strongdm 3.6.1 → 3.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (54) hide show
  1. checksums.yaml +4 -4
  2. data/.git/ORIG_HEAD +1 -1
  3. data/.git/index +0 -0
  4. data/.git/logs/HEAD +3 -3
  5. data/.git/logs/refs/heads/master +2 -2
  6. data/.git/logs/refs/remotes/origin/HEAD +1 -1
  7. data/.git/objects/pack/{pack-c0eff6575c38c9865988c2b59ce4060fff518355.idx → pack-2d53a487ade528ef84cbb5c91cde76bf875d9e95.idx} +0 -0
  8. data/.git/objects/pack/{pack-c0eff6575c38c9865988c2b59ce4060fff518355.pack → pack-2d53a487ade528ef84cbb5c91cde76bf875d9e95.pack} +0 -0
  9. data/.git/packed-refs +4 -2
  10. data/.git/refs/heads/master +1 -1
  11. data/lib/constants.rb +311 -0
  12. data/lib/errors/errors.rb +1 -1
  13. data/lib/grpc/account_attachments_history_pb.rb +48 -0
  14. data/lib/grpc/account_attachments_history_services_pb.rb +37 -0
  15. data/lib/grpc/account_grants_history_pb.rb +48 -0
  16. data/lib/grpc/account_grants_history_services_pb.rb +37 -0
  17. data/lib/grpc/account_permissions_pb.rb +48 -0
  18. data/lib/grpc/account_permissions_services_pb.rb +38 -0
  19. data/lib/grpc/account_resources_pb.rb +49 -0
  20. data/lib/grpc/account_resources_services_pb.rb +38 -0
  21. data/lib/grpc/accounts_history_pb.rb +48 -0
  22. data/lib/grpc/accounts_history_services_pb.rb +37 -0
  23. data/lib/grpc/activities_pb.rb +77 -0
  24. data/lib/grpc/activities_services_pb.rb +41 -0
  25. data/lib/grpc/drivers_pb.rb +66 -0
  26. data/lib/grpc/nodes_history_pb.rb +48 -0
  27. data/lib/grpc/nodes_history_services_pb.rb +37 -0
  28. data/lib/grpc/organization_history_pb.rb +74 -0
  29. data/lib/grpc/organization_history_services_pb.rb +37 -0
  30. data/lib/grpc/plumbing.rb +1106 -1
  31. data/lib/grpc/queries_pb.rb +67 -0
  32. data/lib/grpc/queries_services_pb.rb +39 -0
  33. data/lib/grpc/remote_identities_history_pb.rb +48 -0
  34. data/lib/grpc/remote_identities_history_services_pb.rb +37 -0
  35. data/lib/grpc/remote_identity_groups_history_pb.rb +48 -0
  36. data/lib/grpc/remote_identity_groups_history_services_pb.rb +37 -0
  37. data/lib/grpc/replays_pb.rb +50 -0
  38. data/lib/grpc/replays_services_pb.rb +38 -0
  39. data/lib/grpc/resources_history_pb.rb +48 -0
  40. data/lib/grpc/resources_history_services_pb.rb +37 -0
  41. data/lib/grpc/role_resources_history_pb.rb +48 -0
  42. data/lib/grpc/role_resources_history_services_pb.rb +37 -0
  43. data/lib/grpc/role_resources_pb.rb +46 -0
  44. data/lib/grpc/role_resources_services_pb.rb +38 -0
  45. data/lib/grpc/roles_history_pb.rb +48 -0
  46. data/lib/grpc/roles_history_services_pb.rb +37 -0
  47. data/lib/grpc/secret_stores_history_pb.rb +48 -0
  48. data/lib/grpc/secret_stores_history_services_pb.rb +37 -0
  49. data/lib/models/porcelain.rb +1177 -1
  50. data/lib/strongdm.rb +220 -2
  51. data/lib/svc.rb +1556 -121
  52. data/lib/version +1 -1
  53. data/lib/version.rb +1 -1
  54. metadata +38 -4
data/lib/strongdm.rb CHANGED
@@ -13,7 +13,7 @@
13
13
  # limitations under the License.
14
14
  #
15
15
 
16
- # @internal This file was generated by protogen. DO NOT EDIT.
16
+ # @internal Code generated by protogen. DO NOT EDIT.
17
17
 
18
18
  require_relative "./svc"
19
19
  require "base64"
@@ -29,7 +29,7 @@ module SDM #:nodoc:
29
29
  DEFAULT_BASE_RETRY_DELAY = 0.0030 # 30 ms
30
30
  DEFAULT_MAX_RETRY_DELAY = 300 # 300 seconds
31
31
  API_VERSION = "2021-08-23"
32
- USER_AGENT = "strongdm-sdk-ruby/3.6.1"
32
+ USER_AGENT = "strongdm-sdk-ruby/3.8.0"
33
33
  private_constant :DEFAULT_MAX_RETRIES, :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :API_VERSION, :USER_AGENT
34
34
 
35
35
  # Creates a new strongDM API client.
@@ -43,6 +43,7 @@ module SDM #:nodoc:
43
43
  @base_retry_delay = DEFAULT_BASE_RETRY_DELAY
44
44
  @max_retry_delay = DEFAULT_MAX_RETRY_DELAY
45
45
  @expose_rate_limit_errors = (not retry_rate_limit_errors)
46
+ @snapshot_time = nil
46
47
  begin
47
48
  if insecure
48
49
  @channel = GRPC::Core::Channel.new(host, {}, :this_channel_is_insecure)
@@ -54,15 +55,32 @@ module SDM #:nodoc:
54
55
  raise Plumbing::convert_error_to_porcelain(exception)
55
56
  end
56
57
  @account_attachments = AccountAttachments.new(@channel, self)
58
+ @account_attachments_history = AccountAttachmentsHistory.new(@channel, self)
57
59
  @account_grants = AccountGrants.new(@channel, self)
60
+ @account_grants_history = AccountGrantsHistory.new(@channel, self)
61
+ @account_permissions = AccountPermissions.new(@channel, self)
62
+ @account_resources = AccountResources.new(@channel, self)
58
63
  @accounts = Accounts.new(@channel, self)
64
+ @accounts_history = AccountsHistory.new(@channel, self)
65
+ @activities = Activities.new(@channel, self)
59
66
  @control_panel = ControlPanel.new(@channel, self)
60
67
  @nodes = Nodes.new(@channel, self)
68
+ @nodes_history = NodesHistory.new(@channel, self)
69
+ @organization_history = OrganizationHistory.new(@channel, self)
70
+ @queries = Queries.new(@channel, self)
61
71
  @remote_identities = RemoteIdentities.new(@channel, self)
72
+ @remote_identities_history = RemoteIdentitiesHistory.new(@channel, self)
62
73
  @remote_identity_groups = RemoteIdentityGroups.new(@channel, self)
74
+ @remote_identity_groups_history = RemoteIdentityGroupsHistory.new(@channel, self)
75
+ @replays = Replays.new(@channel, self)
63
76
  @resources = Resources.new(@channel, self)
77
+ @resources_history = ResourcesHistory.new(@channel, self)
78
+ @role_resources = RoleResources.new(@channel, self)
79
+ @role_resources_history = RoleResourcesHistory.new(@channel, self)
64
80
  @roles = Roles.new(@channel, self)
81
+ @roles_history = RolesHistory.new(@channel, self)
65
82
  @secret_stores = SecretStores.new(@channel, self)
83
+ @secret_stores_history = SecretStoresHistory.new(@channel, self)
66
84
  @_test_options = Hash.new
67
85
  end
68
86
 
@@ -137,26 +155,64 @@ module SDM #:nodoc:
137
155
  return (err.code() == 13 or err.code() == 14)
138
156
  end
139
157
 
158
+ # Constructs a read-only client that will provide historical data from the provided timestamp.
159
+ # See {SnapshotClient}.
160
+ def snapshot_at(snapshot_time)
161
+ client = self.clone
162
+ client.snapshot_time = snapshot_time
163
+ return SnapshotClient.new(client)
164
+ end
165
+
140
166
  attr_reader :max_retries
141
167
  attr_reader :base_retry_delay
142
168
  attr_reader :max_retry_delay
143
169
 
144
170
  # API authentication token (read-only).
145
171
  attr_reader :api_access_key
172
+ # Optional timestamp at which to provide historical data
173
+ attr_reader :snapshot_time
146
174
  # AccountAttachments assign an account to a role.
147
175
  #
148
176
  # See {AccountAttachments}.
149
177
  attr_reader :account_attachments
178
+ # AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
179
+ #
180
+ # See {AccountAttachmentsHistory}.
181
+ attr_reader :account_attachments_history
150
182
  # AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
151
183
  #
152
184
  # See {AccountGrants}.
153
185
  attr_reader :account_grants
186
+ # AccountGrantsHistory records all changes to the state of an AccountGrant.
187
+ #
188
+ # See {AccountGrantsHistory}.
189
+ attr_reader :account_grants_history
190
+ # AccountPermissions records the granular permissions accounts have, allowing them to execute
191
+ # relevant commands via StrongDM's APIs.
192
+ #
193
+ # See {AccountPermissions}.
194
+ attr_reader :account_permissions
195
+ # AccountResources enumerates the resources to which accounts have access.
196
+ # The AccountResources service is read-only.
197
+ #
198
+ # See {AccountResources}.
199
+ attr_reader :account_resources
154
200
  # Accounts are users that have access to strongDM. There are two types of accounts:
155
201
  # 1. **Users:** humans who are authenticated through username and password or SSO.
156
202
  # 2. **Service Accounts:** machines that are authenticated using a service token.
157
203
  #
158
204
  # See {Accounts}.
159
205
  attr_reader :accounts
206
+ # AccountsHistory records all changes to the state of an Account.
207
+ #
208
+ # See {AccountsHistory}.
209
+ attr_reader :accounts_history
210
+ # An Activity is a record of an action taken against a strongDM deployment, e.g.
211
+ # a user creation, resource deletion, sso configuration change, etc. The Activities
212
+ # service is read-only.
213
+ #
214
+ # See {Activities}.
215
+ attr_reader :activities
160
216
  # ControlPanel contains all administrative controls.
161
217
  #
162
218
  # See {ControlPanel}.
@@ -167,31 +223,193 @@ module SDM #:nodoc:
167
223
  #
168
224
  # See {Nodes}.
169
225
  attr_reader :nodes
226
+ # NodesHistory records all changes to the state of a Node.
227
+ #
228
+ # See {NodesHistory}.
229
+ attr_reader :nodes_history
230
+ # OrganizationHistory records all changes to the state of an Organization.
231
+ #
232
+ # See {OrganizationHistory}.
233
+ attr_reader :organization_history
234
+ # A Query is a record of a single client request to a resource, such as an SQL query.
235
+ # Long-running SSH, RDP, or Kubernetes interactive sessions also count as queries.
236
+ # The Queries service is read-only.
237
+ #
238
+ # See {Queries}.
239
+ attr_reader :queries
170
240
  # RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
171
241
  #
172
242
  # See {RemoteIdentities}.
173
243
  attr_reader :remote_identities
244
+ # RemoteIdentitiesHistory records all changes to the state of a RemoteIdentity.
245
+ #
246
+ # See {RemoteIdentitiesHistory}.
247
+ attr_reader :remote_identities_history
174
248
  # A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
175
249
  # An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
176
250
  #
177
251
  # See {RemoteIdentityGroups}.
178
252
  attr_reader :remote_identity_groups
253
+ # RemoteIdentityGroupsHistory records all changes to the state of a RemoteIdentityGroup.
254
+ #
255
+ # See {RemoteIdentityGroupsHistory}.
256
+ attr_reader :remote_identity_groups_history
257
+ # A Replay captures the data transferred over a long-running SSH, RDP, or Kubernetes interactive session
258
+ # (otherwise referred to as a query). The Replays service is read-only.
259
+ #
260
+ # See {Replays}.
261
+ attr_reader :replays
179
262
  # Resources are databases, servers, clusters, websites, or clouds that strongDM
180
263
  # delegates access to.
181
264
  #
182
265
  # See {Resources}.
183
266
  attr_reader :resources
267
+ # ResourcesHistory records all changes to the state of a Resource.
268
+ #
269
+ # See {ResourcesHistory}.
270
+ attr_reader :resources_history
271
+ # RoleResources enumerates the resources to which roles have access.
272
+ # The RoleResources service is read-only.
273
+ #
274
+ # See {RoleResources}.
275
+ attr_reader :role_resources
276
+ # RoleResourcesHistory records all changes to the state of a RoleResource.
277
+ #
278
+ # See {RoleResourcesHistory}.
279
+ attr_reader :role_resources_history
184
280
  # A Role has a list of access rules which determine which Resources the members
185
281
  # of the Role have access to. An Account can be a member of multiple Roles via
186
282
  # AccountAttachments.
187
283
  #
188
284
  # See {Roles}.
189
285
  attr_reader :roles
286
+ # RolesHistory records all changes to the state of a Role.
287
+ #
288
+ # See {RolesHistory}.
289
+ attr_reader :roles_history
190
290
  # SecretStores are servers where resource secrets (passwords, keys) are stored.
191
291
  #
192
292
  # See {SecretStores}.
193
293
  attr_reader :secret_stores
294
+ # SecretStoresHistory records all changes to the state of a SecretStore.
295
+ #
296
+ # See {SecretStoresHistory}.
297
+ attr_reader :secret_stores_history
194
298
  # @private
195
299
  attr_reader :_test_options
300
+
301
+ protected
302
+
303
+ attr_writer :snapshot_time
304
+
305
+ private
306
+
307
+ def initialize_copy(other)
308
+ @account_attachments = AccountAttachments.new(@channel, self)
309
+ @account_attachments_history = AccountAttachmentsHistory.new(@channel, self)
310
+ @account_grants = AccountGrants.new(@channel, self)
311
+ @account_grants_history = AccountGrantsHistory.new(@channel, self)
312
+ @account_permissions = AccountPermissions.new(@channel, self)
313
+ @account_resources = AccountResources.new(@channel, self)
314
+ @accounts = Accounts.new(@channel, self)
315
+ @accounts_history = AccountsHistory.new(@channel, self)
316
+ @activities = Activities.new(@channel, self)
317
+ @control_panel = ControlPanel.new(@channel, self)
318
+ @nodes = Nodes.new(@channel, self)
319
+ @nodes_history = NodesHistory.new(@channel, self)
320
+ @organization_history = OrganizationHistory.new(@channel, self)
321
+ @queries = Queries.new(@channel, self)
322
+ @remote_identities = RemoteIdentities.new(@channel, self)
323
+ @remote_identities_history = RemoteIdentitiesHistory.new(@channel, self)
324
+ @remote_identity_groups = RemoteIdentityGroups.new(@channel, self)
325
+ @remote_identity_groups_history = RemoteIdentityGroupsHistory.new(@channel, self)
326
+ @replays = Replays.new(@channel, self)
327
+ @resources = Resources.new(@channel, self)
328
+ @resources_history = ResourcesHistory.new(@channel, self)
329
+ @role_resources = RoleResources.new(@channel, self)
330
+ @role_resources_history = RoleResourcesHistory.new(@channel, self)
331
+ @roles = Roles.new(@channel, self)
332
+ @roles_history = RolesHistory.new(@channel, self)
333
+ @secret_stores = SecretStores.new(@channel, self)
334
+ @secret_stores_history = SecretStoresHistory.new(@channel, self)
335
+ end
336
+ end
337
+
338
+ # SnapshotClient exposes methods to query historical records at a provided timestamp.
339
+ class SnapshotClient
340
+ def initialize(client)
341
+ @account_attachments = SnapshotAccountAttachments.new(client.account_attachments)
342
+ @account_grants = SnapshotAccountGrants.new(client.account_grants)
343
+ @account_permissions = SnapshotAccountPermissions.new(client.account_permissions)
344
+ @account_resources = SnapshotAccountResources.new(client.account_resources)
345
+ @accounts = SnapshotAccounts.new(client.accounts)
346
+ @nodes = SnapshotNodes.new(client.nodes)
347
+ @remote_identities = SnapshotRemoteIdentities.new(client.remote_identities)
348
+ @remote_identity_groups = SnapshotRemoteIdentityGroups.new(client.remote_identity_groups)
349
+ @resources = SnapshotResources.new(client.resources)
350
+ @role_resources = SnapshotRoleResources.new(client.role_resources)
351
+ @roles = SnapshotRoles.new(client.roles)
352
+ @secret_stores = SnapshotSecretStores.new(client.secret_stores)
353
+ end
354
+
355
+ # AccountAttachments assign an account to a role.
356
+ #
357
+ # See {SnapshotAccountAttachments}.
358
+ attr_reader :account_attachments
359
+ # AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
360
+ #
361
+ # See {SnapshotAccountGrants}.
362
+ attr_reader :account_grants
363
+ # AccountPermissions records the granular permissions accounts have, allowing them to execute
364
+ # relevant commands via StrongDM's APIs.
365
+ #
366
+ # See {SnapshotAccountPermissions}.
367
+ attr_reader :account_permissions
368
+ # AccountResources enumerates the resources to which accounts have access.
369
+ # The AccountResources service is read-only.
370
+ #
371
+ # See {SnapshotAccountResources}.
372
+ attr_reader :account_resources
373
+ # Accounts are users that have access to strongDM. There are two types of accounts:
374
+ # 1. **Users:** humans who are authenticated through username and password or SSO.
375
+ # 2. **Service Accounts:** machines that are authenticated using a service token.
376
+ #
377
+ # See {SnapshotAccounts}.
378
+ attr_reader :accounts
379
+ # Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
380
+ # - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
381
+ # - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
382
+ #
383
+ # See {SnapshotNodes}.
384
+ attr_reader :nodes
385
+ # RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
386
+ #
387
+ # See {SnapshotRemoteIdentities}.
388
+ attr_reader :remote_identities
389
+ # A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
390
+ # An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
391
+ #
392
+ # See {SnapshotRemoteIdentityGroups}.
393
+ attr_reader :remote_identity_groups
394
+ # Resources are databases, servers, clusters, websites, or clouds that strongDM
395
+ # delegates access to.
396
+ #
397
+ # See {SnapshotResources}.
398
+ attr_reader :resources
399
+ # RoleResources enumerates the resources to which roles have access.
400
+ # The RoleResources service is read-only.
401
+ #
402
+ # See {SnapshotRoleResources}.
403
+ attr_reader :role_resources
404
+ # A Role has a list of access rules which determine which Resources the members
405
+ # of the Role have access to. An Account can be a member of multiple Roles via
406
+ # AccountAttachments.
407
+ #
408
+ # See {SnapshotRoles}.
409
+ attr_reader :roles
410
+ # SecretStores are servers where resource secrets (passwords, keys) are stored.
411
+ #
412
+ # See {SnapshotSecretStores}.
413
+ attr_reader :secret_stores
196
414
  end
197
415
  end