strongdm 1.0.34 → 2.2.0

data/lib/strongdm.rb

@@ -13,24 +13,26 @@
 # limitations under the License.
 #
 
-# This file was generated by protogen. DO NOT EDIT.
+# @internal This file was generated by protogen. DO NOT EDIT.
 
 require_relative "./svc"
 require "base64"
 require "openssl"
+require "time"
 
-DEFAULT_MAX_RETRIES = 3
-DEFAULT_BASE_RETRY_DELAY = 0.0030 # 30 ms
-DEFAULT_MAX_RETRY_DELAY = 300 # 300 seconds
-API_VERSION = "2021-08-23"
-USER_AGENT = "strongdm-sdk-ruby/1.0.34"
-
-module SDM
+module SDM #:nodoc:
 
   # Client bundles all the services together and initializes them.
   class Client
+    DEFAULT_MAX_RETRIES = 3
+    DEFAULT_BASE_RETRY_DELAY = 0.0030 # 30 ms
+    DEFAULT_MAX_RETRY_DELAY = 300 # 300 seconds
+    API_VERSION = "2021-08-23"
+    USER_AGENT = "strongdm-sdk-ruby/2.2.0"
+    private_constant :DEFAULT_MAX_RETRIES, :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :API_VERSION, :USER_AGENT
+
     # Creates a new strongDM API client.
-    def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false)
+    def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true)
       raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String)
       raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String)
       raise TypeError, "client host must be a string" unless host.kind_of?(String)
@@ -39,6 +41,7 @@ module SDM
       @max_retries = DEFAULT_MAX_RETRIES
       @base_retry_delay = DEFAULT_BASE_RETRY_DELAY
       @max_retry_delay = DEFAULT_MAX_RETRY_DELAY
+      @expose_rate_limit_errors = (not retry_rate_limit_errors)
       @account_attachments = AccountAttachments.new(host, insecure, self)
       @account_grants = AccountGrants.new(host, insecure, self)
       @accounts = Accounts.new(host, insecure, self)
@@ -93,6 +96,17 @@ module SDM
       if not err.is_a? GRPC::BadStatus
         return true
       end
+      porcelainErr = Plumbing::convert_error_to_porcelain(err)
+      if (not @expose_rate_limit_errors) and (porcelainErr.is_a? RateLimitError)
+        sleep_for = porcelainErr.rate_limit.reset_at - Time.now
+        # If timezones or clock drift causes this calculation to fail,
+        # wait at most one minute.
+        if sleep_for < 0 or sleep_for > 60
+          sleep_for = 60
+        end
+        sleep(sleep_for)
+        return true
+      end
       return err.code() == 13
     end
 
@@ -102,39 +116,62 @@ module SDM
 
     # API authentication token (read-only).
     attr_reader :api_access_key
-    # AccountAttachments assign an account to a role or composite role.
+    # AccountAttachments assign an account to a role.
+    #
+    # See {AccountAttachments}.
     attr_reader :account_attachments
     # AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
+    #
+    # See {AccountGrants}.
     attr_reader :account_grants
     # Accounts are users that have access to strongDM. There are two types of accounts:
     # 1. **Users:** humans who are authenticated through username and password or SSO.
     # 2. **Service Accounts:** machines that are authenticated using a service token.
+    #
+    # See {Accounts}.
     attr_reader :accounts
     # ControlPanel contains all administrative controls.
+    #
+    # See {ControlPanel}.
     attr_reader :control_panel
     # Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
     # - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
     # - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
+    #
+    # See {Nodes}.
     attr_reader :nodes
-
+    # Resources are databases, servers, clusters, websites, or clouds that strongDM
+    # delegates access to.
+    #
+    # See {Resources}.
     attr_reader :resources
     # RoleAttachments represent relationships between composite roles and the roles
     # that make up those composite roles. When a composite role is attached to another
     # role, the permissions granted to members of the composite role are augmented to
     # include the permissions granted to members of the attached role.
+    #
+    # Deprecated: use multi-role via AccountAttachments instead.
+    #
+    # See {RoleAttachments}.
     attr_reader :role_attachments
     # RoleGrants represent relationships between composite roles and the roles
     # that make up those composite roles. When a composite role is attached to another
     # role, the permissions granted to members of the composite role are augmented to
     # include the permissions granted to members of the attached role.
+    #
+    # Deprecated: use Role access rules instead.
+    #
+    # See {RoleGrants}.
     attr_reader :role_grants
-    # Roles are tools for controlling user access to resources. Each Role holds a
-    # list of resources which they grant access to. Composite roles are a special
-    # type of Role which have no resource associations of their own, but instead
-    # grant access to the combined resources associated with a set of child roles.
-    # Each user can be a member of one Role or composite role.
+    # A Role has a list of access rules which determine which Resources the members
+    # of the Role have access to. An Account can be a member of multiple Roles via
+    # AccountAttachments.
+    #
+    # See {Roles}.
     attr_reader :roles
     # SecretStores are servers where resource secrets (passwords, keys) are stored.
+    #
+    # See {SecretStores}.
     attr_reader :secret_stores
     attr_reader :_test_options
   end

data/lib/svc.rb

@@ -13,7 +13,7 @@
 # limitations under the License.
 #
 
-# This file was generated by protogen. DO NOT EDIT.
+# @internal This file was generated by protogen. DO NOT EDIT.
 
 this_dir = File.expand_path(File.dirname(__FILE__))
 lib_dir = File.join(this_dir, "grpc")
@@ -23,9 +23,13 @@ require "enumerator"
 Dir[File.join(__dir__, "grpc", "*.rb")].each { |file| require file }
 Dir[File.join(__dir__, "models", "*.rb")].each { |file| require file }
 
-module SDM
-  # AccountAttachments assign an account to a role or composite role.
+module SDM #:nodoc:
+  # AccountAttachments assign an account to a role.
+  #
+  # See {AccountAttachment}.
   class AccountAttachments
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -168,7 +172,11 @@ module SDM
   end
 
   # AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
+  #
+  # See {AccountGrant}.
   class AccountGrants
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -313,7 +321,13 @@ module SDM
   # Accounts are users that have access to strongDM. There are two types of accounts:
   # 1. **Users:** humans who are authenticated through username and password or SSO.
   # 2. **Service Accounts:** machines that are authenticated using a service token.
+  #
+  # See:
+  # {Service}
+  # {User}
   class Accounts
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -389,7 +403,7 @@ module SDM
       resp
     end
 
-    # Update patches a Account by ID.
+    # Update replaces all the fields of an Account by ID.
     def update(
       account,
       deadline: nil
@@ -419,7 +433,7 @@ module SDM
       resp
     end
 
-    # Delete removes a Account by ID.
+    # Delete removes an Account by ID.
     def delete(
       id,
       deadline: nil
@@ -488,6 +502,8 @@ module SDM
 
   # ControlPanel contains all administrative controls.
   class ControlPanel
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -564,7 +580,13 @@ module SDM
   # Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
   # - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
   # - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
+  #
+  # See:
+  # {Gateway}
+  # {Relay}
   class Nodes
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -640,7 +662,7 @@ module SDM
       resp
     end
 
-    # Update patches a Node by ID.
+    # Update replaces all the fields of a Node by ID.
     def update(
       node,
       deadline: nil
@@ -737,7 +759,84 @@ module SDM
     end
   end
 
+  # Resources are databases, servers, clusters, websites, or clouds that strongDM
+  # delegates access to.
+  #
+  # See:
+  # {AKS}
+  # {AKSBasicAuth}
+  # {AKSServiceAccount}
+  # {AKSServiceAccountUserImpersonation}
+  # {AKSUserImpersonation}
+  # {AmazonEKS}
+  # {AmazonEKSUserImpersonation}
+  # {AmazonES}
+  # {AmazonMQAMQP091}
+  # {Athena}
+  # {AuroraMysql}
+  # {AuroraPostgres}
+  # {AWS}
+  # {Azure}
+  # {AzureCertificate}
+  # {AzurePostgres}
+  # {BigQuery}
+  # {Cassandra}
+  # {Citus}
+  # {Clustrix}
+  # {Cockroach}
+  # {DB2I}
+  # {DB2LUW}
+  # {DocumentDBHost}
+  # {DocumentDBReplicaSet}
+  # {Druid}
+  # {DynamoDB}
+  # {Elastic}
+  # {ElasticacheRedis}
+  # {GCP}
+  # {GoogleGKE}
+  # {GoogleGKEUserImpersonation}
+  # {Greenplum}
+  # {HTTPAuth}
+  # {HTTPBasicAuth}
+  # {HTTPNoAuth}
+  # {Kubernetes}
+  # {KubernetesBasicAuth}
+  # {KubernetesServiceAccount}
+  # {KubernetesServiceAccountUserImpersonation}
+  # {KubernetesUserImpersonation}
+  # {Maria}
+  # {Memcached}
+  # {Memsql}
+  # {MongoHost}
+  # {MongoLegacyHost}
+  # {MongoLegacyReplicaset}
+  # {MongoReplicaSet}
+  # {MongoShardedCluster}
+  # {MTLSMysql}
+  # {MTLSPostgres}
+  # {Mysql}
+  # {Neptune}
+  # {NeptuneIAM}
+  # {Oracle}
+  # {Postgres}
+  # {Presto}
+  # {RabbitMQAMQP091}
+  # {RawTCP}
+  # {RDP}
+  # {Redis}
+  # {Redshift}
+  # {SingleStore}
+  # {Snowflake}
+  # {SQLServer}
+  # {SSH}
+  # {SSHCert}
+  # {SSHCustomerKey}
+  # {Sybase}
+  # {SybaseIQ}
+  # {Teradata}
   class Resources
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -849,7 +948,7 @@ module SDM
       resp
     end
 
-    # Update patches a Resource by ID.
+    # Update replaces all the fields of a Resource by ID.
     def update(
       resource,
       deadline: nil
@@ -950,7 +1049,13 @@ module SDM
   # that make up those composite roles. When a composite role is attached to another
   # role, the permissions granted to members of the composite role are augmented to
   # include the permissions granted to members of the attached role.
+  #
+  # Deprecated: use multi-role via AccountAttachments instead.
+  #
+  # See {RoleAttachment}.
   class RoleAttachments
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -966,6 +1071,8 @@ module SDM
     end
 
     # Create registers a new RoleAttachment.
+    #
+    # Deprecated: use multi-role via AccountAttachments instead.
     def create(
       role_attachment,
       deadline: nil
@@ -995,7 +1102,10 @@ module SDM
       resp
     end
 
+    deprecate :create, :none, 2022, 6
     # Get reads one RoleAttachment by ID.
+    #
+    # Deprecated: use multi-role via AccountAttachments instead.
     def get(
       id,
       deadline: nil
@@ -1025,7 +1135,10 @@ module SDM
       resp
     end
 
+    deprecate :get, :none, 2022, 6
     # Delete removes a RoleAttachment by ID.
+    #
+    # Deprecated: use multi-role via AccountAttachments instead.
     def delete(
       id,
       deadline: nil
@@ -1054,7 +1167,10 @@ module SDM
       resp
     end
 
+    deprecate :delete, :none, 2022, 6
     # List gets a list of RoleAttachments matching a given set of criteria.
+    #
+    # Deprecated: use multi-role via AccountAttachments instead.
     def list(
       filter,
       *args,
@@ -1090,13 +1206,21 @@ module SDM
       }
       resp
     end
+
+    deprecate :list, :none, 2022, 6
   end
 
   # RoleGrants represent relationships between composite roles and the roles
   # that make up those composite roles. When a composite role is attached to another
   # role, the permissions granted to members of the composite role are augmented to
   # include the permissions granted to members of the attached role.
+  #
+  # Deprecated: use Role access rules instead.
+  #
+  # See {RoleGrant}.
   class RoleGrants
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -1112,6 +1236,8 @@ module SDM
     end
 
     # Create registers a new RoleGrant.
+    #
+    # Deprecated: use Role access rules instead.
     def create(
       role_grant,
       deadline: nil
@@ -1141,7 +1267,10 @@ module SDM
       resp
     end
 
+    deprecate :create, :none, 2022, 6
     # Get reads one RoleGrant by ID.
+    #
+    # Deprecated: use Role access rules instead.
     def get(
       id,
       deadline: nil
@@ -1171,7 +1300,10 @@ module SDM
       resp
     end
 
+    deprecate :get, :none, 2022, 6
     # Delete removes a RoleGrant by ID.
+    #
+    # Deprecated: use Role access rules instead.
     def delete(
       id,
       deadline: nil
@@ -1200,7 +1332,10 @@ module SDM
       resp
     end
 
+    deprecate :delete, :none, 2022, 6
     # List gets a list of RoleGrants matching a given set of criteria.
+    #
+    # Deprecated: use Role access rules instead.
     def list(
       filter,
       *args,
@@ -1236,14 +1371,18 @@ module SDM
       }
       resp
     end
+
+    deprecate :list, :none, 2022, 6
   end
 
-  # Roles are tools for controlling user access to resources. Each Role holds a
-  # list of resources which they grant access to. Composite roles are a special
-  # type of Role which have no resource associations of their own, but instead
-  # grant access to the combined resources associated with a set of child roles.
-  # Each user can be a member of one Role or composite role.
+  # A Role has a list of access rules which determine which Resources the members
+  # of the Role have access to. An Account can be a member of multiple Roles via
+  # AccountAttachments.
+  #
+  # See {Role}.
   class Roles
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -1318,7 +1457,7 @@ module SDM
       resp
     end
 
-    # Update patches a Role by ID.
+    # Update replaces all the fields of a Role by ID.
     def update(
       role,
       deadline: nil
@@ -1416,7 +1555,17 @@ module SDM
   end
 
   # SecretStores are servers where resource secrets (passwords, keys) are stored.
+  #
+  # See:
+  # {AWSStore}
+  # {AzureStore}
+  # {GCPStore}
+  # {VaultAppRoleStore}
+  # {VaultTLSStore}
+  # {VaultTokenStore}
   class SecretStores
+    extend Gem::Deprecate
+
     def initialize(host, insecure, parent)
       begin
         if insecure
@@ -1490,7 +1639,7 @@ module SDM
       resp
     end
 
-    # Update patches a SecretStore by ID.
+    # Update replaces all the fields of a SecretStore by ID.
     def update(
       secret_store,
       deadline: nil

data/lib/version

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.34"
+  VERSION = "2.2.0"
 end

data/lib/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.34"
+  VERSION = "2.2.0"
 end