strongdm 1.0.5 → 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/doc/Object.html +324 -1
- data/doc/SDM/AKS.html +2 -2
- data/doc/SDM/AKSBasicAuth.html +2 -2
- data/doc/SDM/AKSServiceAccount.html +2 -2
- data/doc/SDM/AccountAttachment.html +2 -2
- data/doc/SDM/AccountAttachmentCreateResponse.html +2 -2
- data/doc/SDM/AccountAttachmentDeleteResponse.html +2 -2
- data/doc/SDM/AccountAttachmentGetResponse.html +2 -2
- data/doc/SDM/AccountAttachments.html +4 -6
- data/doc/SDM/AccountCreateResponse.html +2 -2
- data/doc/SDM/AccountDeleteResponse.html +2 -2
- data/doc/SDM/AccountGetResponse.html +2 -2
- data/doc/SDM/AccountGrant.html +2 -2
- data/doc/SDM/AccountGrantCreateResponse.html +2 -2
- data/doc/SDM/AccountGrantDeleteResponse.html +2 -2
- data/doc/SDM/AccountGrantGetResponse.html +2 -2
- data/doc/SDM/AccountGrants.html +5 -5
- data/doc/SDM/AccountUpdateResponse.html +2 -2
- data/doc/SDM/Accounts.html +6 -6
- data/doc/SDM/AmazonEKS.html +2 -2
- data/doc/SDM/AmazonES.html +2 -2
- data/doc/SDM/Athena.html +2 -2
- data/doc/SDM/AuroraMysql.html +2 -2
- data/doc/SDM/AuroraPostgres.html +2 -2
- data/doc/SDM/BigQuery.html +2 -2
- data/doc/SDM/Cassandra.html +2 -2
- data/doc/SDM/Citus.html +2 -2
- data/doc/SDM/Clustrix.html +2 -2
- data/doc/SDM/Cockroach.html +2 -2
- data/doc/SDM/DB2.html +2 -2
- data/doc/SDM/Druid.html +2 -2
- data/doc/SDM/DynamoDB.html +2 -2
- data/doc/SDM/Elastic.html +2 -2
- data/doc/SDM/ElasticacheRedis.html +2 -2
- data/doc/SDM/Gateway.html +2 -2
- data/doc/SDM/GoogleGKE.html +2 -2
- data/doc/SDM/Greenplum.html +2 -2
- data/doc/SDM/HTTPAuth.html +2 -2
- data/doc/SDM/HTTPBasicAuth.html +2 -2
- data/doc/SDM/HTTPNoAuth.html +2 -2
- data/doc/SDM/Kubernetes.html +2 -2
- data/doc/SDM/KubernetesBasicAuth.html +2 -2
- data/doc/SDM/KubernetesServiceAccount.html +2 -2
- data/doc/SDM/Maria.html +2 -2
- data/doc/SDM/Memcached.html +2 -2
- data/doc/SDM/Memsql.html +2 -2
- data/doc/SDM/MongoHost.html +2 -2
- data/doc/SDM/MongoLegacyHost.html +2 -2
- data/doc/SDM/MongoLegacyReplicaset.html +2 -2
- data/doc/SDM/MongoReplicaSet.html +2 -2
- data/doc/SDM/Mysql.html +2 -2
- data/doc/SDM/NodeCreateResponse.html +2 -2
- data/doc/SDM/NodeDeleteResponse.html +2 -2
- data/doc/SDM/NodeGetResponse.html +2 -2
- data/doc/SDM/NodeUpdateResponse.html +2 -2
- data/doc/SDM/Nodes.html +6 -6
- data/doc/SDM/Oracle.html +2 -2
- data/doc/SDM/Plumbing.html +349 -509
- data/doc/SDM/Postgres.html +2 -2
- data/doc/SDM/Presto.html +2 -2
- data/doc/SDM/RDP.html +2 -2
- data/doc/SDM/Redis.html +2 -2
- data/doc/SDM/Redshift.html +2 -2
- data/doc/SDM/Relay.html +2 -2
- data/doc/SDM/ResourceCreateResponse.html +2 -2
- data/doc/SDM/ResourceDeleteResponse.html +2 -2
- data/doc/SDM/ResourceGetResponse.html +2 -2
- data/doc/SDM/ResourceUpdateResponse.html +2 -2
- data/doc/SDM/Resources.html +6 -6
- data/doc/SDM/Role.html +2 -2
- data/doc/SDM/RoleAttachment.html +2 -2
- data/doc/SDM/RoleAttachmentCreateResponse.html +2 -2
- data/doc/SDM/RoleAttachmentDeleteResponse.html +2 -2
- data/doc/SDM/RoleAttachmentGetResponse.html +2 -2
- data/doc/SDM/RoleAttachments.html +5 -5
- data/doc/SDM/RoleCreateResponse.html +2 -2
- data/doc/SDM/RoleDeleteResponse.html +2 -2
- data/doc/SDM/RoleGetResponse.html +2 -2
- data/doc/SDM/RoleGrant.html +2 -2
- data/doc/SDM/RoleGrantCreateResponse.html +2 -2
- data/doc/SDM/RoleGrantDeleteResponse.html +2 -2
- data/doc/SDM/RoleGrantGetResponse.html +2 -2
- data/doc/SDM/RoleGrants.html +5 -5
- data/doc/SDM/RoleUpdateResponse.html +2 -2
- data/doc/SDM/Roles.html +6 -6
- data/doc/SDM/SQLServer.html +2 -2
- data/doc/SDM/SSH.html +2 -2
- data/doc/SDM/SSHCert.html +2 -2
- data/doc/SDM/Service.html +2 -2
- data/doc/SDM/Snowflake.html +2 -2
- data/doc/SDM/Sybase.html +2 -2
- data/doc/SDM/SybaseIQ.html +2 -2
- data/doc/SDM/Teradata.html +2 -2
- data/doc/SDM/User.html +2 -2
- data/doc/V1.html +0 -5
- data/doc/created.rid +38 -36
- data/doc/index.html +0 -2
- data/doc/js/search_index.js +1 -1
- data/doc/js/search_index.js.gz +0 -0
- data/doc/lib/version.html +1 -1
- data/doc/table_of_contents.html +118 -143
- data/examples/ldap-sync/ldapSync.rb +290 -0
- data/lib/grpc/account_attachments_pb.rb +0 -5
- data/lib/grpc/plumbing.rb +0 -34
- data/lib/models/porcelain.rb +0 -23
- data/lib/svc.rb +0 -2
- data/lib/version +1 -1
- data/lib/version.rb +1 -1
- metadata +17 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 86cc4d6b9580c2ea725286eaf30a140a051f8b035f50a3728b16dd90eb777ff0
|
4
|
+
data.tar.gz: 06c32258d35b6952710addf5cfd4566f99b632d1f989e85264cbffa5fcfa63d2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 98e2c20ee4168b3948210c0d0313ba20f25e4055e81210aac9cda3c2974669c514dd2d6830b581e62e2f2d826802409ef316cdd94f9bd6bb8cd537a7db72f281
|
7
|
+
data.tar.gz: bc46ed7ffed5c9ea0b993631f62c52e1d1577a3c52b8b28455dbef97a9d7ac2d8e5e4c492397852dee580d5c3b9e3388cc2a053a7308b66e77fcca34bb25ab61
|
data/doc/Object.html
CHANGED
@@ -75,6 +75,10 @@
|
|
75
75
|
|
76
76
|
<ul class="link-list" role="directory">
|
77
77
|
|
78
|
+
<li ><a href="#method-i-first">#first</a>
|
79
|
+
|
80
|
+
<li ><a href="#method-i-ldap_sync">#ldap_sync</a>
|
81
|
+
|
78
82
|
<li ><a href="#method-i-main">#main</a>
|
79
83
|
|
80
84
|
<li ><a href="#method-i-okta_sync">#okta_sync</a>
|
@@ -122,6 +126,21 @@
|
|
122
126
|
<dd>
|
123
127
|
|
124
128
|
|
129
|
+
<dt id="LDAP_BIND_DN">LDAP_BIND_DN
|
130
|
+
|
131
|
+
<dd>
|
132
|
+
|
133
|
+
|
134
|
+
<dt id="LDAP_HOST">LDAP_HOST
|
135
|
+
|
136
|
+
<dd>
|
137
|
+
|
138
|
+
|
139
|
+
<dt id="LDAP_PASSWORD">LDAP_PASSWORD
|
140
|
+
|
141
|
+
<dd>
|
142
|
+
|
143
|
+
|
125
144
|
<dt id="OKTA_CLIENT_ORGURL">OKTA_CLIENT_ORGURL
|
126
145
|
|
127
146
|
<dd>
|
@@ -134,7 +153,21 @@
|
|
134
153
|
|
135
154
|
<dt id="SDM_API_ACCESS_KEY">SDM_API_ACCESS_KEY
|
136
155
|
|
137
|
-
<dd>
|
156
|
+
<dd><p>organizationalUnits:</p>
|
157
|
+
|
158
|
+
<pre>- dn: OU=Other-OU,DC=j42,DC=xyz
|
159
|
+
role: Other-OU
|
160
|
+
resources:
|
161
|
+
- name:*Other-OU*
|
162
|
+
- name:*Multi*
|
163
|
+
- dn: OU=admins,DC=j42,DC=xyz
|
164
|
+
role: admins
|
165
|
+
resources:
|
166
|
+
- name:*admins*
|
167
|
+
- dn: OU=People,DC=j42,DC=xyz
|
168
|
+
role: People
|
169
|
+
resources:
|
170
|
+
- name:*People*</pre>
|
138
171
|
|
139
172
|
|
140
173
|
<dt id="SDM_API_SECRET_KEY">SDM_API_SECRET_KEY
|
@@ -155,6 +188,296 @@
|
|
155
188
|
</header>
|
156
189
|
|
157
190
|
|
191
|
+
<div id="method-i-first" class="method-detail ">
|
192
|
+
|
193
|
+
<div class="method-heading">
|
194
|
+
<span class="method-name">first</span><span
|
195
|
+
class="method-args">(attrib)</span>
|
196
|
+
|
197
|
+
<span class="method-click-advice">click to toggle source</span>
|
198
|
+
|
199
|
+
</div>
|
200
|
+
|
201
|
+
|
202
|
+
<div class="method-description">
|
203
|
+
|
204
|
+
<p>gets the first item in a list or generator</p>
|
205
|
+
|
206
|
+
|
207
|
+
|
208
|
+
|
209
|
+
<div class="method-source-code" id="first-source">
|
210
|
+
<pre><span class="ruby-comment"># File examples/ldap-sync/ldapSync.rb, line 58</span>
|
211
|
+
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">first</span>(<span class="ruby-identifier">attrib</span>)
|
212
|
+
<span class="ruby-identifier">result</span> = <span class="ruby-keyword">nil</span>
|
213
|
+
<span class="ruby-identifier">attrib</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
|
214
|
+
<span class="ruby-keyword">if</span> <span class="ruby-identifier">result</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
|
215
|
+
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">item</span>
|
216
|
+
<span class="ruby-keyword">end</span>
|
217
|
+
<span class="ruby-keyword">end</span>
|
218
|
+
<span class="ruby-identifier">result</span>
|
219
|
+
<span class="ruby-keyword">end</span></pre>
|
220
|
+
</div>
|
221
|
+
|
222
|
+
</div>
|
223
|
+
|
224
|
+
|
225
|
+
|
226
|
+
|
227
|
+
</div>
|
228
|
+
|
229
|
+
|
230
|
+
<div id="method-i-ldap_sync" class="method-detail ">
|
231
|
+
|
232
|
+
<div class="method-heading">
|
233
|
+
<span class="method-name">ldap_sync</span><span
|
234
|
+
class="method-args">()</span>
|
235
|
+
|
236
|
+
<span class="method-click-advice">click to toggle source</span>
|
237
|
+
|
238
|
+
</div>
|
239
|
+
|
240
|
+
|
241
|
+
<div class="method-description">
|
242
|
+
|
243
|
+
|
244
|
+
|
245
|
+
|
246
|
+
|
247
|
+
|
248
|
+
<div class="method-source-code" id="ldap_sync-source">
|
249
|
+
<pre><span class="ruby-comment"># File examples/ldap-sync/ldapSync.rb, line 68</span>
|
250
|
+
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">ldap_sync</span>
|
251
|
+
<span class="ruby-keyword">if</span> <span class="ruby-constant">SDM_API_ACCESS_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">''</span> <span class="ruby-operator">||</span> <span class="ruby-constant">SDM_API_SECRET_KEY</span> <span class="ruby-operator">==</span> <span class="ruby-string">''</span> <span class="ruby-operator">||</span> <span class="ruby-constant">LDAP_BIND_DN</span> <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
|
252
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-string">'SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, and LDAP_BIND_DN must be set'</span>
|
253
|
+
<span class="ruby-identifier">exit</span> <span class="ruby-value">1</span>
|
254
|
+
<span class="ruby-keyword">end</span>
|
255
|
+
|
256
|
+
<span class="ruby-identifier">plan</span> = <span class="ruby-keyword">false</span>
|
257
|
+
<span class="ruby-identifier">verbose</span> = <span class="ruby-keyword">false</span>
|
258
|
+
<span class="ruby-identifier">configPath</span> = <span class="ruby-string">'config.yml'</span>
|
259
|
+
<span class="ruby-constant">OptionParser</span>.<span class="ruby-identifier">new</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">opts</span><span class="ruby-operator">|</span>
|
260
|
+
<span class="ruby-identifier">opts</span>.<span class="ruby-identifier">banner</span> = <span class="ruby-string">"Usage ldapSync.rb [options]"</span>
|
261
|
+
<span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">"-p"</span>, <span class="ruby-string">"--plan"</span>, <span class="ruby-string">"calculate changes but do not apply them"</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span>
|
262
|
+
<span class="ruby-identifier">plan</span> = <span class="ruby-identifier">p</span>
|
263
|
+
<span class="ruby-keyword">end</span>
|
264
|
+
<span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">"-v"</span>, <span class="ruby-string">"--verbose"</span>, <span class="ruby-string">"print detailed report"</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span>
|
265
|
+
<span class="ruby-identifier">verbose</span> = <span class="ruby-identifier">v</span>
|
266
|
+
<span class="ruby-keyword">end</span>
|
267
|
+
<span class="ruby-identifier">opts</span>.<span class="ruby-identifier">on</span>(<span class="ruby-string">"-c"</span>, <span class="ruby-string">"--config FILE"</span>, <span class="ruby-string">"specify path to config YAML file (default: 'config.yml')"</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span>
|
268
|
+
<span class="ruby-identifier">configPath</span> = <span class="ruby-identifier">v</span>
|
269
|
+
<span class="ruby-keyword">end</span>
|
270
|
+
<span class="ruby-keyword">end</span>.<span class="ruby-identifier">parse!</span>
|
271
|
+
|
272
|
+
<span class="ruby-keyword">begin</span>
|
273
|
+
<span class="ruby-identifier">config</span> = <span class="ruby-constant">YAML</span>.<span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">configPath</span>))
|
274
|
+
<span class="ruby-keyword">rescue</span> <span class="ruby-constant">StandardError</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">ex</span>
|
275
|
+
<span class="ruby-identifier">raise</span> <span class="ruby-identifier">ex</span>, <span class="ruby-node">"failed to parse #{configPath}"</span>
|
276
|
+
<span class="ruby-keyword">end</span>
|
277
|
+
|
278
|
+
<span class="ruby-keyword">begin</span>
|
279
|
+
<span class="ruby-identifier">sdmClient</span> = <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">SDM_API_ACCESS_KEY</span>, <span class="ruby-constant">SDM_API_SECRET_KEY</span>, <span class="ruby-value">host:</span> <span class="ruby-string">'api.strongdmdev.com:443'</span>)
|
280
|
+
<span class="ruby-keyword">rescue</span> <span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">RPCError</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">ex</span>
|
281
|
+
<span class="ruby-identifier">raise</span> <span class="ruby-identifier">ex</span>, <span class="ruby-string">'failed to create StrongDM client'</span>
|
282
|
+
<span class="ruby-keyword">end</span>
|
283
|
+
|
284
|
+
<span class="ruby-identifier">ldap</span> = <span class="ruby-constant">Net</span><span class="ruby-operator">::</span><span class="ruby-constant">LDAP</span>.<span class="ruby-identifier">new</span>
|
285
|
+
<span class="ruby-identifier">ldap</span>.<span class="ruby-identifier">host</span> = <span class="ruby-constant">LDAP_HOST</span>
|
286
|
+
<span class="ruby-identifier">ldap</span>.<span class="ruby-identifier">auth</span> <span class="ruby-constant">LDAP_BIND_DN</span>, <span class="ruby-constant">LDAP_PASSWORD</span>
|
287
|
+
<span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">ldap</span>.<span class="ruby-identifier">bind</span>
|
288
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-string">'failed to bind LDAP connection - authentication error'</span>
|
289
|
+
<span class="ruby-identifier">exit</span> <span class="ruby-value">1</span>
|
290
|
+
<span class="ruby-keyword">end</span>
|
291
|
+
|
292
|
+
<span class="ruby-identifier">sdmRoles</span> = { } <span class="ruby-comment"># map of name to ID</span>
|
293
|
+
<span class="ruby-identifier">sdmAccounts</span> = { } <span class="ruby-comment"># map of email to id</span>
|
294
|
+
<span class="ruby-identifier">sdmResources</span> = { } <span class="ruby-comment"># map of ID to name</span>
|
295
|
+
<span class="ruby-identifier">sdmAccountsById</span> = { } <span class="ruby-comment"># map of id to { :email, :firstName, :lastName }</span>
|
296
|
+
<span class="ruby-identifier">sdmAccountsWithAttachments</span> = { } <span class="ruby-comment"># map of email to id of all accounts that are in the roles we're interested in</span>
|
297
|
+
<span class="ruby-identifier">sdmAccountAttachments</span> = { } <span class="ruby-comment"># map of role name to list of emails</span>
|
298
|
+
<span class="ruby-identifier">sdmRoleGrants</span> = { } <span class="ruby-comment"># map of role name to list of { :resourceId, :grantId }</span>
|
299
|
+
<span class="ruby-identifier">ldapRoles</span> = [] <span class="ruby-comment"># list of names</span>
|
300
|
+
<span class="ruby-identifier">ldapAccounts</span> = { } <span class="ruby-comment"># map of email to { :firstName, :lastName }</span>
|
301
|
+
<span class="ruby-identifier">ldapAccountAttachments</span> = { } <span class="ruby-comment"># map of role name to list of emails</span>
|
302
|
+
<span class="ruby-identifier">desiredRoleGrants</span> = { } <span class="ruby-comment"># map of role name to list of resource IDs</span>
|
303
|
+
|
304
|
+
<span class="ruby-comment"># get SDM accounts</span>
|
305
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">''</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">account</span><span class="ruby-operator">|</span>
|
306
|
+
<span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">email</span>] = <span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>
|
307
|
+
<span class="ruby-identifier">sdmAccountsById</span>[<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>] = { <span class="ruby-value">:email</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">account</span>.<span class="ruby-identifier">email</span>, <span class="ruby-value">:firstName</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">account</span>.<span class="ruby-identifier">first_name</span>, <span class="ruby-value">:lastName</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">account</span>.<span class="ruby-identifier">last_name</span> }
|
308
|
+
<span class="ruby-keyword">end</span>
|
309
|
+
|
310
|
+
<span class="ruby-comment"># get SDM resources</span>
|
311
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">resources</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">''</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">resource</span><span class="ruby-operator">|</span>
|
312
|
+
<span class="ruby-identifier">sdmResources</span>[<span class="ruby-identifier">resource</span>.<span class="ruby-identifier">id</span>] = <span class="ruby-identifier">resource</span>.<span class="ruby-identifier">name</span>
|
313
|
+
<span class="ruby-keyword">end</span>
|
314
|
+
|
315
|
+
<span class="ruby-comment"># loop through OUs</span>
|
316
|
+
<span class="ruby-identifier">config</span>[<span class="ruby-string">'organizationalUnits'</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">ou</span><span class="ruby-operator">|</span>
|
317
|
+
|
318
|
+
<span class="ruby-comment"># get SDM state for this OU</span>
|
319
|
+
<span class="ruby-identifier">role</span> = <span class="ruby-identifier">first</span>(<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">roles</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">'name:?'</span>, <span class="ruby-identifier">ou</span>[<span class="ruby-string">'role'</span>]))
|
320
|
+
<span class="ruby-keyword">if</span> <span class="ruby-identifier">role</span>
|
321
|
+
<span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">role</span>.<span class="ruby-identifier">name</span>] = <span class="ruby-identifier">role</span>.<span class="ruby-identifier">id</span>
|
322
|
+
|
323
|
+
<span class="ruby-comment"># get accounts attached to this role</span>
|
324
|
+
<span class="ruby-identifier">accountEmails</span> = []
|
325
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">'roleid:?'</span>, <span class="ruby-identifier">role</span>.<span class="ruby-identifier">id</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">attachment</span><span class="ruby-operator">|</span>
|
326
|
+
<span class="ruby-identifier">sdmAccount</span> = <span class="ruby-identifier">sdmAccountsById</span>[<span class="ruby-identifier">attachment</span>.<span class="ruby-identifier">account_id</span>]
|
327
|
+
<span class="ruby-identifier">email</span> = <span class="ruby-identifier">sdmAccount</span>[<span class="ruby-value">:email</span>]
|
328
|
+
<span class="ruby-identifier">sdmAccountsWithAttachments</span>[<span class="ruby-identifier">email</span>] = <span class="ruby-identifier">attachment</span>.<span class="ruby-identifier">account_id</span>
|
329
|
+
<span class="ruby-identifier">accountEmails</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">email</span>)
|
330
|
+
<span class="ruby-keyword">end</span>
|
331
|
+
<span class="ruby-identifier">sdmAccountAttachments</span>[<span class="ruby-identifier">role</span>.<span class="ruby-identifier">name</span>] = <span class="ruby-identifier">accountEmails</span>
|
332
|
+
|
333
|
+
<span class="ruby-comment"># get resources granted to this role</span>
|
334
|
+
<span class="ruby-identifier">roleGrants</span> = []
|
335
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">role_grants</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">'roleid:?'</span>, <span class="ruby-identifier">role</span>.<span class="ruby-identifier">id</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">grant</span><span class="ruby-operator">|</span>
|
336
|
+
<span class="ruby-identifier">roleGrants</span>.<span class="ruby-identifier">push</span>({ <span class="ruby-value">:resourceId</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">grant</span>.<span class="ruby-identifier">resource_id</span>, <span class="ruby-value">:grantId</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">grant</span>.<span class="ruby-identifier">id</span> })
|
337
|
+
<span class="ruby-keyword">end</span>
|
338
|
+
<span class="ruby-identifier">sdmRoleGrants</span>[<span class="ruby-identifier">role</span>.<span class="ruby-identifier">name</span>] = <span class="ruby-identifier">roleGrants</span>
|
339
|
+
|
340
|
+
<span class="ruby-comment"># get resources that we want to grant to this role</span>
|
341
|
+
<span class="ruby-identifier">filteredResources</span> = { } <span class="ruby-comment"># map of resource ID to true (to prevent duplicates)</span>
|
342
|
+
<span class="ruby-identifier">filters</span> = <span class="ruby-identifier">ou</span>[<span class="ruby-string">'resources'</span>] <span class="ruby-comment"># list of filter strings</span>
|
343
|
+
<span class="ruby-keyword">if</span> <span class="ruby-identifier">filters</span>
|
344
|
+
<span class="ruby-identifier">filters</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">filter</span><span class="ruby-operator">|</span>
|
345
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">resources</span>.<span class="ruby-identifier">list</span>(<span class="ruby-identifier">filter</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">resource</span><span class="ruby-operator">|</span>
|
346
|
+
<span class="ruby-identifier">filteredResources</span>[<span class="ruby-identifier">resource</span>.<span class="ruby-identifier">id</span>] = <span class="ruby-keyword">true</span>
|
347
|
+
<span class="ruby-keyword">end</span>
|
348
|
+
<span class="ruby-keyword">end</span>
|
349
|
+
<span class="ruby-identifier">desiredRoleGrants</span>[<span class="ruby-identifier">role</span>.<span class="ruby-identifier">name</span>] = <span class="ruby-identifier">filteredResources</span>.<span class="ruby-identifier">keys</span>
|
350
|
+
<span class="ruby-keyword">end</span>
|
351
|
+
<span class="ruby-keyword">end</span>
|
352
|
+
|
353
|
+
<span class="ruby-comment"># get LDAP state for this OU</span>
|
354
|
+
<span class="ruby-identifier">ldapRoles</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">ou</span>[<span class="ruby-string">'role'</span>].<span class="ruby-identifier">to_s</span>)
|
355
|
+
<span class="ruby-identifier">roleAccounts</span> = []
|
356
|
+
<span class="ruby-identifier">ldap</span>.<span class="ruby-identifier">search</span>(<span class="ruby-value">:base</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">ou</span>[<span class="ruby-string">'dn'</span>], <span class="ruby-value">:filter</span> <span class="ruby-operator">=></span> <span class="ruby-constant">Net</span><span class="ruby-operator">::</span><span class="ruby-constant">LDAP</span><span class="ruby-operator">::</span><span class="ruby-constant">Filter</span>.<span class="ruby-identifier">eq</span>(<span class="ruby-string">'objectclass'</span>, <span class="ruby-string">'user'</span>), <span class="ruby-value">:return_result</span> <span class="ruby-operator">=></span> <span class="ruby-keyword">false</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">entry</span><span class="ruby-operator">|</span>
|
357
|
+
<span class="ruby-identifier">ldapAccounts</span>[<span class="ruby-identifier">first</span>(<span class="ruby-identifier">entry</span>.<span class="ruby-identifier">mail</span>).<span class="ruby-identifier">to_s</span>] = {
|
358
|
+
<span class="ruby-value">:firstName</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">first</span>(<span class="ruby-identifier">entry</span>.<span class="ruby-identifier">givenname</span>).<span class="ruby-identifier">to_s</span>,
|
359
|
+
<span class="ruby-value">:lastName</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">first</span>(<span class="ruby-identifier">entry</span>.<span class="ruby-identifier">sn</span>).<span class="ruby-identifier">to_s</span>,
|
360
|
+
}
|
361
|
+
<span class="ruby-identifier">roleAccounts</span>.<span class="ruby-identifier">push</span>(<span class="ruby-identifier">first</span>(<span class="ruby-identifier">entry</span>.<span class="ruby-identifier">mail</span>).<span class="ruby-identifier">to_s</span>)
|
362
|
+
<span class="ruby-keyword">end</span>
|
363
|
+
<span class="ruby-identifier">ldapAccountAttachments</span>[<span class="ruby-identifier">ou</span>[<span class="ruby-string">'role'</span>].<span class="ruby-identifier">to_s</span>] = <span class="ruby-identifier">roleAccounts</span>
|
364
|
+
<span class="ruby-keyword">end</span>
|
365
|
+
|
366
|
+
<span class="ruby-comment"># compute diff</span>
|
367
|
+
<span class="ruby-identifier">report</span> = {
|
368
|
+
<span class="ruby-value">:createRoles</span> <span class="ruby-operator">=></span> [],
|
369
|
+
<span class="ruby-value">:deleteAccounts</span> <span class="ruby-operator">=></span> [],
|
370
|
+
<span class="ruby-value">:updateAccounts</span> <span class="ruby-operator">=></span> [],
|
371
|
+
<span class="ruby-value">:createAccounts</span> <span class="ruby-operator">=></span> [],
|
372
|
+
<span class="ruby-value">:createAccountAttachments</span> <span class="ruby-operator">=></span> [],
|
373
|
+
<span class="ruby-value">:deleteAccountAttachments</span> <span class="ruby-operator">=></span> [],
|
374
|
+
<span class="ruby-value">:deleteRoleGrants</span> <span class="ruby-operator">=></span> [],
|
375
|
+
<span class="ruby-value">:createRoleGrants</span> <span class="ruby-operator">=></span> [],
|
376
|
+
}
|
377
|
+
<span class="ruby-comment"># createRoles</span>
|
378
|
+
<span class="ruby-identifier">ldapRoles</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span><span class="ruby-operator">|</span>
|
379
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>]
|
380
|
+
<span class="ruby-identifier">report</span>[<span class="ruby-value">:createRoles</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">roleName</span>)
|
381
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
|
382
|
+
<span class="ruby-identifier">response</span> = <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">roles</span>.<span class="ruby-identifier">create</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">Role</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">name:</span> <span class="ruby-identifier">roleName</span>))
|
383
|
+
<span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>] = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">role</span>.<span class="ruby-identifier">id</span>
|
384
|
+
<span class="ruby-keyword">end</span>
|
385
|
+
<span class="ruby-comment"># deleteAccounts</span>
|
386
|
+
<span class="ruby-identifier">sdmAccountsWithAttachments</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span>, <span class="ruby-identifier">id</span><span class="ruby-operator">|</span>
|
387
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ldapAccounts</span>[<span class="ruby-identifier">email</span>]
|
388
|
+
<span class="ruby-identifier">report</span>[<span class="ruby-value">:deleteAccounts</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">email</span>)
|
389
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
|
390
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">id</span>)
|
391
|
+
<span class="ruby-keyword">end</span>
|
392
|
+
<span class="ruby-comment"># updateAccounts</span>
|
393
|
+
<span class="ruby-identifier">sdmAccountsWithAttachments</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span>, <span class="ruby-identifier">id</span><span class="ruby-operator">|</span>
|
394
|
+
<span class="ruby-identifier">ldapAccount</span> = <span class="ruby-identifier">ldapAccounts</span>[<span class="ruby-identifier">email</span>]
|
395
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">ldapAccount</span>
|
396
|
+
<span class="ruby-identifier">sdmAccount</span> = <span class="ruby-identifier">sdmAccountsById</span>[<span class="ruby-identifier">id</span>]
|
397
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">sdmAccount</span>[<span class="ruby-value">:firstName</span>] <span class="ruby-operator">==</span> <span class="ruby-identifier">ldapAccount</span>[<span class="ruby-value">:firstName</span>] <span class="ruby-keyword">and</span> <span class="ruby-identifier">sdmAccount</span>[<span class="ruby-value">:lastName</span>] <span class="ruby-operator">==</span> <span class="ruby-identifier">ldapAccount</span>[<span class="ruby-value">:lastName</span>]
|
398
|
+
<span class="ruby-identifier">report</span>[<span class="ruby-value">:updateAccounts</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">email</span>)
|
399
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
|
400
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">update</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">User</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">id:</span> <span class="ruby-identifier">id</span>, <span class="ruby-value">first_name:</span> <span class="ruby-identifier">ldapAccount</span>[<span class="ruby-value">:firstName</span>], <span class="ruby-value">last_name:</span> <span class="ruby-identifier">ldapAccount</span>[<span class="ruby-value">:lastName</span>]))
|
401
|
+
<span class="ruby-keyword">end</span>
|
402
|
+
<span class="ruby-comment"># createAccounts</span>
|
403
|
+
<span class="ruby-identifier">ldapAccounts</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span>, <span class="ruby-identifier">account</span><span class="ruby-operator">|</span>
|
404
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">email</span>]
|
405
|
+
<span class="ruby-identifier">report</span>[<span class="ruby-value">:createAccounts</span>].<span class="ruby-identifier">push</span>(<span class="ruby-identifier">email</span>)
|
406
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
|
407
|
+
<span class="ruby-identifier">response</span> = <span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">create</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">User</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">email:</span> <span class="ruby-identifier">email</span>, <span class="ruby-value">first_name:</span> <span class="ruby-identifier">account</span>[<span class="ruby-value">:firstName</span>], <span class="ruby-value">last_name:</span> <span class="ruby-identifier">account</span>[<span class="ruby-value">:lastName</span>]))
|
408
|
+
<span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">response</span>.<span class="ruby-identifier">account</span>.<span class="ruby-identifier">email</span>] = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">account</span>.<span class="ruby-identifier">id</span>
|
409
|
+
<span class="ruby-keyword">end</span>
|
410
|
+
<span class="ruby-comment"># deleteAccountAttachments</span>
|
411
|
+
<span class="ruby-identifier">sdmAccountAttachments</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span>, <span class="ruby-identifier">accounts</span><span class="ruby-operator">|</span>
|
412
|
+
<span class="ruby-identifier">roleId</span> = <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>]
|
413
|
+
<span class="ruby-identifier">ldapAccountsInRole</span> = <span class="ruby-identifier">ldapAccountAttachments</span>[<span class="ruby-identifier">roleName</span>]
|
414
|
+
<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span><span class="ruby-operator">|</span>
|
415
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ldapAccountsInRole</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">ldapAccountsInRole</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">email</span>
|
416
|
+
<span class="ruby-identifier">report</span>[<span class="ruby-value">:deleteAccountAttachments</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:role</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">roleName</span>, <span class="ruby-value">:account</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">email</span> })
|
417
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
|
418
|
+
<span class="ruby-identifier">accountId</span> = <span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">email</span>]
|
419
|
+
<span class="ruby-identifier">attachment</span> = <span class="ruby-identifier">first</span>(<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">list</span>(<span class="ruby-string">'accountid:? roleid:?'</span>, <span class="ruby-identifier">accountId</span>, <span class="ruby-identifier">roleId</span>))
|
420
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">attachment</span> <span class="ruby-comment"># already deleted by the deleteAccounts step</span>
|
421
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">attachment</span>.<span class="ruby-identifier">id</span>)
|
422
|
+
<span class="ruby-keyword">end</span>
|
423
|
+
<span class="ruby-keyword">end</span>
|
424
|
+
<span class="ruby-comment"># createAccountAttachments</span>
|
425
|
+
<span class="ruby-identifier">ldapAccountAttachments</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span>, <span class="ruby-identifier">accounts</span><span class="ruby-operator">|</span>
|
426
|
+
<span class="ruby-identifier">roleId</span> = <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>]
|
427
|
+
<span class="ruby-identifier">sdmAccountsInRole</span> = <span class="ruby-identifier">sdmAccountAttachments</span>[<span class="ruby-identifier">roleName</span>]
|
428
|
+
<span class="ruby-identifier">accounts</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">email</span><span class="ruby-operator">|</span>
|
429
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">sdmAccountsInRole</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">sdmAccountsInRole</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">email</span>
|
430
|
+
<span class="ruby-identifier">report</span>[<span class="ruby-value">:createAccountAttachments</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:role</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">roleName</span>, <span class="ruby-value">:account</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">email</span> })
|
431
|
+
<span class="ruby-identifier">accountId</span> = <span class="ruby-identifier">sdmAccounts</span>[<span class="ruby-identifier">email</span>]
|
432
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
|
433
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">account_attachments</span>.<span class="ruby-identifier">create</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">AccountAttachment</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">account_id:</span> <span class="ruby-identifier">accountId</span>, <span class="ruby-value">role_id:</span> <span class="ruby-identifier">roleId</span>))
|
434
|
+
<span class="ruby-keyword">end</span>
|
435
|
+
<span class="ruby-keyword">end</span>
|
436
|
+
<span class="ruby-comment"># deleteRoleGrants</span>
|
437
|
+
<span class="ruby-identifier">sdmRoleGrants</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span>, <span class="ruby-identifier">roleGrants</span><span class="ruby-operator">|</span>
|
438
|
+
<span class="ruby-identifier">desired</span> = <span class="ruby-identifier">desiredRoleGrants</span>[<span class="ruby-identifier">roleName</span>]
|
439
|
+
<span class="ruby-identifier">roleGrants</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">grant</span><span class="ruby-operator">|</span>
|
440
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">desired</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">desired</span>.<span class="ruby-identifier">include?</span> <span class="ruby-identifier">grant</span>[<span class="ruby-value">:resourceId</span>]
|
441
|
+
<span class="ruby-identifier">resourceName</span> = <span class="ruby-identifier">sdmResources</span>[<span class="ruby-identifier">grant</span>[<span class="ruby-value">:resourceId</span>]]
|
442
|
+
<span class="ruby-identifier">report</span>[<span class="ruby-value">:deleteRoleGrants</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:role</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">roleName</span>, <span class="ruby-value">:resource</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">resourceName</span>})
|
443
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
|
444
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">role_grants</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">grant</span>[<span class="ruby-value">:grantId</span>])
|
445
|
+
<span class="ruby-keyword">end</span>
|
446
|
+
<span class="ruby-keyword">end</span>
|
447
|
+
<span class="ruby-comment"># createRoleGrants</span>
|
448
|
+
<span class="ruby-identifier">desiredRoleGrants</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">roleName</span>, <span class="ruby-identifier">roleGrants</span><span class="ruby-operator">|</span>
|
449
|
+
<span class="ruby-identifier">roleId</span> = <span class="ruby-identifier">sdmRoles</span>[<span class="ruby-identifier">roleName</span>]
|
450
|
+
<span class="ruby-identifier">existing</span> = <span class="ruby-identifier">sdmRoleGrants</span>[<span class="ruby-identifier">roleName</span>]
|
451
|
+
<span class="ruby-identifier">roleGrants</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">resourceId</span><span class="ruby-operator">|</span>
|
452
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">existing</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">existing</span>.<span class="ruby-identifier">find</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">existingGrant</span><span class="ruby-operator">|</span> <span class="ruby-identifier">existingGrant</span>[<span class="ruby-value">:resourceId</span>] <span class="ruby-operator">==</span> <span class="ruby-identifier">resourceId</span> }
|
453
|
+
<span class="ruby-identifier">resourceName</span> = <span class="ruby-identifier">sdmResources</span>[<span class="ruby-identifier">resourceId</span>]
|
454
|
+
<span class="ruby-identifier">report</span>[<span class="ruby-value">:createRoleGrants</span>].<span class="ruby-identifier">push</span>({ <span class="ruby-value">:role</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">roleName</span>, <span class="ruby-value">:resource</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">resourceName</span> })
|
455
|
+
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">plan</span>
|
456
|
+
<span class="ruby-identifier">sdmClient</span>.<span class="ruby-identifier">role_grants</span>.<span class="ruby-identifier">create</span>(<span class="ruby-constant">SDM</span><span class="ruby-operator">::</span><span class="ruby-constant">RoleGrant</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">role_id:</span> <span class="ruby-identifier">roleId</span>, <span class="ruby-value">resource_id:</span> <span class="ruby-identifier">resourceId</span>))
|
457
|
+
<span class="ruby-keyword">end</span>
|
458
|
+
<span class="ruby-keyword">end</span>
|
459
|
+
<span class="ruby-keyword">if</span> <span class="ruby-identifier">verbose</span>
|
460
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">pretty_generate</span>(<span class="ruby-identifier">report</span>)
|
461
|
+
<span class="ruby-keyword">else</span>
|
462
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Create #{report[:createRoles].length} roles"</span>
|
463
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Delete #{report[:deleteAccounts].length} accounts"</span>
|
464
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Create #{report[:createAccounts].length} accounts"</span>
|
465
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Delete #{report[:deleteAccountAttachments].length} account attachments"</span>
|
466
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Create #{report[:createAccountAttachments].length} account attachments"</span>
|
467
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Delete #{report[:deleteRoleGrants].length} role grants"</span>
|
468
|
+
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Create #{report[:createRoleGrants].length} role grants"</span>
|
469
|
+
<span class="ruby-keyword">end</span>
|
470
|
+
<span class="ruby-keyword">end</span></pre>
|
471
|
+
</div>
|
472
|
+
|
473
|
+
</div>
|
474
|
+
|
475
|
+
|
476
|
+
|
477
|
+
|
478
|
+
</div>
|
479
|
+
|
480
|
+
|
158
481
|
<div id="method-i-main" class="method-detail ">
|
159
482
|
|
160
483
|
<div class="method-heading">
|
data/doc/SDM/AKS.html
CHANGED
@@ -307,7 +307,7 @@
|
|
307
307
|
|
308
308
|
|
309
309
|
<div class="method-source-code" id="new-source">
|
310
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
310
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 1936</span>
|
311
311
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(
|
312
312
|
<span class="ruby-value">id:</span><span class="ruby-keyword">nil</span> \
|
313
313
|
,
|
@@ -412,7 +412,7 @@
|
|
412
412
|
|
413
413
|
|
414
414
|
<div class="method-source-code" id="to_json-source">
|
415
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
415
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 2003</span>
|
416
416
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">to_json</span>(<span class="ruby-identifier">options</span>={})
|
417
417
|
<span class="ruby-identifier">hash</span> = {}
|
418
418
|
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance_variables</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">var</span><span class="ruby-operator">|</span>
|
data/doc/SDM/AKSBasicAuth.html
CHANGED
@@ -255,7 +255,7 @@
|
|
255
255
|
|
256
256
|
|
257
257
|
<div class="method-source-code" id="new-source">
|
258
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
258
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 2031</span>
|
259
259
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(
|
260
260
|
<span class="ruby-value">id:</span><span class="ruby-keyword">nil</span> \
|
261
261
|
,
|
@@ -340,7 +340,7 @@
|
|
340
340
|
|
341
341
|
|
342
342
|
<div class="method-source-code" id="to_json-source">
|
343
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
343
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 2078</span>
|
344
344
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">to_json</span>(<span class="ruby-identifier">options</span>={})
|
345
345
|
<span class="ruby-identifier">hash</span> = {}
|
346
346
|
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance_variables</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">var</span><span class="ruby-operator">|</span>
|
@@ -242,7 +242,7 @@
|
|
242
242
|
|
243
243
|
|
244
244
|
<div class="method-source-code" id="new-source">
|
245
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
245
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 2104</span>
|
246
246
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(
|
247
247
|
<span class="ruby-value">id:</span><span class="ruby-keyword">nil</span> \
|
248
248
|
,
|
@@ -322,7 +322,7 @@
|
|
322
322
|
|
323
323
|
|
324
324
|
<div class="method-source-code" id="to_json-source">
|
325
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
325
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 2146</span>
|
326
326
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">to_json</span>(<span class="ruby-identifier">options</span>={})
|
327
327
|
<span class="ruby-identifier">hash</span> = {}
|
328
328
|
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance_variables</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">var</span><span class="ruby-operator">|</span>
|
@@ -179,7 +179,7 @@
|
|
179
179
|
|
180
180
|
|
181
181
|
<div class="method-source-code" id="new-source">
|
182
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
182
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 214</span>
|
183
183
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(
|
184
184
|
<span class="ruby-value">id:</span><span class="ruby-keyword">nil</span> \
|
185
185
|
,
|
@@ -234,7 +234,7 @@
|
|
234
234
|
|
235
235
|
|
236
236
|
<div class="method-source-code" id="to_json-source">
|
237
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
237
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 231</span>
|
238
238
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">to_json</span>(<span class="ruby-identifier">options</span>={})
|
239
239
|
<span class="ruby-identifier">hash</span> = {}
|
240
240
|
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance_variables</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">var</span><span class="ruby-operator">|</span>
|
@@ -179,7 +179,7 @@
|
|
179
179
|
|
180
180
|
|
181
181
|
<div class="method-source-code" id="new-source">
|
182
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
182
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 122</span>
|
183
183
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(
|
184
184
|
<span class="ruby-value">meta:</span><span class="ruby-keyword">nil</span> \
|
185
185
|
,
|
@@ -234,7 +234,7 @@
|
|
234
234
|
|
235
235
|
|
236
236
|
<div class="method-source-code" id="to_json-source">
|
237
|
-
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line
|
237
|
+
<pre><span class="ruby-comment"># File lib/models/porcelain.rb, line 139</span>
|
238
238
|
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">to_json</span>(<span class="ruby-identifier">options</span>={})
|
239
239
|
<span class="ruby-identifier">hash</span> = {}
|
240
240
|
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance_variables</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">var</span><span class="ruby-operator">|</span>
|