strongdm 2.6.4 → 3.0.0

data/lib/models/porcelain.rb

@@ -655,17 +655,15 @@ module SDM
 
   # AccountGrants connect a resource directly to an account, giving the account the permission to connect to that resource.
   class AccountGrant
-    # The account id of this AccountGrant.
+    # The account ID of this AccountGrant.
     attr_accessor :account_id
     # Unique identifier of the AccountGrant.
     attr_accessor :id
-    # The resource id of this AccountGrant.
+    # The resource ID of this AccountGrant.
     attr_accessor :resource_id
-    # The timestamp when the resource will be granted. Optional. Both start_at
-    # and end_at must be defined together, or not defined at all.
+    # The timestamp when the resource will be granted. When creating an AccountGrant, if this field is not specified, it will default to the current time.
     attr_accessor :start_from
-    # The timestamp when the resource grant will expire. Optional. Both
-    # start_at and end_at must be defined together, or not defined at all.
+    # The timestamp when the resource grant will expire.
     attr_accessor :valid_until
 
     def initialize(
@@ -5318,11 +5316,6 @@ module SDM
   class Role
     # AccessRules is a list of access rules defining the resources this Role has access to.
     attr_accessor :access_rules
-    # Composite is true if the Role is a composite role.
-    #
-    # Deprecated: composite roles are deprecated, use multi-role via
-    # AccountAttachments instead.
-    attr_accessor :composite
     # Unique identifier of the Role.
     attr_accessor :id
     # Unique human-readable name of the Role.
@@ -5332,13 +5325,11 @@ module SDM
 
     def initialize(
       access_rules: nil,
-      composite: nil,
       id: nil,
       name: nil,
       tags: nil
     )
       @access_rules = access_rules == nil ? SDM::_porcelain_zero_value_access_rules() : access_rules
-      @composite = composite == nil ? false : composite
       @id = id == nil ? "" : id
       @name = name == nil ? "" : name
       @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
@@ -5353,122 +5344,6 @@ module SDM
     end
   end
 
-  # A RoleAttachment assigns a role to a composite role.
-  #
-  # Deprecated: use multi-role via AccountAttachments instead.
-  class RoleAttachment
-    # The id of the attached role of this RoleAttachment.
-    attr_accessor :attached_role_id
-    # The id of the composite role of this RoleAttachment.
-    attr_accessor :composite_role_id
-    # Unique identifier of the RoleAttachment.
-    attr_accessor :id
-
-    def initialize(
-      attached_role_id: nil,
-      composite_role_id: nil,
-      id: nil
-    )
-      @attached_role_id = attached_role_id == nil ? "" : attached_role_id
-      @composite_role_id = composite_role_id == nil ? "" : composite_role_id
-      @id = id == nil ? "" : id
-    end
-
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
-
-  # RoleAttachmentCreateResponse reports how the RoleAttachments were created in the system.
-  #
-  # Deprecated: use multi-role via AccountAttachments instead.
-  class RoleAttachmentCreateResponse
-    # Reserved for future use.
-    attr_accessor :meta
-    # Rate limit information.
-    attr_accessor :rate_limit
-    # The created RoleAttachment.
-    attr_accessor :role_attachment
-
-    def initialize(
-      meta: nil,
-      rate_limit: nil,
-      role_attachment: nil
-    )
-      @meta = meta == nil ? nil : meta
-      @rate_limit = rate_limit == nil ? nil : rate_limit
-      @role_attachment = role_attachment == nil ? nil : role_attachment
-    end
-
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
-
-  # RoleAttachmentDeleteResponse returns information about a RoleAttachment that was deleted.
-  #
-  # Deprecated: use multi-role via AccountAttachments instead.
-  class RoleAttachmentDeleteResponse
-    # Reserved for future use.
-    attr_accessor :meta
-    # Rate limit information.
-    attr_accessor :rate_limit
-
-    def initialize(
-      meta: nil,
-      rate_limit: nil
-    )
-      @meta = meta == nil ? nil : meta
-      @rate_limit = rate_limit == nil ? nil : rate_limit
-    end
-
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
-
-  # RoleAttachmentGetResponse returns a requested RoleAttachment.
-  #
-  # Deprecated: use multi-role via AccountAttachments instead.
-  class RoleAttachmentGetResponse
-    # Reserved for future use.
-    attr_accessor :meta
-    # Rate limit information.
-    attr_accessor :rate_limit
-    # The requested RoleAttachment.
-    attr_accessor :role_attachment
-
-    def initialize(
-      meta: nil,
-      rate_limit: nil,
-      role_attachment: nil
-    )
-      @meta = meta == nil ? nil : meta
-      @rate_limit = rate_limit == nil ? nil : rate_limit
-      @role_attachment = role_attachment == nil ? nil : role_attachment
-    end
-
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
-
   # RoleCreateResponse reports how the Roles were created in the system. It can
   # communicate partial successes or failures.
   class RoleCreateResponse
@@ -5550,122 +5425,6 @@ module SDM
     end
   end
 
-  # A RoleGrant connects a resource to a role, granting members of the role access to that resource.
-  #
-  # Deprecated: use Role access rules instead.
-  class RoleGrant
-    # Unique identifier of the RoleGrant.
-    attr_accessor :id
-    # The id of the resource of this RoleGrant.
-    attr_accessor :resource_id
-    # The id of the attached role of this RoleGrant.
-    attr_accessor :role_id
-
-    def initialize(
-      id: nil,
-      resource_id: nil,
-      role_id: nil
-    )
-      @id = id == nil ? "" : id
-      @resource_id = resource_id == nil ? "" : resource_id
-      @role_id = role_id == nil ? "" : role_id
-    end
-
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
-
-  # RoleGrantCreateResponse reports how the RoleGrants were created in the system.
-  #
-  # Deprecated: use Role access rules instead.
-  class RoleGrantCreateResponse
-    # Reserved for future use.
-    attr_accessor :meta
-    # Rate limit information.
-    attr_accessor :rate_limit
-    # The created RoleGrant.
-    attr_accessor :role_grant
-
-    def initialize(
-      meta: nil,
-      rate_limit: nil,
-      role_grant: nil
-    )
-      @meta = meta == nil ? nil : meta
-      @rate_limit = rate_limit == nil ? nil : rate_limit
-      @role_grant = role_grant == nil ? nil : role_grant
-    end
-
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
-
-  # RoleGrantDeleteResponse returns information about a RoleGrant that was deleted.
-  #
-  # Deprecated: use Role access rules instead.
-  class RoleGrantDeleteResponse
-    # Reserved for future use.
-    attr_accessor :meta
-    # Rate limit information.
-    attr_accessor :rate_limit
-
-    def initialize(
-      meta: nil,
-      rate_limit: nil
-    )
-      @meta = meta == nil ? nil : meta
-      @rate_limit = rate_limit == nil ? nil : rate_limit
-    end
-
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
-
-  # RoleGrantGetResponse returns a requested RoleGrant.
-  #
-  # Deprecated: use Role access rules instead.
-  class RoleGrantGetResponse
-    # Reserved for future use.
-    attr_accessor :meta
-    # Rate limit information.
-    attr_accessor :rate_limit
-    # The requested RoleGrant.
-    attr_accessor :role_grant
-
-    def initialize(
-      meta: nil,
-      rate_limit: nil,
-      role_grant: nil
-    )
-      @meta = meta == nil ? nil : meta
-      @rate_limit = rate_limit == nil ? nil : rate_limit
-      @role_grant = role_grant == nil ? nil : role_grant
-    end
-
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
-
   # RoleUpdateResponse returns the fields of a Role after it has been updated by
   # a RoleUpdateRequest.
   class RoleUpdateResponse
@@ -6650,9 +6409,11 @@ module SDM
     end
   end
 
+  # @private
   def self._porcelain_zero_value_tags()
     {}
   end
+  # @private
   def self._porcelain_zero_value_access_rules()
     []
   end

data/lib/strongdm.rb

@@ -28,7 +28,7 @@ module SDM #:nodoc:
     DEFAULT_BASE_RETRY_DELAY = 0.0030 # 30 ms
     DEFAULT_MAX_RETRY_DELAY = 300 # 300 seconds
     API_VERSION = "2021-08-23"
-    USER_AGENT = "strongdm-sdk-ruby/2.6.4"
+    USER_AGENT = "strongdm-sdk-ruby/3.0.0"
     private_constant :DEFAULT_MAX_RETRIES, :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :API_VERSION, :USER_AGENT
 
     # Creates a new strongDM API client.
@@ -50,13 +50,12 @@ module SDM #:nodoc:
       @remote_identities = RemoteIdentities.new(host, insecure, self)
       @remote_identity_groups = RemoteIdentityGroups.new(host, insecure, self)
       @resources = Resources.new(host, insecure, self)
-      @role_attachments = RoleAttachments.new(host, insecure, self)
-      @role_grants = RoleGrants.new(host, insecure, self)
       @roles = Roles.new(host, insecure, self)
       @secret_stores = SecretStores.new(host, insecure, self)
       @_test_options = Hash.new
     end
 
+    # @private
     def get_metadata(method_name, req)
       return {
                'x-sdm-authentication': @api_access_key,
@@ -82,6 +81,7 @@ module SDM #:nodoc:
       return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash))
     end
 
+    # @private
     def jitterSleep(iter)
       dur_max = @base_retry_delay * 2 ** iter
       if (dur_max > @max_retry_delay)
@@ -91,6 +91,7 @@ module SDM #:nodoc:
       sleep(dur)
     end
 
+    # @private
     def shouldRetry(iter, err)
       if (iter >= @max_retries - 1)
         return false
@@ -156,24 +157,6 @@ module SDM #:nodoc:
     #
     # See {Resources}.
     attr_reader :resources
-    # RoleAttachments represent relationships between composite roles and the roles
-    # that make up those composite roles. When a composite role is attached to another
-    # role, the permissions granted to members of the composite role are augmented to
-    # include the permissions granted to members of the attached role.
-    #
-    # Deprecated: use multi-role via AccountAttachments instead.
-    #
-    # See {RoleAttachments}.
-    attr_reader :role_attachments
-    # RoleGrants represent relationships between composite roles and the roles
-    # that make up those composite roles. When a composite role is attached to another
-    # role, the permissions granted to members of the composite role are augmented to
-    # include the permissions granted to members of the attached role.
-    #
-    # Deprecated: use Role access rules instead.
-    #
-    # See {RoleGrants}.
-    attr_reader :role_grants
     # A Role has a list of access rules which determine which Resources the members
     # of the Role have access to. An Account can be a member of multiple Roles via
     # AccountAttachments.
@@ -184,6 +167,7 @@ module SDM #:nodoc:
     #
     # See {SecretStores}.
     attr_reader :secret_stores
+    # @private
     attr_reader :_test_options
   end
 end

data/lib/svc.rb

@@ -1311,336 +1311,6 @@ module SDM #:nodoc:
     end
   end
 
-  # RoleAttachments represent relationships between composite roles and the roles
-  # that make up those composite roles. When a composite role is attached to another
-  # role, the permissions granted to members of the composite role are augmented to
-  # include the permissions granted to members of the attached role.
-  #
-  # Deprecated: use multi-role via AccountAttachments instead.
-  #
-  # See {RoleAttachment}.
-  class RoleAttachments
-    extend Gem::Deprecate
-
-    def initialize(host, insecure, parent)
-      begin
-        if insecure
-          @stub = V1::RoleAttachments::Stub.new(host, :this_channel_is_insecure)
-        else
-          cred = GRPC::Core::ChannelCredentials.new()
-          @stub = V1::RoleAttachments::Stub.new(host, cred)
-        end
-      rescue => exception
-        raise Plumbing::convert_error_to_porcelain(exception)
-      end
-      @parent = parent
-    end
-
-    # Create registers a new RoleAttachment.
-    #
-    # Deprecated: use multi-role via AccountAttachments instead.
-    def create(
-      role_attachment,
-      deadline: nil
-    )
-      req = V1::RoleAttachmentCreateRequest.new()
-
-      req.role_attachment = Plumbing::convert_role_attachment_to_plumbing(role_attachment)
-      tries = 0
-      plumbing_response = nil
-      loop do
-        begin
-          plumbing_response = @stub.create(req, metadata: @parent.get_metadata("RoleAttachments.Create", req), deadline: deadline)
-        rescue => exception
-          if (@parent.shouldRetry(tries, exception))
-            tries + +@parent.jitterSleep(tries)
-            next
-          end
-          raise Plumbing::convert_error_to_porcelain(exception)
-        end
-        break
-      end
-
-      resp = RoleAttachmentCreateResponse.new()
-      resp.meta = Plumbing::convert_create_response_metadata_to_porcelain(plumbing_response.meta)
-      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
-      resp.role_attachment = Plumbing::convert_role_attachment_to_porcelain(plumbing_response.role_attachment)
-      resp
-    end
-
-    deprecate :create, :none, 2022, 6
-    # Get reads one RoleAttachment by ID.
-    #
-    # Deprecated: use multi-role via AccountAttachments instead.
-    def get(
-      id,
-      deadline: nil
-    )
-      req = V1::RoleAttachmentGetRequest.new()
-
-      req.id = (id)
-      tries = 0
-      plumbing_response = nil
-      loop do
-        begin
-          plumbing_response = @stub.get(req, metadata: @parent.get_metadata("RoleAttachments.Get", req), deadline: deadline)
-        rescue => exception
-          if (@parent.shouldRetry(tries, exception))
-            tries + +@parent.jitterSleep(tries)
-            next
-          end
-          raise Plumbing::convert_error_to_porcelain(exception)
-        end
-        break
-      end
-
-      resp = RoleAttachmentGetResponse.new()
-      resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
-      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
-      resp.role_attachment = Plumbing::convert_role_attachment_to_porcelain(plumbing_response.role_attachment)
-      resp
-    end
-
-    deprecate :get, :none, 2022, 6
-    # Delete removes a RoleAttachment by ID.
-    #
-    # Deprecated: use multi-role via AccountAttachments instead.
-    def delete(
-      id,
-      deadline: nil
-    )
-      req = V1::RoleAttachmentDeleteRequest.new()
-
-      req.id = (id)
-      tries = 0
-      plumbing_response = nil
-      loop do
-        begin
-          plumbing_response = @stub.delete(req, metadata: @parent.get_metadata("RoleAttachments.Delete", req), deadline: deadline)
-        rescue => exception
-          if (@parent.shouldRetry(tries, exception))
-            tries + +@parent.jitterSleep(tries)
-            next
-          end
-          raise Plumbing::convert_error_to_porcelain(exception)
-        end
-        break
-      end
-
-      resp = RoleAttachmentDeleteResponse.new()
-      resp.meta = Plumbing::convert_delete_response_metadata_to_porcelain(plumbing_response.meta)
-      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
-      resp
-    end
-
-    deprecate :delete, :none, 2022, 6
-    # List gets a list of RoleAttachments matching a given set of criteria.
-    #
-    # Deprecated: use multi-role via AccountAttachments instead.
-    def list(
-      filter,
-      *args,
-      deadline: nil
-    )
-      req = V1::RoleAttachmentListRequest.new()
-      req.meta = V1::ListRequestMetadata.new()
-      page_size_option = @parent._test_options["PageSize"]
-      if page_size_option.is_a? Integer
-        req.meta.limit = page_size_option
-      end
-
-      req.filter = Plumbing::quote_filter_args(filter, *args)
-      resp = Enumerator::Generator.new { |g|
-        tries = 0
-        loop do
-          begin
-            plumbing_response = @stub.list(req, metadata: @parent.get_metadata("RoleAttachments.List", req), deadline: deadline)
-          rescue => exception
-            if (@parent.shouldRetry(tries, exception))
-              tries + +@parent.jitterSleep(tries)
-              next
-            end
-            raise Plumbing::convert_error_to_porcelain(exception)
-          end
-          tries = 0
-          plumbing_response.role_attachments.each do |plumbing_item|
-            g.yield Plumbing::convert_role_attachment_to_porcelain(plumbing_item)
-          end
-          break if plumbing_response.meta.next_cursor == ""
-          req.meta.cursor = plumbing_response.meta.next_cursor
-        end
-      }
-      resp
-    end
-
-    deprecate :list, :none, 2022, 6
-  end
-
-  # RoleGrants represent relationships between composite roles and the roles
-  # that make up those composite roles. When a composite role is attached to another
-  # role, the permissions granted to members of the composite role are augmented to
-  # include the permissions granted to members of the attached role.
-  #
-  # Deprecated: use Role access rules instead.
-  #
-  # See {RoleGrant}.
-  class RoleGrants
-    extend Gem::Deprecate
-
-    def initialize(host, insecure, parent)
-      begin
-        if insecure
-          @stub = V1::RoleGrants::Stub.new(host, :this_channel_is_insecure)
-        else
-          cred = GRPC::Core::ChannelCredentials.new()
-          @stub = V1::RoleGrants::Stub.new(host, cred)
-        end
-      rescue => exception
-        raise Plumbing::convert_error_to_porcelain(exception)
-      end
-      @parent = parent
-    end
-
-    # Create registers a new RoleGrant.
-    #
-    # Deprecated: use Role access rules instead.
-    def create(
-      role_grant,
-      deadline: nil
-    )
-      req = V1::RoleGrantCreateRequest.new()
-
-      req.role_grant = Plumbing::convert_role_grant_to_plumbing(role_grant)
-      tries = 0
-      plumbing_response = nil
-      loop do
-        begin
-          plumbing_response = @stub.create(req, metadata: @parent.get_metadata("RoleGrants.Create", req), deadline: deadline)
-        rescue => exception
-          if (@parent.shouldRetry(tries, exception))
-            tries + +@parent.jitterSleep(tries)
-            next
-          end
-          raise Plumbing::convert_error_to_porcelain(exception)
-        end
-        break
-      end
-
-      resp = RoleGrantCreateResponse.new()
-      resp.meta = Plumbing::convert_create_response_metadata_to_porcelain(plumbing_response.meta)
-      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
-      resp.role_grant = Plumbing::convert_role_grant_to_porcelain(plumbing_response.role_grant)
-      resp
-    end
-
-    deprecate :create, :none, 2022, 6
-    # Get reads one RoleGrant by ID.
-    #
-    # Deprecated: use Role access rules instead.
-    def get(
-      id,
-      deadline: nil
-    )
-      req = V1::RoleGrantGetRequest.new()
-
-      req.id = (id)
-      tries = 0
-      plumbing_response = nil
-      loop do
-        begin
-          plumbing_response = @stub.get(req, metadata: @parent.get_metadata("RoleGrants.Get", req), deadline: deadline)
-        rescue => exception
-          if (@parent.shouldRetry(tries, exception))
-            tries + +@parent.jitterSleep(tries)
-            next
-          end
-          raise Plumbing::convert_error_to_porcelain(exception)
-        end
-        break
-      end
-
-      resp = RoleGrantGetResponse.new()
-      resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
-      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
-      resp.role_grant = Plumbing::convert_role_grant_to_porcelain(plumbing_response.role_grant)
-      resp
-    end
-
-    deprecate :get, :none, 2022, 6
-    # Delete removes a RoleGrant by ID.
-    #
-    # Deprecated: use Role access rules instead.
-    def delete(
-      id,
-      deadline: nil
-    )
-      req = V1::RoleGrantDeleteRequest.new()
-
-      req.id = (id)
-      tries = 0
-      plumbing_response = nil
-      loop do
-        begin
-          plumbing_response = @stub.delete(req, metadata: @parent.get_metadata("RoleGrants.Delete", req), deadline: deadline)
-        rescue => exception
-          if (@parent.shouldRetry(tries, exception))
-            tries + +@parent.jitterSleep(tries)
-            next
-          end
-          raise Plumbing::convert_error_to_porcelain(exception)
-        end
-        break
-      end
-
-      resp = RoleGrantDeleteResponse.new()
-      resp.meta = Plumbing::convert_delete_response_metadata_to_porcelain(plumbing_response.meta)
-      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
-      resp
-    end
-
-    deprecate :delete, :none, 2022, 6
-    # List gets a list of RoleGrants matching a given set of criteria.
-    #
-    # Deprecated: use Role access rules instead.
-    def list(
-      filter,
-      *args,
-      deadline: nil
-    )
-      req = V1::RoleGrantListRequest.new()
-      req.meta = V1::ListRequestMetadata.new()
-      page_size_option = @parent._test_options["PageSize"]
-      if page_size_option.is_a? Integer
-        req.meta.limit = page_size_option
-      end
-
-      req.filter = Plumbing::quote_filter_args(filter, *args)
-      resp = Enumerator::Generator.new { |g|
-        tries = 0
-        loop do
-          begin
-            plumbing_response = @stub.list(req, metadata: @parent.get_metadata("RoleGrants.List", req), deadline: deadline)
-          rescue => exception
-            if (@parent.shouldRetry(tries, exception))
-              tries + +@parent.jitterSleep(tries)
-              next
-            end
-            raise Plumbing::convert_error_to_porcelain(exception)
-          end
-          tries = 0
-          plumbing_response.role_grants.each do |plumbing_item|
-            g.yield Plumbing::convert_role_grant_to_porcelain(plumbing_item)
-          end
-          break if plumbing_response.meta.next_cursor == ""
-          req.meta.cursor = plumbing_response.meta.next_cursor
-        end
-      }
-      resp
-    end
-
-    deprecate :list, :none, 2022, 6
-  end
-
   # A Role has a list of access rules which determine which Resources the members
   # of the Role have access to. An Account can be a member of multiple Roles via
   # AccountAttachments.