strongdm 14.14.0 → 14.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0857e02b8ab13871d789565a616cc61d9bac7c46ea853fefca26d651d1527db4'
-  data.tar.gz: 04c8e8b55916ad149689bd5a24b547f4108adff8d1c31291bc0d6dc9815b4027
+  metadata.gz: ffc2f684354edc591bd80a6bc6b06e5c60ba616361b52bbe4841615aa7038049
+  data.tar.gz: 4734c850b046b1d0a673500f38f75199396b10314c576b1fe8015db6d5ff9e17
 SHA512:
-  metadata.gz: d3a20271170144cf5e758c2310a6d5b3aba18d688bcd8d4c7da24d3397fff329454870e672c3e29e347636f048eb9977edaf9ec01b364c8fe1d846adb6bae3e4
-  data.tar.gz: b3c0e300ce7aee0b82f2cdc61411053459627ceb63ec05ff1a58abf74fabc73d8141507d87542a28bd30684573bdf89ad45fd7b5862ef7848d206c50b2567b22
+  metadata.gz: b574d54bf9023fbeb95d65992ec43a3ec8e7af1a4643ac01125e71517fc521c67605f4c243a2559c28ea34bfda1a9c628df14e71bd8163477fe019663dbdbb4c
+  data.tar.gz: c6e75c6c48358596a8d78428ef5e1499db065d3400e7bceddd7be4141526ea0a916e8d5c0b545a26bae42c158f39ccaeea2ee3069269279b733c36dd31e002ef

data/.git/ORIG_HEAD

@@ -1 +1 @@
-6a06ac49ca3c4d8d829450631d5f809c0fd5f593
+88d2b85cd4a760ba5f48260c9a1799a441f96369

data/.git/logs/HEAD

@@ -1,3 +1,3 @@
-0000000000000000000000000000000000000000 6a06ac49ca3c4d8d829450631d5f809c0fd5f593 root <root@8a49ade2be7e.(none)> 1747236124 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-6a06ac49ca3c4d8d829450631d5f809c0fd5f593 6a06ac49ca3c4d8d829450631d5f809c0fd5f593 root <root@8a49ade2be7e.(none)> 1747236124 +0000	checkout: moving from master to master
-6a06ac49ca3c4d8d829450631d5f809c0fd5f593 208194810b58fc7e050508e7df5360b4f39d5b68 root <root@8a49ade2be7e.(none)> 1747236124 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 88d2b85cd4a760ba5f48260c9a1799a441f96369 root <root@a26af7fed765.(none)> 1748044166 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+88d2b85cd4a760ba5f48260c9a1799a441f96369 88d2b85cd4a760ba5f48260c9a1799a441f96369 root <root@a26af7fed765.(none)> 1748044166 +0000	checkout: moving from master to master
+88d2b85cd4a760ba5f48260c9a1799a441f96369 7d85e318ab1eda4e409329d726facc84bbaa57c2 root <root@a26af7fed765.(none)> 1748044166 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/heads/master

@@ -1,2 +1,2 @@
-0000000000000000000000000000000000000000 6a06ac49ca3c4d8d829450631d5f809c0fd5f593 root <root@8a49ade2be7e.(none)> 1747236124 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-6a06ac49ca3c4d8d829450631d5f809c0fd5f593 208194810b58fc7e050508e7df5360b4f39d5b68 root <root@8a49ade2be7e.(none)> 1747236124 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 88d2b85cd4a760ba5f48260c9a1799a441f96369 root <root@a26af7fed765.(none)> 1748044166 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+88d2b85cd4a760ba5f48260c9a1799a441f96369 7d85e318ab1eda4e409329d726facc84bbaa57c2 root <root@a26af7fed765.(none)> 1748044166 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/remotes/origin/HEAD

@@ -1 +1 @@
-0000000000000000000000000000000000000000 6a06ac49ca3c4d8d829450631d5f809c0fd5f593 root <root@8a49ade2be7e.(none)> 1747236124 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+0000000000000000000000000000000000000000 88d2b85cd4a760ba5f48260c9a1799a441f96369 root <root@a26af7fed765.(none)> 1748044166 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git

data/.git/packed-refs

@@ -1,6 +1,6 @@
 # pack-refs with: peeled fully-peeled sorted 
-208194810b58fc7e050508e7df5360b4f39d5b68 refs/remotes/origin/development
-6a06ac49ca3c4d8d829450631d5f809c0fd5f593 refs/remotes/origin/master
+7d85e318ab1eda4e409329d726facc84bbaa57c2 refs/remotes/origin/development
+88d2b85cd4a760ba5f48260c9a1799a441f96369 refs/remotes/origin/master
 2e4fe8087177ddea9b3991ca499f758384839c89 refs/tags/untagged-84fd83a4484c785cce63
 04f604866214fab4d5663b5171a3e596331577bd refs/tags/v0.9.4
 6f9a7b75b345c65fb554884907b7060680c807b7 refs/tags/v0.9.5
@@ -85,6 +85,8 @@ d92875bdf2278c475f52984d1165544d287e2255 refs/tags/v14.10.0
 856633eda480e15e9e53f3c76d373c9832734869 refs/tags/v14.11.0
 39946f5be0cf4bd4a6f3432cbe1caa0889a9fcf2 refs/tags/v14.12.0
 6a06ac49ca3c4d8d829450631d5f809c0fd5f593 refs/tags/v14.13.0
+208194810b58fc7e050508e7df5360b4f39d5b68 refs/tags/v14.14.0
+88d2b85cd4a760ba5f48260c9a1799a441f96369 refs/tags/v14.17.0
 f9539f7781664eb4681b99f12cbcc5d613e241ab refs/tags/v14.2.0
 435ad5faee6a7b0f94295b5d5fe9060611a81df3 refs/tags/v14.3.0
 90b476259dcfed955ebd9339fbe2bbb0c2086b6d refs/tags/v14.4.0

data/.git/refs/heads/master

@@ -1 +1 @@
-208194810b58fc7e050508e7df5360b4f39d5b68
+7d85e318ab1eda4e409329d726facc84bbaa57c2

data/lib/grpc/drivers_pb.rb

@@ -1215,6 +1215,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :subdomain, :string, 32775
       optional :allow_resource_role_bypass, :bool, 15
       optional :certificate_authority, :string, 4
+      optional :discovery_enabled, :bool, 13
+      optional :discovery_username, :string, 14
       optional :healthcheck_namespace, :string, 6
       optional :identity_alias_healthcheck_username, :string, 8
       optional :identity_set_id, :string, 7
@@ -2017,6 +2019,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :password, :string, 2
       optional :port, :int32, 5
       optional :port_override, :int32, 4
+      optional :tls_required, :bool, 7
       optional :username, :string, 6
     end
     add_message "v1.Vertica" do

data/lib/grpc/organization_history_pb.rb

@@ -68,6 +68,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :device_trust_enabled, :bool, 27
       optional :device_trust_provider, :string, 28
       optional :enforce_single_session, :bool, 29
+      optional :discard_replays, :bool, 30
+      optional :public_key_pem, :string, 31
     end
   end
 end

data/lib/grpc/plumbing.rb

@@ -7693,6 +7693,8 @@ module SDM
       porcelain.allow_resource_role_bypass = (plumbing.allow_resource_role_bypass)
       porcelain.bind_interface = (plumbing.bind_interface)
       porcelain.certificate_authority = (plumbing.certificate_authority)
+      porcelain.discovery_enabled = (plumbing.discovery_enabled)
+      porcelain.discovery_username = (plumbing.discovery_username)
       porcelain.egress_filter = (plumbing.egress_filter)
       porcelain.healthcheck_namespace = (plumbing.healthcheck_namespace)
       porcelain.healthy = (plumbing.healthy)
@@ -7716,6 +7718,8 @@ module SDM
       plumbing.allow_resource_role_bypass = (porcelain.allow_resource_role_bypass)
       plumbing.bind_interface = (porcelain.bind_interface)
       plumbing.certificate_authority = (porcelain.certificate_authority)
+      plumbing.discovery_enabled = (porcelain.discovery_enabled)
+      plumbing.discovery_username = (porcelain.discovery_username)
       plumbing.egress_filter = (porcelain.egress_filter)
       plumbing.healthcheck_namespace = (porcelain.healthcheck_namespace)
       plumbing.healthy = (porcelain.healthy)
@@ -10049,6 +10053,7 @@ module SDM
       porcelain.created_at = convert_timestamp_to_porcelain(plumbing.created_at)
       porcelain.device_trust_enabled = (plumbing.device_trust_enabled)
       porcelain.device_trust_provider = (plumbing.device_trust_provider)
+      porcelain.discard_replays = (plumbing.discard_replays)
       porcelain.enforce_single_session = (plumbing.enforce_single_session)
       porcelain.idle_timeout = convert_duration_to_porcelain(plumbing.idle_timeout)
       porcelain.idle_timeout_enabled = (plumbing.idle_timeout_enabled)
@@ -10063,6 +10068,7 @@ module SDM
       porcelain.mfa_enabled = (plumbing.mfa_enabled)
       porcelain.mfa_provider = (plumbing.mfa_provider)
       porcelain.name = (plumbing.name)
+      porcelain.public_key_pem = (plumbing.public_key_pem)
       porcelain.require_secret_store = (plumbing.require_secret_store)
       porcelain.saml_metadata_url = (plumbing.saml_metadata_url)
       porcelain.scim_provider = (plumbing.scim_provider)
@@ -10085,6 +10091,7 @@ module SDM
       plumbing.created_at = convert_timestamp_to_plumbing(porcelain.created_at)
       plumbing.device_trust_enabled = (porcelain.device_trust_enabled)
       plumbing.device_trust_provider = (porcelain.device_trust_provider)
+      plumbing.discard_replays = (porcelain.discard_replays)
       plumbing.enforce_single_session = (porcelain.enforce_single_session)
       plumbing.idle_timeout = convert_duration_to_plumbing(porcelain.idle_timeout)
       plumbing.idle_timeout_enabled = (porcelain.idle_timeout_enabled)
@@ -10099,6 +10106,7 @@ module SDM
       plumbing.mfa_enabled = (porcelain.mfa_enabled)
       plumbing.mfa_provider = (porcelain.mfa_provider)
       plumbing.name = (porcelain.name)
+      plumbing.public_key_pem = (porcelain.public_key_pem)
       plumbing.require_secret_store = (porcelain.require_secret_store)
       plumbing.saml_metadata_url = (porcelain.saml_metadata_url)
       plumbing.scim_provider = (porcelain.scim_provider)
@@ -11365,6 +11373,7 @@ module SDM
       porcelain.encrypted = (plumbing.encrypted)
       porcelain.id = (plumbing.id)
       porcelain.identity_alias_username = (plumbing.identity_alias_username)
+      porcelain.metadata_json = (plumbing.metadata_json)
       porcelain.query_body = (plumbing.query_body)
       porcelain.query_category = (plumbing.query_category)
       porcelain.query_hash = (plumbing.query_hash)
@@ -11401,6 +11410,7 @@ module SDM
       plumbing.encrypted = (porcelain.encrypted)
       plumbing.id = (porcelain.id)
       plumbing.identity_alias_username = (porcelain.identity_alias_username)
+      plumbing.metadata_json = (porcelain.metadata_json)
       plumbing.query_body = (porcelain.query_body)
       plumbing.query_category = (porcelain.query_category)
       plumbing.query_hash = (porcelain.query_hash)
@@ -15925,6 +15935,7 @@ module SDM
       porcelain.secret_store_id = (plumbing.secret_store_id)
       porcelain.subdomain = (plumbing.subdomain)
       porcelain.tags = convert_tags_to_porcelain(plumbing.tags)
+      porcelain.tls_required = (plumbing.tls_required)
       porcelain.username = (plumbing.username)
       porcelain
     end
@@ -15947,6 +15958,7 @@ module SDM
       plumbing.secret_store_id = (porcelain.secret_store_id)
       plumbing.subdomain = (porcelain.subdomain)
       plumbing.tags = convert_tags_to_plumbing(porcelain.tags)
+      plumbing.tls_required = (porcelain.tls_required)
       plumbing.username = (porcelain.username)
       plumbing
     end

data/lib/grpc/queries_pb.rb

@@ -65,6 +65,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :authzJson, :string, 28
       optional :client_ip, :string, 29
       optional :identity_alias_username, :string, 30
+      optional :metadata_json, :string, 31
     end
     add_message "v1.QueryCapture" do
       optional :width, :int32, 1

data/lib/models/porcelain.rb

@@ -7696,6 +7696,11 @@ module SDM
     attr_accessor :bind_interface
     # The CA to authenticate TLS connections with.
     attr_accessor :certificate_authority
+    # If true, configures discovery of a cluster to be run from a node.
+    attr_accessor :discovery_enabled
+    # If a cluster is configured for user impersonation, this is the user to impersonate when
+    # running discovery.
+    attr_accessor :discovery_username
     # A filter applied to the routing logic to pin datasource to nodes.
     attr_accessor :egress_filter
     # The path used to check the health of your connection.  Defaults to `default`.
@@ -7725,6 +7730,8 @@ module SDM
       allow_resource_role_bypass: nil,
       bind_interface: nil,
       certificate_authority: nil,
+      discovery_enabled: nil,
+      discovery_username: nil,
       egress_filter: nil,
       healthcheck_namespace: nil,
       healthy: nil,
@@ -7741,6 +7748,8 @@ module SDM
       @allow_resource_role_bypass = allow_resource_role_bypass == nil ? false : allow_resource_role_bypass
       @bind_interface = bind_interface == nil ? "" : bind_interface
       @certificate_authority = certificate_authority == nil ? "" : certificate_authority
+      @discovery_enabled = discovery_enabled == nil ? false : discovery_enabled
+      @discovery_username = discovery_username == nil ? "" : discovery_username
       @egress_filter = egress_filter == nil ? "" : egress_filter
       @healthcheck_namespace = healthcheck_namespace == nil ? "" : healthcheck_namespace
       @healthy = healthy == nil ? false : healthy
@@ -10011,6 +10020,8 @@ module SDM
     attr_accessor :device_trust_enabled
     # The Organization's device trust provider, one of the DeviceTrustProvider constants.
     attr_accessor :device_trust_provider
+    # Indicates if the Organization should drop replay data for SSH, RDP, and K8s logs.
+    attr_accessor :discard_replays
     # Indicates if the Organization enforces a single session per user for the CLI and AdminUI.
     attr_accessor :enforce_single_session
     # The Organization's idle timeout, if enabled.
@@ -10039,6 +10050,8 @@ module SDM
     attr_accessor :mfa_provider
     # The Organization's name.
     attr_accessor :name
+    # The Organization's public key PEM for encrypting remote logs.
+    attr_accessor :public_key_pem
     # Indicates if the Organization requires secret stores.
     attr_accessor :require_secret_store
     # The Organization's URL for SAML metadata.
@@ -10065,6 +10078,7 @@ module SDM
       created_at: nil,
       device_trust_enabled: nil,
       device_trust_provider: nil,
+      discard_replays: nil,
       enforce_single_session: nil,
       idle_timeout: nil,
       idle_timeout_enabled: nil,
@@ -10079,6 +10093,7 @@ module SDM
       mfa_enabled: nil,
       mfa_provider: nil,
       name: nil,
+      public_key_pem: nil,
       require_secret_store: nil,
       saml_metadata_url: nil,
       scim_provider: nil,
@@ -10094,6 +10109,7 @@ module SDM
       @created_at = created_at == nil ? nil : created_at
       @device_trust_enabled = device_trust_enabled == nil ? false : device_trust_enabled
       @device_trust_provider = device_trust_provider == nil ? "" : device_trust_provider
+      @discard_replays = discard_replays == nil ? false : discard_replays
       @enforce_single_session = enforce_single_session == nil ? false : enforce_single_session
       @idle_timeout = idle_timeout == nil ? nil : idle_timeout
       @idle_timeout_enabled = idle_timeout_enabled == nil ? false : idle_timeout_enabled
@@ -10108,6 +10124,7 @@ module SDM
       @mfa_enabled = mfa_enabled == nil ? false : mfa_enabled
       @mfa_provider = mfa_provider == nil ? "" : mfa_provider
       @name = name == nil ? "" : name
+      @public_key_pem = public_key_pem == nil ? "" : public_key_pem
       @require_secret_store = require_secret_store == nil ? false : require_secret_store
       @saml_metadata_url = saml_metadata_url == nil ? "" : saml_metadata_url
       @scim_provider = scim_provider == nil ? "" : scim_provider
@@ -11141,6 +11158,8 @@ module SDM
     attr_accessor :id
     # The username of the IdentityAlias used to access the Resource.
     attr_accessor :identity_alias_username
+    # Driver specific metadata associated with this query.
+    attr_accessor :metadata_json
     # The captured content of the Query.
     # For queries against SSH, Kubernetes, and RDP resources, this contains a JSON representation of the QueryCapture.
     attr_accessor :query_body
@@ -11191,6 +11210,7 @@ module SDM
       encrypted: nil,
       id: nil,
       identity_alias_username: nil,
+      metadata_json: nil,
       query_body: nil,
       query_category: nil,
       query_hash: nil,
@@ -11220,6 +11240,7 @@ module SDM
       @encrypted = encrypted == nil ? false : encrypted
       @id = id == nil ? "" : id
       @identity_alias_username = identity_alias_username == nil ? "" : identity_alias_username
+      @metadata_json = metadata_json == nil ? "" : metadata_json
       @query_body = query_body == nil ? "" : query_body
       @query_category = query_category == nil ? "" : query_category
       @query_hash = query_hash == nil ? "" : query_hash
@@ -14743,6 +14764,8 @@ module SDM
     attr_accessor :subdomain
     # Tags is a map of key, value pairs.
     attr_accessor :tags
+    # If set, TLS must be used to connect to this resource.
+    attr_accessor :tls_required
     # The username to authenticate with.
     attr_accessor :username
 
@@ -14760,6 +14783,7 @@ module SDM
       secret_store_id: nil,
       subdomain: nil,
       tags: nil,
+      tls_required: nil,
       username: nil
     )
       @bind_interface = bind_interface == nil ? "" : bind_interface
@@ -14775,6 +14799,7 @@ module SDM
       @secret_store_id = secret_store_id == nil ? "" : secret_store_id
       @subdomain = subdomain == nil ? "" : subdomain
       @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+      @tls_required = tls_required == nil ? false : tls_required
       @username = username == nil ? "" : username
     end
 

data/lib/strongdm.rb

@@ -25,25 +25,27 @@ module SDM #:nodoc:
 
   # Client bundles all the services together and initializes them.
   class Client
-    DEFAULT_MAX_RETRIES = 3
-    DEFAULT_BASE_RETRY_DELAY = 0.0030 # 30 ms
-    DEFAULT_MAX_RETRY_DELAY = 300 # 300 seconds
+    DEFAULT_BASE_RETRY_DELAY = 1 # 1 second
+    DEFAULT_MAX_RETRY_DELAY = 120 # 120 seconds
+    DEFAULT_RETRY_FACTOR = 1.6
+    DEFAULT_RETRY_JITTER = 0.2
     API_VERSION = "2025-04-14"
-    USER_AGENT = "strongdm-sdk-ruby/14.14.0"
-    private_constant :DEFAULT_MAX_RETRIES, :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :API_VERSION, :USER_AGENT
+    USER_AGENT = "strongdm-sdk-ruby/14.20.0"
+    private_constant :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :DEFAULT_RETRY_FACTOR, :DEFAULT_RETRY_JITTER, :API_VERSION, :USER_AGENT
 
     # Creates a new strongDM API client.
-    def initialize(api_access_key, api_secret_key, host: "app.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 50)
+    def initialize(api_access_key, api_secret_key, host: "app.strongdm.com:443", insecure: false, retry_rate_limit_errors: true, page_limit: 0)
       raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String)
       raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String)
       raise TypeError, "client host must be a string" unless host.kind_of?(String)
       @api_access_key = api_access_key.strip
       @api_secret_key = Base64.strict_decode64(api_secret_key.strip)
-      @max_retries = DEFAULT_MAX_RETRIES
       @base_retry_delay = DEFAULT_BASE_RETRY_DELAY
       @max_retry_delay = DEFAULT_MAX_RETRY_DELAY
+      @retry_factor = DEFAULT_RETRY_FACTOR
+      @retry_jitter = DEFAULT_RETRY_JITTER
       @page_limit = page_limit
-      @expose_rate_limit_errors = (not retry_rate_limit_errors)
+      @retry_rate_limit_errors = retry_rate_limit_errors
       @snapshot_time = nil
       begin
         if insecure
@@ -153,18 +155,44 @@ module SDM #:nodoc:
     end
 
     # @private
-    def jitterSleep(iter)
-      dur_max = @base_retry_delay * 2 ** iter
-      if (dur_max > @max_retry_delay)
-        dur_max = @max_retry_delay
+    def exponentialBackoff(retries, deadline = nil)
+      if retries == 0
+        return applyDeadline(@base_retry_delay, deadline)
       end
-      dur = rand() * dur_max
-      sleep(dur)
+      backoff, max = @base_retry_delay, @max_retry_delay
+      while backoff < max and retries > 0
+        backoff *= @retry_factor
+        retries -= 1
+      end
+      if backoff > max
+        backoff = max
+      end
+      # Randomize backoff delays so that if a cluster of requests start at
+      # the same time, they won't operate in lockstep.
+      backoff *= 1 + @retry_jitter * (rand() * 2 - 1)
+      if backoff < 0
+        return 0
+      end
+
+      return applyDeadline(backoff, deadline)
+    end
+
+    # @private
+    def applyDeadline(backoff, deadline)
+      if deadline.nil?
+        return backoff
+      end
+      remaining = deadline - Time.now
+      if remaining < 0
+        return 0
+      end
+      return [backoff, remaining].min
     end
 
     # @private
-    def shouldRetry(iter, err)
-      if (iter >= @max_retries - 1)
+    def shouldRetry(retries, err, deadline = nil)
+      # Check if we've passed the deadline
+      if !deadline.nil? && Time.now >= deadline
         return false
       end
       # The grpc library unfortunately does not raise a more specific error class.
@@ -172,20 +200,12 @@ module SDM #:nodoc:
         return false
       end
       if not err.is_a? GRPC::BadStatus
-        return true
+        return false
       end
-      porcelainErr = Plumbing::convert_error_to_porcelain(err)
-      if (not @expose_rate_limit_errors) and (porcelainErr.is_a? RateLimitError)
-        sleep_for = porcelainErr.rate_limit.reset_at - Time.now
-        # If timezones or clock drift causes this calculation to fail,
-        # wait at most one minute.
-        if sleep_for < 0 or sleep_for > 60
-          sleep_for = 60
-        end
-        sleep(sleep_for)
+      if @retry_rate_limit_errors and err.code() == 8
         return true
       end
-      return (err.code() == 13 or err.code() == 14)
+      return (retries <= 3) && ((err.code() == 13) || (err.code() == 14))
     end
 
     # Constructs a read-only client that will provide historical data from the provided timestamp.
@@ -196,7 +216,11 @@ module SDM #:nodoc:
       return SnapshotClient.new(client)
     end
 
-    attr_reader :max_retries
+    # @deprecated
+    def max_retries
+      3
+    end
+
     attr_reader :base_retry_delay
     attr_reader :max_retry_delay
     attr_accessor :page_limit