strongdm 15.1.0 → 15.4.0

data/lib/models/porcelain.rb

@@ -286,6 +286,7 @@ module SDM
     end
   end
 
+  # AKSServiceAccountUserImpersonation is deprecated, see docs for more info.
   class AKSServiceAccountUserImpersonation
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
     attr_accessor :bind_interface
@@ -357,6 +358,7 @@ module SDM
     end
   end
 
+  # AKSUserImpersonation is deprecated, see docs for more info.
   class AKSUserImpersonation
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
     attr_accessor :bind_interface
@@ -436,6 +438,82 @@ module SDM
     end
   end
 
+  # AMQP is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class AMQP
+    # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+    attr_accessor :bind_interface
+    # A filter applied to the routing logic to pin datasource to nodes.
+    attr_accessor :egress_filter
+    # True if the datasource is reachable and the credentials are valid.
+    attr_accessor :healthy
+    # The host to dial to initiate a connection from the egress node to this resource.
+    attr_accessor :hostname
+    # Unique identifier of the Resource.
+    attr_accessor :id
+    # Unique human-readable name of the Resource.
+    attr_accessor :name
+    # The password to authenticate with.
+    attr_accessor :password
+    # The port to dial to initiate a connection from the egress node to this resource.
+    attr_accessor :port
+    # The local port used by clients to connect to this resource.
+    attr_accessor :port_override
+    # ID of the proxy cluster for this resource, if any.
+    attr_accessor :proxy_cluster_id
+    # ID of the secret store containing credentials for this resource, if any.
+    attr_accessor :secret_store_id
+    # Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+    attr_accessor :subdomain
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+    # If set, TLS must be used to connect to this resource.
+    attr_accessor :tls_required
+    # The username to authenticate with.
+    attr_accessor :username
+
+    def initialize(
+      bind_interface: nil,
+      egress_filter: nil,
+      healthy: nil,
+      hostname: nil,
+      id: nil,
+      name: nil,
+      password: nil,
+      port: nil,
+      port_override: nil,
+      proxy_cluster_id: nil,
+      secret_store_id: nil,
+      subdomain: nil,
+      tags: nil,
+      tls_required: nil,
+      username: nil
+    )
+      @bind_interface = bind_interface == nil ? "" : bind_interface
+      @egress_filter = egress_filter == nil ? "" : egress_filter
+      @healthy = healthy == nil ? false : healthy
+      @hostname = hostname == nil ? "" : hostname
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @password = password == nil ? "" : password
+      @port = port == nil ? 0 : port
+      @port_override = port_override == nil ? 0 : port_override
+      @proxy_cluster_id = proxy_cluster_id == nil ? "" : proxy_cluster_id
+      @secret_store_id = secret_store_id == nil ? "" : secret_store_id
+      @subdomain = subdomain == nil ? "" : subdomain
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+      @tls_required = tls_required == nil ? false : tls_required
+      @username = username == nil ? "" : username
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class AWS
     # The Access Key ID to use to authenticate.
     attr_accessor :access_key
@@ -2243,6 +2321,7 @@ module SDM
     end
   end
 
+  # AmazonEKSInstanceProfileUserImpersonation is deprecated, see docs for more info.
   class AmazonEKSInstanceProfileUserImpersonation
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
     attr_accessor :bind_interface
@@ -2326,6 +2405,7 @@ module SDM
     end
   end
 
+  # AmazonEKSUserImpersonation is deprecated, see docs for more info.
   class AmazonEKSUserImpersonation
     # The Access Key ID to use to authenticate.
     attr_accessor :access_key
@@ -2741,6 +2821,7 @@ module SDM
   end
 
   # ApprovalWorkflowApprover links an approval workflow approver to an ApprovalWorkflowStep
+  # ApprovalWorkflowApprover is deprecated, see docs for more info.
   class ApprovalWorkflowApprover
     # The approver account id.
     attr_accessor :account_id
@@ -3047,6 +3128,7 @@ module SDM
   end
 
   # ApprovalWorkflowStep links an approval workflow step to an ApprovalWorkflow
+  # ApprovalWorkflowStep is deprecated, see docs for more info.
   class ApprovalWorkflowStep
     # The approval flow id specified the approval workflow that this step belongs to
     attr_accessor :approval_flow_id
@@ -4002,6 +4084,86 @@ module SDM
     end
   end
 
+  # AzureMysqlManagedIdentity is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class AzureMysqlManagedIdentity
+    # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+    attr_accessor :bind_interface
+    # The database for healthchecks. Does not affect client requests.
+    attr_accessor :database
+    # A filter applied to the routing logic to pin datasource to nodes.
+    attr_accessor :egress_filter
+    # True if the datasource is reachable and the credentials are valid.
+    attr_accessor :healthy
+    # The host to dial to initiate a connection from the egress node to this resource.
+    attr_accessor :hostname
+    # Unique identifier of the Resource.
+    attr_accessor :id
+    # Unique human-readable name of the Resource.
+    attr_accessor :name
+    # The password to authenticate with.
+    attr_accessor :password
+    # The port to dial to initiate a connection from the egress node to this resource.
+    attr_accessor :port
+    # The local port used by clients to connect to this resource.
+    attr_accessor :port_override
+    # ID of the proxy cluster for this resource, if any.
+    attr_accessor :proxy_cluster_id
+    # ID of the secret store containing credentials for this resource, if any.
+    attr_accessor :secret_store_id
+    # Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+    attr_accessor :subdomain
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+    # If true, appends the hostname to the username when hitting a database.azure.com address
+    attr_accessor :use_azure_single_server_usernames
+    # The username to authenticate with.
+    attr_accessor :username
+
+    def initialize(
+      bind_interface: nil,
+      database: nil,
+      egress_filter: nil,
+      healthy: nil,
+      hostname: nil,
+      id: nil,
+      name: nil,
+      password: nil,
+      port: nil,
+      port_override: nil,
+      proxy_cluster_id: nil,
+      secret_store_id: nil,
+      subdomain: nil,
+      tags: nil,
+      use_azure_single_server_usernames: nil,
+      username: nil
+    )
+      @bind_interface = bind_interface == nil ? "" : bind_interface
+      @database = database == nil ? "" : database
+      @egress_filter = egress_filter == nil ? "" : egress_filter
+      @healthy = healthy == nil ? false : healthy
+      @hostname = hostname == nil ? "" : hostname
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @password = password == nil ? "" : password
+      @port = port == nil ? 0 : port
+      @port_override = port_override == nil ? 0 : port_override
+      @proxy_cluster_id = proxy_cluster_id == nil ? "" : proxy_cluster_id
+      @secret_store_id = secret_store_id == nil ? "" : secret_store_id
+      @subdomain = subdomain == nil ? "" : subdomain
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+      @use_azure_single_server_usernames = use_azure_single_server_usernames == nil ? false : use_azure_single_server_usernames
+      @username = username == nil ? "" : username
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class AzurePostgres
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
     attr_accessor :bind_interface
@@ -6548,6 +6710,7 @@ module SDM
     end
   end
 
+  # GoogleGKEUserImpersonation is deprecated, see docs for more info.
   class GoogleGKEUserImpersonation
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
     attr_accessor :bind_interface
@@ -7953,6 +8116,7 @@ module SDM
     end
   end
 
+  # KubernetesServiceAccountUserImpersonation is deprecated, see docs for more info.
   class KubernetesServiceAccountUserImpersonation
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
     attr_accessor :bind_interface
@@ -8024,6 +8188,7 @@ module SDM
     end
   end
 
+  # KubernetesUserImpersonation is deprecated, see docs for more info.
   class KubernetesUserImpersonation
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
     attr_accessor :bind_interface
@@ -8103,6 +8268,72 @@ module SDM
     end
   end
 
+  class LogCategoryConfig
+    # Indicates if the Organization should exclude replay data from remote logging for the log category.
+    attr_accessor :remote_discard_replays
+    # The Organization's remote log encryption encoder, one of the LogRemoteEncoder constants.
+    attr_accessor :remote_encoder
+
+    def initialize(
+      remote_discard_replays: nil,
+      remote_encoder: nil
+    )
+      @remote_discard_replays = remote_discard_replays == nil ? false : remote_discard_replays
+      @remote_encoder = remote_encoder == nil ? "" : remote_encoder
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  class LogConfig
+    # The Organization's log category configuration settings.
+    attr_accessor :categories
+    # The Organization's local log encryption encoder, one of the LogLocalEncoder constants.
+    attr_accessor :local_encoder
+    # The Organization's local log format, one of the LogLocalFormat constants.
+    attr_accessor :local_format
+    # The Organization's local log socket path.
+    attr_accessor :local_socket_path
+    # The Organization's local log storage, one of the LogLocalStorage constants.
+    attr_accessor :local_storage
+    # The Organization's local log TCP address.
+    attr_accessor :local_tcp_address
+    # The Organization's public key in PEM format for encrypting logs.
+    attr_accessor :public_key
+
+    def initialize(
+      categories: nil,
+      local_encoder: nil,
+      local_format: nil,
+      local_socket_path: nil,
+      local_storage: nil,
+      local_tcp_address: nil,
+      public_key: nil
+    )
+      @categories = categories == nil ? SDM::_porcelain_zero_value_log_category_config_map() : categories
+      @local_encoder = local_encoder == nil ? "" : local_encoder
+      @local_format = local_format == nil ? "" : local_format
+      @local_socket_path = local_socket_path == nil ? "" : local_socket_path
+      @local_storage = local_storage == nil ? "" : local_storage
+      @local_tcp_address = local_tcp_address == nil ? "" : local_tcp_address
+      @public_key = public_key == nil ? "" : public_key
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   # MTLSMysql is currently unstable, and its API may change, or it may be removed, without a major version bump.
   class MTLSMysql
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -10108,6 +10339,7 @@ module SDM
     # The Organization's device trust provider, one of the DeviceTrustProvider constants.
     attr_accessor :device_trust_provider
     # Indicates if the Organization should drop replay data for SSH, RDP, and K8s logs.
+    # Deprecated: use categories specific log_config.categories[].remote_discard_replays instead
     attr_accessor :discard_replays
     # Indicates if the Organization enforces a single session per user for the CLI and AdminUI.
     attr_accessor :enforce_single_session
@@ -10117,17 +10349,25 @@ module SDM
     attr_accessor :idle_timeout_enabled
     # The Organization's type, one of the OrgKind constants.
     attr_accessor :kind
+    # The Organization's logging settings
+    attr_accessor :log_config
     # The Organization's local log encryption encoder, one of the LogLocalEncoder constants.
+    # Deprecated: use log_config.local_encoder instead
     attr_accessor :log_local_encoder
     # The Organization's local log format, one of the LogLocalFormat constants.
+    # Deprecated: use log_config.local_format instead
     attr_accessor :log_local_format
     # The Organization's local log storage, one of the LogLocalStorage constants.
+    # Deprecated: use log_config.local_storage instead
     attr_accessor :log_local_storage
     # The Organization's remote log encryption encoder, one of the LogRemoteEncoder constants.
+    # Deprecated: use categories specific log_config.categories[].remote_encoder instead
     attr_accessor :log_remote_encoder
     # The Organization's socket path for Socket local log storage.
+    # Deprecated: use log_config.local_socket_path instead
     attr_accessor :log_socket_path
     # The Organization's TCP address for TCP or Syslog local log storage.
+    # Deprecated: use log_config.local_tcp_address instead
     attr_accessor :log_tcp_address
     # The Organization's loopback range.
     attr_accessor :loopback_range
@@ -10138,6 +10378,7 @@ module SDM
     # The Organization's name.
     attr_accessor :name
     # The Organization's public key PEM for encrypting remote logs.
+    # Deprecated: use log_config.public_key instead
     attr_accessor :public_key_pem
     # Indicates if the Organization requires secret stores.
     attr_accessor :require_secret_store
@@ -10170,6 +10411,7 @@ module SDM
       idle_timeout: nil,
       idle_timeout_enabled: nil,
       kind: nil,
+      log_config: nil,
       log_local_encoder: nil,
       log_local_format: nil,
       log_local_storage: nil,
@@ -10201,6 +10443,7 @@ module SDM
       @idle_timeout = idle_timeout == nil ? nil : idle_timeout
       @idle_timeout_enabled = idle_timeout_enabled == nil ? false : idle_timeout_enabled
       @kind = kind == nil ? "" : kind
+      @log_config = log_config == nil ? nil : log_config
       @log_local_encoder = log_local_encoder == nil ? "" : log_local_encoder
       @log_local_format = log_local_format == nil ? "" : log_local_format
       @log_local_storage = log_local_storage == nil ? "" : log_local_storage
@@ -15621,6 +15864,7 @@ module SDM
   end
 
   # WorkflowApprover is an account or a role with the ability to approve requests bound to a workflow.
+  # WorkflowApprover is deprecated, see docs for more info.
   class WorkflowApprover
     # The approver account id.
     attr_accessor :account_id
@@ -16224,4 +16468,8 @@ module SDM
   def self._porcelain_zero_value_access_rule()
     {}
   end
+  # @private
+  def self._porcelain_zero_value_log_category_config_map()
+    {}
+  end
 end

data/lib/strongdm.rb

@@ -30,7 +30,7 @@ module SDM #:nodoc:
     DEFAULT_RETRY_FACTOR = 1.6
     DEFAULT_RETRY_JITTER = 0.2
     API_VERSION = "2025-04-14"
-    USER_AGENT = "strongdm-sdk-ruby/15.1.0"
+    USER_AGENT = "strongdm-sdk-ruby/15.4.0"
     private_constant :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :DEFAULT_RETRY_FACTOR, :DEFAULT_RETRY_JITTER, :API_VERSION, :USER_AGENT
 
     # Creates a new strongDM API client.
@@ -77,6 +77,7 @@ module SDM #:nodoc:
       @approval_workflows = ApprovalWorkflows.new(@channel, self)
       @approval_workflows_history = ApprovalWorkflowsHistory.new(@channel, self)
       @control_panel = ControlPanel.new(@channel, self)
+      @roles = Roles.new(@channel, self)
       @health_checks = HealthChecks.new(@channel, self)
       @identity_aliases = IdentityAliases.new(@channel, self)
       @identity_aliases_history = IdentityAliasesHistory.new(@channel, self)
@@ -103,7 +104,6 @@ module SDM #:nodoc:
       @resources_history = ResourcesHistory.new(@channel, self)
       @role_resources = RoleResources.new(@channel, self)
       @role_resources_history = RoleResourcesHistory.new(@channel, self)
-      @roles = Roles.new(@channel, self)
       @roles_history = RolesHistory.new(@channel, self)
       @secret_stores = SecretStores.new(@channel, self)
       @secret_engines = SecretEngines.new(@channel, self)
@@ -315,6 +315,12 @@ module SDM #:nodoc:
     #
     # See {ControlPanel}.
     attr_reader :control_panel
+    # A Role has a list of access rules which determine which Resources the members
+    # of the Role have access to. An Account can be a member of multiple Roles via
+    # AccountAttachments.
+    #
+    # See {Roles}.
+    attr_reader :roles
     # HealthChecks lists the last healthcheck between each node and resource.
     # Note the unconventional capitalization here is to prevent having a collision with GRPC
     #
@@ -435,12 +441,6 @@ module SDM #:nodoc:
     #
     # See {RoleResourcesHistory}.
     attr_reader :role_resources_history
-    # A Role has a list of access rules which determine which Resources the members
-    # of the Role have access to. An Account can be a member of multiple Roles via
-    # AccountAttachments.
-    #
-    # See {Roles}.
-    attr_reader :roles
     # RolesHistory records all changes to the state of a Role.
     #
     # See {RolesHistory}.
@@ -516,6 +516,7 @@ module SDM #:nodoc:
       @approval_workflows = ApprovalWorkflows.new(@channel, self)
       @approval_workflows_history = ApprovalWorkflowsHistory.new(@channel, self)
       @control_panel = ControlPanel.new(@channel, self)
+      @roles = Roles.new(@channel, self)
       @health_checks = HealthChecks.new(@channel, self)
       @identity_aliases = IdentityAliases.new(@channel, self)
       @identity_aliases_history = IdentityAliasesHistory.new(@channel, self)
@@ -542,7 +543,6 @@ module SDM #:nodoc:
       @resources_history = ResourcesHistory.new(@channel, self)
       @role_resources = RoleResources.new(@channel, self)
       @role_resources_history = RoleResourcesHistory.new(@channel, self)
-      @roles = Roles.new(@channel, self)
       @roles_history = RolesHistory.new(@channel, self)
       @secret_stores = SecretStores.new(@channel, self)
       @secret_engines = SecretEngines.new(@channel, self)
@@ -569,6 +569,7 @@ module SDM #:nodoc:
       @approval_workflow_approvers = SnapshotApprovalWorkflowApprovers.new(client.approval_workflow_approvers)
       @approval_workflow_steps = SnapshotApprovalWorkflowSteps.new(client.approval_workflow_steps)
       @approval_workflows = SnapshotApprovalWorkflows.new(client.approval_workflows)
+      @roles = SnapshotRoles.new(client.roles)
       @identity_aliases = SnapshotIdentityAliases.new(client.identity_aliases)
       @identity_sets = SnapshotIdentitySets.new(client.identity_sets)
       @nodes = SnapshotNodes.new(client.nodes)
@@ -578,7 +579,6 @@ module SDM #:nodoc:
       @remote_identity_groups = SnapshotRemoteIdentityGroups.new(client.remote_identity_groups)
       @resources = SnapshotResources.new(client.resources)
       @role_resources = SnapshotRoleResources.new(client.role_resources)
-      @roles = SnapshotRoles.new(client.roles)
       @secret_stores = SnapshotSecretStores.new(client.secret_stores)
       @workflow_approvers = SnapshotWorkflowApprovers.new(client.workflow_approvers)
       @workflow_roles = SnapshotWorkflowRoles.new(client.workflow_roles)
@@ -627,6 +627,12 @@ module SDM #:nodoc:
     #
     # See {SnapshotApprovalWorkflows}.
     attr_reader :approval_workflows
+    # A Role has a list of access rules which determine which Resources the members
+    # of the Role have access to. An Account can be a member of multiple Roles via
+    # AccountAttachments.
+    #
+    # See {SnapshotRoles}.
+    attr_reader :roles
     # IdentityAliases assign an alias to an account within an IdentitySet.
     # The alias is used as the username when connecting to a identity supported resource.
     #
@@ -673,12 +679,6 @@ module SDM #:nodoc:
     #
     # See {SnapshotRoleResources}.
     attr_reader :role_resources
-    # A Role has a list of access rules which determine which Resources the members
-    # of the Role have access to. An Account can be a member of multiple Roles via
-    # AccountAttachments.
-    #
-    # See {SnapshotRoles}.
-    attr_reader :roles
     # SecretStores are servers where resource secrets (passwords, keys) are stored.
     #
     # See {SnapshotSecretStores}.