strongdm 1.0.7 → 1.0.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +28 -6
- data/doc/LICENSE.html +1 -11
- data/doc/Object.html +1 -679
- data/doc/README_md.html +32 -19
- data/doc/SDM.html +1 -1
- data/doc/SDM/AKS.html +4 -58
- data/doc/SDM/AKSBasicAuth.html +3 -3
- data/doc/SDM/AKSServiceAccount.html +3 -3
- data/doc/SDM/AccountAttachment.html +2 -2
- data/doc/SDM/AccountAttachmentCreateResponse.html +1 -1
- data/doc/SDM/AccountAttachmentDeleteResponse.html +1 -1
- data/doc/SDM/AccountAttachmentGetResponse.html +1 -1
- data/doc/SDM/AccountAttachments.html +2 -2
- data/doc/SDM/AccountCreateResponse.html +1 -1
- data/doc/SDM/AccountDeleteResponse.html +1 -1
- data/doc/SDM/AccountGetResponse.html +1 -1
- data/doc/SDM/AccountGrant.html +1 -1
- data/doc/SDM/AccountGrantCreateResponse.html +1 -1
- data/doc/SDM/AccountGrantDeleteResponse.html +1 -1
- data/doc/SDM/AccountGrantGetResponse.html +1 -1
- data/doc/SDM/AccountGrants.html +1 -1
- data/doc/SDM/AccountUpdateResponse.html +1 -1
- data/doc/SDM/Accounts.html +9 -9
- data/doc/SDM/AlreadyExistsError.html +1 -1
- data/doc/SDM/AmazonEKS.html +4 -22
- data/doc/SDM/AmazonES.html +3 -3
- data/doc/SDM/Athena.html +3 -3
- data/doc/SDM/AuroraMysql.html +3 -3
- data/doc/SDM/AuroraPostgres.html +3 -3
- data/doc/SDM/AuthenticationError.html +1 -1
- data/doc/SDM/BadRequestError.html +1 -1
- data/doc/SDM/BigQuery.html +3 -3
- data/doc/SDM/Cassandra.html +3 -3
- data/doc/SDM/Citus.html +3 -3
- data/doc/SDM/Client.html +26 -12
- data/doc/SDM/Clustrix.html +3 -3
- data/doc/SDM/Cockroach.html +3 -3
- data/doc/SDM/ControlPanel.html +236 -0
- data/doc/SDM/ControlPanelGetSSHCAPublicKeyResponse.html +267 -0
- data/doc/SDM/CreateResponseMetadata.html +1 -1
- data/doc/SDM/{DB2.html → DB2LUW.html} +7 -7
- data/doc/SDM/DB2i.html +391 -0
- data/doc/SDM/DeadlineExceededError.html +1 -1
- data/doc/SDM/DeleteResponseMetadata.html +1 -1
- data/doc/SDM/Druid.html +3 -3
- data/doc/SDM/DynamoDB.html +3 -3
- data/doc/SDM/Elastic.html +3 -3
- data/doc/SDM/ElasticacheRedis.html +3 -3
- data/doc/SDM/Gateway.html +4 -4
- data/doc/SDM/GetResponseMetadata.html +1 -1
- data/doc/SDM/GoogleGKE.html +4 -40
- data/doc/SDM/Greenplum.html +3 -3
- data/doc/SDM/HTTPAuth.html +3 -3
- data/doc/SDM/HTTPBasicAuth.html +3 -3
- data/doc/SDM/HTTPNoAuth.html +3 -3
- data/doc/SDM/InternalError.html +1 -1
- data/doc/SDM/Kubernetes.html +4 -58
- data/doc/SDM/KubernetesBasicAuth.html +3 -3
- data/doc/SDM/KubernetesServiceAccount.html +3 -3
- data/doc/SDM/Maria.html +3 -3
- data/doc/SDM/Memcached.html +3 -3
- data/doc/SDM/Memsql.html +3 -3
- data/doc/SDM/MongoHost.html +3 -3
- data/doc/SDM/MongoLegacyHost.html +3 -3
- data/doc/SDM/MongoLegacyReplicaset.html +3 -3
- data/doc/SDM/MongoReplicaSet.html +3 -3
- data/doc/SDM/Mysql.html +3 -3
- data/doc/SDM/NodeCreateResponse.html +3 -3
- data/doc/SDM/NodeDeleteResponse.html +3 -3
- data/doc/SDM/NodeGetResponse.html +3 -3
- data/doc/SDM/NodeUpdateResponse.html +3 -3
- data/doc/SDM/Nodes.html +11 -11
- data/doc/SDM/NotFoundError.html +1 -1
- data/doc/SDM/Oracle.html +3 -3
- data/doc/SDM/PermissionError.html +1 -1
- data/doc/SDM/Plumbing.html +751 -421
- data/doc/SDM/Postgres.html +3 -3
- data/doc/SDM/Presto.html +3 -3
- data/doc/SDM/RDP.html +3 -3
- data/doc/SDM/RPCError.html +1 -1
- data/doc/SDM/RateLimitError.html +1 -1
- data/doc/SDM/RateLimitMetadata.html +1 -1
- data/doc/SDM/Redis.html +3 -3
- data/doc/SDM/Redshift.html +3 -3
- data/doc/SDM/Relay.html +4 -4
- data/doc/SDM/ResourceCreateResponse.html +3 -3
- data/doc/SDM/ResourceDeleteResponse.html +3 -3
- data/doc/SDM/ResourceGetResponse.html +3 -3
- data/doc/SDM/ResourceUpdateResponse.html +3 -3
- data/doc/SDM/Resources.html +7 -7
- data/doc/SDM/Role.html +4 -4
- data/doc/SDM/RoleAttachment.html +3 -3
- data/doc/SDM/RoleAttachmentCreateResponse.html +3 -3
- data/doc/SDM/RoleAttachmentDeleteResponse.html +3 -3
- data/doc/SDM/RoleAttachmentGetResponse.html +3 -3
- data/doc/SDM/RoleAttachments.html +6 -6
- data/doc/SDM/RoleCreateResponse.html +3 -3
- data/doc/SDM/RoleDeleteResponse.html +3 -3
- data/doc/SDM/RoleGetResponse.html +3 -3
- data/doc/SDM/RoleGrant.html +3 -3
- data/doc/SDM/RoleGrantCreateResponse.html +3 -3
- data/doc/SDM/RoleGrantDeleteResponse.html +3 -3
- data/doc/SDM/RoleGrantGetResponse.html +3 -3
- data/doc/SDM/RoleGrants.html +6 -6
- data/doc/SDM/RoleUpdateResponse.html +3 -3
- data/doc/SDM/Roles.html +7 -7
- data/doc/SDM/SQLServer.html +3 -3
- data/doc/SDM/SSH.html +3 -3
- data/doc/SDM/SSHCert.html +3 -3
- data/doc/SDM/Service.html +1 -1
- data/doc/SDM/Snowflake.html +3 -3
- data/doc/SDM/Sybase.html +3 -3
- data/doc/SDM/SybaseIQ.html +3 -3
- data/doc/SDM/Teradata.html +3 -3
- data/doc/SDM/UpdateResponseMetadata.html +1 -1
- data/doc/SDM/User.html +1 -1
- data/doc/V1.html +17 -2
- data/doc/V1/AccountAttachments.html +1 -1
- data/doc/V1/AccountAttachments/Service.html +2 -2
- data/doc/V1/AccountGrants.html +1 -1
- data/doc/V1/AccountGrants/Service.html +1 -1
- data/doc/V1/Accounts.html +1 -1
- data/doc/V1/Accounts/Service.html +3 -3
- data/doc/V1/ControlPanel.html +113 -0
- data/doc/V1/ControlPanel/Service.html +119 -0
- data/doc/V1/Nodes.html +1 -1
- data/doc/V1/Nodes/Service.html +5 -5
- data/doc/V1/Resources.html +1 -1
- data/doc/V1/Resources/Service.html +1 -1
- data/doc/V1/RoleAttachments.html +1 -1
- data/doc/V1/RoleAttachments/Service.html +1 -1
- data/doc/V1/RoleGrants.html +1 -1
- data/doc/V1/RoleGrants/Service.html +1 -1
- data/doc/V1/Roles.html +1 -1
- data/doc/V1/Roles/Service.html +1 -1
- data/doc/V1/Tags.html +1 -1
- data/doc/created.rid +39 -45
- data/doc/css/rdoc.css +13 -5
- data/doc/examples/Gemfile.html +1 -11
- data/doc/index.html +12 -12
- data/doc/js/navigation.js.gz +0 -0
- data/doc/js/search_index.js +1 -1
- data/doc/js/search_index.js.gz +0 -0
- data/doc/js/searcher.js.gz +0 -0
- data/doc/lib/version.html +3 -13
- data/doc/strongdm_gemspec.html +0 -8
- data/doc/table_of_contents.html +232 -172
- data/lib/grpc/account_attachments_services_pb.rb +1 -1
- data/lib/grpc/accounts_services_pb.rb +3 -4
- data/lib/grpc/control_panel_pb.rb +39 -0
- data/lib/grpc/control_panel_services_pb.rb +37 -0
- data/lib/grpc/drivers_pb.rb +17 -12
- data/lib/grpc/nodes_services_pb.rb +3 -4
- data/lib/grpc/plumbing.rb +109 -30
- data/lib/models/porcelain.rb +117 -61
- data/lib/strongdm.rb +10 -9
- data/lib/svc.rb +52 -9
- data/lib/version +5 -5
- data/lib/version.rb +1 -1
- data/strongdm.gemspec +1 -1
- metadata +24 -26
- data/examples/Gemfile.lock +0 -14
- data/examples/README.md +0 -5
- data/examples/ldap-sync/ldapSync.rb +0 -290
- data/examples/okta-sync/Gemfile +0 -4
- data/examples/okta-sync/Gemfile.lock +0 -38
- data/examples/okta-sync/matchers.yml +0 -11
- data/examples/okta-sync/oktaSync.rb +0 -173
- data/examples/panicButton.rb +0 -138
data/lib/models/porcelain.rb
CHANGED
@@ -211,7 +211,7 @@ module SDM
|
|
211
211
|
end
|
212
212
|
end
|
213
213
|
|
214
|
-
# AccountAttachments assign an account to a role.
|
214
|
+
# AccountAttachments assign an account to a role or composite role.
|
215
215
|
class AccountAttachment
|
216
216
|
# Unique identifier of the AccountAttachment.
|
217
217
|
attr_accessor :id
|
@@ -621,6 +621,42 @@ module SDM
|
|
621
621
|
end
|
622
622
|
end
|
623
623
|
|
624
|
+
# ControlPanelGetSSHCAPublicKeyResponse represents a request for an
|
625
|
+
# organization's SSH Certificate Authority public key.
|
626
|
+
class ControlPanelGetSSHCAPublicKeyResponse
|
627
|
+
# Reserved for future use.
|
628
|
+
attr_accessor :meta
|
629
|
+
# The public key of the SSH Certificate Authority, in OpenSSH RSA public
|
630
|
+
# key format.
|
631
|
+
attr_accessor :public_key
|
632
|
+
# Rate limit information.
|
633
|
+
attr_accessor :rate_limit
|
634
|
+
|
635
|
+
def initialize(
|
636
|
+
meta: nil,
|
637
|
+
public_key: nil,
|
638
|
+
rate_limit: nil
|
639
|
+
)
|
640
|
+
if meta != nil
|
641
|
+
@meta = meta
|
642
|
+
end
|
643
|
+
if public_key != nil
|
644
|
+
@public_key = public_key
|
645
|
+
end
|
646
|
+
if rate_limit != nil
|
647
|
+
@rate_limit = rate_limit
|
648
|
+
end
|
649
|
+
end
|
650
|
+
|
651
|
+
def to_json(options = {})
|
652
|
+
hash = {}
|
653
|
+
self.instance_variables.each do |var|
|
654
|
+
hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
|
655
|
+
end
|
656
|
+
hash.to_json
|
657
|
+
end
|
658
|
+
end
|
659
|
+
|
624
660
|
class Athena
|
625
661
|
# Unique identifier of the Resource.
|
626
662
|
attr_accessor :id
|
@@ -834,7 +870,82 @@ module SDM
|
|
834
870
|
end
|
835
871
|
end
|
836
872
|
|
837
|
-
class
|
873
|
+
class DB2I
|
874
|
+
# Unique identifier of the Resource.
|
875
|
+
attr_accessor :id
|
876
|
+
# Unique human-readable name of the Resource.
|
877
|
+
attr_accessor :name
|
878
|
+
# True if the datasource is reachable and the credentials are valid.
|
879
|
+
attr_accessor :healthy
|
880
|
+
# Tags is a map of key, value pairs.
|
881
|
+
attr_accessor :tags
|
882
|
+
|
883
|
+
attr_accessor :hostname
|
884
|
+
|
885
|
+
attr_accessor :username
|
886
|
+
|
887
|
+
attr_accessor :password
|
888
|
+
|
889
|
+
attr_accessor :port_override
|
890
|
+
|
891
|
+
attr_accessor :port
|
892
|
+
|
893
|
+
attr_accessor :tls_required
|
894
|
+
|
895
|
+
def initialize(
|
896
|
+
id: nil,
|
897
|
+
name: nil,
|
898
|
+
healthy: nil,
|
899
|
+
tags: nil,
|
900
|
+
hostname: nil,
|
901
|
+
username: nil,
|
902
|
+
password: nil,
|
903
|
+
port_override: nil,
|
904
|
+
port: nil,
|
905
|
+
tls_required: nil
|
906
|
+
)
|
907
|
+
if id != nil
|
908
|
+
@id = id
|
909
|
+
end
|
910
|
+
if name != nil
|
911
|
+
@name = name
|
912
|
+
end
|
913
|
+
if healthy != nil
|
914
|
+
@healthy = healthy
|
915
|
+
end
|
916
|
+
if tags != nil
|
917
|
+
@tags = tags
|
918
|
+
end
|
919
|
+
if hostname != nil
|
920
|
+
@hostname = hostname
|
921
|
+
end
|
922
|
+
if username != nil
|
923
|
+
@username = username
|
924
|
+
end
|
925
|
+
if password != nil
|
926
|
+
@password = password
|
927
|
+
end
|
928
|
+
if port_override != nil
|
929
|
+
@port_override = port_override
|
930
|
+
end
|
931
|
+
if port != nil
|
932
|
+
@port = port
|
933
|
+
end
|
934
|
+
if tls_required != nil
|
935
|
+
@tls_required = tls_required
|
936
|
+
end
|
937
|
+
end
|
938
|
+
|
939
|
+
def to_json(options = {})
|
940
|
+
hash = {}
|
941
|
+
self.instance_variables.each do |var|
|
942
|
+
hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
|
943
|
+
end
|
944
|
+
hash.to_json
|
945
|
+
end
|
946
|
+
end
|
947
|
+
|
948
|
+
class DB2LUW
|
838
949
|
# Unique identifier of the Resource.
|
839
950
|
attr_accessor :id
|
840
951
|
# Unique human-readable name of the Resource.
|
@@ -1432,16 +1543,10 @@ module SDM
|
|
1432
1543
|
|
1433
1544
|
attr_accessor :certificate_authority
|
1434
1545
|
|
1435
|
-
attr_accessor :certificate_authority_filename
|
1436
|
-
|
1437
1546
|
attr_accessor :client_certificate
|
1438
1547
|
|
1439
|
-
attr_accessor :client_certificate_filename
|
1440
|
-
|
1441
1548
|
attr_accessor :client_key
|
1442
1549
|
|
1443
|
-
attr_accessor :client_key_filename
|
1444
|
-
|
1445
1550
|
attr_accessor :healthcheck_namespace
|
1446
1551
|
|
1447
1552
|
def initialize(
|
@@ -1452,11 +1557,8 @@ module SDM
|
|
1452
1557
|
hostname: nil,
|
1453
1558
|
port: nil,
|
1454
1559
|
certificate_authority: nil,
|
1455
|
-
certificate_authority_filename: nil,
|
1456
1560
|
client_certificate: nil,
|
1457
|
-
client_certificate_filename: nil,
|
1458
1561
|
client_key: nil,
|
1459
|
-
client_key_filename: nil,
|
1460
1562
|
healthcheck_namespace: nil
|
1461
1563
|
)
|
1462
1564
|
if id != nil
|
@@ -1480,21 +1582,12 @@ module SDM
|
|
1480
1582
|
if certificate_authority != nil
|
1481
1583
|
@certificate_authority = certificate_authority
|
1482
1584
|
end
|
1483
|
-
if certificate_authority_filename != nil
|
1484
|
-
@certificate_authority_filename = certificate_authority_filename
|
1485
|
-
end
|
1486
1585
|
if client_certificate != nil
|
1487
1586
|
@client_certificate = client_certificate
|
1488
1587
|
end
|
1489
|
-
if client_certificate_filename != nil
|
1490
|
-
@client_certificate_filename = client_certificate_filename
|
1491
|
-
end
|
1492
1588
|
if client_key != nil
|
1493
1589
|
@client_key = client_key
|
1494
1590
|
end
|
1495
|
-
if client_key_filename != nil
|
1496
|
-
@client_key_filename = client_key_filename
|
1497
|
-
end
|
1498
1591
|
if healthcheck_namespace != nil
|
1499
1592
|
@healthcheck_namespace = healthcheck_namespace
|
1500
1593
|
end
|
@@ -1659,8 +1752,6 @@ module SDM
|
|
1659
1752
|
|
1660
1753
|
attr_accessor :certificate_authority
|
1661
1754
|
|
1662
|
-
attr_accessor :certificate_authority_filename
|
1663
|
-
|
1664
1755
|
attr_accessor :region
|
1665
1756
|
|
1666
1757
|
attr_accessor :cluster_name
|
@@ -1678,7 +1769,6 @@ module SDM
|
|
1678
1769
|
access_key: nil,
|
1679
1770
|
secret_access_key: nil,
|
1680
1771
|
certificate_authority: nil,
|
1681
|
-
certificate_authority_filename: nil,
|
1682
1772
|
region: nil,
|
1683
1773
|
cluster_name: nil,
|
1684
1774
|
role_arn: nil,
|
@@ -1708,9 +1798,6 @@ module SDM
|
|
1708
1798
|
if certificate_authority != nil
|
1709
1799
|
@certificate_authority = certificate_authority
|
1710
1800
|
end
|
1711
|
-
if certificate_authority_filename != nil
|
1712
|
-
@certificate_authority_filename = certificate_authority_filename
|
1713
|
-
end
|
1714
1801
|
if region != nil
|
1715
1802
|
@region = region
|
1716
1803
|
end
|
@@ -1748,12 +1835,8 @@ module SDM
|
|
1748
1835
|
|
1749
1836
|
attr_accessor :certificate_authority
|
1750
1837
|
|
1751
|
-
attr_accessor :certificate_authority_filename
|
1752
|
-
|
1753
1838
|
attr_accessor :service_account_key
|
1754
1839
|
|
1755
|
-
attr_accessor :service_account_key_filename
|
1756
|
-
|
1757
1840
|
attr_accessor :healthcheck_namespace
|
1758
1841
|
|
1759
1842
|
def initialize(
|
@@ -1763,9 +1846,7 @@ module SDM
|
|
1763
1846
|
tags: nil,
|
1764
1847
|
endpoint: nil,
|
1765
1848
|
certificate_authority: nil,
|
1766
|
-
certificate_authority_filename: nil,
|
1767
1849
|
service_account_key: nil,
|
1768
|
-
service_account_key_filename: nil,
|
1769
1850
|
healthcheck_namespace: nil
|
1770
1851
|
)
|
1771
1852
|
if id != nil
|
@@ -1786,15 +1867,9 @@ module SDM
|
|
1786
1867
|
if certificate_authority != nil
|
1787
1868
|
@certificate_authority = certificate_authority
|
1788
1869
|
end
|
1789
|
-
if certificate_authority_filename != nil
|
1790
|
-
@certificate_authority_filename = certificate_authority_filename
|
1791
|
-
end
|
1792
1870
|
if service_account_key != nil
|
1793
1871
|
@service_account_key = service_account_key
|
1794
1872
|
end
|
1795
|
-
if service_account_key_filename != nil
|
1796
|
-
@service_account_key_filename = service_account_key_filename
|
1797
|
-
end
|
1798
1873
|
if healthcheck_namespace != nil
|
1799
1874
|
@healthcheck_namespace = healthcheck_namespace
|
1800
1875
|
end
|
@@ -1825,16 +1900,10 @@ module SDM
|
|
1825
1900
|
|
1826
1901
|
attr_accessor :certificate_authority
|
1827
1902
|
|
1828
|
-
attr_accessor :certificate_authority_filename
|
1829
|
-
|
1830
1903
|
attr_accessor :client_certificate
|
1831
1904
|
|
1832
|
-
attr_accessor :client_certificate_filename
|
1833
|
-
|
1834
1905
|
attr_accessor :client_key
|
1835
1906
|
|
1836
|
-
attr_accessor :client_key_filename
|
1837
|
-
|
1838
1907
|
attr_accessor :healthcheck_namespace
|
1839
1908
|
|
1840
1909
|
def initialize(
|
@@ -1845,11 +1914,8 @@ module SDM
|
|
1845
1914
|
hostname: nil,
|
1846
1915
|
port: nil,
|
1847
1916
|
certificate_authority: nil,
|
1848
|
-
certificate_authority_filename: nil,
|
1849
1917
|
client_certificate: nil,
|
1850
|
-
client_certificate_filename: nil,
|
1851
1918
|
client_key: nil,
|
1852
|
-
client_key_filename: nil,
|
1853
1919
|
healthcheck_namespace: nil
|
1854
1920
|
)
|
1855
1921
|
if id != nil
|
@@ -1873,21 +1939,12 @@ module SDM
|
|
1873
1939
|
if certificate_authority != nil
|
1874
1940
|
@certificate_authority = certificate_authority
|
1875
1941
|
end
|
1876
|
-
if certificate_authority_filename != nil
|
1877
|
-
@certificate_authority_filename = certificate_authority_filename
|
1878
|
-
end
|
1879
1942
|
if client_certificate != nil
|
1880
1943
|
@client_certificate = client_certificate
|
1881
1944
|
end
|
1882
|
-
if client_certificate_filename != nil
|
1883
|
-
@client_certificate_filename = client_certificate_filename
|
1884
|
-
end
|
1885
1945
|
if client_key != nil
|
1886
1946
|
@client_key = client_key
|
1887
1947
|
end
|
1888
|
-
if client_key_filename != nil
|
1889
|
-
@client_key_filename = client_key_filename
|
1890
|
-
end
|
1891
1948
|
if healthcheck_namespace != nil
|
1892
1949
|
@healthcheck_namespace = healthcheck_namespace
|
1893
1950
|
end
|
@@ -4324,7 +4381,7 @@ module SDM
|
|
4324
4381
|
class Relay
|
4325
4382
|
# Unique identifier of the Relay.
|
4326
4383
|
attr_accessor :id
|
4327
|
-
# Unique human-readable name of the Relay. Generated if not provided on create.
|
4384
|
+
# Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
|
4328
4385
|
attr_accessor :name
|
4329
4386
|
# The current state of the relay. One of: "new", "verifying_restart",
|
4330
4387
|
# "awaiting_restart", "restarting", "started", "stopped", "dead",
|
@@ -4366,7 +4423,7 @@ module SDM
|
|
4366
4423
|
class Gateway
|
4367
4424
|
# Unique identifier of the Gateway.
|
4368
4425
|
attr_accessor :id
|
4369
|
-
# Unique human-readable name of the Gateway. Generated if not provided on create.
|
4426
|
+
# Unique human-readable name of the Gateway. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
|
4370
4427
|
attr_accessor :name
|
4371
4428
|
# The current state of the gateway. One of: "new", "verifying_restart",
|
4372
4429
|
# "restarting", "started", "stopped", "dead", "unknown"
|
@@ -4773,8 +4830,7 @@ module SDM
|
|
4773
4830
|
end
|
4774
4831
|
end
|
4775
4832
|
|
4776
|
-
# A RoleGrant connects a resource to a role, granting members of the role
|
4777
|
-
# access to that resource.
|
4833
|
+
# A RoleGrant connects a resource to a role, granting members of the role access to that resource.
|
4778
4834
|
class RoleGrant
|
4779
4835
|
# Unique identifier of the RoleGrant.
|
4780
4836
|
attr_accessor :id
|
@@ -4940,7 +4996,7 @@ module SDM
|
|
4940
4996
|
end
|
4941
4997
|
end
|
4942
4998
|
|
4943
|
-
# A Role is a collection of
|
4999
|
+
# A Role is a collection of access grants, and typically corresponds to a team, Active Directory OU, or other organizational unit. Users are granted access to resources by assigning them to roles.
|
4944
5000
|
class Role
|
4945
5001
|
# Unique identifier of the Role.
|
4946
5002
|
attr_accessor :id
|
data/lib/strongdm.rb
CHANGED
@@ -37,6 +37,7 @@ module SDM
|
|
37
37
|
@account_attachments = AccountAttachments.new(host, insecure, self)
|
38
38
|
@account_grants = AccountGrants.new(host, insecure, self)
|
39
39
|
@accounts = Accounts.new(host, insecure, self)
|
40
|
+
@control_panel = ControlPanel.new(host, insecure, self)
|
40
41
|
@nodes = Nodes.new(host, insecure, self)
|
41
42
|
@resources = Resources.new(host, insecure, self)
|
42
43
|
@role_attachments = RoleAttachments.new(host, insecure, self)
|
@@ -90,19 +91,19 @@ module SDM
|
|
90
91
|
|
91
92
|
# API authentication token (read-only).
|
92
93
|
attr_reader :api_access_key
|
93
|
-
# AccountAttachments assign an account to a role.
|
94
|
+
# AccountAttachments assign an account to a role or composite role.
|
94
95
|
attr_reader :account_attachments
|
95
96
|
# AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
|
96
97
|
attr_reader :account_grants
|
97
|
-
# Accounts are users that have access to strongDM.
|
98
|
-
#
|
99
|
-
#
|
100
|
-
# 2. **Service users:** machines that are authneticated using a service token
|
98
|
+
# Accounts are users that have access to strongDM. There are two types of accounts:
|
99
|
+
# 1. **Users:** humans who are authenticated through username and password or SSO.
|
100
|
+
# 2. **Service Accounts:** machines that are authenticated using a service token.
|
101
101
|
attr_reader :accounts
|
102
|
-
#
|
103
|
-
|
104
|
-
#
|
105
|
-
#
|
102
|
+
# ControlPanel contains all administrative controls.
|
103
|
+
attr_reader :control_panel
|
104
|
+
# Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
|
105
|
+
# - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
|
106
|
+
# - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
|
106
107
|
attr_reader :nodes
|
107
108
|
|
108
109
|
attr_reader :resources
|
data/lib/svc.rb
CHANGED
@@ -24,7 +24,7 @@ Dir[File.join(__dir__, "grpc", "*.rb")].each { |file| require file }
|
|
24
24
|
Dir[File.join(__dir__, "models", "*.rb")].each { |file| require file }
|
25
25
|
|
26
26
|
module SDM
|
27
|
-
# AccountAttachments assign an account to a role.
|
27
|
+
# AccountAttachments assign an account to a role or composite role.
|
28
28
|
class AccountAttachments
|
29
29
|
def initialize(host, insecure, parent)
|
30
30
|
begin
|
@@ -310,10 +310,9 @@ module SDM
|
|
310
310
|
end
|
311
311
|
end
|
312
312
|
|
313
|
-
# Accounts are users that have access to strongDM.
|
314
|
-
#
|
315
|
-
#
|
316
|
-
# 2. **Service users:** machines that are authneticated using a service token
|
313
|
+
# Accounts are users that have access to strongDM. There are two types of accounts:
|
314
|
+
# 1. **Users:** humans who are authenticated through username and password or SSO.
|
315
|
+
# 2. **Service Accounts:** machines that are authenticated using a service token.
|
317
316
|
class Accounts
|
318
317
|
def initialize(host, insecure, parent)
|
319
318
|
begin
|
@@ -487,10 +486,54 @@ module SDM
|
|
487
486
|
end
|
488
487
|
end
|
489
488
|
|
490
|
-
#
|
491
|
-
|
492
|
-
|
493
|
-
|
489
|
+
# ControlPanel contains all administrative controls.
|
490
|
+
class ControlPanel
|
491
|
+
def initialize(host, insecure, parent)
|
492
|
+
begin
|
493
|
+
if insecure
|
494
|
+
@stub = V1::ControlPanel::Stub.new(host, :this_channel_is_insecure)
|
495
|
+
else
|
496
|
+
cred = GRPC::Core::ChannelCredentials.new()
|
497
|
+
@stub = V1::ControlPanel::Stub.new(host, cred)
|
498
|
+
end
|
499
|
+
rescue => exception
|
500
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
501
|
+
end
|
502
|
+
@parent = parent
|
503
|
+
end
|
504
|
+
|
505
|
+
# GetSSHCAPublicKey retrieves the SSH CA public key.
|
506
|
+
def get_sshca_public_key(
|
507
|
+
deadline: nil
|
508
|
+
)
|
509
|
+
req = V1::ControlPanelGetSSHCAPublicKeyRequest.new()
|
510
|
+
|
511
|
+
tries = 0
|
512
|
+
plumbing_response = nil
|
513
|
+
loop do
|
514
|
+
begin
|
515
|
+
plumbing_response = @stub.get_sshca_public_key(req, metadata: @parent.get_metadata("ControlPanel.GetSSHCAPublicKey", req), deadline: deadline)
|
516
|
+
rescue => exception
|
517
|
+
if (@parent.shouldRetry(tries, exception))
|
518
|
+
tries + +@parent.jitterSleep(tries)
|
519
|
+
next
|
520
|
+
end
|
521
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
522
|
+
end
|
523
|
+
break
|
524
|
+
end
|
525
|
+
|
526
|
+
resp = ControlPanelGetSSHCAPublicKeyResponse.new()
|
527
|
+
resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
|
528
|
+
resp.public_key = (plumbing_response.public_key)
|
529
|
+
resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
|
530
|
+
resp
|
531
|
+
end
|
532
|
+
end
|
533
|
+
|
534
|
+
# Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
|
535
|
+
# - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
|
536
|
+
# - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
|
494
537
|
class Nodes
|
495
538
|
def initialize(host, insecure, parent)
|
496
539
|
begin
|
data/lib/version
CHANGED
@@ -1,17 +1,17 @@
|
|
1
1
|
# Copyright 2020 StrongDM Inc
|
2
|
-
#
|
2
|
+
#
|
3
3
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
4
|
# you may not use this file except in compliance with the License.
|
5
5
|
# You may obtain a copy of the License at
|
6
|
-
#
|
6
|
+
#
|
7
7
|
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
8
|
+
#
|
9
9
|
# Unless required by applicable law or agreed to in writing, software
|
10
10
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
11
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
12
|
# See the License for the specific language governing permissions and
|
13
13
|
# limitations under the License.
|
14
|
-
#
|
14
|
+
#
|
15
15
|
module SDM
|
16
|
-
VERSION = "1.0.
|
16
|
+
VERSION = "1.0.13"
|
17
17
|
end
|