strongdm 15.40.0 → 15.43.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df977ca5d3481e8abe3f2eb32fbe511ce0837b7af222e7775a89ad23623d1e59
-  data.tar.gz: 066606613c73e91d210c70336929d9f9bd58b3cc59c3e57b7198ab57ad75e207
+  metadata.gz: 07b05d002ea762434e9a42b6da278425d8bb2adf661df165169151ead7aedbda
+  data.tar.gz: fff4b6adece624583f2ccc960359612db92edde0a6af9ada9468013740cc5f16
 SHA512:
-  metadata.gz: 16a2dede8112181c139b1a5cecf731bac27d459bd63fe43f5f5ab65acb49c53c3d989950eb37997cf0423c1b13bcf1aeccb6238b38faecafaa22f8fd4e2f8ca8
-  data.tar.gz: 45781d64a70535e86e9a2b998cde84349beb2086e3eb09030760468b1eef38a0a2271e4e4bfb0ab0cc135c4976e6418085c8aa45a17050bd88dcd40142bef725
+  metadata.gz: 63a76d68d110c41c6c7838a4927186c8606a0c61c4eacfa2d47a729e4e0754561331e70d80a5e1f2916caae212619296c42bf38a15f0c07bc8d641d122fbebb4
+  data.tar.gz: 22e7bb7ce4c40f7935ef05feb46d1dbc2e41a9d2ccb2fa6526743dec30e55c5fe6819f9502e4c0d790b88478162ba10588372fde8691d6f2183db6ed60eb49f0

data/.git/ORIG_HEAD

@@ -1 +1 @@
-740f705c286a25c2abae5a44b52fe330cc4e3e71
+b23f0912dbe900e5bd24222f9971c7820ddf128d

data/.git/logs/HEAD

@@ -1,3 +1,3 @@
-0000000000000000000000000000000000000000 740f705c286a25c2abae5a44b52fe330cc4e3e71 root <root@3304dca81eb3.(none)> 1765583830 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-740f705c286a25c2abae5a44b52fe330cc4e3e71 740f705c286a25c2abae5a44b52fe330cc4e3e71 root <root@3304dca81eb3.(none)> 1765583830 +0000	checkout: moving from master to master
-740f705c286a25c2abae5a44b52fe330cc4e3e71 b20e3c16d138fc17c80e82311c7613a915bc3569 root <root@3304dca81eb3.(none)> 1765583830 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 b23f0912dbe900e5bd24222f9971c7820ddf128d root <root@cbe5b8a77e04.(none)> 1766504191 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+b23f0912dbe900e5bd24222f9971c7820ddf128d b23f0912dbe900e5bd24222f9971c7820ddf128d root <root@cbe5b8a77e04.(none)> 1766504191 +0000	checkout: moving from master to master
+b23f0912dbe900e5bd24222f9971c7820ddf128d 1170439941e521c29339b4d2314cae0e1526759e root <root@cbe5b8a77e04.(none)> 1766504191 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/heads/master

@@ -1,2 +1,2 @@
-0000000000000000000000000000000000000000 740f705c286a25c2abae5a44b52fe330cc4e3e71 root <root@3304dca81eb3.(none)> 1765583830 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-740f705c286a25c2abae5a44b52fe330cc4e3e71 b20e3c16d138fc17c80e82311c7613a915bc3569 root <root@3304dca81eb3.(none)> 1765583830 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 b23f0912dbe900e5bd24222f9971c7820ddf128d root <root@cbe5b8a77e04.(none)> 1766504191 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+b23f0912dbe900e5bd24222f9971c7820ddf128d 1170439941e521c29339b4d2314cae0e1526759e root <root@cbe5b8a77e04.(none)> 1766504191 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/remotes/origin/HEAD

@@ -1 +1 @@
-0000000000000000000000000000000000000000 740f705c286a25c2abae5a44b52fe330cc4e3e71 root <root@3304dca81eb3.(none)> 1765583830 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+0000000000000000000000000000000000000000 b23f0912dbe900e5bd24222f9971c7820ddf128d root <root@cbe5b8a77e04.(none)> 1766504191 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git

data/.git/packed-refs

@@ -1,6 +1,6 @@
 # pack-refs with: peeled fully-peeled sorted 
-b20e3c16d138fc17c80e82311c7613a915bc3569 refs/remotes/origin/development
-740f705c286a25c2abae5a44b52fe330cc4e3e71 refs/remotes/origin/master
+1170439941e521c29339b4d2314cae0e1526759e refs/remotes/origin/development
+b23f0912dbe900e5bd24222f9971c7820ddf128d refs/remotes/origin/master
 2e4fe8087177ddea9b3991ca499f758384839c89 refs/tags/untagged-84fd83a4484c785cce63
 04f604866214fab4d5663b5171a3e596331577bd refs/tags/v0.9.4
 6f9a7b75b345c65fb554884907b7060680c807b7 refs/tags/v0.9.5
@@ -127,6 +127,8 @@ e2a4215bd3bbfb822423e11e81b9ad47bef03840 refs/tags/v15.36.0
 6b720eb84b5b501adf7adbf58f6be078888619e9 refs/tags/v15.37.0
 740f705c286a25c2abae5a44b52fe330cc4e3e71 refs/tags/v15.39.0
 cf3b15b82cb0c4229609c07c870c6cb4fd38ef75 refs/tags/v15.4.0
+b20e3c16d138fc17c80e82311c7613a915bc3569 refs/tags/v15.40.0
+b23f0912dbe900e5bd24222f9971c7820ddf128d refs/tags/v15.41.0
 0be2c5e7f7a90c49077548cb3a9bce234219b9f0 refs/tags/v15.5.0
 4b9cd43c5dda3f369b82b6a56132a5470ff9ff53 refs/tags/v15.6.0
 6e8e9210b26f02ebe925b8e81909ba42985cfde7 refs/tags/v15.7.0

data/.git/refs/heads/master

@@ -1 +1 @@
-b20e3c16d138fc17c80e82311c7613a915bc3569
+1170439941e521c29339b4d2314cae0e1526759e

data/lib/constants.rb

@@ -333,6 +333,7 @@ module SDM
     RESOURCE_LOCKED = "user locked a resource"
     RESOURCE_UNLOCKED = "user unlocked a resource"
     RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource"
+    RESOURCE_LOCK_REJECTED = "user lock rejected for a resource"
     CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings"
     PEERING_GROUP_TOGGLED = "peering group toggled"
     PEERING_GROUP_CREATED = "peering group created"

data/lib/grpc/access_requests_pb.rb

@@ -72,6 +72,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "v1.PrivilegesMessage" do
       optional :kubernetes, :message, 1, "v1.KubernetesPrivileges"
       optional :entraGroups, :message, 2, "v1.EntraGroupPrivileges"
+      optional :oktaGroups, :message, 3, "v1.OktaGroupPrivileges"
     end
     add_message "v1.KubernetesPrivileges" do
       repeated :groups, :string, 1
@@ -79,6 +80,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "v1.EntraGroupPrivileges" do
       repeated :groups, :string, 1
     end
+    add_message "v1.OktaGroupPrivileges" do
+      repeated :groups, :string, 1
+    end
     add_message "v1.AccessRequestConfig" do
       optional :resource_id, :string, 1
       optional :reason, :string, 2
@@ -104,6 +108,7 @@ module V1
   PrivilegesMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.PrivilegesMessage").msgclass
   KubernetesPrivileges = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.KubernetesPrivileges").msgclass
   EntraGroupPrivileges = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.EntraGroupPrivileges").msgclass
+  OktaGroupPrivileges = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OktaGroupPrivileges").msgclass
   AccessRequestConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccessRequestConfig").msgclass
   RequestAccessRequestConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.RequestAccessRequestConfig").msgclass
 end

data/lib/grpc/drivers_pb.rb

@@ -1962,6 +1962,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :allow_deprecated_key_exchanges, :bool, 6
       optional :hostname, :string, 1
       optional :key_type, :string, 8
+      optional :lock_required, :bool, 11
       optional :port, :int32, 3
       optional :port_forwarding, :bool, 5
       optional :port_override, :int32, 7
@@ -1983,6 +1984,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :identity_alias_healthcheck_username, :string, 8
       optional :identity_set_id, :string, 7
       optional :key_type, :string, 9
+      optional :lock_required, :bool, 13
       optional :port, :int32, 3
       optional :port_forwarding, :bool, 4
       optional :port_override, :int32, 6
@@ -2002,6 +2004,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :hostname, :string, 1
       optional :identity_alias_healthcheck_username, :string, 11
       optional :identity_set_id, :string, 10
+      optional :lock_required, :bool, 12
       optional :port, :int32, 3
       optional :port_forwarding, :bool, 5
       optional :port_override, :int32, 7
@@ -2020,6 +2023,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :subdomain, :string, 32775
       optional :allow_deprecated_key_exchanges, :bool, 6
       optional :hostname, :string, 1
+      optional :lock_required, :bool, 10
       optional :password, :string, 4
       optional :port, :int32, 3
       optional :port_forwarding, :bool, 5

data/lib/grpc/plumbing.rb

@@ -16694,6 +16694,7 @@ module SDM
       porcelain.hostname = (plumbing.hostname)
       porcelain.id = (plumbing.id)
       porcelain.key_type = (plumbing.key_type)
+      porcelain.lock_required = (plumbing.lock_required)
       porcelain.name = (plumbing.name)
       porcelain.port = (plumbing.port)
       porcelain.port_forwarding = (plumbing.port_forwarding)
@@ -16719,6 +16720,7 @@ module SDM
       plumbing.hostname = (porcelain.hostname)
       plumbing.id = (porcelain.id)
       plumbing.key_type = (porcelain.key_type)
+      plumbing.lock_required = (porcelain.lock_required)
       plumbing.name = (porcelain.name)
       plumbing.port = (porcelain.port)
       plumbing.port_forwarding = (porcelain.port_forwarding)
@@ -16762,6 +16764,7 @@ module SDM
       porcelain.identity_alias_healthcheck_username = (plumbing.identity_alias_healthcheck_username)
       porcelain.identity_set_id = (plumbing.identity_set_id)
       porcelain.key_type = (plumbing.key_type)
+      porcelain.lock_required = (plumbing.lock_required)
       porcelain.name = (plumbing.name)
       porcelain.port = (plumbing.port)
       porcelain.port_forwarding = (plumbing.port_forwarding)
@@ -16788,6 +16791,7 @@ module SDM
       plumbing.identity_alias_healthcheck_username = (porcelain.identity_alias_healthcheck_username)
       plumbing.identity_set_id = (porcelain.identity_set_id)
       plumbing.key_type = (porcelain.key_type)
+      plumbing.lock_required = (porcelain.lock_required)
       plumbing.name = (porcelain.name)
       plumbing.port = (porcelain.port)
       plumbing.port_forwarding = (porcelain.port_forwarding)
@@ -16829,6 +16833,7 @@ module SDM
       porcelain.id = (plumbing.id)
       porcelain.identity_alias_healthcheck_username = (plumbing.identity_alias_healthcheck_username)
       porcelain.identity_set_id = (plumbing.identity_set_id)
+      porcelain.lock_required = (plumbing.lock_required)
       porcelain.name = (plumbing.name)
       porcelain.port = (plumbing.port)
       porcelain.port_forwarding = (plumbing.port_forwarding)
@@ -16855,6 +16860,7 @@ module SDM
       plumbing.id = (porcelain.id)
       plumbing.identity_alias_healthcheck_username = (porcelain.identity_alias_healthcheck_username)
       plumbing.identity_set_id = (porcelain.identity_set_id)
+      plumbing.lock_required = (porcelain.lock_required)
       plumbing.name = (porcelain.name)
       plumbing.port = (porcelain.port)
       plumbing.port_forwarding = (porcelain.port_forwarding)
@@ -16895,6 +16901,7 @@ module SDM
       porcelain.healthy = (plumbing.healthy)
       porcelain.hostname = (plumbing.hostname)
       porcelain.id = (plumbing.id)
+      porcelain.lock_required = (plumbing.lock_required)
       porcelain.name = (plumbing.name)
       porcelain.password = (plumbing.password)
       porcelain.port = (plumbing.port)
@@ -16919,6 +16926,7 @@ module SDM
       plumbing.healthy = (porcelain.healthy)
       plumbing.hostname = (porcelain.hostname)
       plumbing.id = (porcelain.id)
+      plumbing.lock_required = (porcelain.lock_required)
       plumbing.name = (porcelain.name)
       plumbing.password = (porcelain.password)
       plumbing.port = (porcelain.port)

data/lib/interceptors.rb

@@ -0,0 +1,200 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# @internal Code generated by protogen. DO NOT EDIT.
+
+require "openssl"
+require_relative "./grpc/plumbing"
+
+module SDM
+  # MethodInterceptor provides a generic hook system for modifying
+  # requests and responses before/after gRPC calls
+  class MethodInterceptor
+    def initialize(client)
+      @client = client
+      @before_hooks = {}
+      @after_hooks = {}
+    end
+
+    # Register a hook to run before a method call
+    # method_name: "ServiceName.MethodName" (e.g., "ManagedSecrets.Create")
+    # block: receives (service_instance, request) and should return modified request
+    def before(method_name, &block)
+      @before_hooks[method_name] = block
+    end
+
+    # Register a hook to run after a method call
+    # method_name: "ServiceName.MethodName"
+    # block: receives (service_instance, request, response) and should return modified response
+    def after(method_name, &block)
+      @after_hooks[method_name] = block
+    end
+
+    # Execute before hooks for a method
+    def execute_before(method_name, service_instance, request)
+      hook = @before_hooks[method_name]
+      return request unless hook
+      hook.call(service_instance, request)
+    end
+
+    # Execute after hooks for a method
+    def execute_after(method_name, service_instance, request, response)
+      hook = @after_hooks[method_name]
+      return response unless hook
+      hook.call(service_instance, request, response)
+    end
+  end
+
+  # SecretEncryptionInterceptor implements encryption for managed secrets
+  class SecretEncryptionInterceptor
+    def initialize(client)
+      @client = client
+      @public_key_cache = {}
+      @private_key = nil
+    end
+
+    # Lazy-load private key for retrievals
+    def private_key
+      @private_key ||= OpenSSL::PKey::RSA.new(4096)
+    end
+
+    # Cache a secret engine's public key
+    def cache_public_key(engine_id, public_key_pem)
+      return if public_key_pem.nil? || public_key_pem.empty?
+      @public_key_cache[engine_id] = OpenSSL::PKey::RSA.new(public_key_pem)
+    end
+
+    # Get cached public key
+    def get_public_key(engine_id)
+      @public_key_cache[engine_id]
+    end
+
+    # Encrypt data using RSA-OAEP with SHA256
+    def encrypt(public_key, plaintext)
+      return plaintext if plaintext.nil? || plaintext.empty?
+      public_key.encrypt(plaintext, rsa_padding_mode: "oaep", rsa_oaep_md: "sha256", rsa_mgf1_md: "sha256")
+    end
+
+    # Decrypt data using RSA-OAEP with SHA256
+    def decrypt(ciphertext)
+      return ciphertext if ciphertext.nil? || ciphertext.empty?
+      private_key.decrypt(ciphertext, rsa_padding_mode: "oaep", rsa_oaep_md: "sha256", rsa_mgf1_md: "sha256")
+    end
+
+    # Export public key in PEM format
+    def export_public_key
+      private_key.public_key.to_pem
+    end
+
+    # Setup hooks on the interceptor
+    def setup(interceptor)
+      setup_managed_secrets_hooks(interceptor)
+      setup_secret_engines_hooks(interceptor)
+    end
+
+    private
+
+    def setup_managed_secrets_hooks(interceptor)
+      # Hook for ManagedSecrets.Create - encrypt before sending
+      interceptor.before("ManagedSecrets.Create") do |service, req|
+        secret = req.managed_secret
+        if secret && !secret.value.nil? && !secret.value.empty? && !secret.secret_engine_id.nil?
+          # Try to get public key from cache or fetch it
+          pub_key = get_public_key(secret.secret_engine_id)
+          if pub_key.nil?
+            begin
+              @client.secret_engines.get(secret.secret_engine_id)
+              pub_key = get_public_key(secret.secret_engine_id)
+            rescue
+              # If fetch fails, let server handle it
+            end
+          end
+
+          # Encrypt if we have the key
+          if pub_key
+            secret.value = encrypt(pub_key, secret.value)
+          end
+        end
+        req
+      end
+
+      # Hook for ManagedSecrets.Update - encrypt before sending
+      interceptor.before("ManagedSecrets.Update") do |service, req|
+        secret = req.managed_secret
+        if secret && !secret.value.nil? && !secret.value.empty? && !secret.secret_engine_id.nil?
+          pub_key = get_public_key(secret.secret_engine_id)
+          if pub_key.nil?
+            begin
+              @client.secret_engines.get(secret.secret_engine_id)
+              pub_key = get_public_key(secret.secret_engine_id)
+            rescue
+              # If fetch fails, let server handle it
+            end
+          end
+
+          if pub_key
+            secret.value = encrypt(pub_key, secret.value)
+          end
+        end
+        req
+      end
+
+      # Hook for ManagedSecrets.Retrieve - add public key and decrypt response
+      interceptor.before("ManagedSecrets.Retrieve") do |service, req|
+        if req.public_key.nil? || req.public_key.empty?
+          req.public_key = export_public_key
+        end
+        req
+      end
+
+      interceptor.after("ManagedSecrets.Retrieve") do |service, req, resp|
+        # Only decrypt if we provided the public key
+        if req.public_key == export_public_key
+          secret = resp.managed_secret
+          if secret && !secret.value.nil? && !secret.value.empty?
+            secret.value = decrypt(secret.value)
+          end
+        end
+        resp
+      end
+    end
+
+    def setup_secret_engines_hooks(interceptor)
+      # Hook for SecretEngines.Get - cache public key after response
+      interceptor.after("SecretEngines.Get") do |service, req, resp|
+        engine = Plumbing::convert_secret_engine_to_porcelain(resp.secret_engine)
+        if engine && !engine.id.nil? && !engine.public_key.nil?
+          cache_public_key(engine.id, engine.public_key)
+        end
+        resp
+      end
+    end
+  end
+
+  # EnumeratorInterceptor provides utilities for wrapping enumerators with hooks
+  module EnumeratorInterceptor
+    # Wraps an enumerator to cache secret engine public keys
+    def self.wrap_secret_engine_list(enumerator, encryption_interceptor)
+      Enumerator.new do |yielder|
+        enumerator.each do |engine|
+          if engine && !engine.id.nil? && !engine.public_key.nil?
+            encryption_interceptor.cache_public_key(engine.id, engine.public_key)
+          end
+          yielder << engine
+        end
+      end
+    end
+  end
+end

data/lib/models/porcelain.rb

@@ -15353,6 +15353,8 @@ module SDM
     attr_accessor :id
     # The key type to use e.g. rsa-2048 or ed25519
     attr_accessor :key_type
+    # When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
+    attr_accessor :lock_required
     # Unique human-readable name of the Resource.
     attr_accessor :name
     # The port to dial to initiate a connection from the egress node to this resource.
@@ -15382,6 +15384,7 @@ module SDM
       hostname: nil,
       id: nil,
       key_type: nil,
+      lock_required: nil,
       name: nil,
       port: nil,
       port_forwarding: nil,
@@ -15400,6 +15403,7 @@ module SDM
       @hostname = hostname == nil ? "" : hostname
       @id = id == nil ? "" : id
       @key_type = key_type == nil ? "" : key_type
+      @lock_required = lock_required == nil ? false : lock_required
       @name = name == nil ? "" : name
       @port = port == nil ? 0 : port
       @port_forwarding = port_forwarding == nil ? false : port_forwarding
@@ -15440,6 +15444,8 @@ module SDM
     attr_accessor :identity_set_id
     # The key type to use e.g. rsa-2048 or ed25519
     attr_accessor :key_type
+    # When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
+    attr_accessor :lock_required
     # Unique human-readable name of the Resource.
     attr_accessor :name
     # The port to dial to initiate a connection from the egress node to this resource.
@@ -15469,6 +15475,7 @@ module SDM
       identity_alias_healthcheck_username: nil,
       identity_set_id: nil,
       key_type: nil,
+      lock_required: nil,
       name: nil,
       port: nil,
       port_forwarding: nil,
@@ -15488,6 +15495,7 @@ module SDM
       @identity_alias_healthcheck_username = identity_alias_healthcheck_username == nil ? "" : identity_alias_healthcheck_username
       @identity_set_id = identity_set_id == nil ? "" : identity_set_id
       @key_type = key_type == nil ? "" : key_type
+      @lock_required = lock_required == nil ? false : lock_required
       @name = name == nil ? "" : name
       @port = port == nil ? 0 : port
       @port_forwarding = port_forwarding == nil ? false : port_forwarding
@@ -15525,6 +15533,8 @@ module SDM
     attr_accessor :identity_alias_healthcheck_username
     # The ID of the identity set to use for identity connections.
     attr_accessor :identity_set_id
+    # When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
+    attr_accessor :lock_required
     # Unique human-readable name of the Resource.
     attr_accessor :name
     # The port to dial to initiate a connection from the egress node to this resource.
@@ -15555,6 +15565,7 @@ module SDM
       id: nil,
       identity_alias_healthcheck_username: nil,
       identity_set_id: nil,
+      lock_required: nil,
       name: nil,
       port: nil,
       port_forwarding: nil,
@@ -15574,6 +15585,7 @@ module SDM
       @id = id == nil ? "" : id
       @identity_alias_healthcheck_username = identity_alias_healthcheck_username == nil ? "" : identity_alias_healthcheck_username
       @identity_set_id = identity_set_id == nil ? "" : identity_set_id
+      @lock_required = lock_required == nil ? false : lock_required
       @name = name == nil ? "" : name
       @port = port == nil ? 0 : port
       @port_forwarding = port_forwarding == nil ? false : port_forwarding
@@ -15608,6 +15620,8 @@ module SDM
     attr_accessor :hostname
     # Unique identifier of the Resource.
     attr_accessor :id
+    # When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
+    attr_accessor :lock_required
     # Unique human-readable name of the Resource.
     attr_accessor :name
     # The password to authenticate with.
@@ -15636,6 +15650,7 @@ module SDM
       healthy: nil,
       hostname: nil,
       id: nil,
+      lock_required: nil,
       name: nil,
       password: nil,
       port: nil,
@@ -15653,6 +15668,7 @@ module SDM
       @healthy = healthy == nil ? false : healthy
       @hostname = hostname == nil ? "" : hostname
       @id = id == nil ? "" : id
+      @lock_required = lock_required == nil ? false : lock_required
       @name = name == nil ? "" : name
       @password = password == nil ? "" : password
       @port = port == nil ? 0 : port

data/lib/strongdm.rb

@@ -16,6 +16,7 @@
 # @internal Code generated by protogen. DO NOT EDIT.
 
 require_relative "./svc"
+require_relative "./interceptors"
 require "base64"
 require "grpc"
 require "openssl"
@@ -30,7 +31,7 @@ module SDM #:nodoc:
     DEFAULT_RETRY_FACTOR = 1.6
     DEFAULT_RETRY_JITTER = 0.2
     API_VERSION = "2025-04-14"
-    USER_AGENT = "strongdm-sdk-ruby/15.40.0"
+    USER_AGENT = "strongdm-sdk-ruby/15.43.0"
     private_constant :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :DEFAULT_RETRY_FACTOR, :DEFAULT_RETRY_JITTER, :API_VERSION, :USER_AGENT
 
     # Creates a new strongDM API client.
@@ -47,6 +48,10 @@ module SDM #:nodoc:
       @page_limit = page_limit
       @retry_rate_limit_errors = retry_rate_limit_errors
       @snapshot_time = nil
+      # Initialize method interceptor for request/response hooks
+      @interceptor = MethodInterceptor.new(self)
+      @encryption_interceptor = SecretEncryptionInterceptor.new(self)
+      @encryption_interceptor.setup(@interceptor)
       begin
         if insecure
           @channel = GRPC::Core::Channel.new(host, {}, :this_channel_is_insecure)
@@ -234,6 +239,8 @@ module SDM #:nodoc:
     attr_reader :api_access_key
     # Optional timestamp at which to provide historical data
     attr_reader :snapshot_time
+    # Method interceptor for request/response hooks (read-only).
+    attr_reader :interceptor
     # AccessRequests are requests for access to a resource that may match a Workflow.
     #
     # See {AccessRequests}.