strongdm 2.1.0 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.git/ORIG_HEAD +1 -1
- data/.git/index +0 -0
- data/.git/logs/HEAD +3 -3
- data/.git/logs/refs/heads/master +2 -2
- data/.git/logs/refs/remotes/origin/HEAD +1 -1
- data/.git/objects/pack/{pack-a86846bb97666919e629e876c52e6b012d588625.idx → pack-886c8b7b48ee02690285f26795cb132efb2f15f6.idx} +0 -0
- data/.git/objects/pack/{pack-a86846bb97666919e629e876c52e6b012d588625.pack → pack-886c8b7b48ee02690285f26795cb132efb2f15f6.pack} +0 -0
- data/.git/packed-refs +5 -2
- data/.git/refs/heads/master +1 -1
- data/lib/grpc/account_attachments_services_pb.rb +5 -5
- data/lib/grpc/account_grants_services_pb.rb +5 -5
- data/lib/grpc/accounts_services_pb.rb +6 -6
- data/lib/grpc/control_panel_services_pb.rb +3 -3
- data/lib/grpc/drivers_pb.rb +88 -0
- data/lib/grpc/nodes_services_pb.rb +6 -6
- data/lib/grpc/plumbing.rb +442 -0
- data/lib/grpc/remote_identities_pb.rb +90 -0
- data/lib/grpc/remote_identities_services_pb.rb +45 -0
- data/lib/grpc/remote_identity_groups_pb.rb +55 -0
- data/lib/grpc/remote_identity_groups_services_pb.rb +58 -0
- data/lib/grpc/resources_services_pb.rb +7 -7
- data/lib/grpc/role_attachments_services_pb.rb +5 -5
- data/lib/grpc/role_grants_services_pb.rb +5 -5
- data/lib/grpc/roles_services_pb.rb +6 -6
- data/lib/grpc/secret_stores_services_pb.rb +6 -6
- data/lib/models/porcelain.rb +577 -2
- data/lib/strongdm.rb +26 -2
- data/lib/svc.rb +266 -0
- data/lib/version +1 -1
- data/lib/version.rb +1 -1
- metadata +8 -4
data/lib/strongdm.rb
CHANGED
@@ -18,6 +18,7 @@
|
|
18
18
|
require_relative "./svc"
|
19
19
|
require "base64"
|
20
20
|
require "openssl"
|
21
|
+
require "time"
|
21
22
|
|
22
23
|
module SDM #:nodoc:
|
23
24
|
|
@@ -27,11 +28,11 @@ module SDM #:nodoc:
|
|
27
28
|
DEFAULT_BASE_RETRY_DELAY = 0.0030 # 30 ms
|
28
29
|
DEFAULT_MAX_RETRY_DELAY = 300 # 300 seconds
|
29
30
|
API_VERSION = "2021-08-23"
|
30
|
-
USER_AGENT = "strongdm-sdk-ruby/2.
|
31
|
+
USER_AGENT = "strongdm-sdk-ruby/2.6.0"
|
31
32
|
private_constant :DEFAULT_MAX_RETRIES, :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :API_VERSION, :USER_AGENT
|
32
33
|
|
33
34
|
# Creates a new strongDM API client.
|
34
|
-
def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false)
|
35
|
+
def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true)
|
35
36
|
raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String)
|
36
37
|
raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String)
|
37
38
|
raise TypeError, "client host must be a string" unless host.kind_of?(String)
|
@@ -40,11 +41,14 @@ module SDM #:nodoc:
|
|
40
41
|
@max_retries = DEFAULT_MAX_RETRIES
|
41
42
|
@base_retry_delay = DEFAULT_BASE_RETRY_DELAY
|
42
43
|
@max_retry_delay = DEFAULT_MAX_RETRY_DELAY
|
44
|
+
@expose_rate_limit_errors = (not retry_rate_limit_errors)
|
43
45
|
@account_attachments = AccountAttachments.new(host, insecure, self)
|
44
46
|
@account_grants = AccountGrants.new(host, insecure, self)
|
45
47
|
@accounts = Accounts.new(host, insecure, self)
|
46
48
|
@control_panel = ControlPanel.new(host, insecure, self)
|
47
49
|
@nodes = Nodes.new(host, insecure, self)
|
50
|
+
@remote_identities = RemoteIdentities.new(host, insecure, self)
|
51
|
+
@remote_identity_groups = RemoteIdentityGroups.new(host, insecure, self)
|
48
52
|
@resources = Resources.new(host, insecure, self)
|
49
53
|
@role_attachments = RoleAttachments.new(host, insecure, self)
|
50
54
|
@role_grants = RoleGrants.new(host, insecure, self)
|
@@ -94,6 +98,17 @@ module SDM #:nodoc:
|
|
94
98
|
if not err.is_a? GRPC::BadStatus
|
95
99
|
return true
|
96
100
|
end
|
101
|
+
porcelainErr = Plumbing::convert_error_to_porcelain(err)
|
102
|
+
if (not @expose_rate_limit_errors) and (porcelainErr.is_a? RateLimitError)
|
103
|
+
sleep_for = porcelainErr.rate_limit.reset_at - Time.now
|
104
|
+
# If timezones or clock drift causes this calculation to fail,
|
105
|
+
# wait at most one minute.
|
106
|
+
if sleep_for < 0 or sleep_for > 60
|
107
|
+
sleep_for = 60
|
108
|
+
end
|
109
|
+
sleep(sleep_for)
|
110
|
+
return true
|
111
|
+
end
|
97
112
|
return err.code() == 13
|
98
113
|
end
|
99
114
|
|
@@ -127,6 +142,15 @@ module SDM #:nodoc:
|
|
127
142
|
#
|
128
143
|
# See {Nodes}.
|
129
144
|
attr_reader :nodes
|
145
|
+
# RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
|
146
|
+
#
|
147
|
+
# See {RemoteIdentities}.
|
148
|
+
attr_reader :remote_identities
|
149
|
+
# A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
|
150
|
+
# An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
|
151
|
+
#
|
152
|
+
# See {RemoteIdentityGroups}.
|
153
|
+
attr_reader :remote_identity_groups
|
130
154
|
# Resources are databases, servers, clusters, websites, or clouds that strongDM
|
131
155
|
# delegates access to.
|
132
156
|
#
|
data/lib/svc.rb
CHANGED
@@ -759,6 +759,272 @@ module SDM #:nodoc:
|
|
759
759
|
end
|
760
760
|
end
|
761
761
|
|
762
|
+
# RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
|
763
|
+
#
|
764
|
+
# See {RemoteIdentity}.
|
765
|
+
class RemoteIdentities
|
766
|
+
extend Gem::Deprecate
|
767
|
+
|
768
|
+
def initialize(host, insecure, parent)
|
769
|
+
begin
|
770
|
+
if insecure
|
771
|
+
@stub = V1::RemoteIdentities::Stub.new(host, :this_channel_is_insecure)
|
772
|
+
else
|
773
|
+
cred = GRPC::Core::ChannelCredentials.new()
|
774
|
+
@stub = V1::RemoteIdentities::Stub.new(host, cred)
|
775
|
+
end
|
776
|
+
rescue => exception
|
777
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
778
|
+
end
|
779
|
+
@parent = parent
|
780
|
+
end
|
781
|
+
|
782
|
+
# Create registers a new RemoteIdentity.
|
783
|
+
def create(
|
784
|
+
remote_identity,
|
785
|
+
deadline: nil
|
786
|
+
)
|
787
|
+
req = V1::RemoteIdentityCreateRequest.new()
|
788
|
+
|
789
|
+
req.remote_identity = Plumbing::convert_remote_identity_to_plumbing(remote_identity)
|
790
|
+
tries = 0
|
791
|
+
plumbing_response = nil
|
792
|
+
loop do
|
793
|
+
begin
|
794
|
+
plumbing_response = @stub.create(req, metadata: @parent.get_metadata("RemoteIdentities.Create", req), deadline: deadline)
|
795
|
+
rescue => exception
|
796
|
+
if (@parent.shouldRetry(tries, exception))
|
797
|
+
tries + +@parent.jitterSleep(tries)
|
798
|
+
next
|
799
|
+
end
|
800
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
801
|
+
end
|
802
|
+
break
|
803
|
+
end
|
804
|
+
|
805
|
+
resp = RemoteIdentityCreateResponse.new()
|
806
|
+
resp.meta = Plumbing::convert_create_response_metadata_to_porcelain(plumbing_response.meta)
|
807
|
+
resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
|
808
|
+
resp.remote_identity = Plumbing::convert_remote_identity_to_porcelain(plumbing_response.remote_identity)
|
809
|
+
resp
|
810
|
+
end
|
811
|
+
|
812
|
+
# Get reads one RemoteIdentity by ID.
|
813
|
+
def get(
|
814
|
+
id,
|
815
|
+
deadline: nil
|
816
|
+
)
|
817
|
+
req = V1::RemoteIdentityGetRequest.new()
|
818
|
+
|
819
|
+
req.id = (id)
|
820
|
+
tries = 0
|
821
|
+
plumbing_response = nil
|
822
|
+
loop do
|
823
|
+
begin
|
824
|
+
plumbing_response = @stub.get(req, metadata: @parent.get_metadata("RemoteIdentities.Get", req), deadline: deadline)
|
825
|
+
rescue => exception
|
826
|
+
if (@parent.shouldRetry(tries, exception))
|
827
|
+
tries + +@parent.jitterSleep(tries)
|
828
|
+
next
|
829
|
+
end
|
830
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
831
|
+
end
|
832
|
+
break
|
833
|
+
end
|
834
|
+
|
835
|
+
resp = RemoteIdentityGetResponse.new()
|
836
|
+
resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
|
837
|
+
resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
|
838
|
+
resp.remote_identity = Plumbing::convert_remote_identity_to_porcelain(plumbing_response.remote_identity)
|
839
|
+
resp
|
840
|
+
end
|
841
|
+
|
842
|
+
# Update replaces all the fields of a RemoteIdentity by ID.
|
843
|
+
def update(
|
844
|
+
remote_identity,
|
845
|
+
deadline: nil
|
846
|
+
)
|
847
|
+
req = V1::RemoteIdentityUpdateRequest.new()
|
848
|
+
|
849
|
+
req.remote_identity = Plumbing::convert_remote_identity_to_plumbing(remote_identity)
|
850
|
+
tries = 0
|
851
|
+
plumbing_response = nil
|
852
|
+
loop do
|
853
|
+
begin
|
854
|
+
plumbing_response = @stub.update(req, metadata: @parent.get_metadata("RemoteIdentities.Update", req), deadline: deadline)
|
855
|
+
rescue => exception
|
856
|
+
if (@parent.shouldRetry(tries, exception))
|
857
|
+
tries + +@parent.jitterSleep(tries)
|
858
|
+
next
|
859
|
+
end
|
860
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
861
|
+
end
|
862
|
+
break
|
863
|
+
end
|
864
|
+
|
865
|
+
resp = RemoteIdentityUpdateResponse.new()
|
866
|
+
resp.meta = Plumbing::convert_update_response_metadata_to_porcelain(plumbing_response.meta)
|
867
|
+
resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
|
868
|
+
resp.remote_identity = Plumbing::convert_remote_identity_to_porcelain(plumbing_response.remote_identity)
|
869
|
+
resp
|
870
|
+
end
|
871
|
+
|
872
|
+
# Delete removes a RemoteIdentity by ID.
|
873
|
+
def delete(
|
874
|
+
id,
|
875
|
+
deadline: nil
|
876
|
+
)
|
877
|
+
req = V1::RemoteIdentityDeleteRequest.new()
|
878
|
+
|
879
|
+
req.id = (id)
|
880
|
+
tries = 0
|
881
|
+
plumbing_response = nil
|
882
|
+
loop do
|
883
|
+
begin
|
884
|
+
plumbing_response = @stub.delete(req, metadata: @parent.get_metadata("RemoteIdentities.Delete", req), deadline: deadline)
|
885
|
+
rescue => exception
|
886
|
+
if (@parent.shouldRetry(tries, exception))
|
887
|
+
tries + +@parent.jitterSleep(tries)
|
888
|
+
next
|
889
|
+
end
|
890
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
891
|
+
end
|
892
|
+
break
|
893
|
+
end
|
894
|
+
|
895
|
+
resp = RemoteIdentityDeleteResponse.new()
|
896
|
+
resp.meta = Plumbing::convert_delete_response_metadata_to_porcelain(plumbing_response.meta)
|
897
|
+
resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
|
898
|
+
resp
|
899
|
+
end
|
900
|
+
|
901
|
+
# List gets a list of RemoteIdentities matching a given set of criteria.
|
902
|
+
def list(
|
903
|
+
filter,
|
904
|
+
*args,
|
905
|
+
deadline: nil
|
906
|
+
)
|
907
|
+
req = V1::RemoteIdentityListRequest.new()
|
908
|
+
req.meta = V1::ListRequestMetadata.new()
|
909
|
+
page_size_option = @parent._test_options["PageSize"]
|
910
|
+
if page_size_option.is_a? Integer
|
911
|
+
req.meta.limit = page_size_option
|
912
|
+
end
|
913
|
+
|
914
|
+
req.filter = Plumbing::quote_filter_args(filter, *args)
|
915
|
+
resp = Enumerator::Generator.new { |g|
|
916
|
+
tries = 0
|
917
|
+
loop do
|
918
|
+
begin
|
919
|
+
plumbing_response = @stub.list(req, metadata: @parent.get_metadata("RemoteIdentities.List", req), deadline: deadline)
|
920
|
+
rescue => exception
|
921
|
+
if (@parent.shouldRetry(tries, exception))
|
922
|
+
tries + +@parent.jitterSleep(tries)
|
923
|
+
next
|
924
|
+
end
|
925
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
926
|
+
end
|
927
|
+
tries = 0
|
928
|
+
plumbing_response.remote_identities.each do |plumbing_item|
|
929
|
+
g.yield Plumbing::convert_remote_identity_to_porcelain(plumbing_item)
|
930
|
+
end
|
931
|
+
break if plumbing_response.meta.next_cursor == ""
|
932
|
+
req.meta.cursor = plumbing_response.meta.next_cursor
|
933
|
+
end
|
934
|
+
}
|
935
|
+
resp
|
936
|
+
end
|
937
|
+
end
|
938
|
+
|
939
|
+
# A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
|
940
|
+
# An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
|
941
|
+
#
|
942
|
+
# See {RemoteIdentityGroup}.
|
943
|
+
class RemoteIdentityGroups
|
944
|
+
extend Gem::Deprecate
|
945
|
+
|
946
|
+
def initialize(host, insecure, parent)
|
947
|
+
begin
|
948
|
+
if insecure
|
949
|
+
@stub = V1::RemoteIdentityGroups::Stub.new(host, :this_channel_is_insecure)
|
950
|
+
else
|
951
|
+
cred = GRPC::Core::ChannelCredentials.new()
|
952
|
+
@stub = V1::RemoteIdentityGroups::Stub.new(host, cred)
|
953
|
+
end
|
954
|
+
rescue => exception
|
955
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
956
|
+
end
|
957
|
+
@parent = parent
|
958
|
+
end
|
959
|
+
|
960
|
+
# Get reads one RemoteIdentityGroup by ID.
|
961
|
+
def get(
|
962
|
+
id,
|
963
|
+
deadline: nil
|
964
|
+
)
|
965
|
+
req = V1::RemoteIdentityGroupGetRequest.new()
|
966
|
+
|
967
|
+
req.id = (id)
|
968
|
+
tries = 0
|
969
|
+
plumbing_response = nil
|
970
|
+
loop do
|
971
|
+
begin
|
972
|
+
plumbing_response = @stub.get(req, metadata: @parent.get_metadata("RemoteIdentityGroups.Get", req), deadline: deadline)
|
973
|
+
rescue => exception
|
974
|
+
if (@parent.shouldRetry(tries, exception))
|
975
|
+
tries + +@parent.jitterSleep(tries)
|
976
|
+
next
|
977
|
+
end
|
978
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
979
|
+
end
|
980
|
+
break
|
981
|
+
end
|
982
|
+
|
983
|
+
resp = RemoteIdentityGroupGetResponse.new()
|
984
|
+
resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
|
985
|
+
resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
|
986
|
+
resp.remote_identity_group = Plumbing::convert_remote_identity_group_to_porcelain(plumbing_response.remote_identity_group)
|
987
|
+
resp
|
988
|
+
end
|
989
|
+
|
990
|
+
# List gets a list of RemoteIdentityGroups matching a given set of criteria.
|
991
|
+
def list(
|
992
|
+
filter,
|
993
|
+
*args,
|
994
|
+
deadline: nil
|
995
|
+
)
|
996
|
+
req = V1::RemoteIdentityGroupListRequest.new()
|
997
|
+
req.meta = V1::ListRequestMetadata.new()
|
998
|
+
page_size_option = @parent._test_options["PageSize"]
|
999
|
+
if page_size_option.is_a? Integer
|
1000
|
+
req.meta.limit = page_size_option
|
1001
|
+
end
|
1002
|
+
|
1003
|
+
req.filter = Plumbing::quote_filter_args(filter, *args)
|
1004
|
+
resp = Enumerator::Generator.new { |g|
|
1005
|
+
tries = 0
|
1006
|
+
loop do
|
1007
|
+
begin
|
1008
|
+
plumbing_response = @stub.list(req, metadata: @parent.get_metadata("RemoteIdentityGroups.List", req), deadline: deadline)
|
1009
|
+
rescue => exception
|
1010
|
+
if (@parent.shouldRetry(tries, exception))
|
1011
|
+
tries + +@parent.jitterSleep(tries)
|
1012
|
+
next
|
1013
|
+
end
|
1014
|
+
raise Plumbing::convert_error_to_porcelain(exception)
|
1015
|
+
end
|
1016
|
+
tries = 0
|
1017
|
+
plumbing_response.remote_identity_groups.each do |plumbing_item|
|
1018
|
+
g.yield Plumbing::convert_remote_identity_group_to_porcelain(plumbing_item)
|
1019
|
+
end
|
1020
|
+
break if plumbing_response.meta.next_cursor == ""
|
1021
|
+
req.meta.cursor = plumbing_response.meta.next_cursor
|
1022
|
+
end
|
1023
|
+
}
|
1024
|
+
resp
|
1025
|
+
end
|
1026
|
+
end
|
1027
|
+
|
762
1028
|
# Resources are databases, servers, clusters, websites, or clouds that strongDM
|
763
1029
|
# delegates access to.
|
764
1030
|
#
|
data/lib/version
CHANGED
data/lib/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: strongdm
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- strongDM Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-06-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: grpc
|
@@ -79,8 +79,8 @@ files:
|
|
79
79
|
- "./.git/logs/HEAD"
|
80
80
|
- "./.git/logs/refs/heads/master"
|
81
81
|
- "./.git/logs/refs/remotes/origin/HEAD"
|
82
|
-
- "./.git/objects/pack/pack-
|
83
|
-
- "./.git/objects/pack/pack-
|
82
|
+
- "./.git/objects/pack/pack-886c8b7b48ee02690285f26795cb132efb2f15f6.idx"
|
83
|
+
- "./.git/objects/pack/pack-886c8b7b48ee02690285f26795cb132efb2f15f6.pack"
|
84
84
|
- "./.git/packed-refs"
|
85
85
|
- "./.git/refs/heads/master"
|
86
86
|
- "./.git/refs/remotes/origin/HEAD"
|
@@ -101,6 +101,10 @@ files:
|
|
101
101
|
- "./lib/grpc/nodes_services_pb.rb"
|
102
102
|
- "./lib/grpc/options_pb.rb"
|
103
103
|
- "./lib/grpc/plumbing.rb"
|
104
|
+
- "./lib/grpc/remote_identities_pb.rb"
|
105
|
+
- "./lib/grpc/remote_identities_services_pb.rb"
|
106
|
+
- "./lib/grpc/remote_identity_groups_pb.rb"
|
107
|
+
- "./lib/grpc/remote_identity_groups_services_pb.rb"
|
104
108
|
- "./lib/grpc/resources_pb.rb"
|
105
109
|
- "./lib/grpc/resources_services_pb.rb"
|
106
110
|
- "./lib/grpc/role_attachments_pb.rb"
|