strongdm 1.0.7 → 1.0.13

data/lib/models/porcelain.rb

@@ -211,7 +211,7 @@ module SDM
     end
   end
 
-  # AccountAttachments assign an account to a role.
+  # AccountAttachments assign an account to a role or composite role.
   class AccountAttachment
     # Unique identifier of the AccountAttachment.
     attr_accessor :id
@@ -621,6 +621,42 @@ module SDM
     end
   end
 
+  # ControlPanelGetSSHCAPublicKeyResponse represents a request for an
+  # organization's SSH Certificate Authority public key.
+  class ControlPanelGetSSHCAPublicKeyResponse
+    # Reserved for future use.
+    attr_accessor :meta
+    # The public key of the SSH Certificate Authority, in OpenSSH RSA public
+    # key format.
+    attr_accessor :public_key
+    # Rate limit information.
+    attr_accessor :rate_limit
+
+    def initialize(
+      meta: nil,
+      public_key: nil,
+      rate_limit: nil
+    )
+      if meta != nil
+        @meta = meta
+      end
+      if public_key != nil
+        @public_key = public_key
+      end
+      if rate_limit != nil
+        @rate_limit = rate_limit
+      end
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class Athena
     # Unique identifier of the Resource.
     attr_accessor :id
@@ -834,7 +870,82 @@ module SDM
     end
   end
 
-  class DB2
+  class DB2I
+    # Unique identifier of the Resource.
+    attr_accessor :id
+    # Unique human-readable name of the Resource.
+    attr_accessor :name
+    # True if the datasource is reachable and the credentials are valid.
+    attr_accessor :healthy
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+
+    attr_accessor :hostname
+
+    attr_accessor :username
+
+    attr_accessor :password
+
+    attr_accessor :port_override
+
+    attr_accessor :port
+
+    attr_accessor :tls_required
+
+    def initialize(
+      id: nil,
+      name: nil,
+      healthy: nil,
+      tags: nil,
+      hostname: nil,
+      username: nil,
+      password: nil,
+      port_override: nil,
+      port: nil,
+      tls_required: nil
+    )
+      if id != nil
+        @id = id
+      end
+      if name != nil
+        @name = name
+      end
+      if healthy != nil
+        @healthy = healthy
+      end
+      if tags != nil
+        @tags = tags
+      end
+      if hostname != nil
+        @hostname = hostname
+      end
+      if username != nil
+        @username = username
+      end
+      if password != nil
+        @password = password
+      end
+      if port_override != nil
+        @port_override = port_override
+      end
+      if port != nil
+        @port = port
+      end
+      if tls_required != nil
+        @tls_required = tls_required
+      end
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  class DB2LUW
     # Unique identifier of the Resource.
     attr_accessor :id
     # Unique human-readable name of the Resource.
@@ -1432,16 +1543,10 @@ module SDM
 
     attr_accessor :certificate_authority
 
-    attr_accessor :certificate_authority_filename
-
     attr_accessor :client_certificate
 
-    attr_accessor :client_certificate_filename
-
     attr_accessor :client_key
 
-    attr_accessor :client_key_filename
-
     attr_accessor :healthcheck_namespace
 
     def initialize(
@@ -1452,11 +1557,8 @@ module SDM
       hostname: nil,
       port: nil,
       certificate_authority: nil,
-      certificate_authority_filename: nil,
       client_certificate: nil,
-      client_certificate_filename: nil,
       client_key: nil,
-      client_key_filename: nil,
       healthcheck_namespace: nil
     )
       if id != nil
@@ -1480,21 +1582,12 @@ module SDM
       if certificate_authority != nil
         @certificate_authority = certificate_authority
       end
-      if certificate_authority_filename != nil
-        @certificate_authority_filename = certificate_authority_filename
-      end
       if client_certificate != nil
         @client_certificate = client_certificate
       end
-      if client_certificate_filename != nil
-        @client_certificate_filename = client_certificate_filename
-      end
       if client_key != nil
         @client_key = client_key
       end
-      if client_key_filename != nil
-        @client_key_filename = client_key_filename
-      end
       if healthcheck_namespace != nil
         @healthcheck_namespace = healthcheck_namespace
       end
@@ -1659,8 +1752,6 @@ module SDM
 
     attr_accessor :certificate_authority
 
-    attr_accessor :certificate_authority_filename
-
     attr_accessor :region
 
     attr_accessor :cluster_name
@@ -1678,7 +1769,6 @@ module SDM
       access_key: nil,
       secret_access_key: nil,
       certificate_authority: nil,
-      certificate_authority_filename: nil,
       region: nil,
       cluster_name: nil,
       role_arn: nil,
@@ -1708,9 +1798,6 @@ module SDM
       if certificate_authority != nil
         @certificate_authority = certificate_authority
       end
-      if certificate_authority_filename != nil
-        @certificate_authority_filename = certificate_authority_filename
-      end
       if region != nil
         @region = region
       end
@@ -1748,12 +1835,8 @@ module SDM
 
     attr_accessor :certificate_authority
 
-    attr_accessor :certificate_authority_filename
-
     attr_accessor :service_account_key
 
-    attr_accessor :service_account_key_filename
-
     attr_accessor :healthcheck_namespace
 
     def initialize(
@@ -1763,9 +1846,7 @@ module SDM
       tags: nil,
       endpoint: nil,
       certificate_authority: nil,
-      certificate_authority_filename: nil,
       service_account_key: nil,
-      service_account_key_filename: nil,
       healthcheck_namespace: nil
     )
       if id != nil
@@ -1786,15 +1867,9 @@ module SDM
       if certificate_authority != nil
         @certificate_authority = certificate_authority
       end
-      if certificate_authority_filename != nil
-        @certificate_authority_filename = certificate_authority_filename
-      end
       if service_account_key != nil
         @service_account_key = service_account_key
       end
-      if service_account_key_filename != nil
-        @service_account_key_filename = service_account_key_filename
-      end
       if healthcheck_namespace != nil
         @healthcheck_namespace = healthcheck_namespace
       end
@@ -1825,16 +1900,10 @@ module SDM
 
     attr_accessor :certificate_authority
 
-    attr_accessor :certificate_authority_filename
-
     attr_accessor :client_certificate
 
-    attr_accessor :client_certificate_filename
-
     attr_accessor :client_key
 
-    attr_accessor :client_key_filename
-
     attr_accessor :healthcheck_namespace
 
     def initialize(
@@ -1845,11 +1914,8 @@ module SDM
       hostname: nil,
       port: nil,
       certificate_authority: nil,
-      certificate_authority_filename: nil,
       client_certificate: nil,
-      client_certificate_filename: nil,
       client_key: nil,
-      client_key_filename: nil,
       healthcheck_namespace: nil
     )
       if id != nil
@@ -1873,21 +1939,12 @@ module SDM
       if certificate_authority != nil
         @certificate_authority = certificate_authority
       end
-      if certificate_authority_filename != nil
-        @certificate_authority_filename = certificate_authority_filename
-      end
       if client_certificate != nil
         @client_certificate = client_certificate
       end
-      if client_certificate_filename != nil
-        @client_certificate_filename = client_certificate_filename
-      end
       if client_key != nil
         @client_key = client_key
       end
-      if client_key_filename != nil
-        @client_key_filename = client_key_filename
-      end
       if healthcheck_namespace != nil
         @healthcheck_namespace = healthcheck_namespace
       end
@@ -4324,7 +4381,7 @@ module SDM
   class Relay
     # Unique identifier of the Relay.
     attr_accessor :id
-    # Unique human-readable name of the Relay. Generated if not provided on create.
+    # Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
     attr_accessor :name
     # The current state of the relay. One of: "new", "verifying_restart",
     # "awaiting_restart", "restarting", "started", "stopped", "dead",
@@ -4366,7 +4423,7 @@ module SDM
   class Gateway
     # Unique identifier of the Gateway.
     attr_accessor :id
-    # Unique human-readable name of the Gateway. Generated if not provided on create.
+    # Unique human-readable name of the Gateway. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
     attr_accessor :name
     # The current state of the gateway. One of: "new", "verifying_restart",
     # "restarting", "started", "stopped", "dead", "unknown"
@@ -4773,8 +4830,7 @@ module SDM
     end
   end
 
-  # A RoleGrant connects a resource to a role, granting members of the role
-  # access to that resource.
+  # A RoleGrant connects a resource to a role, granting members of the role access to that resource.
   class RoleGrant
     # Unique identifier of the RoleGrant.
     attr_accessor :id
@@ -4940,7 +4996,7 @@ module SDM
     end
   end
 
-  # A Role is a collection of permissions, and typically corresponds to a team, Active Directory OU, or other organizational unit. Users are granted access to resources by assigning them to roles.
+  # A Role is a collection of access grants, and typically corresponds to a team, Active Directory OU, or other organizational unit. Users are granted access to resources by assigning them to roles.
   class Role
     # Unique identifier of the Role.
     attr_accessor :id

data/lib/strongdm.rb

@@ -37,6 +37,7 @@ module SDM
       @account_attachments = AccountAttachments.new(host, insecure, self)
       @account_grants = AccountGrants.new(host, insecure, self)
       @accounts = Accounts.new(host, insecure, self)
+      @control_panel = ControlPanel.new(host, insecure, self)
       @nodes = Nodes.new(host, insecure, self)
       @resources = Resources.new(host, insecure, self)
       @role_attachments = RoleAttachments.new(host, insecure, self)
@@ -90,19 +91,19 @@ module SDM
 
     # API authentication token (read-only).
     attr_reader :api_access_key
-    # AccountAttachments assign an account to a role.
+    # AccountAttachments assign an account to a role or composite role.
     attr_reader :account_attachments
     # AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
     attr_reader :account_grants
-    # Accounts are users that have access to strongDM.
-    # There are two types of accounts:
-    # 1. **Regular users:** humans who are authenticated through username and password or SSO
-    # 2. **Service users:** machines that are authneticated using a service token
+    # Accounts are users that have access to strongDM. There are two types of accounts:
+    # 1. **Users:** humans who are authenticated through username and password or SSO.
+    # 2. **Service Accounts:** machines that are authenticated using a service token.
     attr_reader :accounts
-    # Nodes make up the strongDM network, and allow your users to connect securely to your resources.
-    # There are two types of nodes:
-    # 1. **Relay:** creates connectivity to your datasources, while maintaining the egress-only nature of your firewall
-    # 1. **Gateways:** a relay that also listens for connections from strongDM clients
+    # ControlPanel contains all administrative controls.
+    attr_reader :control_panel
+    # Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
+    # - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
+    # - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
     attr_reader :nodes
 
     attr_reader :resources

data/lib/svc.rb

@@ -24,7 +24,7 @@ Dir[File.join(__dir__, "grpc", "*.rb")].each { |file| require file }
 Dir[File.join(__dir__, "models", "*.rb")].each { |file| require file }
 
 module SDM
-  # AccountAttachments assign an account to a role.
+  # AccountAttachments assign an account to a role or composite role.
   class AccountAttachments
     def initialize(host, insecure, parent)
       begin
@@ -310,10 +310,9 @@ module SDM
     end
   end
 
-  # Accounts are users that have access to strongDM.
-  # There are two types of accounts:
-  # 1. **Regular users:** humans who are authenticated through username and password or SSO
-  # 2. **Service users:** machines that are authneticated using a service token
+  # Accounts are users that have access to strongDM. There are two types of accounts:
+  # 1. **Users:** humans who are authenticated through username and password or SSO.
+  # 2. **Service Accounts:** machines that are authenticated using a service token.
   class Accounts
     def initialize(host, insecure, parent)
       begin
@@ -487,10 +486,54 @@ module SDM
     end
   end
 
-  # Nodes make up the strongDM network, and allow your users to connect securely to your resources.
-  # There are two types of nodes:
-  # 1. **Relay:** creates connectivity to your datasources, while maintaining the egress-only nature of your firewall
-  # 1. **Gateways:** a relay that also listens for connections from strongDM clients
+  # ControlPanel contains all administrative controls.
+  class ControlPanel
+    def initialize(host, insecure, parent)
+      begin
+        if insecure
+          @stub = V1::ControlPanel::Stub.new(host, :this_channel_is_insecure)
+        else
+          cred = GRPC::Core::ChannelCredentials.new()
+          @stub = V1::ControlPanel::Stub.new(host, cred)
+        end
+      rescue => exception
+        raise Plumbing::convert_error_to_porcelain(exception)
+      end
+      @parent = parent
+    end
+
+    # GetSSHCAPublicKey retrieves the SSH CA public key.
+    def get_sshca_public_key(
+      deadline: nil
+    )
+      req = V1::ControlPanelGetSSHCAPublicKeyRequest.new()
+
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.get_sshca_public_key(req, metadata: @parent.get_metadata("ControlPanel.GetSSHCAPublicKey", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception))
+            tries + +@parent.jitterSleep(tries)
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      resp = ControlPanelGetSSHCAPublicKeyResponse.new()
+      resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
+      resp.public_key = (plumbing_response.public_key)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+  end
+
+  # Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
+  # - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
+  # - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
   class Nodes
     def initialize(host, insecure, parent)
       begin

data/lib/version

@@ -1,17 +1,17 @@
 # Copyright 2020 StrongDM Inc
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
+#
 module SDM
-  VERSION = "1.0.7"
+  VERSION = "1.0.13"
 end