strongdm 6.2.1 → 6.3.1

data/lib/grpc/secret_store_healths_services_pb.rb

@@ -0,0 +1,44 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: secret_store_healths.proto for package 'v1'
+
+require "grpc"
+require "secret_store_healths_pb"
+
+module V1
+  module SecretStoreHealths
+    # SecretStoreHealths exposes health states for secret stores.
+    class Service
+      include ::GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.SecretStoreHealths"
+
+      # List reports the health status of node to secret store pairs.
+      rpc :List, ::V1::SecretStoreHealthListRequest, ::V1::SecretStoreHealthListResponse
+      # Check pushes a healthcheck request for a secret store
+      # Deprecated: use Healthcheck instead
+      rpc :Check, ::V1::SecretStoreHealthCheckRequest, ::V1::SecretStoreHealthCheckResponse
+      # Healthcheck triggers a remote healthcheck request for a secret store. It may take minutes
+      # to propagate across a large network of Nodes. The call will return immediately, and the
+      # updated health of the Secret Store can be retrieved via List.
+      rpc :Healthcheck, ::V1::SecretStoreHealthcheckRequest, ::V1::SecretStoreHealthcheckResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/grpc/secret_store_types_pb.rb

@@ -32,8 +32,14 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :delinea, :message, 2900, "v1.DelineaStore"
         optional :gcp, :message, 201, "v1.GCPStore"
         optional :vault_app_role, :message, 4, "v1.VaultAppRoleStore"
+        optional :vault_app_role_cert_ssh, :message, 94, "v1.VaultAppRoleCertSSHStore"
+        optional :vault_app_role_cert_x_509, :message, 95, "v1.VaultAppRoleCertX509Store"
         optional :vault_tls, :message, 1, "v1.VaultTLSStore"
+        optional :vault_tls_cert_ssh, :message, 92, "v1.VaultTLSCertSSHStore"
+        optional :vault_tls_cert_x_509, :message, 93, "v1.VaultTLSCertX509Store"
         optional :vault_token, :message, 2, "v1.VaultTokenStore"
+        optional :vault_token_cert_ssh, :message, 90, "v1.VaultTokenCertSSHStore"
+        optional :vault_token_cert_x_509, :message, 91, "v1.VaultTokenCertX509Store"
       end
     end
     add_message "v1.AWSStore" do
@@ -86,6 +92,24 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :server_address, :string, 3
       optional :tags, :message, 8, "v1.Tags"
     end
+    add_message "v1.VaultAppRoleCertSSHStore" do
+      optional :id, :string, 1
+      optional :name, :string, 2
+      optional :namespace, :string, 5
+      optional :server_address, :string, 3
+      optional :signing_role, :string, 7
+      optional :ssh_mount_point, :string, 6
+      optional :tags, :message, 8, "v1.Tags"
+    end
+    add_message "v1.VaultAppRoleCertX509Store" do
+      optional :id, :string, 1
+      optional :name, :string, 2
+      optional :namespace, :string, 5
+      optional :pki_mount_point, :string, 6
+      optional :server_address, :string, 3
+      optional :signing_role, :string, 7
+      optional :tags, :message, 8, "v1.Tags"
+    end
     add_message "v1.VaultTLSStore" do
       optional :id, :string, 1
       optional :name, :string, 2
@@ -96,6 +120,30 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :server_address, :string, 3
       optional :tags, :message, 7, "v1.Tags"
     end
+    add_message "v1.VaultTLSCertSSHStore" do
+      optional :id, :string, 1
+      optional :name, :string, 2
+      optional :CA_cert_path, :string, 4
+      optional :client_cert_path, :string, 5
+      optional :client_key_path, :string, 6
+      optional :namespace, :string, 8
+      optional :server_address, :string, 3
+      optional :signing_role, :string, 10
+      optional :ssh_mount_point, :string, 9
+      optional :tags, :message, 7, "v1.Tags"
+    end
+    add_message "v1.VaultTLSCertX509Store" do
+      optional :id, :string, 1
+      optional :name, :string, 2
+      optional :CA_cert_path, :string, 4
+      optional :client_cert_path, :string, 5
+      optional :client_key_path, :string, 6
+      optional :namespace, :string, 8
+      optional :pki_mount_point, :string, 9
+      optional :server_address, :string, 3
+      optional :signing_role, :string, 10
+      optional :tags, :message, 7, "v1.Tags"
+    end
     add_message "v1.VaultTokenStore" do
       optional :id, :string, 1
       optional :name, :string, 2
@@ -103,6 +151,24 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :server_address, :string, 3
       optional :tags, :message, 4, "v1.Tags"
     end
+    add_message "v1.VaultTokenCertSSHStore" do
+      optional :id, :string, 1
+      optional :name, :string, 2
+      optional :namespace, :string, 5
+      optional :server_address, :string, 3
+      optional :signing_role, :string, 7
+      optional :ssh_mount_point, :string, 6
+      optional :tags, :message, 4, "v1.Tags"
+    end
+    add_message "v1.VaultTokenCertX509Store" do
+      optional :id, :string, 1
+      optional :name, :string, 2
+      optional :namespace, :string, 5
+      optional :pki_mount_point, :string, 6
+      optional :server_address, :string, 3
+      optional :signing_role, :string, 7
+      optional :tags, :message, 4, "v1.Tags"
+    end
   end
 end
 
@@ -116,6 +182,12 @@ module V1
   DelineaStore = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.DelineaStore").msgclass
   GCPStore = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GCPStore").msgclass
   VaultAppRoleStore = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultAppRoleStore").msgclass
+  VaultAppRoleCertSSHStore = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultAppRoleCertSSHStore").msgclass
+  VaultAppRoleCertX509Store = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultAppRoleCertX509Store").msgclass
   VaultTLSStore = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultTLSStore").msgclass
+  VaultTLSCertSSHStore = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultTLSCertSSHStore").msgclass
+  VaultTLSCertX509Store = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultTLSCertX509Store").msgclass
   VaultTokenStore = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultTokenStore").msgclass
+  VaultTokenCertSSHStore = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultTokenCertSSHStore").msgclass
+  VaultTokenCertX509Store = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.VaultTokenCertX509Store").msgclass
 end

data/lib/models/porcelain.rb

@@ -9076,6 +9076,94 @@ module SDM
     end
   end
 
+  # SecretStoreHealth denotes a secret store's health status. Note a secret store is not
+  # healthy in terms of a simple boolean, but rather healthy with respect to a particular node
+  # or set of nodes.
+  class SecretStoreHealth
+    # The time when the status last changed
+    attr_accessor :changed_at
+    # The time when the status was last checked by the node
+    attr_accessor :checked_at
+    # The error associated with this health check, if it occurred after reachability checks succeeded.
+    attr_accessor :error
+    # Any specific status or error flags associated with this health check.
+    attr_accessor :flags
+    # Associated node id for this health
+    attr_accessor :node_id
+    # The error associated with this health check, if it occurred during reachability checks.
+    attr_accessor :reachability
+    # Associated secret store for this health
+    attr_accessor :secret_store_id
+    # The status of the link between the node and secret store
+    attr_accessor :status
+
+    def initialize(
+      changed_at: nil,
+      checked_at: nil,
+      error: nil,
+      flags: nil,
+      node_id: nil,
+      reachability: nil,
+      secret_store_id: nil,
+      status: nil
+    )
+      @changed_at = changed_at == nil ? nil : changed_at
+      @checked_at = checked_at == nil ? nil : checked_at
+      @error = error == nil ? "" : error
+      @flags = flags == nil ? [] : flags
+      @node_id = node_id == nil ? "" : node_id
+      @reachability = reachability == nil ? "" : reachability
+      @secret_store_id = secret_store_id == nil ? "" : secret_store_id
+      @status = status == nil ? "" : status
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  class SecretStoreHealthListResponse
+    # Rate limit information.
+    attr_accessor :rate_limit
+
+    def initialize(
+      rate_limit: nil
+    )
+      @rate_limit = rate_limit == nil ? nil : rate_limit
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  class SecretStoreHealthcheckResponse
+    # Rate limit information.
+    attr_accessor :rate_limit
+
+    def initialize(
+      rate_limit: nil
+    )
+      @rate_limit = rate_limit == nil ? nil : rate_limit
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   # SecretStoreHistory records the state of a SecretStore at a given point in time,
   # where every change (create, update and delete) to a SecretStore produces an
   # SecretStoreHistory record.
@@ -9745,6 +9833,94 @@ module SDM
     end
   end
 
+  # VaultAppRoleCertSSHStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class VaultAppRoleCertSSHStore
+    # Unique identifier of the SecretStore.
+    attr_accessor :id
+    # Unique human-readable name of the SecretStore.
+    attr_accessor :name
+    # The namespace to make requests within
+    attr_accessor :namespace
+    # The URL of the Vault to target
+    attr_accessor :server_address
+    # The signing role to be used for signing certificates
+    attr_accessor :signing_role
+    # The mount point of the SSH engine configured with the desired CA
+    attr_accessor :ssh_mount_point
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+
+    def initialize(
+      id: nil,
+      name: nil,
+      namespace: nil,
+      server_address: nil,
+      signing_role: nil,
+      ssh_mount_point: nil,
+      tags: nil
+    )
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @namespace = namespace == nil ? "" : namespace
+      @server_address = server_address == nil ? "" : server_address
+      @signing_role = signing_role == nil ? "" : signing_role
+      @ssh_mount_point = ssh_mount_point == nil ? "" : ssh_mount_point
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # VaultAppRoleCertX509Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class VaultAppRoleCertX509Store
+    # Unique identifier of the SecretStore.
+    attr_accessor :id
+    # Unique human-readable name of the SecretStore.
+    attr_accessor :name
+    # The namespace to make requests within
+    attr_accessor :namespace
+    # The mount point of the PKI engine configured with the desired CA
+    attr_accessor :pki_mount_point
+    # The URL of the Vault to target
+    attr_accessor :server_address
+    # The signing role to be used for signing certificates
+    attr_accessor :signing_role
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+
+    def initialize(
+      id: nil,
+      name: nil,
+      namespace: nil,
+      pki_mount_point: nil,
+      server_address: nil,
+      signing_role: nil,
+      tags: nil
+    )
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @namespace = namespace == nil ? "" : namespace
+      @pki_mount_point = pki_mount_point == nil ? "" : pki_mount_point
+      @server_address = server_address == nil ? "" : server_address
+      @signing_role = signing_role == nil ? "" : signing_role
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class VaultAppRoleStore
     # Unique identifier of the SecretStore.
     attr_accessor :id
@@ -9780,6 +9956,118 @@ module SDM
     end
   end
 
+  # VaultTLSCertSSHStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class VaultTLSCertSSHStore
+    # A path to a CA file accessible by a Node
+    attr_accessor :ca_cert_path
+    # A path to a client certificate file accessible by a Node
+    attr_accessor :client_cert_path
+    # A path to a client key file accessible by a Node
+    attr_accessor :client_key_path
+    # Unique identifier of the SecretStore.
+    attr_accessor :id
+    # Unique human-readable name of the SecretStore.
+    attr_accessor :name
+    # The namespace to make requests within
+    attr_accessor :namespace
+    # The URL of the Vault to target
+    attr_accessor :server_address
+    # The signing role to be used for signing certificates
+    attr_accessor :signing_role
+    # The mount point of the SSH engine configured with the desired CA
+    attr_accessor :ssh_mount_point
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+
+    def initialize(
+      ca_cert_path: nil,
+      client_cert_path: nil,
+      client_key_path: nil,
+      id: nil,
+      name: nil,
+      namespace: nil,
+      server_address: nil,
+      signing_role: nil,
+      ssh_mount_point: nil,
+      tags: nil
+    )
+      @ca_cert_path = ca_cert_path == nil ? "" : ca_cert_path
+      @client_cert_path = client_cert_path == nil ? "" : client_cert_path
+      @client_key_path = client_key_path == nil ? "" : client_key_path
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @namespace = namespace == nil ? "" : namespace
+      @server_address = server_address == nil ? "" : server_address
+      @signing_role = signing_role == nil ? "" : signing_role
+      @ssh_mount_point = ssh_mount_point == nil ? "" : ssh_mount_point
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # VaultTLSCertX509Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class VaultTLSCertX509Store
+    # A path to a CA file accessible by a Node
+    attr_accessor :ca_cert_path
+    # A path to a client certificate file accessible by a Node
+    attr_accessor :client_cert_path
+    # A path to a client key file accessible by a Node
+    attr_accessor :client_key_path
+    # Unique identifier of the SecretStore.
+    attr_accessor :id
+    # Unique human-readable name of the SecretStore.
+    attr_accessor :name
+    # The namespace to make requests within
+    attr_accessor :namespace
+    # The mount point of the PKI engine configured with the desired CA
+    attr_accessor :pki_mount_point
+    # The URL of the Vault to target
+    attr_accessor :server_address
+    # The signing role to be used for signing certificates
+    attr_accessor :signing_role
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+
+    def initialize(
+      ca_cert_path: nil,
+      client_cert_path: nil,
+      client_key_path: nil,
+      id: nil,
+      name: nil,
+      namespace: nil,
+      pki_mount_point: nil,
+      server_address: nil,
+      signing_role: nil,
+      tags: nil
+    )
+      @ca_cert_path = ca_cert_path == nil ? "" : ca_cert_path
+      @client_cert_path = client_cert_path == nil ? "" : client_cert_path
+      @client_key_path = client_key_path == nil ? "" : client_key_path
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @namespace = namespace == nil ? "" : namespace
+      @pki_mount_point = pki_mount_point == nil ? "" : pki_mount_point
+      @server_address = server_address == nil ? "" : server_address
+      @signing_role = signing_role == nil ? "" : signing_role
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class VaultTLSStore
     # A path to a CA file accessible by a Node
     attr_accessor :ca_cert_path
@@ -9827,6 +10115,94 @@ module SDM
     end
   end
 
+  # VaultTokenCertSSHStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class VaultTokenCertSSHStore
+    # Unique identifier of the SecretStore.
+    attr_accessor :id
+    # Unique human-readable name of the SecretStore.
+    attr_accessor :name
+    # The namespace to make requests within
+    attr_accessor :namespace
+    # The URL of the Vault to target
+    attr_accessor :server_address
+    # The signing role to be used for signing certificates
+    attr_accessor :signing_role
+    # The mount point of the SSH engine configured with the desired CA
+    attr_accessor :ssh_mount_point
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+
+    def initialize(
+      id: nil,
+      name: nil,
+      namespace: nil,
+      server_address: nil,
+      signing_role: nil,
+      ssh_mount_point: nil,
+      tags: nil
+    )
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @namespace = namespace == nil ? "" : namespace
+      @server_address = server_address == nil ? "" : server_address
+      @signing_role = signing_role == nil ? "" : signing_role
+      @ssh_mount_point = ssh_mount_point == nil ? "" : ssh_mount_point
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # VaultTokenCertX509Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class VaultTokenCertX509Store
+    # Unique identifier of the SecretStore.
+    attr_accessor :id
+    # Unique human-readable name of the SecretStore.
+    attr_accessor :name
+    # The namespace to make requests within
+    attr_accessor :namespace
+    # The mount point of the PKI engine configured with the desired CA
+    attr_accessor :pki_mount_point
+    # The URL of the Vault to target
+    attr_accessor :server_address
+    # The signing role to be used for signing certificates
+    attr_accessor :signing_role
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+
+    def initialize(
+      id: nil,
+      name: nil,
+      namespace: nil,
+      pki_mount_point: nil,
+      server_address: nil,
+      signing_role: nil,
+      tags: nil
+    )
+      @id = id == nil ? "" : id
+      @name = name == nil ? "" : name
+      @namespace = namespace == nil ? "" : namespace
+      @pki_mount_point = pki_mount_point == nil ? "" : pki_mount_point
+      @server_address = server_address == nil ? "" : server_address
+      @signing_role = signing_role == nil ? "" : signing_role
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class VaultTokenStore
     # Unique identifier of the SecretStore.
     attr_accessor :id

data/lib/strongdm.rb

@@ -29,7 +29,7 @@ module SDM #:nodoc:
     DEFAULT_BASE_RETRY_DELAY = 0.0030 # 30 ms
     DEFAULT_MAX_RETRY_DELAY = 300 # 300 seconds
     API_VERSION = "2021-08-23"
-    USER_AGENT = "strongdm-sdk-ruby/6.2.1"
+    USER_AGENT = "strongdm-sdk-ruby/6.3.1"
     private_constant :DEFAULT_MAX_RETRIES, :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :API_VERSION, :USER_AGENT
 
     # Creates a new strongDM API client.
@@ -88,6 +88,7 @@ module SDM #:nodoc:
       @role_resources_history = RoleResourcesHistory.new(@channel, self)
       @roles = Roles.new(@channel, self)
       @roles_history = RolesHistory.new(@channel, self)
+      @secret_store_healths = SecretStoreHealths.new(@channel, self)
       @secret_stores = SecretStores.new(@channel, self)
       @secret_stores_history = SecretStoresHistory.new(@channel, self)
       @workflow_approvers = WorkflowApprovers.new(@channel, self)
@@ -336,6 +337,10 @@ module SDM #:nodoc:
     #
     # See {RolesHistory}.
     attr_reader :roles_history
+    # SecretStoreHealths exposes health states for secret stores.
+    #
+    # See {SecretStoreHealths}.
+    attr_reader :secret_store_healths
     # SecretStores are servers where resource secrets (passwords, keys) are stored.
     #
     # See {SecretStores}.
@@ -421,6 +426,7 @@ module SDM #:nodoc:
       @role_resources_history = RoleResourcesHistory.new(@channel, self)
       @roles = Roles.new(@channel, self)
       @roles_history = RolesHistory.new(@channel, self)
+      @secret_store_healths = SecretStoreHealths.new(@channel, self)
       @secret_stores = SecretStores.new(@channel, self)
       @secret_stores_history = SecretStoresHistory.new(@channel, self)
       @workflow_approvers = WorkflowApprovers.new(@channel, self)

data/lib/svc.rb

@@ -3667,6 +3667,91 @@ module SDM #:nodoc:
     end
   end
 
+  # SecretStoreHealths exposes health states for secret stores.
+  #
+  # See {SecretStoreHealth}.
+  class SecretStoreHealths
+    extend Gem::Deprecate
+
+    def initialize(channel, parent)
+      begin
+        @stub = V1::SecretStoreHealths::Stub.new(nil, nil, channel_override: channel)
+      rescue => exception
+        raise Plumbing::convert_error_to_porcelain(exception)
+      end
+      @parent = parent
+    end
+
+    # List reports the health status of node to secret store pairs.
+    def list(
+      filter,
+      *args,
+      deadline: nil
+    )
+      req = V1::SecretStoreHealthListRequest.new()
+      req.meta = V1::ListRequestMetadata.new()
+      if @parent.page_limit > 0
+        req.meta.limit = @parent.page_limit
+      end
+      if not @parent.snapshot_time.nil?
+        req.meta.snapshot_at = @parent.snapshot_time
+      end
+
+      req.filter = Plumbing::quote_filter_args(filter, *args)
+      resp = Enumerator::Generator.new { |g|
+        tries = 0
+        loop do
+          begin
+            plumbing_response = @stub.list(req, metadata: @parent.get_metadata("SecretStoreHealths.List", req), deadline: deadline)
+          rescue => exception
+            if (@parent.shouldRetry(tries, exception))
+              tries + +@parent.jitterSleep(tries)
+              next
+            end
+            raise Plumbing::convert_error_to_porcelain(exception)
+          end
+          tries = 0
+          plumbing_response.secret_store_healths.each do |plumbing_item|
+            g.yield Plumbing::convert_secret_store_health_to_porcelain(plumbing_item)
+          end
+          break if plumbing_response.meta.next_cursor == ""
+          req.meta.cursor = plumbing_response.meta.next_cursor
+        end
+      }
+      resp
+    end
+
+    # Healthcheck triggers a remote healthcheck request for a secret store. It may take minutes
+    # to propagate across a large network of Nodes. The call will return immediately, and the
+    # updated health of the Secret Store can be retrieved via List.
+    def healthcheck(
+      secret_store_id,
+      deadline: nil
+    )
+      req = V1::SecretStoreHealthcheckRequest.new()
+
+      req.secret_store_id = (secret_store_id)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.healthcheck(req, metadata: @parent.get_metadata("SecretStoreHealths.Healthcheck", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception))
+            tries + +@parent.jitterSleep(tries)
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      resp = SecretStoreHealthcheckResponse.new()
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+  end
+
   # SecretStores are servers where resource secrets (passwords, keys) are stored.
   #
   # See:
@@ -3678,8 +3763,14 @@ module SDM #:nodoc:
   # {DelineaStore}
   # {GCPStore}
   # {VaultAppRoleStore}
+  # {VaultAppRoleCertSSHStore}
+  # {VaultAppRoleCertX509Store}
   # {VaultTLSStore}
+  # {VaultTLSCertSSHStore}
+  # {VaultTLSCertX509Store}
   # {VaultTokenStore}
+  # {VaultTokenCertSSHStore}
+  # {VaultTokenCertX509Store}
   class SecretStores
     extend Gem::Deprecate