strongdm 4.3.0 → 4.4.0

data/lib/models/porcelain.rb

@@ -653,6 +653,170 @@ module SDM
     end
   end
 
+  # AccessRequests are requests for access to a resource that may match a Workflow.
+  class AccessRequest
+    # The account that initiated the request.
+    attr_accessor :account_id
+    # The account grant created, if it exists.
+    attr_accessor :grant_id
+    # The access request id.
+    attr_accessor :id
+    # The reason the access was requested.
+    attr_accessor :reason
+    # The resource id.
+    attr_accessor :resource_id
+    # The timestamp when the requested access will be granted.
+    # If this field is not specified it will default to the current time.
+    attr_accessor :start_from
+    # The status of the access request.
+    attr_accessor :status
+    # The timestamp when the status changed.
+    attr_accessor :status_at
+    # The timestamp when the requested access will expire.
+    attr_accessor :valid_until
+    # The workflow the request bound to.
+    attr_accessor :workflow_id
+
+    def initialize(
+      account_id: nil,
+      grant_id: nil,
+      id: nil,
+      reason: nil,
+      resource_id: nil,
+      start_from: nil,
+      status: nil,
+      status_at: nil,
+      valid_until: nil,
+      workflow_id: nil
+    )
+      @account_id = account_id == nil ? "" : account_id
+      @grant_id = grant_id == nil ? "" : grant_id
+      @id = id == nil ? "" : id
+      @reason = reason == nil ? "" : reason
+      @resource_id = resource_id == nil ? "" : resource_id
+      @start_from = start_from == nil ? nil : start_from
+      @status = status == nil ? "" : status
+      @status_at = status_at == nil ? nil : status_at
+      @valid_until = valid_until == nil ? nil : valid_until
+      @workflow_id = workflow_id == nil ? "" : workflow_id
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # AccessRequestEvents hold information about events related to an access
+  # request such as creation, approval and denial.
+  class AccessRequestEvent
+    # The account responsible for the event.
+    attr_accessor :actor_id
+    # The access request event id.
+    attr_accessor :id
+    # The metadata about the event
+    attr_accessor :metadata
+    # The request that the event is bound to.
+    attr_accessor :request_id
+    # The type of event.
+    attr_accessor :type
+
+    def initialize(
+      actor_id: nil,
+      id: nil,
+      metadata: nil,
+      request_id: nil,
+      type: nil
+    )
+      @actor_id = actor_id == nil ? "" : actor_id
+      @id = id == nil ? "" : id
+      @metadata = metadata == nil ? "" : metadata
+      @request_id = request_id == nil ? "" : request_id
+      @type = type == nil ? "" : type
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # AccessRequestEventHistory records the state of a AccessRequest at a given point in time,
+  # where every change (create, update and delete) to a AccessRequest produces an
+  # AccessRequestEventHistory record.
+  class AccessRequestEventHistory
+    # The complete AccessRequestEvent state at this time.
+    attr_accessor :access_request_event
+    # The unique identifier of the Activity that produced this change to the AccessRequest.
+    # May be empty for some system-initiated updates.
+    attr_accessor :activity_id
+    # If this Workflow was deleted, the time it was deleted.
+    attr_accessor :deleted_at
+    # The time at which the AccessRequest state was recorded.
+    attr_accessor :timestamp
+
+    def initialize(
+      access_request_event: nil,
+      activity_id: nil,
+      deleted_at: nil,
+      timestamp: nil
+    )
+      @access_request_event = access_request_event == nil ? nil : access_request_event
+      @activity_id = activity_id == nil ? "" : activity_id
+      @deleted_at = deleted_at == nil ? nil : deleted_at
+      @timestamp = timestamp == nil ? nil : timestamp
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # AccessRequestHistory records the state of a AccessRequest at a given point in time,
+  # where every change (create, update and delete) to a AccessRequest produces an
+  # AccessRequestHistory record.
+  class AccessRequestHistory
+    # The complete AccessRequest state at this time.
+    attr_accessor :access_request
+    # The unique identifier of the Activity that produced this change to the AccessRequest.
+    # May be empty for some system-initiated updates.
+    attr_accessor :activity_id
+    # If this Workflow was deleted, the time it was deleted.
+    attr_accessor :deleted_at
+    # The time at which the AccessRequest state was recorded.
+    attr_accessor :timestamp
+
+    def initialize(
+      access_request: nil,
+      activity_id: nil,
+      deleted_at: nil,
+      timestamp: nil
+    )
+      @access_request = access_request == nil ? nil : access_request
+      @activity_id = activity_id == nil ? "" : activity_id
+      @deleted_at = deleted_at == nil ? nil : deleted_at
+      @timestamp = timestamp == nil ? nil : timestamp
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   # AccountAttachments assign an account to a role.
   class AccountAttachment
     # The id of the account of this AccountAttachment.
@@ -9332,6 +9496,266 @@ module SDM
     end
   end
 
+  # Workflows are the collection of rules that define the resources to which access can be requested,
+  # the users that can request that access, and the mechanism for approving those requests which can either
+  # but automatic approval or a set of users authorized to approve the requests.
+  class Workflow
+    # AccessRules is a list of access rules defining the resources this Workflow provides access to.
+    attr_accessor :access_rules
+    # Optional auto grant setting to automatically approve requests or not, defaults to false.
+    attr_accessor :auto_grant
+    # Optional description of the Workflow.
+    attr_accessor :description
+    # Optional enabled state for workflow. This setting may be overridden by the system if
+    # the workflow doesn't meet the requirements to be enabled or if other conditions prevent
+    # enabling the workflow.
+    attr_accessor :enabled
+    # Unique identifier of the Workflow.
+    attr_accessor :id
+    # Unique human-readable name of the Workflow.
+    attr_accessor :name
+    # Optional weight for workflow to specify it's priority in matching a request.
+    attr_accessor :weight
+
+    def initialize(
+      access_rules: nil,
+      auto_grant: nil,
+      description: nil,
+      enabled: nil,
+      id: nil,
+      name: nil,
+      weight: nil
+    )
+      @access_rules = access_rules == nil ? SDM::_porcelain_zero_value_access_rules() : access_rules
+      @auto_grant = auto_grant == nil ? false : auto_grant
+      @description = description == nil ? "" : description
+      @enabled = enabled == nil ? false : enabled
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @weight = weight == nil ? 0 : weight
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # WorkflowApprover is an account with the ability to approve requests bound to a workflow.
+  class WorkflowApprover
+    # The approver id.
+    attr_accessor :approver_id
+    # The workflow id.
+    attr_accessor :workflow_id
+
+    def initialize(
+      approver_id: nil,
+      workflow_id: nil
+    )
+      @approver_id = approver_id == nil ? "" : approver_id
+      @workflow_id = workflow_id == nil ? "" : workflow_id
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # WorkflowApproverHistory records the state of a WorkflowApprover at a given point in time,
+  # where every change (create, update and delete) to a WorkflowApprover produces an
+  # WorkflowApproverHistory record.
+  class WorkflowApproverHistory
+    # The unique identifier of the Activity that produced this change to the Workflow.
+    # May be empty for some system-initiated updates.
+    attr_accessor :activity_id
+    # If this Workflow was deleted, the time it was deleted.
+    attr_accessor :deleted_at
+    # The time at which the Workflow state was recorded.
+    attr_accessor :timestamp
+    # The complete WorkflowApprover state at this time.
+    attr_accessor :workflow_approver
+
+    def initialize(
+      activity_id: nil,
+      deleted_at: nil,
+      timestamp: nil,
+      workflow_approver: nil
+    )
+      @activity_id = activity_id == nil ? "" : activity_id
+      @deleted_at = deleted_at == nil ? nil : deleted_at
+      @timestamp = timestamp == nil ? nil : timestamp
+      @workflow_approver = workflow_approver == nil ? nil : workflow_approver
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # WorkflowAssignment links a Resource to a Workflow.
+  class WorkflowAssignment
+    # The resource id.
+    attr_accessor :resource_id
+    # The workflow id.
+    attr_accessor :workflow_id
+
+    def initialize(
+      resource_id: nil,
+      workflow_id: nil
+    )
+      @resource_id = resource_id == nil ? "" : resource_id
+      @workflow_id = workflow_id == nil ? "" : workflow_id
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # WorkflowAssignmentHistory records the state of a WorkflowAssignment at a given point in time,
+  # where every change (create, update and delete) to a WorkflowAssignment produces an
+  # WorkflowAssignmentHistory record.
+  class WorkflowAssignmentHistory
+    # The unique identifier of the Activity that produced this change to the Workflow.
+    # May be empty for some system-initiated updates.
+    attr_accessor :activity_id
+    # If this Workflow was deleted, the time it was deleted.
+    attr_accessor :deleted_at
+    # The time at which the Workflow state was recorded.
+    attr_accessor :timestamp
+    # The complete WorkflowAssignment state at this time.
+    attr_accessor :workflow_assignment
+
+    def initialize(
+      activity_id: nil,
+      deleted_at: nil,
+      timestamp: nil,
+      workflow_assignment: nil
+    )
+      @activity_id = activity_id == nil ? "" : activity_id
+      @deleted_at = deleted_at == nil ? nil : deleted_at
+      @timestamp = timestamp == nil ? nil : timestamp
+      @workflow_assignment = workflow_assignment == nil ? nil : workflow_assignment
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # WorkflowHistory records the state of a Workflow at a given point in time,
+  # where every change (create, update and delete) to a Workflow produces an
+  # WorkflowHistory record.
+  class WorkflowHistory
+    # The unique identifier of the Activity that produced this change to the Workflow.
+    # May be empty for some system-initiated updates.
+    attr_accessor :activity_id
+    # If this Workflow was deleted, the time it was deleted.
+    attr_accessor :deleted_at
+    # The time at which the Workflow state was recorded.
+    attr_accessor :timestamp
+    # The complete Workflow state at this time.
+    attr_accessor :workflow
+
+    def initialize(
+      activity_id: nil,
+      deleted_at: nil,
+      timestamp: nil,
+      workflow: nil
+    )
+      @activity_id = activity_id == nil ? "" : activity_id
+      @deleted_at = deleted_at == nil ? nil : deleted_at
+      @timestamp = timestamp == nil ? nil : timestamp
+      @workflow = workflow == nil ? nil : workflow
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # WorkflowRole links a Role to a Workflow.
+  class WorkflowRole
+    # The role id.
+    attr_accessor :role_id
+    # The workflow id.
+    attr_accessor :workflow_id
+
+    def initialize(
+      role_id: nil,
+      workflow_id: nil
+    )
+      @role_id = role_id == nil ? "" : role_id
+      @workflow_id = workflow_id == nil ? "" : workflow_id
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # WorkflowRolesHistory records the state of a Workflow at a given point in time,
+  # where every change (create, update and delete) to a WorkflowRole produces a
+  # WorkflowRoleHistory record.
+  class WorkflowRoleHistory
+    # The unique identifier of the Activity that produced this change to the Workflow.
+    # May be empty for some system-initiated updates.
+    attr_accessor :activity_id
+    # If this WorkflowRole was deleted, the time it was deleted.
+    attr_accessor :deleted_at
+    # The time at which the Workflow state was recorded.
+    attr_accessor :timestamp
+    # The complete WorkflowRole state at this time.
+    attr_accessor :workflow_role
+
+    def initialize(
+      activity_id: nil,
+      deleted_at: nil,
+      timestamp: nil,
+      workflow_role: nil
+    )
+      @activity_id = activity_id == nil ? "" : activity_id
+      @deleted_at = deleted_at == nil ? nil : deleted_at
+      @timestamp = timestamp == nil ? nil : timestamp
+      @workflow_role = workflow_role == nil ? nil : workflow_role
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   # @private
   def self._porcelain_zero_value_tags()
     {}

data/lib/strongdm.rb

@@ -29,7 +29,7 @@ module SDM #:nodoc:
     DEFAULT_BASE_RETRY_DELAY = 0.0030 # 30 ms
     DEFAULT_MAX_RETRY_DELAY = 300 # 300 seconds
     API_VERSION = "2021-08-23"
-    USER_AGENT = "strongdm-sdk-ruby/4.3.0"
+    USER_AGENT = "strongdm-sdk-ruby/4.4.0"
     private_constant :DEFAULT_MAX_RETRIES, :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :API_VERSION, :USER_AGENT
 
     # Creates a new strongDM API client.
@@ -54,6 +54,9 @@ module SDM #:nodoc:
       rescue => exception
         raise Plumbing::convert_error_to_porcelain(exception)
       end
+      @access_requests = AccessRequests.new(@channel, self)
+      @access_request_events_history = AccessRequestEventsHistory.new(@channel, self)
+      @access_requests_history = AccessRequestsHistory.new(@channel, self)
       @account_attachments = AccountAttachments.new(@channel, self)
       @account_attachments_history = AccountAttachmentsHistory.new(@channel, self)
       @account_grants = AccountGrants.new(@channel, self)
@@ -86,6 +89,11 @@ module SDM #:nodoc:
       @roles_history = RolesHistory.new(@channel, self)
       @secret_stores = SecretStores.new(@channel, self)
       @secret_stores_history = SecretStoresHistory.new(@channel, self)
+      @workflows = Workflows.new(@channel, self)
+      @workflow_approvers_history = WorkflowApproversHistory.new(@channel, self)
+      @workflow_assignments_history = WorkflowAssignmentsHistory.new(@channel, self)
+      @workflow_roles_history = WorkflowRolesHistory.new(@channel, self)
+      @workflows_history = WorkflowsHistory.new(@channel, self)
       @_test_options = Hash.new
     end
 
@@ -176,6 +184,18 @@ module SDM #:nodoc:
     attr_reader :api_access_key
     # Optional timestamp at which to provide historical data
     attr_reader :snapshot_time
+    # AccessRequests are requests for access to a resource that may match a Workflow.
+    #
+    # See {AccessRequests}.
+    attr_reader :access_requests
+    # AccessRequestEventsHistory provides records of all changes to the state of an AccessRequest.
+    #
+    # See {AccessRequestEventsHistory}.
+    attr_reader :access_request_events_history
+    # AccessRequestsHistory provides records of all changes to the state of an AccessRequest.
+    #
+    # See {AccessRequestsHistory}.
+    attr_reader :access_requests_history
     # AccountAttachments assign an account to a role.
     #
     # See {AccountAttachments}.
@@ -320,6 +340,28 @@ module SDM #:nodoc:
     #
     # See {SecretStoresHistory}.
     attr_reader :secret_stores_history
+    # Workflows are the collection of rules that define the resources to which access can be requested,
+    # the users that can request that access, and the mechanism for approving those requests which can either
+    # but automatic approval or a set of users authorized to approve the requests.
+    #
+    # See {Workflows}.
+    attr_reader :workflows
+    # WorkflowApproversHistory provides records of all changes to the state of a WorkflowApprover.
+    #
+    # See {WorkflowApproversHistory}.
+    attr_reader :workflow_approvers_history
+    # WorkflowAssignmentsHistory provides records of all changes to the state of a WorkflowAssignment.
+    #
+    # See {WorkflowAssignmentsHistory}.
+    attr_reader :workflow_assignments_history
+    # WorkflowRolesHistory provides records of all changes to the state of a WorkflowRole
+    #
+    # See {WorkflowRolesHistory}.
+    attr_reader :workflow_roles_history
+    # WorkflowsHistory provides records of all changes to the state of a Workflow.
+    #
+    # See {WorkflowsHistory}.
+    attr_reader :workflows_history
     # @private
     attr_reader :_test_options
 
@@ -330,6 +372,9 @@ module SDM #:nodoc:
     private
 
     def initialize_copy(other)
+      @access_requests = AccessRequests.new(@channel, self)
+      @access_request_events_history = AccessRequestEventsHistory.new(@channel, self)
+      @access_requests_history = AccessRequestsHistory.new(@channel, self)
       @account_attachments = AccountAttachments.new(@channel, self)
       @account_attachments_history = AccountAttachmentsHistory.new(@channel, self)
       @account_grants = AccountGrants.new(@channel, self)
@@ -362,12 +407,18 @@ module SDM #:nodoc:
       @roles_history = RolesHistory.new(@channel, self)
       @secret_stores = SecretStores.new(@channel, self)
       @secret_stores_history = SecretStoresHistory.new(@channel, self)
+      @workflows = Workflows.new(@channel, self)
+      @workflow_approvers_history = WorkflowApproversHistory.new(@channel, self)
+      @workflow_assignments_history = WorkflowAssignmentsHistory.new(@channel, self)
+      @workflow_roles_history = WorkflowRolesHistory.new(@channel, self)
+      @workflows_history = WorkflowsHistory.new(@channel, self)
     end
   end
 
   # SnapshotClient exposes methods to query historical records at a provided timestamp.
   class SnapshotClient
     def initialize(client)
+      @access_requests = SnapshotAccessRequests.new(client.access_requests)
       @account_attachments = SnapshotAccountAttachments.new(client.account_attachments)
       @account_grants = SnapshotAccountGrants.new(client.account_grants)
       @account_permissions = SnapshotAccountPermissions.new(client.account_permissions)
@@ -384,8 +435,13 @@ module SDM #:nodoc:
       @role_resources = SnapshotRoleResources.new(client.role_resources)
       @roles = SnapshotRoles.new(client.roles)
       @secret_stores = SnapshotSecretStores.new(client.secret_stores)
+      @workflows = SnapshotWorkflows.new(client.workflows)
     end
 
+    # AccessRequests are requests for access to a resource that may match a Workflow.
+    #
+    # See {SnapshotAccessRequests}.
+    attr_reader :access_requests
     # AccountAttachments assign an account to a role.
     #
     # See {SnapshotAccountAttachments}.
@@ -461,5 +517,11 @@ module SDM #:nodoc:
     #
     # See {SnapshotSecretStores}.
     attr_reader :secret_stores
+    # Workflows are the collection of rules that define the resources to which access can be requested,
+    # the users that can request that access, and the mechanism for approving those requests which can either
+    # but automatic approval or a set of users authorized to approve the requests.
+    #
+    # See {SnapshotWorkflows}.
+    attr_reader :workflows
   end
 end