strongdm 8.1.0__zip → 8.4.0__zip

{strongdm-8.1.0 → strongdm-8.4.0}/PKG-INFO

@@ -1,12 +1,12 @@
 Metadata-Version: 2.1
 Name: strongdm
-Version: 8.1.0
+Version: 8.4.0
 Summary: strongDM SDK for the Python programming language.
 Home-page: https://github.com/strongdm/strongdm-sdk-python
 Author: strongDM Team
 Author-email: sdk-feedback@strongdm.com
 License: apache-2.0
-Download-URL: https://github.com/strongdm/strongdm-sdk-python/archive/v8.1.0.tar.gz
+Download-URL: https://github.com/strongdm/strongdm-sdk-python/archive/v8.4.0.tar.gz
 Keywords: strongDM,sdm,api,automation,security,audit,database,server,ssh,rdp
 Platform: UNKNOWN
 Classifier: Development Status :: 4 - Beta

{strongdm-8.1.0 → strongdm-8.4.0}/setup.py

@@ -23,7 +23,7 @@ from setuptools import setup
 setup(
     name='strongdm',
     packages=['strongdm'],
-    version='8.1.0',
+    version='8.4.0',
     license='apache-2.0',
     description='strongDM SDK for the Python programming language.',
     long_description=long_description,
@@ -32,7 +32,7 @@ setup(
     author_email='sdk-feedback@strongdm.com',
     url='https://github.com/strongdm/strongdm-sdk-python',
     download_url=
-    'https://github.com/strongdm/strongdm-sdk-python/archive/v8.1.0.tar.gz',
+    'https://github.com/strongdm/strongdm-sdk-python/archive/v8.4.0.tar.gz',
     keywords=[
         'strongDM', 'sdm', 'api', 'automation', 'security', 'audit',
         'database', 'server', 'ssh', 'rdp'

{strongdm-8.1.0 → strongdm-8.4.0}/strongdm/client.py

@@ -33,7 +33,7 @@ DEFAULT_MAX_RETRIES = 3
 DEFAULT_BASE_RETRY_DELAY = 0.0030  # 30 ms
 DEFAULT_MAX_RETRY_DELAY = 300  # 300 seconds
 API_VERSION = '2024-03-28'
-USER_AGENT = 'strongdm-sdk-python/8.1.0'
+USER_AGENT = 'strongdm-sdk-python/8.4.0'
 
 
 class Client:

{strongdm-8.1.0 → strongdm-8.4.0}/strongdm/constants.py

@@ -92,6 +92,7 @@ class MFAProvider:
     NONE = ""
     DUO = "duo"
     TOTP = "totp"
+    OKTA = "okta"
 
 
 # Activity Entities, all entity types that can be part of an activity.

{strongdm-8.1.0 → strongdm-8.4.0}/strongdm/models.py

@@ -10493,7 +10493,7 @@ class HTTPNoAuth:
         )
 
 
-class KeyfactorX509Store:
+class KeyfactorSSHStore:
     __slots__ = [
         'ca_file_path',
         'certificate_file_path',
@@ -10504,7 +10504,6 @@ class KeyfactorX509Store:
         'enrollment_username_env_var',
         'id',
         'key_file_path',
-        'key_password_env_var',
         'name',
         'server_address',
         'tags',
@@ -10521,7 +10520,6 @@ class KeyfactorX509Store:
         enrollment_username_env_var=None,
         id=None,
         key_file_path=None,
-        key_password_env_var=None,
         name=None,
         server_address=None,
         tags=None,
@@ -10568,9 +10566,147 @@ class KeyfactorX509Store:
          Path to private key in PEM format. This file should contain the private key associated with the
          client certificate configured in CertificateFile.
         '''
-        self.key_password_env_var = key_password_env_var if key_password_env_var is not None else ''
+        self.name = name if name is not None else ''
+        '''
+         Unique human-readable name of the SecretStore.
+        '''
+        self.server_address = server_address if server_address is not None else ''
+        '''
+         the host of the Key Factor CA
+        '''
+        self.tags = tags if tags is not None else _porcelain_zero_value_tags()
+        '''
+         Tags is a map of key, value pairs.
+        '''
+
+    def __repr__(self):
+        return '<sdm.KeyfactorSSHStore ' + \
+            'ca_file_path: ' + repr(self.ca_file_path) + ' ' +\
+            'certificate_file_path: ' + repr(self.certificate_file_path) + ' ' +\
+            'default_certificate_authority_name: ' + repr(self.default_certificate_authority_name) + ' ' +\
+            'default_certificate_profile_name: ' + repr(self.default_certificate_profile_name) + ' ' +\
+            'default_end_entity_profile_name: ' + repr(self.default_end_entity_profile_name) + ' ' +\
+            'enrollment_code_env_var: ' + repr(self.enrollment_code_env_var) + ' ' +\
+            'enrollment_username_env_var: ' + repr(self.enrollment_username_env_var) + ' ' +\
+            'id: ' + repr(self.id) + ' ' +\
+            'key_file_path: ' + repr(self.key_file_path) + ' ' +\
+            'name: ' + repr(self.name) + ' ' +\
+            'server_address: ' + repr(self.server_address) + ' ' +\
+            'tags: ' + repr(self.tags) + ' ' +\
+            '>'
+
+    def to_dict(self):
+        return {
+            'ca_file_path': self.ca_file_path,
+            'certificate_file_path': self.certificate_file_path,
+            'default_certificate_authority_name':
+            self.default_certificate_authority_name,
+            'default_certificate_profile_name':
+            self.default_certificate_profile_name,
+            'default_end_entity_profile_name':
+            self.default_end_entity_profile_name,
+            'enrollment_code_env_var': self.enrollment_code_env_var,
+            'enrollment_username_env_var': self.enrollment_username_env_var,
+            'id': self.id,
+            'key_file_path': self.key_file_path,
+            'name': self.name,
+            'server_address': self.server_address,
+            'tags': self.tags,
+        }
+
+    @classmethod
+    def from_dict(cls, d):
+        return cls(
+            ca_file_path=d.get('ca_file_path'),
+            certificate_file_path=d.get('certificate_file_path'),
+            default_certificate_authority_name=d.get(
+                'default_certificate_authority_name'),
+            default_certificate_profile_name=d.get(
+                'default_certificate_profile_name'),
+            default_end_entity_profile_name=d.get(
+                'default_end_entity_profile_name'),
+            enrollment_code_env_var=d.get('enrollment_code_env_var'),
+            enrollment_username_env_var=d.get('enrollment_username_env_var'),
+            id=d.get('id'),
+            key_file_path=d.get('key_file_path'),
+            name=d.get('name'),
+            server_address=d.get('server_address'),
+            tags=d.get('tags'),
+        )
+
+
+class KeyfactorX509Store:
+    __slots__ = [
+        'ca_file_path',
+        'certificate_file_path',
+        'default_certificate_authority_name',
+        'default_certificate_profile_name',
+        'default_end_entity_profile_name',
+        'enrollment_code_env_var',
+        'enrollment_username_env_var',
+        'id',
+        'key_file_path',
+        'name',
+        'server_address',
+        'tags',
+    ]
+
+    def __init__(
+        self,
+        ca_file_path=None,
+        certificate_file_path=None,
+        default_certificate_authority_name=None,
+        default_certificate_profile_name=None,
+        default_end_entity_profile_name=None,
+        enrollment_code_env_var=None,
+        enrollment_username_env_var=None,
+        id=None,
+        key_file_path=None,
+        name=None,
+        server_address=None,
+        tags=None,
+    ):
+        self.ca_file_path = ca_file_path if ca_file_path is not None else ''
+        '''
+         Path to the root CA that signed the certificate passed to the client for HTTPS connection.
+         This is not required if the CA is trusted by the host operating system. This should be a PEM
+         formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
+        '''
+        self.certificate_file_path = certificate_file_path if certificate_file_path is not None else ''
+        '''
+         Path to client certificate in PEM format. This certificate must contain a client certificate that
+         is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private
+         key associated with the certificate, but KeyFile can also be set to configure the private key.
+        '''
+        self.default_certificate_authority_name = default_certificate_authority_name if default_certificate_authority_name is not None else ''
+        '''
+         Name of EJBCA certificate authority that will enroll CSR.
+        '''
+        self.default_certificate_profile_name = default_certificate_profile_name if default_certificate_profile_name is not None else ''
+        '''
+         Certificate profile name that EJBCA will enroll the CSR with.
+        '''
+        self.default_end_entity_profile_name = default_end_entity_profile_name if default_end_entity_profile_name is not None else ''
+        '''
+         End entity profile that EJBCA will enroll the CSR with.
+        '''
+        self.enrollment_code_env_var = enrollment_code_env_var if enrollment_code_env_var is not None else ''
+        '''
+         code used by EJBCA during enrollment. May be left blank if no code is required.
+        '''
+        self.enrollment_username_env_var = enrollment_username_env_var if enrollment_username_env_var is not None else ''
+        '''
+         username that used by the EJBCA during enrollment. This can be left out. 
+         If so, the username must be auto-generated on the Keyfactor side.
+        '''
+        self.id = id if id is not None else ''
+        '''
+         Unique identifier of the SecretStore.
+        '''
+        self.key_file_path = key_file_path if key_file_path is not None else ''
         '''
-         optional environment variable housing the password that is used to decrypt the key file.
+         Path to private key in PEM format. This file should contain the private key associated with the
+         client certificate configured in CertificateFile.
         '''
         self.name = name if name is not None else ''
         '''
@@ -10596,7 +10732,6 @@ class KeyfactorX509Store:
             'enrollment_username_env_var: ' + repr(self.enrollment_username_env_var) + ' ' +\
             'id: ' + repr(self.id) + ' ' +\
             'key_file_path: ' + repr(self.key_file_path) + ' ' +\
-            'key_password_env_var: ' + repr(self.key_password_env_var) + ' ' +\
             'name: ' + repr(self.name) + ' ' +\
             'server_address: ' + repr(self.server_address) + ' ' +\
             'tags: ' + repr(self.tags) + ' ' +\
@@ -10616,7 +10751,6 @@ class KeyfactorX509Store:
             'enrollment_username_env_var': self.enrollment_username_env_var,
             'id': self.id,
             'key_file_path': self.key_file_path,
-            'key_password_env_var': self.key_password_env_var,
             'name': self.name,
             'server_address': self.server_address,
             'tags': self.tags,
@@ -10637,7 +10771,6 @@ class KeyfactorX509Store:
             enrollment_username_env_var=d.get('enrollment_username_env_var'),
             id=d.get('id'),
             key_file_path=d.get('key_file_path'),
-            key_password_env_var=d.get('key_password_env_var'),
             name=d.get('name'),
             server_address=d.get('server_address'),
             tags=d.get('tags'),
@@ -21382,6 +21515,148 @@ class User:
         )
 
 
+class VaultAWSEC2Store:
+    '''
+    VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed,
+    without a major version bump.
+    '''
+    __slots__ = [
+        'id',
+        'name',
+        'namespace',
+        'server_address',
+        'tags',
+    ]
+
+    def __init__(
+        self,
+        id=None,
+        name=None,
+        namespace=None,
+        server_address=None,
+        tags=None,
+    ):
+        self.id = id if id is not None else ''
+        '''
+         Unique identifier of the SecretStore.
+        '''
+        self.name = name if name is not None else ''
+        '''
+         Unique human-readable name of the SecretStore.
+        '''
+        self.namespace = namespace if namespace is not None else ''
+        '''
+         The namespace to make requests within
+        '''
+        self.server_address = server_address if server_address is not None else ''
+        '''
+         The URL of the Vault to target
+        '''
+        self.tags = tags if tags is not None else _porcelain_zero_value_tags()
+        '''
+         Tags is a map of key, value pairs.
+        '''
+
+    def __repr__(self):
+        return '<sdm.VaultAWSEC2Store ' + \
+            'id: ' + repr(self.id) + ' ' +\
+            'name: ' + repr(self.name) + ' ' +\
+            'namespace: ' + repr(self.namespace) + ' ' +\
+            'server_address: ' + repr(self.server_address) + ' ' +\
+            'tags: ' + repr(self.tags) + ' ' +\
+            '>'
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'namespace': self.namespace,
+            'server_address': self.server_address,
+            'tags': self.tags,
+        }
+
+    @classmethod
+    def from_dict(cls, d):
+        return cls(
+            id=d.get('id'),
+            name=d.get('name'),
+            namespace=d.get('namespace'),
+            server_address=d.get('server_address'),
+            tags=d.get('tags'),
+        )
+
+
+class VaultAWSIAMStore:
+    '''
+    VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed,
+    without a major version bump.
+    '''
+    __slots__ = [
+        'id',
+        'name',
+        'namespace',
+        'server_address',
+        'tags',
+    ]
+
+    def __init__(
+        self,
+        id=None,
+        name=None,
+        namespace=None,
+        server_address=None,
+        tags=None,
+    ):
+        self.id = id if id is not None else ''
+        '''
+         Unique identifier of the SecretStore.
+        '''
+        self.name = name if name is not None else ''
+        '''
+         Unique human-readable name of the SecretStore.
+        '''
+        self.namespace = namespace if namespace is not None else ''
+        '''
+         The namespace to make requests within
+        '''
+        self.server_address = server_address if server_address is not None else ''
+        '''
+         The URL of the Vault to target
+        '''
+        self.tags = tags if tags is not None else _porcelain_zero_value_tags()
+        '''
+         Tags is a map of key, value pairs.
+        '''
+
+    def __repr__(self):
+        return '<sdm.VaultAWSIAMStore ' + \
+            'id: ' + repr(self.id) + ' ' +\
+            'name: ' + repr(self.name) + ' ' +\
+            'namespace: ' + repr(self.namespace) + ' ' +\
+            'server_address: ' + repr(self.server_address) + ' ' +\
+            'tags: ' + repr(self.tags) + ' ' +\
+            '>'
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'namespace': self.namespace,
+            'server_address': self.server_address,
+            'tags': self.tags,
+        }
+
+    @classmethod
+    def from_dict(cls, d):
+        return cls(
+            id=d.get('id'),
+            name=d.get('name'),
+            namespace=d.get('namespace'),
+            server_address=d.get('server_address'),
+            tags=d.get('tags'),
+        )
+
+
 class VaultAppRoleCertSSHStore:
     __slots__ = [
         'id',

{strongdm-8.1.0 → strongdm-8.4.0}/strongdm/plumbing.py

@@ -5050,6 +5050,66 @@ def convert_repeated_http_no_auth_to_porcelain(plumbings):
     ]
 
 
+def convert_keyfactor_ssh_store_to_porcelain(plumbing):
+    if plumbing is None:
+        return None
+    porcelain = models.KeyfactorSSHStore()
+    porcelain.ca_file_path = (plumbing.ca_file_path)
+    porcelain.certificate_file_path = (plumbing.certificate_file_path)
+    porcelain.default_certificate_authority_name = (
+        plumbing.default_certificate_authority_name)
+    porcelain.default_certificate_profile_name = (
+        plumbing.default_certificate_profile_name)
+    porcelain.default_end_entity_profile_name = (
+        plumbing.default_end_entity_profile_name)
+    porcelain.enrollment_code_env_var = (plumbing.enrollment_code_env_var)
+    porcelain.enrollment_username_env_var = (
+        plumbing.enrollment_username_env_var)
+    porcelain.id = (plumbing.id)
+    porcelain.key_file_path = (plumbing.key_file_path)
+    porcelain.name = (plumbing.name)
+    porcelain.server_address = (plumbing.server_address)
+    porcelain.tags = convert_tags_to_porcelain(plumbing.tags)
+    return porcelain
+
+
+def convert_keyfactor_ssh_store_to_plumbing(porcelain):
+    plumbing = KeyfactorSSHStore()
+    if porcelain is None:
+        return plumbing
+    plumbing.ca_file_path = (porcelain.ca_file_path)
+    plumbing.certificate_file_path = (porcelain.certificate_file_path)
+    plumbing.default_certificate_authority_name = (
+        porcelain.default_certificate_authority_name)
+    plumbing.default_certificate_profile_name = (
+        porcelain.default_certificate_profile_name)
+    plumbing.default_end_entity_profile_name = (
+        porcelain.default_end_entity_profile_name)
+    plumbing.enrollment_code_env_var = (porcelain.enrollment_code_env_var)
+    plumbing.enrollment_username_env_var = (
+        porcelain.enrollment_username_env_var)
+    plumbing.id = (porcelain.id)
+    plumbing.key_file_path = (porcelain.key_file_path)
+    plumbing.name = (porcelain.name)
+    plumbing.server_address = (porcelain.server_address)
+    plumbing.tags.CopyFrom(convert_tags_to_plumbing(porcelain.tags))
+    return plumbing
+
+
+def convert_repeated_keyfactor_ssh_store_to_plumbing(porcelains):
+    return [
+        convert_keyfactor_ssh_store_to_plumbing(porcelain)
+        for porcelain in porcelains
+    ]
+
+
+def convert_repeated_keyfactor_ssh_store_to_porcelain(plumbings):
+    return [
+        convert_keyfactor_ssh_store_to_porcelain(plumbing)
+        for plumbing in plumbings
+    ]
+
+
 def convert_keyfactor_x_509_store_to_porcelain(plumbing):
     if plumbing is None:
         return None
@@ -5067,7 +5127,6 @@ def convert_keyfactor_x_509_store_to_porcelain(plumbing):
         plumbing.enrollment_username_env_var)
     porcelain.id = (plumbing.id)
     porcelain.key_file_path = (plumbing.key_file_path)
-    porcelain.key_password_env_var = (plumbing.key_password_env_var)
     porcelain.name = (plumbing.name)
     porcelain.server_address = (plumbing.server_address)
     porcelain.tags = convert_tags_to_porcelain(plumbing.tags)
@@ -5091,7 +5150,6 @@ def convert_keyfactor_x_509_store_to_plumbing(porcelain):
         porcelain.enrollment_username_env_var)
     plumbing.id = (porcelain.id)
     plumbing.key_file_path = (porcelain.key_file_path)
-    plumbing.key_password_env_var = (porcelain.key_password_env_var)
     plumbing.name = (porcelain.name)
     plumbing.server_address = (porcelain.server_address)
     plumbing.tags.CopyFrom(convert_tags_to_plumbing(porcelain.tags))
@@ -9709,6 +9767,9 @@ def convert_secret_store_to_plumbing(porcelain):
     if isinstance(porcelain, models.GCPCertX509Store):
         plumbing.gcp_cert_x_509.CopyFrom(
             convert_gcp_cert_x_509_store_to_plumbing(porcelain))
+    if isinstance(porcelain, models.KeyfactorSSHStore):
+        plumbing.keyfactor_ssh.CopyFrom(
+            convert_keyfactor_ssh_store_to_plumbing(porcelain))
     if isinstance(porcelain, models.KeyfactorX509Store):
         plumbing.keyfactor_x_509.CopyFrom(
             convert_keyfactor_x_509_store_to_plumbing(porcelain))
@@ -9721,6 +9782,12 @@ def convert_secret_store_to_plumbing(porcelain):
     if isinstance(porcelain, models.VaultAppRoleCertX509Store):
         plumbing.vault_app_role_cert_x_509.CopyFrom(
             convert_vault_app_role_cert_x_509_store_to_plumbing(porcelain))
+    if isinstance(porcelain, models.VaultAWSEC2Store):
+        plumbing.vault_awsec_2.CopyFrom(
+            convert_vault_awsec_2_store_to_plumbing(porcelain))
+    if isinstance(porcelain, models.VaultAWSIAMStore):
+        plumbing.vault_awsiam.CopyFrom(
+            convert_vault_awsiam_store_to_plumbing(porcelain))
     if isinstance(porcelain, models.VaultTLSStore):
         plumbing.vault_tls.CopyFrom(
             convert_vault_tls_store_to_plumbing(porcelain))
@@ -9770,6 +9837,8 @@ def convert_secret_store_to_porcelain(plumbing):
     if plumbing.HasField('gcp_cert_x_509'):
         return convert_gcp_cert_x_509_store_to_porcelain(
             plumbing.gcp_cert_x_509)
+    if plumbing.HasField('keyfactor_ssh'):
+        return convert_keyfactor_ssh_store_to_porcelain(plumbing.keyfactor_ssh)
     if plumbing.HasField('keyfactor_x_509'):
         return convert_keyfactor_x_509_store_to_porcelain(
             plumbing.keyfactor_x_509)
@@ -9782,6 +9851,10 @@ def convert_secret_store_to_porcelain(plumbing):
     if plumbing.HasField('vault_app_role_cert_x_509'):
         return convert_vault_app_role_cert_x_509_store_to_porcelain(
             plumbing.vault_app_role_cert_x_509)
+    if plumbing.HasField('vault_awsec_2'):
+        return convert_vault_awsec_2_store_to_porcelain(plumbing.vault_awsec_2)
+    if plumbing.HasField('vault_awsiam'):
+        return convert_vault_awsiam_store_to_porcelain(plumbing.vault_awsiam)
     if plumbing.HasField('vault_tls'):
         return convert_vault_tls_store_to_porcelain(plumbing.vault_tls)
     if plumbing.HasField('vault_tls_cert_ssh'):
@@ -10643,6 +10716,82 @@ def convert_repeated_user_to_porcelain(plumbings):
     return [convert_user_to_porcelain(plumbing) for plumbing in plumbings]
 
 
+def convert_vault_awsec_2_store_to_porcelain(plumbing):
+    if plumbing is None:
+        return None
+    porcelain = models.VaultAWSEC2Store()
+    porcelain.id = (plumbing.id)
+    porcelain.name = (plumbing.name)
+    porcelain.namespace = (plumbing.namespace)
+    porcelain.server_address = (plumbing.server_address)
+    porcelain.tags = convert_tags_to_porcelain(plumbing.tags)
+    return porcelain
+
+
+def convert_vault_awsec_2_store_to_plumbing(porcelain):
+    plumbing = VaultAWSEC2Store()
+    if porcelain is None:
+        return plumbing
+    plumbing.id = (porcelain.id)
+    plumbing.name = (porcelain.name)
+    plumbing.namespace = (porcelain.namespace)
+    plumbing.server_address = (porcelain.server_address)
+    plumbing.tags.CopyFrom(convert_tags_to_plumbing(porcelain.tags))
+    return plumbing
+
+
+def convert_repeated_vault_awsec_2_store_to_plumbing(porcelains):
+    return [
+        convert_vault_awsec_2_store_to_plumbing(porcelain)
+        for porcelain in porcelains
+    ]
+
+
+def convert_repeated_vault_awsec_2_store_to_porcelain(plumbings):
+    return [
+        convert_vault_awsec_2_store_to_porcelain(plumbing)
+        for plumbing in plumbings
+    ]
+
+
+def convert_vault_awsiam_store_to_porcelain(plumbing):
+    if plumbing is None:
+        return None
+    porcelain = models.VaultAWSIAMStore()
+    porcelain.id = (plumbing.id)
+    porcelain.name = (plumbing.name)
+    porcelain.namespace = (plumbing.namespace)
+    porcelain.server_address = (plumbing.server_address)
+    porcelain.tags = convert_tags_to_porcelain(plumbing.tags)
+    return porcelain
+
+
+def convert_vault_awsiam_store_to_plumbing(porcelain):
+    plumbing = VaultAWSIAMStore()
+    if porcelain is None:
+        return plumbing
+    plumbing.id = (porcelain.id)
+    plumbing.name = (porcelain.name)
+    plumbing.namespace = (porcelain.namespace)
+    plumbing.server_address = (porcelain.server_address)
+    plumbing.tags.CopyFrom(convert_tags_to_plumbing(porcelain.tags))
+    return plumbing
+
+
+def convert_repeated_vault_awsiam_store_to_plumbing(porcelains):
+    return [
+        convert_vault_awsiam_store_to_plumbing(porcelain)
+        for porcelain in porcelains
+    ]
+
+
+def convert_repeated_vault_awsiam_store_to_porcelain(plumbings):
+    return [
+        convert_vault_awsiam_store_to_porcelain(plumbing)
+        for plumbing in plumbings
+    ]
+
+
 def convert_vault_app_role_cert_ssh_store_to_porcelain(plumbing):
     if plumbing is None:
         return None