strongdm 1.0.3 → 1.0.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 17f4aa6282dfaa68be25712d5b4f7cab461f31497ffab61967df1fdcb5d60092
-  data.tar.gz: f2a5f3c205b45b93a96bbb75cc82c3c0b09a92377a20b032f57c5725b935cbc2
+  metadata.gz: 99051b697a4ed19fb4cc796c12fc1a64bf97ebd1197a42877db6e517410d38eb
+  data.tar.gz: f6a84cd8cc08be3d146aeb2ab71674da4b673af3d25b3826ce38620167c289fd
 SHA512:
-  metadata.gz: 1fbbcbb8032480067b2177d86b1c9300083043da7ec309bb309a94d74cfa8168ccfd8595e41a90dfd3cf8d7dc4f91c92b53db5076710f21083129cdcd63b647c
-  data.tar.gz: 66cc6ffd965e7ae5d00b4d834af749e6bde810978b3318aef10c2d192ddef5b51219c0c7ed1f61681bd8e888300ec786a964c15d5726a595b125f6c6edfc06cc
+  metadata.gz: 7e3d8dda1dc999250b46c84df8868f6d796138d041f1135159951153a324f0bffde08a8883135d3652928b705d4087ee5ffff24398ee51dc6367b2a1dbf308d3
+  data.tar.gz: 716ef680d072f922eb27e4b6fd51df415c6f5d51ac9680d88900225593d276c20dcbe9cd8b00c47bfb932b49561f0bfab243787ababa0dd578532effc95ca224

data/README.md

@@ -1,23 +1,28 @@
 # strongDM SDK for Ruby
 
-The official strongDM SDK for the Ruby programming language.
+This is the official [strongDM](https://www.strongdm.com/) SDK for the Ruby programming language.
 
-## Quick Start
+Learn more with our [📚strongDM API docs](https://www.strongdm.com/docs/api/) or [📓browse the SDK reference](https://www.rubydoc.info/gems/strongdm).
 
-First, install the gem:
+
+## Installation
 
 ```bash
 $ gem install strongdm
 ```
 
-Next, go to https://app.strongdm.com and create an API key. Set the `SDM_API_ACCESS_KEY` and `SDM_API_SECRET_KEY` environment variables.
+## Authentication
+
+If you don't already have them you will need to generate a set of API keys, instructions are here: [API Credentials](https://www.strongdm.com/docs/admin-guide/api-credentials/)
 
+Add the keys as environment variables; the SDK will need to access these keys for every request.
 ```bash
 $ export SDM_API_ACCESS_KEY=<YOUR ACCESS KEY>
 $ export SDM_API_SECRET_KEY=<YOUR SECRET KEY>
 ```
 
-Run some example code.
+## List Users
+The following code lists all registered users:
 
 ```ruby
 require "strongdm"
@@ -27,4 +32,21 @@ users = client.accounts.list('')
 users.each do |user|
 	p user
 end
-```
+```
+
+## Useful Links
+
+* Documentation:  [strongdm gem](https://www.rubydoc.info/gems/strongdm)
+* Examples: [GitHub - strongdm/strongdm-sdk-ruby-examples](https://github.com/strongdm/strongdm-sdk-ruby-examples)
+	1. [Managing Resources](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/1_managing_resources)
+	2. [Managing Accounts](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/2_managing_accounts)
+	3. [Managing Roles](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/3_managing_roles)
+	4. [Managing Gateways](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/4_managing_gateways)
+   
+## License
+
+[Apache 2](https://github.com/strongdm/strongdm-sdk-ruby/blob/master/LICENSE)
+
+## Contributing 
+
+Currently, we are not accepting pull requests directly to this repository, but our users are some of the most resourceful and ambitious folks out there. So, if you have something to contribute, find a bug, or just want to give us some feedback, please email <support@strongdm.com>.

data/doc/LICENSE.html

@@ -69,16 +69,10 @@
   
     <li><a href="./examples/Gemfile.html">Gemfile</a>
   
-    <li><a href="./examples/Gemfile_lock.html">Gemfile.lock</a>
-  
-    <li><a href="./examples/README_md.html">README</a>
-  
-    <li><a href="./examples/okta-sync/Gemfile.html">Gemfile</a>
-  
-    <li><a href="./examples/okta-sync/Gemfile_lock.html">Gemfile.lock</a>
-  
     <li><a href="./lib/version.html">version</a>
   
+    <li><a href="./strongdm_gemspec.html">strongdm.gemspec</a>
+  
   </ul>
 </div>
 
@@ -195,7 +189,7 @@ identification within third-party archives.</pre>
 
 <footer id="validator-badges" role="contentinfo">
   <p><a href="https://validator.w3.org/check/referer">Validate</a>
-  <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.2.1.
+  <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.2.
   <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
 </footer>
 

data/doc/Object.html

@@ -69,19 +69,7 @@
 
     
     
-    <!-- Method Quickref -->
-<div id="method-list-section" class="nav-section">
-  <h3>Methods</h3>
-
-  <ul class="link-list" role="directory">
-    
-    <li ><a href="#method-i-main">#main</a>
-    
-    <li ><a href="#method-i-okta_sync">#okta_sync</a>
     
-  </ul>
-</div>
-
   </div>
 </nav>
 
@@ -122,26 +110,6 @@
         <dd>
         
       
-        <dt id="OKTA_CLIENT_ORGURL">OKTA_CLIENT_ORGURL
-        
-        <dd>
-        
-      
-        <dt id="OKTA_CLIENT_TOKEN">OKTA_CLIENT_TOKEN
-        
-        <dd>
-        
-      
-        <dt id="SDM_API_ACCESS_KEY">SDM_API_ACCESS_KEY
-        
-        <dd>
-        
-      
-        <dt id="SDM_API_SECRET_KEY">SDM_API_SECRET_KEY
-        
-        <dd>
-        
-      
       </dl>
     </section>
     
@@ -149,329 +117,6 @@
     
 
     
-     <section id="public-instance-5Buntitled-5D-method-details" class="method-section">
-       <header>
-         <h3>Public Instance Methods</h3>
-       </header>
-
-    
-      <div id="method-i-main" class="method-detail ">
-        
-        <div class="method-heading">
-          <span class="method-name">main</span><span
-            class="method-args">()</span>
-          
-          <span class="method-click-advice">click to toggle source</span>
-          
-        </div>
-        
-
-        <div class="method-description">
-          
-          <p>panicButton.rb suspends all users except for one admin, in the fake use case of a critical break in or something usage: ruby panicButton.rb adminuser@email.com to revert back to pre-panic state: ruby panicButton.rb revert</p>
-          
-          
-
-          
-          <div class="method-source-code" id="main-source">
-            <pre><span class="ruby-comment"># File examples/panicButton.rb, line 25</span>
-<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">main</span>
-  <span class="ruby-identifier">access_key</span> = <span class="ruby-constant">ENV</span>[<span class="ruby-string">&quot;SDM_API_ACCESS_KEY&quot;</span>]
-  <span class="ruby-identifier">secret_key</span> = <span class="ruby-constant">ENV</span>[<span class="ruby-string">&quot;SDM_API_SECRET_KEY&quot;</span>]
-  <span class="ruby-keyword">if</span> <span class="ruby-identifier">access_key</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">secret_key</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
-    <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;SDM_API_ACCESS_KEY and SDM_API_SECRET_KEY must be provided&quot;</span>
-    <span class="ruby-keyword">return</span>
-  <span class="ruby-keyword">end</span>
-  <span class="ruby-identifier">client</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">access_key</span>, <span class="ruby-identifier">secret_key</span>)
-
-  <span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span> <span class="ruby-keyword">and</span> <span class="ruby-constant">ARGV</span>[<span class="ruby-value">0</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;revert&quot;</span>
-    <span class="ruby-identifier">state_file</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">&quot;state.json&quot;</span>)
-    <span class="ruby-identifier">state</span> = <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">load</span>(<span class="ruby-identifier">state_file</span>)
-
-    <span class="ruby-identifier">reinstated_count</span> = <span class="ruby-value">0</span>
-
-    <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
-    <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
-      <span class="ruby-keyword">if</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span>
-        <span class="ruby-identifier">reinstated_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
-        <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span> = <span class="ruby-keyword">false</span>
-        <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">user</span>)
-      <span class="ruby-keyword">end</span>
-    }
-    <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;attachments&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
-      <span class="ruby-keyword">begin</span>
-        <span class="ruby-identifier">a</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountAttachment</span>.<span class="ruby-identifier">new</span>()
-        <span class="ruby-identifier">a</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;account_id&quot;</span>]
-        <span class="ruby-identifier">a</span>.<span class="ruby-identifier">role_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;role_id&quot;</span>]
-        <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">a</span>)
-      <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AlreadyExistsError</span>
-      <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
-        <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping creation of attachment due to error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
-      <span class="ruby-keyword">end</span>
-    }
-    <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;grants&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
-      <span class="ruby-keyword">begin</span>
-        <span class="ruby-identifier">g</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountGrant</span>.<span class="ruby-identifier">new</span>()
-        <span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;account_id&quot;</span>]
-        <span class="ruby-identifier">g</span>.<span class="ruby-identifier">resource_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;resource_id&quot;</span>]
-        <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">g</span>)
-      <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AlreadyExistsError</span>
-      <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
-        <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping creation of grant due to error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
-      <span class="ruby-keyword">end</span>
-    }
-
-    <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;reinstated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">reinstated_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; users&quot;</span>
-    <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;recreated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;attachments&quot;</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account attachments&quot;</span>
-    <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;recreated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;grants&quot;</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account grants&quot;</span>
-
-    <span class="ruby-keyword">return</span>
-  <span class="ruby-keyword">end</span>
-
-  <span class="ruby-identifier">admin_email</span> = <span class="ruby-string">&quot;&quot;</span>
-  <span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>
-    <span class="ruby-identifier">admin_email</span> = <span class="ruby-constant">ARGV</span>[<span class="ruby-value">0</span>]
-  <span class="ruby-keyword">else</span>
-    <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;please provide an admin email to preserve&quot;</span>
-    <span class="ruby-keyword">return</span> <span class="ruby-value">1</span>
-  <span class="ruby-keyword">end</span>
-
-  <span class="ruby-identifier">admin_user_id</span> = <span class="ruby-string">&quot;&quot;</span>
-  <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;email:?&quot;</span>, <span class="ruby-identifier">admin_email</span>)
-  <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">admin_user_id</span> = <span class="ruby-identifier">user</span>.<span class="ruby-identifier">id</span>
-  }
-
-  <span class="ruby-identifier">account_attachments</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
-  <span class="ruby-identifier">account_grants</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
-
-  <span class="ruby-identifier">state</span> = {
-    <span class="ruby-value">&#39;attachments&#39;:</span> <span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span>
-      <span class="ruby-keyword">if</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">admin_user_id</span>
-        <span class="ruby-identifier">out</span> = {
-          <span class="ruby-value">&#39;account_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span>,
-          <span class="ruby-value">&#39;role_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">role_id</span>,
-        }
-      <span class="ruby-keyword">end</span>
-    }.<span class="ruby-identifier">reject</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span> <span class="ruby-identifier">x</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> },
-    <span class="ruby-value">&#39;grants&#39;:</span> <span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span>
-      <span class="ruby-keyword">if</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">admin_user_id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">valid_until</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
-        <span class="ruby-identifier">out</span> = {
-          <span class="ruby-value">&#39;account_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span>,
-          <span class="ruby-value">&#39;resource_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">resource_id</span>,
-        }
-      <span class="ruby-keyword">end</span>
-    }.<span class="ruby-identifier">reject</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span> <span class="ruby-identifier">x</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> },
-  }
-
-  <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;storing &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-value">:attachments</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account attachments in state&quot;</span>
-  <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;storing &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-value">:grants</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account grants in state&quot;</span>
-
-  <span class="ruby-identifier">state_file</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">&quot;state.json&quot;</span>, <span class="ruby-string">&quot;w&quot;</span>)
-  <span class="ruby-identifier">state_file</span>.<span class="ruby-identifier">write</span>(<span class="ruby-identifier">state</span>.<span class="ruby-identifier">to_json</span>)
-
-  <span class="ruby-identifier">suspended_count</span> = <span class="ruby-value">0</span>
-  <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
-  <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
-    <span class="ruby-keyword">if</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">instance_of?</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">User</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">email</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">admin_email</span>
-      <span class="ruby-keyword">next</span>
-    <span class="ruby-keyword">end</span>
-    <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span> = <span class="ruby-keyword">true</span>
-    <span class="ruby-keyword">begin</span>
-      <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">user</span>)
-      <span class="ruby-identifier">suspended_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
-    <span class="ruby-keyword">rescue</span> <span class="ruby-constant">StandardError</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
-      <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping user &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; on account of error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
-    <span class="ruby-keyword">end</span>
-  }
-
-  <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;suspended &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">suspended_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; users&quot;</span>
-<span class="ruby-keyword">end</span></pre>
-          </div>
-          
-        </div>
-
-        
-
-        
-      </div>
-
-    
-      <div id="method-i-okta_sync" class="method-detail ">
-        
-        <div class="method-heading">
-          <span class="method-name">okta_sync</span><span
-            class="method-args">()</span>
-          
-          <span class="method-click-advice">click to toggle source</span>
-          
-        </div>
-        
-
-        <div class="method-description">
-          
-          
-          
-          
-
-          
-          <div class="method-source-code" id="okta_sync-source">
-            <pre><span class="ruby-comment"># File examples/okta-sync/oktaSync.rb, line 25</span>
-<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">okta_sync</span>
-  <span class="ruby-keyword">if</span> <span class="ruby-constant">SDM_API_ACCESS_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">SDM_API_SECRET_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">OKTA_CLIENT_TOKEN</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">OKTA_CLIENT_ORGURL</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span>
-    <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, OKTA_CLIENT_TOKEN, and OKTA_CLIENT_ORGURL must be set&quot;</span>
-    <span class="ruby-identifier">exit</span>
-  <span class="ruby-keyword">end</span>
-
-  <span class="ruby-identifier">report</span> = {
-    <span class="ruby-value">:start</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>,
-
-    <span class="ruby-value">:oktaUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
-    <span class="ruby-value">:oktaUsers</span> <span class="ruby-operator">=&gt;</span> [],
-
-    <span class="ruby-value">:sdmUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
-    <span class="ruby-value">:sdmUsers</span> <span class="ruby-operator">=&gt;</span> [],
-
-    <span class="ruby-value">:bothUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
-
-    <span class="ruby-value">:sdmResourcesCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
-    <span class="ruby-value">:sdmResources</span> <span class="ruby-operator">=&gt;</span> {},
-
-    <span class="ruby-value">:permissionsGranted</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
-    <span class="ruby-value">:permissionsRevoked</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
-    <span class="ruby-value">:grants</span> <span class="ruby-operator">=&gt;</span> [],
-    <span class="ruby-value">:revocations</span> <span class="ruby-operator">=&gt;</span> [],
-
-    <span class="ruby-value">:matchers</span> <span class="ruby-operator">=&gt;</span> {},
-  }
-
-  <span class="ruby-identifier">plan</span> = <span class="ruby-keyword">false</span>
-  <span class="ruby-identifier">verbose</span> = <span class="ruby-keyword">false</span>
-  <span class="ruby-constant">OptionParser</span>.<span class="ruby-identifier">new</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">opts</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">banner</span> = <span class="ruby-string">&quot;Usage oktaSync.rb [options]&quot;</span>
-    <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-p&quot;</span>, <span class="ruby-string">&quot;--plan&quot;</span>, <span class="ruby-string">&quot;calculate changes but do not apply them&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span>
-      <span class="ruby-identifier">plan</span> = <span class="ruby-identifier">p</span>
-    <span class="ruby-keyword">end</span>
-    <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-v&quot;</span>, <span class="ruby-string">&quot;--verbose&quot;</span>, <span class="ruby-string">&quot;print detailed report&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span>
-      <span class="ruby-identifier">verbose</span> = <span class="ruby-identifier">v</span>
-    <span class="ruby-keyword">end</span>
-  <span class="ruby-keyword">end</span>.<span class="ruby-identifier">parse!</span>
-
-  <span class="ruby-identifier">client</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">SDM_API_ACCESS_KEY</span>, <span class="ruby-constant">SDM_API_SECRET_KEY</span>)
-  <span class="ruby-identifier">okta_client</span> = <span class="ruby-constant">Oktakit</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">token:</span> <span class="ruby-constant">OKTA_CLIENT_TOKEN</span>, <span class="ruby-value">api_endpoint:</span> <span class="ruby-constant">OKTA_CLIENT_ORGURL</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/api/v1&quot;</span>)
-  <span class="ruby-identifier">matchers</span> = <span class="ruby-constant">YAML</span>.<span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">&quot;matchers.yml&quot;</span>))
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:matchers</span>] = <span class="ruby-identifier">matchers</span>
-
-  <span class="ruby-identifier">all_users</span> = <span class="ruby-identifier">okta_client</span>.<span class="ruby-identifier">list_users</span>({
-    <span class="ruby-value">&#39;query&#39;:</span> {
-      <span class="ruby-value">&#39;search&#39;:</span> <span class="ruby-string">&quot;profile.department eq \&quot;Engineering\&quot; and (status eq \&quot;ACTIVE\&quot;)&quot;</span>,
-    },
-  })
-
-  <span class="ruby-identifier">okta_users</span> = <span class="ruby-constant">Array</span>.<span class="ruby-identifier">new</span>()
-  <span class="ruby-identifier">all_users</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">groups</span> = <span class="ruby-identifier">okta_client</span>.<span class="ruby-identifier">get_member_groups</span>(<span class="ruby-identifier">u</span>.<span class="ruby-identifier">id</span>)
-    <span class="ruby-identifier">group_names</span> = <span class="ruby-constant">Array</span>.<span class="ruby-identifier">new</span>()
-    <span class="ruby-identifier">groups</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">ug</span><span class="ruby-operator">|</span>
-      <span class="ruby-identifier">group_names</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ug</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">name</span>)
-    }
-    <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">push</span>({ <span class="ruby-value">:login</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">login</span>, <span class="ruby-value">:first_name</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">firstName</span>, <span class="ruby-value">:last_name</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-constant">LastName</span>, <span class="ruby-value">:groups</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">group_names</span> })
-  }
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:oktaUsers</span>] = <span class="ruby-identifier">okta_users</span>
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:oktaUsersCount</span>] = <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">size</span>
-
-  <span class="ruby-identifier">accounts</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;type:user&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">a</span><span class="ruby-operator">|</span> [<span class="ruby-identifier">a</span>.<span class="ruby-identifier">email</span>, <span class="ruby-identifier">a</span>] }.<span class="ruby-identifier">to_h</span>
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmUsers</span>] = <span class="ruby-identifier">accounts</span>
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmUsersCount</span>] = <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">size</span>
-  <span class="ruby-identifier">grants</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">ag</span><span class="ruby-operator">|</span> <span class="ruby-identifier">ag</span> }
-
-  <span class="ruby-identifier">current</span> = {}
-  <span class="ruby-identifier">grants</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">g</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>] = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>]
-    <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:resource_id</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">g</span>.<span class="ruby-identifier">resource_id</span>, <span class="ruby-value">:id</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">g</span>.<span class="ruby-identifier">id</span> })
-  }
-
-  <span class="ruby-identifier">desired</span> = {}
-  <span class="ruby-identifier">overlapping</span> = <span class="ruby-value">0</span>
-  <span class="ruby-identifier">matchers</span>[<span class="ruby-string">&quot;groups&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">group</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">group</span>[<span class="ruby-string">&quot;resources&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">resourceQuery</span><span class="ruby-operator">|</span>
-      <span class="ruby-identifier">client</span>.<span class="ruby-identifier">resources</span>.<span class="ruby-identifier">list</span>(<span class="ruby-identifier">resourceQuery</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">res</span><span class="ruby-operator">|</span>
-        <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResources</span>][<span class="ruby-identifier">res</span>.<span class="ruby-identifier">id</span>] = <span class="ruby-identifier">res</span>
-        <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
-          <span class="ruby-keyword">if</span> <span class="ruby-identifier">u</span>[<span class="ruby-value">:groups</span>].<span class="ruby-identifier">include?</span> <span class="ruby-identifier">group</span>[<span class="ruby-string">&quot;name&quot;</span>]
-            <span class="ruby-identifier">account</span> = <span class="ruby-identifier">accounts</span>[<span class="ruby-identifier">u</span>[<span class="ruby-value">:login</span>]]
-            <span class="ruby-keyword">if</span> <span class="ruby-identifier">account</span> <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
-              <span class="ruby-identifier">overlapping</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
-              <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>] = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>]
-              <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">res</span>.<span class="ruby-identifier">id</span>)
-            <span class="ruby-keyword">end</span>
-          <span class="ruby-keyword">end</span>
-        }
-      }
-    }
-  }
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:bothUsersCount</span>] = <span class="ruby-identifier">overlapping</span>
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResourcesCount</span>] = <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResources</span>].<span class="ruby-identifier">size</span>
-
-  <span class="ruby-identifier">revocations</span> = <span class="ruby-value">0</span>
-  <span class="ruby-identifier">current</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aid</span>, <span class="ruby-identifier">curRes</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">desRes</span> = <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">aid</span>]
-    <span class="ruby-identifier">desRes</span> = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">aid</span>]
-    <span class="ruby-identifier">curRes</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
-      <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span>(<span class="ruby-identifier">desRes</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:resource_id</span>])
-        <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
-          <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Plan: revoke %s from user %s\n&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">r</span>[<span class="ruby-value">:resource_id</span>], <span class="ruby-identifier">aid</span>]
-        <span class="ruby-keyword">else</span>
-          <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">r</span>[<span class="ruby-value">:id</span>])
-        <span class="ruby-keyword">end</span>
-        <span class="ruby-identifier">report</span>[<span class="ruby-value">:revocations</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">r</span>[<span class="ruby-value">:id</span>])
-        <span class="ruby-identifier">revocations</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
-      <span class="ruby-keyword">end</span>
-    }
-  }
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:permissionsRevoked</span>] = <span class="ruby-identifier">revocations</span>
-
-  <span class="ruby-identifier">grants</span> = <span class="ruby-value">0</span>
-  <span class="ruby-identifier">desired</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aid</span>, <span class="ruby-identifier">desRes</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">curRes</span> = <span class="ruby-identifier">current</span>[<span class="ruby-identifier">aid</span>]
-    <span class="ruby-identifier">curRes</span> = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">current</span>[<span class="ruby-identifier">aid</span>]
-    <span class="ruby-identifier">desRes</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
-      <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span>(<span class="ruby-identifier">curRes</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">c</span><span class="ruby-operator">|</span> <span class="ruby-identifier">c</span>[<span class="ruby-value">:resource_id</span>] }.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">r</span>)
-        <span class="ruby-identifier">ag</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountGrant</span>.<span class="ruby-identifier">new</span>()
-        <span class="ruby-identifier">ag</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">aid</span>
-        <span class="ruby-identifier">ag</span>.<span class="ruby-identifier">resource_id</span> = <span class="ruby-identifier">r</span>
-        <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
-          <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Plan: grant %s to user %s\n&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">r</span>, <span class="ruby-identifier">aid</span>]
-        <span class="ruby-keyword">else</span>
-          <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">ag</span>)
-        <span class="ruby-keyword">end</span>
-        <span class="ruby-identifier">report</span>[<span class="ruby-value">:grants</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ag</span>)
-        <span class="ruby-identifier">grants</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
-      <span class="ruby-keyword">end</span>
-    }
-  }
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:permissionsGranted</span>] = <span class="ruby-identifier">grants</span>
-
-  <span class="ruby-identifier">report</span>[<span class="ruby-value">:complete</span>] = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>
-
-  <span class="ruby-keyword">if</span> <span class="ruby-identifier">verbose</span>
-    <span class="ruby-identifier">puts</span> <span class="ruby-identifier">report</span>.<span class="ruby-identifier">to_json</span>
-  <span class="ruby-keyword">else</span>
-    <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;%d Okta users, %d strongDM users, %d overlapping users, %d grants, %d revocations&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">size</span>, <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">size</span>, <span class="ruby-identifier">overlapping</span>, <span class="ruby-identifier">grants</span>, <span class="ruby-identifier">revocations</span>]
-  <span class="ruby-keyword">end</span>
-<span class="ruby-keyword">end</span></pre>
-          </div>
-          
-        </div>
-
-        
-
-        
-      </div>
-
-    
-    </section>
-  
   </section>
 
 </main>
@@ -479,7 +124,7 @@
 
 <footer id="validator-badges" role="contentinfo">
   <p><a href="https://validator.w3.org/check/referer">Validate</a>
-  <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.2.1.
+  <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.2.
   <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
 </footer>