strongdm 1.0.7 → 1.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (159) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +26 -7
  3. data/doc/LICENSE.html +1 -11
  4. data/doc/Object.html +1 -679
  5. data/doc/README_md.html +31 -20
  6. data/doc/SDM.html +1 -1
  7. data/doc/SDM/AKS.html +3 -3
  8. data/doc/SDM/AKSBasicAuth.html +3 -3
  9. data/doc/SDM/AKSServiceAccount.html +3 -3
  10. data/doc/SDM/AccountAttachment.html +1 -1
  11. data/doc/SDM/AccountAttachmentCreateResponse.html +1 -1
  12. data/doc/SDM/AccountAttachmentDeleteResponse.html +1 -1
  13. data/doc/SDM/AccountAttachmentGetResponse.html +1 -1
  14. data/doc/SDM/AccountAttachments.html +1 -1
  15. data/doc/SDM/AccountCreateResponse.html +1 -1
  16. data/doc/SDM/AccountDeleteResponse.html +1 -1
  17. data/doc/SDM/AccountGetResponse.html +1 -1
  18. data/doc/SDM/AccountGrant.html +1 -1
  19. data/doc/SDM/AccountGrantCreateResponse.html +1 -1
  20. data/doc/SDM/AccountGrantDeleteResponse.html +1 -1
  21. data/doc/SDM/AccountGrantGetResponse.html +1 -1
  22. data/doc/SDM/AccountGrants.html +1 -1
  23. data/doc/SDM/AccountUpdateResponse.html +1 -1
  24. data/doc/SDM/Accounts.html +1 -1
  25. data/doc/SDM/AlreadyExistsError.html +1 -1
  26. data/doc/SDM/AmazonEKS.html +3 -3
  27. data/doc/SDM/AmazonES.html +3 -3
  28. data/doc/SDM/Athena.html +1 -1
  29. data/doc/SDM/AuroraMysql.html +3 -3
  30. data/doc/SDM/AuroraPostgres.html +3 -3
  31. data/doc/SDM/AuthenticationError.html +1 -1
  32. data/doc/SDM/BadRequestError.html +1 -1
  33. data/doc/SDM/BigQuery.html +1 -1
  34. data/doc/SDM/Cassandra.html +1 -1
  35. data/doc/SDM/Citus.html +3 -3
  36. data/doc/SDM/Client.html +1 -1
  37. data/doc/SDM/Clustrix.html +3 -3
  38. data/doc/SDM/Cockroach.html +3 -3
  39. data/doc/SDM/CreateResponseMetadata.html +1 -1
  40. data/doc/SDM/DB2LUW.html +391 -0
  41. data/doc/SDM/DB2i.html +391 -0
  42. data/doc/SDM/DeadlineExceededError.html +1 -1
  43. data/doc/SDM/DeleteResponseMetadata.html +1 -1
  44. data/doc/SDM/Druid.html +3 -3
  45. data/doc/SDM/DynamoDB.html +3 -3
  46. data/doc/SDM/Elastic.html +3 -3
  47. data/doc/SDM/ElasticacheRedis.html +3 -3
  48. data/doc/SDM/Gateway.html +3 -3
  49. data/doc/SDM/GetResponseMetadata.html +1 -1
  50. data/doc/SDM/GoogleGKE.html +3 -3
  51. data/doc/SDM/Greenplum.html +3 -3
  52. data/doc/SDM/HTTPAuth.html +3 -3
  53. data/doc/SDM/HTTPBasicAuth.html +3 -3
  54. data/doc/SDM/HTTPNoAuth.html +3 -3
  55. data/doc/SDM/InternalError.html +1 -1
  56. data/doc/SDM/Kubernetes.html +3 -3
  57. data/doc/SDM/KubernetesBasicAuth.html +3 -3
  58. data/doc/SDM/KubernetesServiceAccount.html +3 -3
  59. data/doc/SDM/Maria.html +3 -3
  60. data/doc/SDM/Memcached.html +3 -3
  61. data/doc/SDM/Memsql.html +3 -3
  62. data/doc/SDM/MongoHost.html +3 -3
  63. data/doc/SDM/MongoLegacyHost.html +3 -3
  64. data/doc/SDM/MongoLegacyReplicaset.html +3 -3
  65. data/doc/SDM/MongoReplicaSet.html +3 -3
  66. data/doc/SDM/Mysql.html +3 -3
  67. data/doc/SDM/NodeCreateResponse.html +3 -3
  68. data/doc/SDM/NodeDeleteResponse.html +3 -3
  69. data/doc/SDM/NodeGetResponse.html +3 -3
  70. data/doc/SDM/NodeUpdateResponse.html +3 -3
  71. data/doc/SDM/Nodes.html +1 -1
  72. data/doc/SDM/NotFoundError.html +1 -1
  73. data/doc/SDM/Oracle.html +3 -3
  74. data/doc/SDM/PermissionError.html +1 -1
  75. data/doc/SDM/Plumbing.html +501 -317
  76. data/doc/SDM/Postgres.html +3 -3
  77. data/doc/SDM/Presto.html +3 -3
  78. data/doc/SDM/RDP.html +3 -3
  79. data/doc/SDM/RPCError.html +1 -1
  80. data/doc/SDM/RateLimitError.html +1 -1
  81. data/doc/SDM/RateLimitMetadata.html +1 -1
  82. data/doc/SDM/Redis.html +3 -3
  83. data/doc/SDM/Redshift.html +3 -3
  84. data/doc/SDM/Relay.html +3 -3
  85. data/doc/SDM/ResourceCreateResponse.html +3 -3
  86. data/doc/SDM/ResourceDeleteResponse.html +3 -3
  87. data/doc/SDM/ResourceGetResponse.html +3 -3
  88. data/doc/SDM/ResourceUpdateResponse.html +3 -3
  89. data/doc/SDM/Resources.html +1 -1
  90. data/doc/SDM/Role.html +3 -3
  91. data/doc/SDM/RoleAttachment.html +3 -3
  92. data/doc/SDM/RoleAttachmentCreateResponse.html +3 -3
  93. data/doc/SDM/RoleAttachmentDeleteResponse.html +3 -3
  94. data/doc/SDM/RoleAttachmentGetResponse.html +3 -3
  95. data/doc/SDM/RoleAttachments.html +1 -1
  96. data/doc/SDM/RoleCreateResponse.html +3 -3
  97. data/doc/SDM/RoleDeleteResponse.html +3 -3
  98. data/doc/SDM/RoleGetResponse.html +3 -3
  99. data/doc/SDM/RoleGrant.html +3 -3
  100. data/doc/SDM/RoleGrantCreateResponse.html +3 -3
  101. data/doc/SDM/RoleGrantDeleteResponse.html +3 -3
  102. data/doc/SDM/RoleGrantGetResponse.html +3 -3
  103. data/doc/SDM/RoleGrants.html +1 -1
  104. data/doc/SDM/RoleUpdateResponse.html +3 -3
  105. data/doc/SDM/Roles.html +1 -1
  106. data/doc/SDM/SQLServer.html +3 -3
  107. data/doc/SDM/SSH.html +3 -3
  108. data/doc/SDM/SSHCert.html +3 -3
  109. data/doc/SDM/Service.html +1 -1
  110. data/doc/SDM/Snowflake.html +3 -3
  111. data/doc/SDM/Sybase.html +3 -3
  112. data/doc/SDM/SybaseIQ.html +3 -3
  113. data/doc/SDM/Teradata.html +3 -3
  114. data/doc/SDM/UpdateResponseMetadata.html +1 -1
  115. data/doc/SDM/User.html +1 -1
  116. data/doc/V1.html +7 -2
  117. data/doc/V1/AccountAttachments.html +1 -1
  118. data/doc/V1/AccountAttachments/Service.html +1 -1
  119. data/doc/V1/AccountGrants.html +1 -1
  120. data/doc/V1/AccountGrants/Service.html +1 -1
  121. data/doc/V1/Accounts.html +1 -1
  122. data/doc/V1/Accounts/Service.html +1 -1
  123. data/doc/V1/Nodes.html +1 -1
  124. data/doc/V1/Nodes/Service.html +1 -1
  125. data/doc/V1/Resources.html +1 -1
  126. data/doc/V1/Resources/Service.html +1 -1
  127. data/doc/V1/RoleAttachments.html +1 -1
  128. data/doc/V1/RoleAttachments/Service.html +1 -1
  129. data/doc/V1/RoleGrants.html +1 -1
  130. data/doc/V1/RoleGrants/Service.html +1 -1
  131. data/doc/V1/Roles.html +1 -1
  132. data/doc/V1/Roles/Service.html +1 -1
  133. data/doc/V1/Tags.html +1 -1
  134. data/doc/created.rid +35 -45
  135. data/doc/css/rdoc.css +13 -5
  136. data/doc/examples/Gemfile.html +1 -11
  137. data/doc/index.html +4 -12
  138. data/doc/js/navigation.js.gz +0 -0
  139. data/doc/js/search_index.js +1 -1
  140. data/doc/js/search_index.js.gz +0 -0
  141. data/doc/js/searcher.js.gz +0 -0
  142. data/doc/lib/version.html +3 -13
  143. data/doc/table_of_contents.html +160 -160
  144. data/lib/grpc/drivers_pb.rb +17 -3
  145. data/lib/grpc/plumbing.rb +70 -12
  146. data/lib/models/porcelain.rb +76 -1
  147. data/lib/version +5 -5
  148. data/lib/version.rb +1 -1
  149. metadata +4 -12
  150. data/examples/Gemfile +0 -3
  151. data/examples/Gemfile.lock +0 -14
  152. data/examples/README.md +0 -5
  153. data/examples/ldap-sync/ldapSync.rb +0 -290
  154. data/examples/listUsers.rb +0 -21
  155. data/examples/okta-sync/Gemfile +0 -4
  156. data/examples/okta-sync/Gemfile.lock +0 -38
  157. data/examples/okta-sync/matchers.yml +0 -11
  158. data/examples/okta-sync/oktaSync.rb +0 -173
  159. data/examples/panicButton.rb +0 -138
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 86cc4d6b9580c2ea725286eaf30a140a051f8b035f50a3728b16dd90eb777ff0
4
- data.tar.gz: 06c32258d35b6952710addf5cfd4566f99b632d1f989e85264cbffa5fcfa63d2
3
+ metadata.gz: 5aaee007fbddd2f157fa3ef68da1d3909e76b904c34fc09076f89dc7a42d4b56
4
+ data.tar.gz: b88f7eb1c6b52611179d21ceb71df3f745ad3e8b1cf49c0722783638584be0bd
5
5
  SHA512:
6
- metadata.gz: 98e2c20ee4168b3948210c0d0313ba20f25e4055e81210aac9cda3c2974669c514dd2d6830b581e62e2f2d826802409ef316cdd94f9bd6bb8cd537a7db72f281
7
- data.tar.gz: bc46ed7ffed5c9ea0b993631f62c52e1d1577a3c52b8b28455dbef97a9d7ac2d8e5e4c492397852dee580d5c3b9e3388cc2a053a7308b66e77fcca34bb25ab61
6
+ metadata.gz: 4dfddf1ccb527a371e08e455c456353d84fa0c45a9b1259487aa1163d54fa2429fecc4e7a377d3f24ccc6b4555ed793ffa204e4d5b18f085732b5c989b059b73
7
+ data.tar.gz: 916c4ad7ca06d80cfc58fda32c7093f6729809f6e413653b96fac02d2e9765f6a92adfcdb2f05711ca460462cf172bb848ca3c1618df98db09eb5bf6bb99f880
data/README.md CHANGED
@@ -1,23 +1,25 @@
1
1
  # strongDM SDK for Ruby
2
2
 
3
- The official strongDM SDK for the Ruby programming language.
3
+ This is the official [strongDM](https://www.strongdm.com/) SDK for the Ruby programming language.
4
4
 
5
- ## Quick Start
6
-
7
- First, install the gem:
5
+ ## Installation
8
6
 
9
7
  ```bash
10
8
  $ gem install strongdm
11
9
  ```
12
10
 
13
- Next, go to https://app.strongdm.com and create an API key. Set the `SDM_API_ACCESS_KEY` and `SDM_API_SECRET_KEY` environment variables.
11
+ ## Authentication
12
+
13
+ If you don't already have them you will need to generate a set of API keys, instructions are here: [API Credentials](https://www.strongdm.com/docs/admin-guide/api-credentials/)
14
14
 
15
+ Add the keys as environment variables; the SDK will need to access these keys for every request.
15
16
  ```bash
16
17
  $ export SDM_API_ACCESS_KEY=<YOUR ACCESS KEY>
17
18
  $ export SDM_API_SECRET_KEY=<YOUR SECRET KEY>
18
19
  ```
19
20
 
20
- Run some example code.
21
+ ## List Users
22
+ The following code lists all registered users:
21
23
 
22
24
  ```ruby
23
25
  require "strongdm"
@@ -27,4 +29,21 @@ users = client.accounts.list('')
27
29
  users.each do |user|
28
30
  p user
29
31
  end
30
- ```
32
+ ```
33
+
34
+ ## Useful Links
35
+
36
+ * Documentation: [strongdm gem](https://www.rubydoc.info/gems/strongdm)
37
+ * Examples: [GitHub - strongdm/strongdm-sdk-ruby-examples](https://github.com/strongdm/strongdm-sdk-ruby-examples)
38
+ 1. [Managing Resources](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/1_managing_resources)
39
+ 2. [Managing Accounts](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/2_managing_accounts)
40
+ 3. [Managing Roles](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/3_managing_roles)
41
+ 4. [Managing Gateways](https://github.com/strongdm/strongdm-sdk-ruby-examples/tree/master/4_managing_gateways)
42
+
43
+ ## License
44
+
45
+ [Apache 2](https://github.com/strongdm/strongdm-sdk-ruby/blob/master/LICENSE)
46
+
47
+ ## Contributing
48
+
49
+ Currently, we are not accepting pull requests directly to this repository, but our users are some of the most resourceful and ambitious folks out there. So, if you have something to contribute, find a bug, or just want to give us some feedback, please email <support@strongdm.com>.
data/doc/LICENSE.html CHANGED
@@ -69,18 +69,8 @@
69
69
 
70
70
  <li><a href="./examples/Gemfile.html">Gemfile</a>
71
71
 
72
- <li><a href="./examples/Gemfile_lock.html">Gemfile.lock</a>
73
-
74
- <li><a href="./examples/README_md.html">README</a>
75
-
76
- <li><a href="./examples/okta-sync/Gemfile.html">Gemfile</a>
77
-
78
- <li><a href="./examples/okta-sync/Gemfile_lock.html">Gemfile.lock</a>
79
-
80
72
  <li><a href="./lib/version.html">version</a>
81
73
 
82
- <li><a href="./strongdm_gemspec.html">strongdm.gemspec</a>
83
-
84
74
  </ul>
85
75
  </div>
86
76
 
@@ -197,7 +187,7 @@ identification within third-party archives.
197
187
 
198
188
  <footer id="validator-badges" role="contentinfo">
199
189
  <p><a href="https://validator.w3.org/check/referer">Validate</a>
200
- <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.2.
190
+ <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.2.1.
201
191
  <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
202
192
  </footer>
203
193
 
data/doc/Object.html CHANGED
@@ -69,23 +69,7 @@
69
69
 
70
70
 
71
71
 
72
- <!-- Method Quickref -->
73
- <div id="method-list-section" class="nav-section">
74
- <h3>Methods</h3>
75
-
76
- <ul class="link-list" role="directory">
77
-
78
- <li ><a href="#method-i-first">#first</a>
79
-
80
- <li ><a href="#method-i-ldap_sync">#ldap_sync</a>
81
-
82
- <li ><a href="#method-i-main">#main</a>
83
72
 
84
- <li ><a href="#method-i-okta_sync">#okta_sync</a>
85
-
86
- </ul>
87
- </div>
88
-
89
73
  </div>
90
74
  </nav>
91
75
 
@@ -126,55 +110,6 @@
126
110
  <dd>
127
111
 
128
112
 
129
- <dt id="LDAP_BIND_DN">LDAP_BIND_DN
130
-
131
- <dd>
132
-
133
-
134
- <dt id="LDAP_HOST">LDAP_HOST
135
-
136
- <dd>
137
-
138
-
139
- <dt id="LDAP_PASSWORD">LDAP_PASSWORD
140
-
141
- <dd>
142
-
143
-
144
- <dt id="OKTA_CLIENT_ORGURL">OKTA_CLIENT_ORGURL
145
-
146
- <dd>
147
-
148
-
149
- <dt id="OKTA_CLIENT_TOKEN">OKTA_CLIENT_TOKEN
150
-
151
- <dd>
152
-
153
-
154
- <dt id="SDM_API_ACCESS_KEY">SDM_API_ACCESS_KEY
155
-
156
- <dd><p>organizationalUnits:</p>
157
-
158
- <pre>- dn: OU=Other-OU,DC=j42,DC=xyz
159
- role: Other-OU
160
- resources:
161
- - name:*Other-OU*
162
- - name:*Multi*
163
- - dn: OU=admins,DC=j42,DC=xyz
164
- role: admins
165
- resources:
166
- - name:*admins*
167
- - dn: OU=People,DC=j42,DC=xyz
168
- role: People
169
- resources:
170
- - name:*People*</pre>
171
-
172
-
173
- <dt id="SDM_API_SECRET_KEY">SDM_API_SECRET_KEY
174
-
175
- <dd>
176
-
177
-
178
113
  </dl>
179
114
  </section>
180
115
 
@@ -182,619 +117,6 @@
182
117
 
183
118
 
184
119
 
185
- <section id="public-instance-5Buntitled-5D-method-details" class="method-section">
186
- <header>
187
- <h3>Public Instance Methods</h3>
188
- </header>
189
-
190
-
191
- <div id="method-i-first" class="method-detail ">
192
-
193
- <div class="method-heading">
194
- <span class="method-name">first</span><span
195
- class="method-args">(attrib)</span>
196
-
197
- <span class="method-click-advice">click to toggle source</span>
198
-
199
- </div>
200
-
201
-
202
- <div class="method-description">
203
-
204
- <p>gets the first item in a list or generator</p>
205
-
206
-
207
-
208
-
209
- <div class="method-source-code" id="first-source">
210
- <pre><span class="ruby-comment"># File examples/ldap-sync/ldapSync.rb, line 58</span>
211
- <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">first</span>(<span class="ruby-identifier">attrib</span>)
212
- <span class="ruby-identifier">result</span> = <span class="ruby-keyword">nil</span>
213
- <span class="ruby-identifier">attrib</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
214
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">result</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
215
- <span class="ruby-identifier">result</span> = <span class="ruby-identifier">item</span>
216
- <span class="ruby-keyword">end</span>
217
- <span class="ruby-keyword">end</span>
218
- <span class="ruby-identifier">result</span>
219
- <span class="ruby-keyword">end</span></pre>
220
- </div>
221
-
222
- </div>
223
-
224
-
225
-
226
-
227
- </div>
228
-
229
-
230
- <div id="method-i-ldap_sync" class="method-detail ">
231
-
232
- <div class="method-heading">
233
- <span class="method-name">ldap_sync</span><span
234
- class="method-args">()</span>
235
-
236
- <span class="method-click-advice">click to toggle source</span>
237
-
238
- </div>
239
-
240
-
241
- <div class="method-description">
242
-
243
-
244
-
245
-
246
-
247
-
248
- <div class="method-source-code" id="ldap_sync-source">
249
- <pre><span class="ruby-comment"># File examples/ldap-sync/ldapSync.rb, line 68</span>
250
- <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">ldap_sync</span>
251
- <span class="ruby-keyword">if</span> <span class="ruby-constant">SDM_API_ACCESS_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&#39;&#39;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">SDM_API_SECRET_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&#39;&#39;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">LDAP_BIND_DN</span> <span class="ruby-operator">==</span> <span class="ruby-string">&#39;&#39;</span>
252
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&#39;SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, and LDAP_BIND_DN must be set&#39;</span>
253
- <span class="ruby-identifier">exit</span> <span class="ruby-value">1</span>
254
- <span class="ruby-keyword">end</span>
255
-
256
- <span class="ruby-identifier">plan</span> = <span class="ruby-keyword">false</span>
257
- <span class="ruby-identifier">verbose</span> = <span class="ruby-keyword">false</span>
258
- <span class="ruby-identifier">configPath</span> = <span class="ruby-string">&#39;config.yml&#39;</span>
259
- <span class="ruby-constant">OptionParser</span>.<span class="ruby-identifier">new</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">opts</span><span class="ruby-operator">|</span>
260
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">banner</span> = <span class="ruby-string">&quot;Usage ldapSync.rb [options]&quot;</span>
261
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-p&quot;</span>, <span class="ruby-string">&quot;--plan&quot;</span>, <span class="ruby-string">&quot;calculate changes but do not apply them&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span>
262
- <span class="ruby-identifier">plan</span> = <span class="ruby-identifier">p</span>
263
- <span class="ruby-keyword">end</span>
264
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-v&quot;</span>, <span class="ruby-string">&quot;--verbose&quot;</span>, <span class="ruby-string">&quot;print detailed report&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span>
265
- <span class="ruby-identifier">verbose</span> = <span class="ruby-identifier">v</span>
266
- <span class="ruby-keyword">end</span>
267
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-c&quot;</span>, <span class="ruby-string">&quot;--config FILE&quot;</span>, <span class="ruby-string">&quot;specify path to config YAML file (default: &#39;config.yml&#39;)&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span>
268
- <span class="ruby-identifier">configPath</span> = <span class="ruby-identifier">v</span>
269
- <span class="ruby-keyword">end</span>
270
- <span class="ruby-keyword">end</span>.<span class="ruby-identifier">parse!</span>
271
-
272
- <span class="ruby-keyword">begin</span>
273
- <span class="ruby-identifier">config</span> = <span class="ruby-constant">YAML</span>.<span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">configPath</span>))
274
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">StandardError</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
275
- <span class="ruby-identifier">raise</span> <span class="ruby-identifier">ex</span>, <span class="ruby-node">&quot;failed to parse #{configPath}&quot;</span>
276
- <span class="ruby-keyword">end</span>
277
-
278
- <span class="ruby-keyword">begin</span>
279
- <span class="ruby-identifier">sdmClient</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">SDM_API_ACCESS_KEY</span>, <span class="ruby-constant">SDM_API_SECRET_KEY</span>, <span class="ruby-value">host:</span> <span class="ruby-string">&#39;api.strongdmdev.com:443&#39;</span>)
280
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">RPCError</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
281
- <span class="ruby-identifier">raise</span> <span class="ruby-identifier">ex</span>, <span class="ruby-string">&#39;failed to create StrongDM client&#39;</span>
282
- <span class="ruby-keyword">end</span>
283
-
284
- <span class="ruby-identifier">ldap</span> = <span class="ruby-constant">Net</span><span class="ruby-operator">::</span><span class="ruby-constant">LDAP</span>.<span class="ruby-identifier">new</span>
285
- <span class="ruby-identifier">ldap</span>.<span class="ruby-identifier">host</span> = <span class="ruby-constant">LDAP_HOST</span>
286
- <span class="ruby-identifier">ldap</span>.<span class="ruby-identifier">auth</span> <span class="ruby-constant">LDAP_BIND_DN</span>, <span class="ruby-constant">LDAP_PASSWORD</span>
287
- <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">ldap</span>.<span class="ruby-identifier">bind</span>
288
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&#39;failed to bind LDAP connection - authentication error&#39;</span>
289
- <span class="ruby-identifier">exit</span> <span class="ruby-value">1</span>
290
- <span class="ruby-keyword">end</span>
291
-
292
- <span class="ruby-identifier">sdmRoles</span> = { } <span class="ruby-comment"># map of name to ID</span>
293
- <span class="ruby-identifier">sdmAccounts</span> = { } <span class="ruby-comment"># map of email to id</span>
294
- <span class="ruby-identifier">sdmResources</span> = { } <span class="ruby-comment"># map of ID to name</span>
295
- <span class="ruby-identifier">sdmAccountsById</span> = { } <span class="ruby-comment"># map of id to { :email, :firstName, :lastName }</span>
296
- <span class="ruby-identifier">sdmAccountsWithAttachments</span> = { } <span class="ruby-comment"># map of email to id of all accounts that are in the roles we&#39;re interested in</span>
297
- <span class="ruby-identifier">sdmAccountAttachments</span> = { } <span class="ruby-comment"># map of role name to list of emails</span>
298
- <span class="ruby-identifier">sdmRoleGrants</span> = { } <span class="ruby-comment"># map of role name to list of { :resourceId, :grantId }</span>
299
- <span class="ruby-identifier">ldapRoles</span> = [] <span class="ruby-comment"># list of names</span>
300
- <span class="ruby-identifier">ldapAccounts</span> = { } <span class="ruby-comment"># map of email to { :firstName, :lastName }</span>
301
- <span class="ruby-identifier">ldapAccountAttachments</span> = { } <span class="ruby-comment"># map of role name to list of emails</span>
302
- <span class="ruby-identifier">desiredRoleGrants</span> = { } <span class="ruby-comment"># map of role name to list of resource IDs</span>
303
-
304
- <span class="ruby-comment"># get SDM accounts</span>
305
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&#39;&#39;</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">account</span><span class="ruby-operator">|</span>
306
- <span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">email</span>] = <span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>
307
- <span class="ruby-identifier">sdmAccountsById</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>] = { <span class="ruby-value">:email</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">account</span>.<span class="ruby-identifier">email</span>, <span class="ruby-value">:firstName</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">account</span>.<span class="ruby-identifier">first_name</span>, <span class="ruby-value">:lastName</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">account</span>.<span class="ruby-identifier">last_name</span> }
308
- <span class="ruby-keyword">end</span>
309
-
310
- <span class="ruby-comment"># get SDM resources</span>
311
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">resources</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&#39;&#39;</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">resource</span><span class="ruby-operator">|</span>
312
- <span class="ruby-identifier">sdmResources</span>[<span class="ruby-identifier">resource</span>.<span class="ruby-identifier">id</span>] = <span class="ruby-identifier">resource</span>.<span class="ruby-identifier">name</span>
313
- <span class="ruby-keyword">end</span>
314
-
315
- <span class="ruby-comment"># loop through OUs</span>
316
- <span class="ruby-identifier">config</span>[<span class="ruby-string">&#39;organizationalUnits&#39;</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">ou</span><span class="ruby-operator">|</span>
317
-
318
- <span class="ruby-comment"># get SDM state for this OU</span>
319
- <span class="ruby-identifier">role</span> = <span class="ruby-identifier">first</span>(<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">roles</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&#39;name:?&#39;</span>, <span class="ruby-identifier">ou</span>[<span class="ruby-string">&#39;role&#39;</span>]))
320
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">role</span>
321
- <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">role</span>.<span class="ruby-identifier">name</span>] = <span class="ruby-identifier">role</span>.<span class="ruby-identifier">id</span>
322
-
323
- <span class="ruby-comment"># get accounts attached to this role</span>
324
- <span class="ruby-identifier">accountEmails</span> = []
325
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&#39;roleid:?&#39;</span>, <span class="ruby-identifier">role</span>.<span class="ruby-identifier">id</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
326
- <span class="ruby-identifier">sdmAccount</span> = <span class="ruby-identifier">sdmAccountsById</span>[<span class="ruby-identifier">attachment</span>.<span class="ruby-identifier">account_id</span>]
327
- <span class="ruby-identifier">email</span> = <span class="ruby-identifier">sdmAccount</span>[<span class="ruby-value">:email</span>]
328
- <span class="ruby-identifier">sdmAccountsWithAttachments</span>[<span class="ruby-identifier">email</span>] = <span class="ruby-identifier">attachment</span>.<span class="ruby-identifier">account_id</span>
329
- <span class="ruby-identifier">accountEmails</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">email</span>)
330
- <span class="ruby-keyword">end</span>
331
- <span class="ruby-identifier">sdmAccountAttachments</span>[<span class="ruby-identifier">role</span>.<span class="ruby-identifier">name</span>] = <span class="ruby-identifier">accountEmails</span>
332
-
333
- <span class="ruby-comment"># get resources granted to this role</span>
334
- <span class="ruby-identifier">roleGrants</span> = []
335
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">role_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&#39;roleid:?&#39;</span>, <span class="ruby-identifier">role</span>.<span class="ruby-identifier">id</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">grant</span><span class="ruby-operator">|</span>
336
- <span class="ruby-identifier">roleGrants</span>.<span class="ruby-identifier">push</span>({ <span class="ruby-value">:resourceId</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">grant</span>.<span class="ruby-identifier">resource_id</span>, <span class="ruby-value">:grantId</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">grant</span>.<span class="ruby-identifier">id</span> })
337
- <span class="ruby-keyword">end</span>
338
- <span class="ruby-identifier">sdmRoleGrants</span>[<span class="ruby-identifier">role</span>.<span class="ruby-identifier">name</span>] = <span class="ruby-identifier">roleGrants</span>
339
-
340
- <span class="ruby-comment"># get resources that we want to grant to this role</span>
341
- <span class="ruby-identifier">filteredResources</span> = { } <span class="ruby-comment"># map of resource ID to true (to prevent duplicates)</span>
342
- <span class="ruby-identifier">filters</span> = <span class="ruby-identifier">ou</span>[<span class="ruby-string">&#39;resources&#39;</span>] <span class="ruby-comment"># list of filter strings</span>
343
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">filters</span>
344
- <span class="ruby-identifier">filters</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">filter</span><span class="ruby-operator">|</span>
345
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">resources</span>.<span class="ruby-identifier">list</span>(<span class="ruby-identifier">filter</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">resource</span><span class="ruby-operator">|</span>
346
- <span class="ruby-identifier">filteredResources</span>[<span class="ruby-identifier">resource</span>.<span class="ruby-identifier">id</span>] = <span class="ruby-keyword">true</span>
347
- <span class="ruby-keyword">end</span>
348
- <span class="ruby-keyword">end</span>
349
- <span class="ruby-identifier">desiredRoleGrants</span>[<span class="ruby-identifier">role</span>.<span class="ruby-identifier">name</span>] = <span class="ruby-identifier">filteredResources</span>.<span class="ruby-identifier">keys</span>
350
- <span class="ruby-keyword">end</span>
351
- <span class="ruby-keyword">end</span>
352
-
353
- <span class="ruby-comment"># get LDAP state for this OU</span>
354
- <span class="ruby-identifier">ldapRoles</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ou</span>[<span class="ruby-string">&#39;role&#39;</span>].<span class="ruby-identifier">to_s</span>)
355
- <span class="ruby-identifier">roleAccounts</span> = []
356
- <span class="ruby-identifier">ldap</span>.<span class="ruby-identifier">search</span>(<span class="ruby-value">:base</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ou</span>[<span class="ruby-string">&#39;dn&#39;</span>], <span class="ruby-value">:filter</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-constant">Net</span><span class="ruby-operator">::</span><span class="ruby-constant">LDAP</span><span class="ruby-operator">::</span><span class="ruby-constant">Filter</span>.<span class="ruby-identifier">eq</span>(<span class="ruby-string">&#39;objectclass&#39;</span>, <span class="ruby-string">&#39;user&#39;</span>), <span class="ruby-value">:return_result</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-keyword">false</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">entry</span><span class="ruby-operator">|</span>
357
- <span class="ruby-identifier">ldapAccounts</span>[<span class="ruby-identifier">first</span>(<span class="ruby-identifier">entry</span>.<span class="ruby-identifier">mail</span>).<span class="ruby-identifier">to_s</span>] = {
358
- <span class="ruby-value">:firstName</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">first</span>(<span class="ruby-identifier">entry</span>.<span class="ruby-identifier">givenname</span>).<span class="ruby-identifier">to_s</span>,
359
- <span class="ruby-value">:lastName</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">first</span>(<span class="ruby-identifier">entry</span>.<span class="ruby-identifier">sn</span>).<span class="ruby-identifier">to_s</span>,
360
- }
361
- <span class="ruby-identifier">roleAccounts</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">first</span>(<span class="ruby-identifier">entry</span>.<span class="ruby-identifier">mail</span>).<span class="ruby-identifier">to_s</span>)
362
- <span class="ruby-keyword">end</span>
363
- <span class="ruby-identifier">ldapAccountAttachments</span>[<span class="ruby-identifier">ou</span>[<span class="ruby-string">&#39;role&#39;</span>].<span class="ruby-identifier">to_s</span>] = <span class="ruby-identifier">roleAccounts</span>
364
- <span class="ruby-keyword">end</span>
365
-
366
- <span class="ruby-comment"># compute diff</span>
367
- <span class="ruby-identifier">report</span> = {
368
- <span class="ruby-value">:createRoles</span> <span class="ruby-operator">=&gt;</span> [],
369
- <span class="ruby-value">:deleteAccounts</span> <span class="ruby-operator">=&gt;</span> [],
370
- <span class="ruby-value">:updateAccounts</span> <span class="ruby-operator">=&gt;</span> [],
371
- <span class="ruby-value">:createAccounts</span> <span class="ruby-operator">=&gt;</span> [],
372
- <span class="ruby-value">:createAccountAttachments</span> <span class="ruby-operator">=&gt;</span> [],
373
- <span class="ruby-value">:deleteAccountAttachments</span> <span class="ruby-operator">=&gt;</span> [],
374
- <span class="ruby-value">:deleteRoleGrants</span> <span class="ruby-operator">=&gt;</span> [],
375
- <span class="ruby-value">:createRoleGrants</span> <span class="ruby-operator">=&gt;</span> [],
376
- }
377
- <span class="ruby-comment"># createRoles</span>
378
- <span class="ruby-identifier">ldapRoles</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span><span class="ruby-operator">|</span>
379
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>]
380
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:createRoles</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">roleName</span>)
381
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
382
- <span class="ruby-identifier">response</span> = <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">roles</span>.<span class="ruby-identifier">create</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Role</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">name:</span> <span class="ruby-identifier">roleName</span>))
383
- <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>] = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">role</span>.<span class="ruby-identifier">id</span>
384
- <span class="ruby-keyword">end</span>
385
- <span class="ruby-comment"># deleteAccounts</span>
386
- <span class="ruby-identifier">sdmAccountsWithAttachments</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span>, <span class="ruby-identifier">id</span><span class="ruby-operator">|</span>
387
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ldapAccounts</span>[<span class="ruby-identifier">email</span>]
388
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:deleteAccounts</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">email</span>)
389
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
390
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">id</span>)
391
- <span class="ruby-keyword">end</span>
392
- <span class="ruby-comment"># updateAccounts</span>
393
- <span class="ruby-identifier">sdmAccountsWithAttachments</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span>, <span class="ruby-identifier">id</span><span class="ruby-operator">|</span>
394
- <span class="ruby-identifier">ldapAccount</span> = <span class="ruby-identifier">ldapAccounts</span>[<span class="ruby-identifier">email</span>]
395
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">ldapAccount</span>
396
- <span class="ruby-identifier">sdmAccount</span> = <span class="ruby-identifier">sdmAccountsById</span>[<span class="ruby-identifier">id</span>]
397
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">sdmAccount</span>[<span class="ruby-value">:firstName</span>] <span class="ruby-operator">==</span> <span class="ruby-identifier">ldapAccount</span>[<span class="ruby-value">:firstName</span>] <span class="ruby-keyword">and</span> <span class="ruby-identifier">sdmAccount</span>[<span class="ruby-value">:lastName</span>] <span class="ruby-operator">==</span> <span class="ruby-identifier">ldapAccount</span>[<span class="ruby-value">:lastName</span>]
398
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:updateAccounts</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">email</span>)
399
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
400
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">User</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">id:</span> <span class="ruby-identifier">id</span>, <span class="ruby-value">first_name:</span> <span class="ruby-identifier">ldapAccount</span>[<span class="ruby-value">:firstName</span>], <span class="ruby-value">last_name:</span> <span class="ruby-identifier">ldapAccount</span>[<span class="ruby-value">:lastName</span>]))
401
- <span class="ruby-keyword">end</span>
402
- <span class="ruby-comment"># createAccounts</span>
403
- <span class="ruby-identifier">ldapAccounts</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span>, <span class="ruby-identifier">account</span><span class="ruby-operator">|</span>
404
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">email</span>]
405
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:createAccounts</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">email</span>)
406
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
407
- <span class="ruby-identifier">response</span> = <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">create</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">User</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">email:</span> <span class="ruby-identifier">email</span>, <span class="ruby-value">first_name:</span> <span class="ruby-identifier">account</span>[<span class="ruby-value">:firstName</span>], <span class="ruby-value">last_name:</span> <span class="ruby-identifier">account</span>[<span class="ruby-value">:lastName</span>]))
408
- <span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">response</span>.<span class="ruby-identifier">account</span>.<span class="ruby-identifier">email</span>] = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>
409
- <span class="ruby-keyword">end</span>
410
- <span class="ruby-comment"># deleteAccountAttachments</span>
411
- <span class="ruby-identifier">sdmAccountAttachments</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span>, <span class="ruby-identifier">accounts</span><span class="ruby-operator">|</span>
412
- <span class="ruby-identifier">roleId</span> = <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>]
413
- <span class="ruby-identifier">ldapAccountsInRole</span> = <span class="ruby-identifier">ldapAccountAttachments</span>[<span class="ruby-identifier">roleName</span>]
414
- <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span><span class="ruby-operator">|</span>
415
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ldapAccountsInRole</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">ldapAccountsInRole</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">email</span>
416
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:deleteAccountAttachments</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:role</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">roleName</span>, <span class="ruby-value">:account</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">email</span> })
417
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
418
- <span class="ruby-identifier">accountId</span> = <span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">email</span>]
419
- <span class="ruby-identifier">attachment</span> = <span class="ruby-identifier">first</span>(<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&#39;accountid:? roleid:?&#39;</span>, <span class="ruby-identifier">accountId</span>, <span class="ruby-identifier">roleId</span>))
420
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">attachment</span> <span class="ruby-comment"># already deleted by the deleteAccounts step</span>
421
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">attachment</span>.<span class="ruby-identifier">id</span>)
422
- <span class="ruby-keyword">end</span>
423
- <span class="ruby-keyword">end</span>
424
- <span class="ruby-comment"># createAccountAttachments</span>
425
- <span class="ruby-identifier">ldapAccountAttachments</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span>, <span class="ruby-identifier">accounts</span><span class="ruby-operator">|</span>
426
- <span class="ruby-identifier">roleId</span> = <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>]
427
- <span class="ruby-identifier">sdmAccountsInRole</span> = <span class="ruby-identifier">sdmAccountAttachments</span>[<span class="ruby-identifier">roleName</span>]
428
- <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span><span class="ruby-operator">|</span>
429
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">sdmAccountsInRole</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">sdmAccountsInRole</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">email</span>
430
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:createAccountAttachments</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:role</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">roleName</span>, <span class="ruby-value">:account</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">email</span> })
431
- <span class="ruby-identifier">accountId</span> = <span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">email</span>]
432
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
433
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">create</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountAttachment</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">account_id:</span> <span class="ruby-identifier">accountId</span>, <span class="ruby-value">role_id:</span> <span class="ruby-identifier">roleId</span>))
434
- <span class="ruby-keyword">end</span>
435
- <span class="ruby-keyword">end</span>
436
- <span class="ruby-comment"># deleteRoleGrants</span>
437
- <span class="ruby-identifier">sdmRoleGrants</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span>, <span class="ruby-identifier">roleGrants</span><span class="ruby-operator">|</span>
438
- <span class="ruby-identifier">desired</span> = <span class="ruby-identifier">desiredRoleGrants</span>[<span class="ruby-identifier">roleName</span>]
439
- <span class="ruby-identifier">roleGrants</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">grant</span><span class="ruby-operator">|</span>
440
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">desired</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">desired</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">grant</span>[<span class="ruby-value">:resourceId</span>]
441
- <span class="ruby-identifier">resourceName</span> = <span class="ruby-identifier">sdmResources</span>[<span class="ruby-identifier">grant</span>[<span class="ruby-value">:resourceId</span>]]
442
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:deleteRoleGrants</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:role</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">roleName</span>, <span class="ruby-value">:resource</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">resourceName</span>})
443
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
444
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">role_grants</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">grant</span>[<span class="ruby-value">:grantId</span>])
445
- <span class="ruby-keyword">end</span>
446
- <span class="ruby-keyword">end</span>
447
- <span class="ruby-comment"># createRoleGrants</span>
448
- <span class="ruby-identifier">desiredRoleGrants</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span>, <span class="ruby-identifier">roleGrants</span><span class="ruby-operator">|</span>
449
- <span class="ruby-identifier">roleId</span> = <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>]
450
- <span class="ruby-identifier">existing</span> = <span class="ruby-identifier">sdmRoleGrants</span>[<span class="ruby-identifier">roleName</span>]
451
- <span class="ruby-identifier">roleGrants</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">resourceId</span><span class="ruby-operator">|</span>
452
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">existing</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">existing</span>.<span class="ruby-identifier">find</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">existingGrant</span><span class="ruby-operator">|</span> <span class="ruby-identifier">existingGrant</span>[<span class="ruby-value">:resourceId</span>] <span class="ruby-operator">==</span> <span class="ruby-identifier">resourceId</span> }
453
- <span class="ruby-identifier">resourceName</span> = <span class="ruby-identifier">sdmResources</span>[<span class="ruby-identifier">resourceId</span>]
454
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:createRoleGrants</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:role</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">roleName</span>, <span class="ruby-value">:resource</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">resourceName</span> })
455
- <span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
456
- <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">role_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">RoleGrant</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">role_id:</span> <span class="ruby-identifier">roleId</span>, <span class="ruby-value">resource_id:</span> <span class="ruby-identifier">resourceId</span>))
457
- <span class="ruby-keyword">end</span>
458
- <span class="ruby-keyword">end</span>
459
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">verbose</span>
460
- <span class="ruby-identifier">puts</span> <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">pretty_generate</span>(<span class="ruby-identifier">report</span>)
461
- <span class="ruby-keyword">else</span>
462
- <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Create #{report[:createRoles].length} roles&quot;</span>
463
- <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Delete #{report[:deleteAccounts].length} accounts&quot;</span>
464
- <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Create #{report[:createAccounts].length} accounts&quot;</span>
465
- <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Delete #{report[:deleteAccountAttachments].length} account attachments&quot;</span>
466
- <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Create #{report[:createAccountAttachments].length} account attachments&quot;</span>
467
- <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Delete #{report[:deleteRoleGrants].length} role grants&quot;</span>
468
- <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Create #{report[:createRoleGrants].length} role grants&quot;</span>
469
- <span class="ruby-keyword">end</span>
470
- <span class="ruby-keyword">end</span></pre>
471
- </div>
472
-
473
- </div>
474
-
475
-
476
-
477
-
478
- </div>
479
-
480
-
481
- <div id="method-i-main" class="method-detail ">
482
-
483
- <div class="method-heading">
484
- <span class="method-name">main</span><span
485
- class="method-args">()</span>
486
-
487
- <span class="method-click-advice">click to toggle source</span>
488
-
489
- </div>
490
-
491
-
492
- <div class="method-description">
493
-
494
- <p>panicButton.rb suspends all users except for one admin, in the fake use case of a critical break in or something usage: ruby panicButton.rb adminuser@email.com to revert back to pre-panic state: ruby panicButton.rb revert</p>
495
-
496
-
497
-
498
-
499
- <div class="method-source-code" id="main-source">
500
- <pre><span class="ruby-comment"># File examples/panicButton.rb, line 25</span>
501
- <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">main</span>
502
- <span class="ruby-identifier">access_key</span> = <span class="ruby-constant">ENV</span>[<span class="ruby-string">&quot;SDM_API_ACCESS_KEY&quot;</span>]
503
- <span class="ruby-identifier">secret_key</span> = <span class="ruby-constant">ENV</span>[<span class="ruby-string">&quot;SDM_API_SECRET_KEY&quot;</span>]
504
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">access_key</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">secret_key</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
505
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;SDM_API_ACCESS_KEY and SDM_API_SECRET_KEY must be provided&quot;</span>
506
- <span class="ruby-keyword">return</span>
507
- <span class="ruby-keyword">end</span>
508
- <span class="ruby-identifier">client</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">access_key</span>, <span class="ruby-identifier">secret_key</span>)
509
-
510
- <span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span> <span class="ruby-keyword">and</span> <span class="ruby-constant">ARGV</span>[<span class="ruby-value">0</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;revert&quot;</span>
511
- <span class="ruby-identifier">state_file</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">&quot;state.json&quot;</span>)
512
- <span class="ruby-identifier">state</span> = <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">load</span>(<span class="ruby-identifier">state_file</span>)
513
-
514
- <span class="ruby-identifier">reinstated_count</span> = <span class="ruby-value">0</span>
515
-
516
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
517
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
518
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span>
519
- <span class="ruby-identifier">reinstated_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
520
- <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span> = <span class="ruby-keyword">false</span>
521
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">user</span>)
522
- <span class="ruby-keyword">end</span>
523
- }
524
- <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;attachments&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
525
- <span class="ruby-keyword">begin</span>
526
- <span class="ruby-identifier">a</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountAttachment</span>.<span class="ruby-identifier">new</span>()
527
- <span class="ruby-identifier">a</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;account_id&quot;</span>]
528
- <span class="ruby-identifier">a</span>.<span class="ruby-identifier">role_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;role_id&quot;</span>]
529
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">a</span>)
530
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AlreadyExistsError</span>
531
- <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
532
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping creation of attachment due to error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
533
- <span class="ruby-keyword">end</span>
534
- }
535
- <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;grants&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
536
- <span class="ruby-keyword">begin</span>
537
- <span class="ruby-identifier">g</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountGrant</span>.<span class="ruby-identifier">new</span>()
538
- <span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;account_id&quot;</span>]
539
- <span class="ruby-identifier">g</span>.<span class="ruby-identifier">resource_id</span> = <span class="ruby-identifier">attachment</span>[<span class="ruby-string">&quot;resource_id&quot;</span>]
540
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">g</span>)
541
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AlreadyExistsError</span>
542
- <span class="ruby-keyword">rescue</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
543
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping creation of grant due to error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
544
- <span class="ruby-keyword">end</span>
545
- }
546
-
547
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;reinstated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">reinstated_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; users&quot;</span>
548
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;recreated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;attachments&quot;</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account attachments&quot;</span>
549
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;recreated &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-string">&quot;grants&quot;</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account grants&quot;</span>
550
-
551
- <span class="ruby-keyword">return</span>
552
- <span class="ruby-keyword">end</span>
553
-
554
- <span class="ruby-identifier">admin_email</span> = <span class="ruby-string">&quot;&quot;</span>
555
- <span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">size</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>
556
- <span class="ruby-identifier">admin_email</span> = <span class="ruby-constant">ARGV</span>[<span class="ruby-value">0</span>]
557
- <span class="ruby-keyword">else</span>
558
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;please provide an admin email to preserve&quot;</span>
559
- <span class="ruby-keyword">return</span> <span class="ruby-value">1</span>
560
- <span class="ruby-keyword">end</span>
561
-
562
- <span class="ruby-identifier">admin_user_id</span> = <span class="ruby-string">&quot;&quot;</span>
563
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;email:?&quot;</span>, <span class="ruby-identifier">admin_email</span>)
564
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
565
- <span class="ruby-identifier">admin_user_id</span> = <span class="ruby-identifier">user</span>.<span class="ruby-identifier">id</span>
566
- }
567
-
568
- <span class="ruby-identifier">account_attachments</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
569
- <span class="ruby-identifier">account_grants</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
570
-
571
- <span class="ruby-identifier">state</span> = {
572
- <span class="ruby-value">&#39;attachments&#39;:</span> <span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span>
573
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">admin_user_id</span>
574
- <span class="ruby-identifier">out</span> = {
575
- <span class="ruby-value">&#39;account_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span>,
576
- <span class="ruby-value">&#39;role_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">role_id</span>,
577
- }
578
- <span class="ruby-keyword">end</span>
579
- }.<span class="ruby-identifier">reject</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span> <span class="ruby-identifier">x</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> },
580
- <span class="ruby-value">&#39;grants&#39;:</span> <span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span>
581
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">admin_user_id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">valid_until</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
582
- <span class="ruby-identifier">out</span> = {
583
- <span class="ruby-value">&#39;account_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">account_id</span>,
584
- <span class="ruby-value">&#39;resource_id&#39;:</span> <span class="ruby-identifier">x</span>.<span class="ruby-identifier">resource_id</span>,
585
- }
586
- <span class="ruby-keyword">end</span>
587
- }.<span class="ruby-identifier">reject</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">x</span><span class="ruby-operator">|</span> <span class="ruby-identifier">x</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> },
588
- }
589
-
590
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;storing &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-value">:attachments</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account attachments in state&quot;</span>
591
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;storing &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">state</span>[<span class="ruby-value">:grants</span>].<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; account grants in state&quot;</span>
592
-
593
- <span class="ruby-identifier">state_file</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-string">&quot;state.json&quot;</span>, <span class="ruby-string">&quot;w&quot;</span>)
594
- <span class="ruby-identifier">state_file</span>.<span class="ruby-identifier">write</span>(<span class="ruby-identifier">state</span>.<span class="ruby-identifier">to_json</span>)
595
-
596
- <span class="ruby-identifier">suspended_count</span> = <span class="ruby-value">0</span>
597
- <span class="ruby-identifier">users</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>)
598
- <span class="ruby-identifier">users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">user</span><span class="ruby-operator">|</span>
599
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">instance_of?</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">User</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">email</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">admin_email</span>
600
- <span class="ruby-keyword">next</span>
601
- <span class="ruby-keyword">end</span>
602
- <span class="ruby-identifier">user</span>.<span class="ruby-identifier">suspended</span> = <span class="ruby-keyword">true</span>
603
- <span class="ruby-keyword">begin</span>
604
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">user</span>)
605
- <span class="ruby-identifier">suspended_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
606
- <span class="ruby-keyword">rescue</span> <span class="ruby-constant">StandardError</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">ex</span>
607
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;skipping user &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; on account of error: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">ex</span>.<span class="ruby-identifier">to_s</span>
608
- <span class="ruby-keyword">end</span>
609
- }
610
-
611
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;suspended &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">suspended_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; users&quot;</span>
612
- <span class="ruby-keyword">end</span></pre>
613
- </div>
614
-
615
- </div>
616
-
617
-
618
-
619
-
620
- </div>
621
-
622
-
623
- <div id="method-i-okta_sync" class="method-detail ">
624
-
625
- <div class="method-heading">
626
- <span class="method-name">okta_sync</span><span
627
- class="method-args">()</span>
628
-
629
- <span class="method-click-advice">click to toggle source</span>
630
-
631
- </div>
632
-
633
-
634
- <div class="method-description">
635
-
636
-
637
-
638
-
639
-
640
-
641
- <div class="method-source-code" id="okta_sync-source">
642
- <pre><span class="ruby-comment"># File examples/okta-sync/oktaSync.rb, line 25</span>
643
- <span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">okta_sync</span>
644
- <span class="ruby-keyword">if</span> <span class="ruby-constant">SDM_API_ACCESS_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">SDM_API_SECRET_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">OKTA_CLIENT_TOKEN</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span> <span class="ruby-operator">||</span> <span class="ruby-constant">OKTA_CLIENT_ORGURL</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span>
645
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, OKTA_CLIENT_TOKEN, and OKTA_CLIENT_ORGURL must be set&quot;</span>
646
- <span class="ruby-identifier">exit</span>
647
- <span class="ruby-keyword">end</span>
648
-
649
- <span class="ruby-identifier">report</span> = {
650
- <span class="ruby-value">:start</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>,
651
-
652
- <span class="ruby-value">:oktaUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
653
- <span class="ruby-value">:oktaUsers</span> <span class="ruby-operator">=&gt;</span> [],
654
-
655
- <span class="ruby-value">:sdmUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
656
- <span class="ruby-value">:sdmUsers</span> <span class="ruby-operator">=&gt;</span> [],
657
-
658
- <span class="ruby-value">:bothUsersCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
659
-
660
- <span class="ruby-value">:sdmResourcesCount</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
661
- <span class="ruby-value">:sdmResources</span> <span class="ruby-operator">=&gt;</span> {},
662
-
663
- <span class="ruby-value">:permissionsGranted</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
664
- <span class="ruby-value">:permissionsRevoked</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-value">0</span>,
665
- <span class="ruby-value">:grants</span> <span class="ruby-operator">=&gt;</span> [],
666
- <span class="ruby-value">:revocations</span> <span class="ruby-operator">=&gt;</span> [],
667
-
668
- <span class="ruby-value">:matchers</span> <span class="ruby-operator">=&gt;</span> {},
669
- }
670
-
671
- <span class="ruby-identifier">plan</span> = <span class="ruby-keyword">false</span>
672
- <span class="ruby-identifier">verbose</span> = <span class="ruby-keyword">false</span>
673
- <span class="ruby-constant">OptionParser</span>.<span class="ruby-identifier">new</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">opts</span><span class="ruby-operator">|</span>
674
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">banner</span> = <span class="ruby-string">&quot;Usage oktaSync.rb [options]&quot;</span>
675
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-p&quot;</span>, <span class="ruby-string">&quot;--plan&quot;</span>, <span class="ruby-string">&quot;calculate changes but do not apply them&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span>
676
- <span class="ruby-identifier">plan</span> = <span class="ruby-identifier">p</span>
677
- <span class="ruby-keyword">end</span>
678
- <span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">&quot;-v&quot;</span>, <span class="ruby-string">&quot;--verbose&quot;</span>, <span class="ruby-string">&quot;print detailed report&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span>
679
- <span class="ruby-identifier">verbose</span> = <span class="ruby-identifier">v</span>
680
- <span class="ruby-keyword">end</span>
681
- <span class="ruby-keyword">end</span>.<span class="ruby-identifier">parse!</span>
682
-
683
- <span class="ruby-identifier">client</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">SDM_API_ACCESS_KEY</span>, <span class="ruby-constant">SDM_API_SECRET_KEY</span>)
684
- <span class="ruby-identifier">okta_client</span> = <span class="ruby-constant">Oktakit</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">token:</span> <span class="ruby-constant">OKTA_CLIENT_TOKEN</span>, <span class="ruby-value">api_endpoint:</span> <span class="ruby-constant">OKTA_CLIENT_ORGURL</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/api/v1&quot;</span>)
685
- <span class="ruby-identifier">matchers</span> = <span class="ruby-constant">YAML</span>.<span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">&quot;matchers.yml&quot;</span>))
686
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:matchers</span>] = <span class="ruby-identifier">matchers</span>
687
-
688
- <span class="ruby-identifier">all_users</span> = <span class="ruby-identifier">okta_client</span>.<span class="ruby-identifier">list_users</span>({
689
- <span class="ruby-value">&#39;query&#39;:</span> {
690
- <span class="ruby-value">&#39;search&#39;:</span> <span class="ruby-string">&quot;profile.department eq \&quot;Engineering\&quot; and (status eq \&quot;ACTIVE\&quot;)&quot;</span>,
691
- },
692
- })
693
-
694
- <span class="ruby-identifier">okta_users</span> = <span class="ruby-constant">Array</span>.<span class="ruby-identifier">new</span>()
695
- <span class="ruby-identifier">all_users</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
696
- <span class="ruby-identifier">groups</span> = <span class="ruby-identifier">okta_client</span>.<span class="ruby-identifier">get_member_groups</span>(<span class="ruby-identifier">u</span>.<span class="ruby-identifier">id</span>)
697
- <span class="ruby-identifier">group_names</span> = <span class="ruby-constant">Array</span>.<span class="ruby-identifier">new</span>()
698
- <span class="ruby-identifier">groups</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">ug</span><span class="ruby-operator">|</span>
699
- <span class="ruby-identifier">group_names</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ug</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">name</span>)
700
- }
701
- <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">push</span>({ <span class="ruby-value">:login</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">login</span>, <span class="ruby-value">:first_name</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-identifier">firstName</span>, <span class="ruby-value">:last_name</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">profile</span>.<span class="ruby-constant">LastName</span>, <span class="ruby-value">:groups</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">group_names</span> })
702
- }
703
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:oktaUsers</span>] = <span class="ruby-identifier">okta_users</span>
704
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:oktaUsersCount</span>] = <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">size</span>
705
-
706
- <span class="ruby-identifier">accounts</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;type:user&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">a</span><span class="ruby-operator">|</span> [<span class="ruby-identifier">a</span>.<span class="ruby-identifier">email</span>, <span class="ruby-identifier">a</span>] }.<span class="ruby-identifier">to_h</span>
707
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmUsers</span>] = <span class="ruby-identifier">accounts</span>
708
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmUsersCount</span>] = <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">size</span>
709
- <span class="ruby-identifier">grants</span> = <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">ag</span><span class="ruby-operator">|</span> <span class="ruby-identifier">ag</span> }
710
-
711
- <span class="ruby-identifier">current</span> = {}
712
- <span class="ruby-identifier">grants</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">g</span><span class="ruby-operator">|</span>
713
- <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>] = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>]
714
- <span class="ruby-identifier">current</span>[<span class="ruby-identifier">g</span>.<span class="ruby-identifier">account_id</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:resource_id</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">g</span>.<span class="ruby-identifier">resource_id</span>, <span class="ruby-value">:id</span> <span class="ruby-operator">=&gt;</span> <span class="ruby-identifier">g</span>.<span class="ruby-identifier">id</span> })
715
- }
716
-
717
- <span class="ruby-identifier">desired</span> = {}
718
- <span class="ruby-identifier">overlapping</span> = <span class="ruby-value">0</span>
719
- <span class="ruby-identifier">matchers</span>[<span class="ruby-string">&quot;groups&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">group</span><span class="ruby-operator">|</span>
720
- <span class="ruby-identifier">group</span>[<span class="ruby-string">&quot;resources&quot;</span>].<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">resourceQuery</span><span class="ruby-operator">|</span>
721
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">resources</span>.<span class="ruby-identifier">list</span>(<span class="ruby-identifier">resourceQuery</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">res</span><span class="ruby-operator">|</span>
722
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResources</span>][<span class="ruby-identifier">res</span>.<span class="ruby-identifier">id</span>] = <span class="ruby-identifier">res</span>
723
- <span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
724
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">u</span>[<span class="ruby-value">:groups</span>].<span class="ruby-identifier">include?</span> <span class="ruby-identifier">group</span>[<span class="ruby-string">&quot;name&quot;</span>]
725
- <span class="ruby-identifier">account</span> = <span class="ruby-identifier">accounts</span>[<span class="ruby-identifier">u</span>[<span class="ruby-value">:login</span>]]
726
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">account</span> <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
727
- <span class="ruby-identifier">overlapping</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
728
- <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>] = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>]
729
- <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">res</span>.<span class="ruby-identifier">id</span>)
730
- <span class="ruby-keyword">end</span>
731
- <span class="ruby-keyword">end</span>
732
- }
733
- }
734
- }
735
- }
736
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:bothUsersCount</span>] = <span class="ruby-identifier">overlapping</span>
737
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResourcesCount</span>] = <span class="ruby-identifier">report</span>[<span class="ruby-value">:sdmResources</span>].<span class="ruby-identifier">size</span>
738
-
739
- <span class="ruby-identifier">revocations</span> = <span class="ruby-value">0</span>
740
- <span class="ruby-identifier">current</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aid</span>, <span class="ruby-identifier">curRes</span><span class="ruby-operator">|</span>
741
- <span class="ruby-identifier">desRes</span> = <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">aid</span>]
742
- <span class="ruby-identifier">desRes</span> = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">desired</span>[<span class="ruby-identifier">aid</span>]
743
- <span class="ruby-identifier">curRes</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
744
- <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span>(<span class="ruby-identifier">desRes</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:resource_id</span>])
745
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
746
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Plan: revoke %s from user %s\n&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">r</span>[<span class="ruby-value">:resource_id</span>], <span class="ruby-identifier">aid</span>]
747
- <span class="ruby-keyword">else</span>
748
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">r</span>[<span class="ruby-value">:id</span>])
749
- <span class="ruby-keyword">end</span>
750
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:revocations</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">r</span>[<span class="ruby-value">:id</span>])
751
- <span class="ruby-identifier">revocations</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
752
- <span class="ruby-keyword">end</span>
753
- }
754
- }
755
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:permissionsRevoked</span>] = <span class="ruby-identifier">revocations</span>
756
-
757
- <span class="ruby-identifier">grants</span> = <span class="ruby-value">0</span>
758
- <span class="ruby-identifier">desired</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">aid</span>, <span class="ruby-identifier">desRes</span><span class="ruby-operator">|</span>
759
- <span class="ruby-identifier">curRes</span> = <span class="ruby-identifier">current</span>[<span class="ruby-identifier">aid</span>]
760
- <span class="ruby-identifier">curRes</span> = [] <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">current</span>[<span class="ruby-identifier">aid</span>]
761
- <span class="ruby-identifier">desRes</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
762
- <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span>(<span class="ruby-identifier">curRes</span>.<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">c</span><span class="ruby-operator">|</span> <span class="ruby-identifier">c</span>[<span class="ruby-value">:resource_id</span>] }.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">r</span>)
763
- <span class="ruby-identifier">ag</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountGrant</span>.<span class="ruby-identifier">new</span>()
764
- <span class="ruby-identifier">ag</span>.<span class="ruby-identifier">account_id</span> = <span class="ruby-identifier">aid</span>
765
- <span class="ruby-identifier">ag</span>.<span class="ruby-identifier">resource_id</span> = <span class="ruby-identifier">r</span>
766
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
767
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Plan: grant %s to user %s\n&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">r</span>, <span class="ruby-identifier">aid</span>]
768
- <span class="ruby-keyword">else</span>
769
- <span class="ruby-identifier">client</span>.<span class="ruby-identifier">account_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">ag</span>)
770
- <span class="ruby-keyword">end</span>
771
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:grants</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ag</span>)
772
- <span class="ruby-identifier">grants</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
773
- <span class="ruby-keyword">end</span>
774
- }
775
- }
776
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:permissionsGranted</span>] = <span class="ruby-identifier">grants</span>
777
-
778
- <span class="ruby-identifier">report</span>[<span class="ruby-value">:complete</span>] = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>
779
-
780
- <span class="ruby-keyword">if</span> <span class="ruby-identifier">verbose</span>
781
- <span class="ruby-identifier">puts</span> <span class="ruby-identifier">report</span>.<span class="ruby-identifier">to_json</span>
782
- <span class="ruby-keyword">else</span>
783
- <span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;%d Okta users, %d strongDM users, %d overlapping users, %d grants, %d revocations&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">okta_users</span>.<span class="ruby-identifier">size</span>, <span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">size</span>, <span class="ruby-identifier">overlapping</span>, <span class="ruby-identifier">grants</span>, <span class="ruby-identifier">revocations</span>]
784
- <span class="ruby-keyword">end</span>
785
- <span class="ruby-keyword">end</span></pre>
786
- </div>
787
-
788
- </div>
789
-
790
-
791
-
792
-
793
- </div>
794
-
795
-
796
- </section>
797
-
798
120
  </section>
799
121
 
800
122
  </main>
@@ -802,7 +124,7 @@
802
124
 
803
125
  <footer id="validator-badges" role="contentinfo">
804
126
  <p><a href="https://validator.w3.org/check/referer">Validate</a>
805
- <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.1.2.
127
+ <p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.2.1.
806
128
  <p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
807
129
  </footer>
808
130