<span class="ruby-value">0</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;revert&quot;</span>
185
- <span class="ruby-identifier">state_file</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">&quot;state.json&quot;</span>)
186
- <span class="ruby-identifier">state</span> = <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">load</span>(<span class="ruby-identifier">state_file</span>)
187
-
188
- <span class="ruby-identifier">reinstated_count</span> = <span class="ruby-value">0</span>
189
-
190
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
191
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
192
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span>
193
- <span class="ruby-identifier">reinstated_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
194
- <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span> = <span class="ruby-keyword">false</span>
195
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">user</span>)
196
- <span class="ruby-keyword">end</span>
197
- }
198
- <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;attachments&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
199
- <span class="ruby-keyword">begin</span>
200
- <span class="ruby-identifier">a</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountAttachment</span>.<span class="ruby-identifier">new</span>()
201
- <span class="ruby-identifier">a</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;account_id&quot;</span>]
202
- <span class="ruby-identifier">a</span>.<span class="ruby-identifier">role_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;role_id&quot;</span>]
203
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">a</span>)
204
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AlreadyExistsError</span>
205
- <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
206
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping creation of attachment due to error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
207
- <span class="ruby-keyword">end</span>
208
- }
209
- <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;grants&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
210
- <span class="ruby-keyword">begin</span>
211
- <span class="ruby-identifier">g</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountGrant</span>.<span class="ruby-identifier">new</span>()
212
- <span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;account_id&quot;</span>]
213
- <span class="ruby-identifier">g</span>.<span class="ruby-identifier">resource_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;resource_id&quot;</span>]
214
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">g</span>)
215
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AlreadyExistsError</span>
216
- <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
217
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping creation of grant due to error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
218
- <span class="ruby-keyword">end</span>
219
- }
220
-
221
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;reinstated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">reinstated_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; users&quot;</span>
222
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;recreated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;attachments&quot;</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account attachments&quot;</span>
223
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;recreated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;grants&quot;</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account grants&quot;</span>
224
-
225
- <span class="ruby-keyword">return</span>
226
- <span class="ruby-keyword">end</span>
227
-
228
- <span class="ruby-identifier">admin_email</span> = <span class="ruby-string">&quot;&quot;</span>
229
- <span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>
230
- <span class="ruby-identifier">admin_email</span> = <span class="ruby-constant">ARGV</span>[<span class="ruby-value">0</span>]
231
- <span class="ruby-keyword">else</span>
232
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;please provide an admin email to preserve&quot;</span>
233
- <span class="ruby-keyword">return</span> <span class="ruby-value">1</span>
234
- <span class="ruby-keyword">end</span>
235
-
236
- <span class="ruby-identifier">admin_user_id</span> = <span class="ruby-string">&quot;&quot;</span>
237
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;email:?&quot;</span>, <span class="ruby-identifier">admin_email</span>)
238
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
239
- <span class="ruby-identifier">admin_user_id</span> = <span class="ruby-identifier">user</span>.<span class="ruby-identifier">id</span>
240
- }
241
-
242
- <span class="ruby-identifier">account_attachments</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
243
- <span class="ruby-identifier">account_grants</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
244
-
245
- <span class="ruby-identifier">state</span> = {
246
- <span class="ruby-value">&#39;attachments&#39;:</span> <span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span>
247
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">admin_user_id</span>
248
- <span class="ruby-identifier">out</span> = {
249
- <span class="ruby-value">&#39;account_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span>,
250
- <span class="ruby-value">&#39;role_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">role_id</span>,
251
- }
252
- <span class="ruby-keyword">end</span>
253
- }.<span class="ruby-identifier">reject</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span> <span class="ruby-identifier">x</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> },
254
- <span class="ruby-value">&#39;grants&#39;:</span> <span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span>
255
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">admin_user_id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">valid_until</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
256
- <span class="ruby-identifier">out</span> = {
257
- <span class="ruby-value">&#39;account_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span>,
258
- <span class="ruby-value">&#39;resource_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">resource_id</span>,
259
- }
260
- <span class="ruby-keyword">end</span>
261
- }.<span class="ruby-identifier">reject</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span> <span class="ruby-identifier">x</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> },
262
- }
263
-
264
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;storing &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-value">:attachments</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account attachments in state&quot;</span>
265
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;storing &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-value">:grants</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account grants in state&quot;</span>
266
-
267
- <span class="ruby-identifier">state_file</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">&quot;state.json&quot;</span>, <span class="ruby-string">&quot;w&quot;</span>)
268
- <span class="ruby-identifier">state_file</span>.<span class="ruby-identifier">write</span>(<span class="ruby-identifier">state</span>.<span class="ruby-identifier">to_json</span>)
269
-
270
- <span class="ruby-identifier">suspended_count</span> = <span class="ruby-value">0</span>
271
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
272
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
273
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">instance_of?</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">User</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">email</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">admin_email</span>
274
- <span class="ruby-keyword">next</span>
275
- <span class="ruby-keyword">end</span>
276
- <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span> = <span class="ruby-keyword">true</span>
277
- <span class="ruby-keyword">begin</span>
278
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">user</span>)
279
- <span class="ruby-identifier">suspended_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
280
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">StandardError</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
281
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping user &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; on account of error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
282
- <span class="ruby-keyword">end</span>
283
- }
284
-
285
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;suspended &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">suspended_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; users&quot;</span>
286
- <span class="ruby-keyword">end</span></pre>
287
- </div>
288
-
289
- </div>
290
-
291
-
292
-
293
-
294
- </div>
295
-
296
-
297
- <div id="method-i-okta_sync" class="method-detail ">
298
-
299
- <div class="method-heading">
300
- <span class="method-name">okta_sync</span><span
301
- class="method-args">()</span>
302
-
303
- <span class="method-click-advice">click to toggle source</span>
304
-
305
- </div>
306
-
307
-
308
- <div class="method-description">
309
-
310
-
311
-
312
-
313
-
314
-
315
- <div class="method-source-code" id="okta_sync-source">
316
- <pre><span class="ruby-comment"># File examples/okta-sync/oktaSync.rb, line 68</span>
317
- <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">okta_sync</span>
318
- <span class="ruby-keyword">if</span> <span class="ruby-constant">SDM_API_ACCESS_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">SDM_API_SECRET_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">OKTA_CLIENT_TOKEN</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">OKTA_CLIENT_ORGURL</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span>
319
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, OKTA_CLIENT_TOKEN, and OKTA_CLIENT_ORGURL must be set&quot;</span>
320
- <span class="ruby-identifier">exit</span>
321
- <span class="ruby-keyword">end</span>
322
-
323
- <span class="ruby-identifier">report</span> = {
324
- <span class="ruby-value">:start</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>,
325
-
326
- <span class="ruby-value">:oktaUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
327
- <span class="ruby-value">:oktaUsers</span> <span class="ruby-operator">=&gt;</span> [],
328
-
329
- <span class="ruby-value">:sdmUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
330
- <span class="ruby-value">:sdmUsers</span> <span class="ruby-operator">=&gt;</span> [],
331
-
332
- <span class="ruby-value">:bothUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
333
-
334
- <span class="ruby-value">:sdmResourcesCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
335
- <span class="ruby-value">:sdmResources</span> <span class="ruby-operator">=&gt;</span> {},
336
-
337
- <span class="ruby-value">:permissionsGranted</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
338
- <span class="ruby-value">:permissionsRevoked</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
339
- <span class="ruby-value">:grants</span> <span class="ruby-operator">=&gt;</span> [],
340
- <span class="ruby-value">:revocations</span> <span class="ruby-operator">=&gt;</span> [],
341
-
342
- <span class="ruby-value">:matchers</span> <span class="ruby-operator">=&gt;</span> {},
343
- }
344
-
345
- <span class="ruby-identifier">plan</span> = <span class="ruby-keyword">false</span>
346
- <span class="ruby-identifier">verbose</span> = <span class="ruby-keyword">false</span>
347
- <span class="ruby-constant">OptionParser</span>.<span class="ruby-identifier">new</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">opts</span><span class="ruby-operator">|</span>
348
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">banner</span> = <span class="ruby-string">&quot;Usage oktaSync.rb [options]&quot;</span>
349
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-p&quot;</span>, <span class="ruby-string">&quot;--plan&quot;</span>, <span class="ruby-string">&quot;calculate changes but do not apply them&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span>
350
- <span class="ruby-identifier">plan</span> = <span class="ruby-identifier">p</span>
351
- <span class="ruby-keyword">end</span>
352
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-v&quot;</span>, <span class="ruby-string">&quot;--verbose&quot;</span>, <span class="ruby-string">&quot;print detailed report&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span>
353
- <span class="ruby-identifier">verbose</span> = <span class="ruby-identifier">v</span>
354
- <span class="ruby-keyword">end</span>
355
- <span class="ruby-keyword">end</span>.<span class="ruby-identifier">parse!</span>
356
-
357
- <span class="ruby-identifier">client</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">SDM_API_ACCESS_KEY</span>, <span class="ruby-constant">SDM_API_SECRET_KEY</span>)
358
- <span class="ruby-identifier">okta_client</span> = <span class="ruby-constant">Oktakit</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">token:</span> <span class="ruby-constant">OKTA_CLIENT_TOKEN</span>, <span class="ruby-value">api_endpoint:</span> <span class="ruby-constant">OKTA_CLIENT_ORGURL</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/api/v1&quot;</span>)
359
- <span class="ruby-identifier">matchers</span> = <span class="ruby-constant">YAML</span>.<span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">&quot;matchers.yml&quot;</span>))
360
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:matchers</span>] = <span class="ruby-identifier">matchers</span>
361
-
362
- <span class="ruby-identifier">all_users</span> = <span class="ruby-identifier">okta_client</span>.<span class="ruby-identifier">list_users</span>({
363
- <span class="ruby-value">&#39;query&#39;:</span> {
364
- <span class="ruby-value">&#39;search&#39;:</span> <span class="ruby-string">&quot;profile.department eq \&quot;Engineering\&quot; and (status eq \&quot;ACTIVE\&quot;)&quot;</span>,
365
- },
366
- })
367
-
368
- <span class="ruby-identifier">okta_users</span> = <span class="ruby-constant">Array</span>.<span class="ruby-identifier">new</span>()
369
- <span class="ruby-identifier">all_users</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
370
- <span class="ruby-identifier">groups</span> = <span class="ruby-identifier">okta_client</span>.<span class="ruby-identifier">get_member_groups</span>(<span class="ruby-identifier">u</span>.<span class="ruby-identifier">id</span>)
371
- <span class="ruby-identifier">group_names</span> = <span class="ruby-constant">Array</span>.<span class="ruby-identifier">new</span>()
372
- <span class="ruby-identifier">groups</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">ug</span><span class="ruby-operator">|</span>
373
- <span class="ruby-identifier">group_names</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ug</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">name</span>)
374
- }
375
- <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">push</span>({ <span class="ruby-value">:login</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">login</span>, <span class="ruby-value">:first_name</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">firstName</span>, <span class="ruby-value">:last_name</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-constant">LastName</span>, <span class="ruby-value">:groups</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">group_names</span> })
376
- }
377
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:oktaUsers</span>] = <span class="ruby-identifier">okta_users</span>
378
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:oktaUsersCount</span>] = <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">size</span>
379
-
380
- <span class="ruby-identifier">accounts</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;type:user&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">a</span><span class="ruby-operator">|</span> [<span class="ruby-identifier">a</span>.<span class="ruby-identifier">email</span>, <span class="ruby-identifier">a</span>] }.<span class="ruby-identifier">to_h</span>
381
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmUsers</span>] = <span class="ruby-identifier">accounts</span>
382
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmUsersCount</span>] = <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">size</span>
383
- <span class="ruby-identifier">grants</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">ag</span><span class="ruby-operator">|</span> <span class="ruby-identifier">ag</span> }
384
-
385
- <span class="ruby-identifier">current</span> = {}
386
- <span class="ruby-identifier">grants</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">g</span><span class="ruby-operator">|</span>
387
- <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>] = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>]
388
- <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">g</span>)
389
- }
390
-
391
- <span class="ruby-identifier">desired</span> = {}
392
- <span class="ruby-identifier">overlapping</span> = <span class="ruby-value">0</span>
393
- <span class="ruby-identifier">matchers</span>[<span class="ruby-string">&quot;groups&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">group</span><span class="ruby-operator">|</span>
394
- <span class="ruby-identifier">group</span>[<span class="ruby-string">&quot;resources&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">resourceQuery</span><span class="ruby-operator">|</span>
395
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">resources</span>.<span class="ruby-identifier">list</span>(<span class="ruby-identifier">resourceQuery</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">res</span><span class="ruby-operator">|</span>
396
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResources</span>][<span class="ruby-identifier">res</span>.<span class="ruby-identifier">id</span>] = <span class="ruby-identifier">res</span>
397
- <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
398
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">u</span>[<span class="ruby-value">:groups</span>].<span class="ruby-identifier">include?</span> <span class="ruby-identifier">group</span>[<span class="ruby-string">&quot;name&quot;</span>]
399
- <span class="ruby-identifier">account</span> = <span class="ruby-identifier">accounts</span>[<span class="ruby-identifier">u</span>[<span class="ruby-value">:login</span>]]
400
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">account</span> <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
401
- <span class="ruby-identifier">overlapping</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
402
- <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>] = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>]
403
- <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">res</span>.<span class="ruby-identifier">id</span>)
404
- <span class="ruby-keyword">end</span>
405
- <span class="ruby-keyword">end</span>
406
- }
407
- }
408
- }
409
- }
410
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:bothUsersCount</span>] = <span class="ruby-identifier">overlapping</span>
411
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResourcesCount</span>] = <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResources</span>].<span class="ruby-identifier">size</span>
412
-
413
- <span class="ruby-identifier">accounts_in_roles</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aa</span><span class="ruby-operator">|</span> [<span class="ruby-identifier">aa</span>.<span class="ruby-identifier">account_id</span>, <span class="ruby-keyword">true</span>] }.<span class="ruby-identifier">to_h</span>
414
-
415
- <span class="ruby-identifier">revocations</span> = <span class="ruby-value">0</span>
416
- <span class="ruby-identifier">current</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aid</span>, <span class="ruby-identifier">curRes</span><span class="ruby-operator">|</span>
417
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">accounts_in_roles</span>[<span class="ruby-identifier">aid</span>]
418
- <span class="ruby-identifier">desRes</span> = <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">aid</span>]
419
- <span class="ruby-identifier">desRes</span> = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">aid</span>]
420
- <span class="ruby-identifier">curRes</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
421
- <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span>(<span class="ruby-identifier">desRes</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">resource_id</span>)
422
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
423
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Plan: revoke %s from user %s\n&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">r</span>.<span class="ruby-identifier">resource_id</span>, <span class="ruby-identifier">aid</span>]
424
- <span class="ruby-keyword">else</span>
425
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">r</span>.<span class="ruby-identifier">id</span>)
426
- <span class="ruby-keyword">end</span>
427
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:revocations</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">r</span>)
428
- <span class="ruby-identifier">revocations</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
429
- <span class="ruby-keyword">end</span>
430
- }
431
- }
432
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:permissionsRevoked</span>] = <span class="ruby-identifier">revocations</span>
433
-
434
- <span class="ruby-identifier">grants</span> = <span class="ruby-value">0</span>
435
- <span class="ruby-identifier">desired</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aid</span>, <span class="ruby-identifier">desRes</span><span class="ruby-operator">|</span>
436
- <span class="ruby-identifier">curRes</span> = <span class="ruby-identifier">current</span>[<span class="ruby-identifier">aid</span>]
437
- <span class="ruby-identifier">curRes</span> = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">current</span>[<span class="ruby-identifier">aid</span>]
438
- <span class="ruby-identifier">desRes</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
439
- <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span>(<span class="ruby-identifier">curRes</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">c</span><span class="ruby-operator">|</span> <span class="ruby-identifier">c</span>.<span class="ruby-identifier">resource_id</span> }.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">r</span>)
440
- <span class="ruby-identifier">ag</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountGrant</span>.<span class="ruby-identifier">new</span>()
441
- <span class="ruby-identifier">ag</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">aid</span>
442
- <span class="ruby-identifier">ag</span>.<span class="ruby-identifier">resource_id</span> = <span class="ruby-identifier">r</span>
443
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
444
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Plan: grant %s to user %s\n&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">r</span>, <span class="ruby-identifier">aid</span>]
445
- <span class="ruby-keyword">else</span>
446
- <span class="ruby-identifier">ag</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">ag</span>).<span class="ruby-identifier">account_grant</span>
447
- <span class="ruby-keyword">end</span>
448
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:grants</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ag</span>)
449
- <span class="ruby-identifier">grants</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
450
- <span class="ruby-keyword">end</span>
451
- }
452
- }
453
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:permissionsGranted</span>] = <span class="ruby-identifier">grants</span>
454
-
455
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:complete</span>] = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>
456
-
457
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">verbose</span>
458
- <span class="ruby-identifier">puts</span> <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">pretty_generate</span>(<span class="ruby-identifier">report</span>)
459
- <span class="ruby-keyword">else</span>
460
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;%d Okta users, %d strongDM users, %d overlapping users, %d grants, %d revocations&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">size</span>, <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">size</span>, <span class="ruby-identifier">overlapping</span>, <span class="ruby-identifier">grants</span>, <span class="ruby-identifier">revocations</span>]
461
- <span class="ruby-keyword">end</span>
462
- <span class="ruby-keyword">end</span></pre>
463
- </div>
464
-
465
- </div>
466
-
467
-
468
-
469
-
470
- </div>
471
-
472
-
473
- </section>
474
-
475
120
  </section>
476
121
 
477
122
  </main>
@@ -479,7 +124,7 @@
479
124
 
480
125
  <footer id="validator-badges" role="contentinfo">
481
126
  <p><a href="https://validator.w3.org/check/referer">Validate</a>
482
- <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.0.
127
+ <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.2.
483
128
  <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
484
129
  </footer>
485
130