Class: SDM::SnapshotClient

Inherits:
Object
  • Object
show all
Defined in:
lib/strongdm.rb

Overview

SnapshotClient exposes methods to query historical records at a provided timestamp.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ SnapshotClient

Returns a new instance of SnapshotClient.



598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
 
# File 'lib/strongdm.rb', line 598

def initialize(client)
  @access_requests = SnapshotAccessRequests.new(client.access_requests)
  @account_attachments = SnapshotAccountAttachments.new(client.)
  @account_grants = SnapshotAccountGrants.new(client.)
  @account_permissions = SnapshotAccountPermissions.new(client.)
  @account_resources = SnapshotAccountResources.new(client.)
  @accounts = SnapshotAccounts.new(client.accounts)
  @accounts_groups = SnapshotAccountsGroups.new(client.accounts_groups)
  @approval_workflow_approvers = SnapshotApprovalWorkflowApprovers.new(client.approval_workflow_approvers)
  @approval_workflow_steps = SnapshotApprovalWorkflowSteps.new(client.approval_workflow_steps)
  @approval_workflows = SnapshotApprovalWorkflows.new(client.approval_workflows)
  @roles = SnapshotRoles.new(client.roles)
  @groups = SnapshotGroups.new(client.groups)
  @groups_roles = SnapshotGroupsRoles.new(client.groups_roles)
  @identity_aliases = SnapshotIdentityAliases.new(client.identity_aliases)
  @identity_sets = SnapshotIdentitySets.new(client.identity_sets)
  @nodes = SnapshotNodes.new(client.nodes)
  @policies = SnapshotPolicies.new(client.policies)
  @proxy_cluster_keys = SnapshotProxyClusterKeys.new(client.proxy_cluster_keys)
  @remote_identities = SnapshotRemoteIdentities.new(client.remote_identities)
  @remote_identity_groups = SnapshotRemoteIdentityGroups.new(client.remote_identity_groups)
  @resources = SnapshotResources.new(client.resources)
  @role_resources = SnapshotRoleResources.new(client.role_resources)
  @secret_stores = SnapshotSecretStores.new(client.secret_stores)
  @workflow_approvers = SnapshotWorkflowApprovers.new(client.workflow_approvers)
  @workflow_roles = SnapshotWorkflowRoles.new(client.workflow_roles)
  @workflows = SnapshotWorkflows.new(client.workflows)
end

Instance Attribute Details

#access_requestsObject (readonly)

AccessRequests are requests for access to a resource that may match a Workflow.

See SDM::SnapshotAccessRequests.



630
631
632
 
# File 'lib/strongdm.rb', line 630

def access_requests
  @access_requests
end

#account_attachmentsObject (readonly)

AccountAttachments assign an account to a role.

See SDM::SnapshotAccountAttachments.



634
635
636
 
# File 'lib/strongdm.rb', line 634

def 
  @account_attachments
end

#account_grantsObject (readonly)

AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.

See SDM::SnapshotAccountGrants.



638
639
640
 
# File 'lib/strongdm.rb', line 638

def 
  @account_grants
end

#account_permissionsObject (readonly)

AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.

See SDM::SnapshotAccountPermissions.



643
644
645
 
# File 'lib/strongdm.rb', line 643

def 
  @account_permissions
end

#account_resourcesObject (readonly)

AccountResources enumerates the resources to which accounts have access. The AccountResources service is read-only.

See SDM::SnapshotAccountResources.



648
649
650
 
# File 'lib/strongdm.rb', line 648

def 
  @account_resources
end

#accountsObject (readonly)

Accounts are users that have access to strongDM. There are two types of accounts:

  1. Users: humans who are authenticated through username and password or SSO.
  2. Service Accounts: machines that are authenticated using a service token.
  3. Tokens are access keys with permissions that can be used for authentication.

See SDM::SnapshotAccounts.



655
656
657
 
# File 'lib/strongdm.rb', line 655

def accounts
  @accounts
end

#accounts_groupsObject (readonly)

An AccountGroup links an account and a group.

See SDM::SnapshotAccountsGroups.



659
660
661
 
# File 'lib/strongdm.rb', line 659

def accounts_groups
  @accounts_groups
end

#approval_workflow_approversObject (readonly)

ApprovalWorkflowApprovers link approval workflow approvers to an ApprovalWorkflowStep

See SDM::SnapshotApprovalWorkflowApprovers.



663
664
665
 
# File 'lib/strongdm.rb', line 663

def approval_workflow_approvers
  @approval_workflow_approvers
end

#approval_workflow_stepsObject (readonly)

ApprovalWorkflowSteps link approval workflow steps to an ApprovalWorkflow

See SDM::SnapshotApprovalWorkflowSteps.



667
668
669
 
# File 'lib/strongdm.rb', line 667

def approval_workflow_steps
  @approval_workflow_steps
end

#approval_workflowsObject (readonly)

ApprovalWorkflows are the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied.

See SDM::SnapshotApprovalWorkflows.



672
673
674
 
# File 'lib/strongdm.rb', line 672

def approval_workflows
  @approval_workflows
end

#groupsObject (readonly)

A Group is a set of principals.

See SDM::SnapshotGroups.



682
683
684
 
# File 'lib/strongdm.rb', line 682

def groups
  @groups
end

#groups_rolesObject (readonly)

A GroupRole is an assignment of a Group to a Role.

See SDM::SnapshotGroupsRoles.



686
687
688
 
# File 'lib/strongdm.rb', line 686

def groups_roles
  @groups_roles
end

#identity_aliasesObject (readonly)

IdentityAliases assign an alias to an account within an IdentitySet. The alias is used as the username when connecting to a identity supported resource.

See SDM::SnapshotIdentityAliases.



691
692
693
 
# File 'lib/strongdm.rb', line 691

def identity_aliases
  @identity_aliases
end

#identity_setsObject (readonly)

A IdentitySet is a named grouping of Identity Aliases for Accounts. An Account's relationship to a IdentitySet is defined via IdentityAlias objects.

See SDM::SnapshotIdentitySets.



696
697
698
 
# File 'lib/strongdm.rb', line 696

def identity_sets
  @identity_sets
end

#nodesObject (readonly)

Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:

  • Gateways are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
  • Relays are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.

See SDM::SnapshotNodes.



702
703
704
 
# File 'lib/strongdm.rb', line 702

def nodes
  @nodes
end

#policiesObject (readonly)

Policies are the collection of one or more statements that enforce fine-grained access control for the users of an organization.

See SDM::SnapshotPolicies.



707
708
709
 
# File 'lib/strongdm.rb', line 707

def policies
  @policies
end

#proxy_cluster_keysObject (readonly)

Proxy Cluster Keys are authentication keys for all proxies within a cluster. The proxies within a cluster share the same key. One cluster can have multiple keys in order to facilitate key rotation.

See SDM::SnapshotProxyClusterKeys.



713
714
715
 
# File 'lib/strongdm.rb', line 713

def proxy_cluster_keys
  @proxy_cluster_keys
end

#remote_identitiesObject (readonly)

RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.

See SDM::SnapshotRemoteIdentities.



717
718
719
 
# File 'lib/strongdm.rb', line 717

def remote_identities
  @remote_identities
end

#remote_identity_groupsObject (readonly)

A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts. An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.

See SDM::SnapshotRemoteIdentityGroups.



722
723
724
 
# File 'lib/strongdm.rb', line 722

def remote_identity_groups
  @remote_identity_groups
end

#resourcesObject (readonly)

Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.

See SDM::SnapshotResources.



727
728
729
 
# File 'lib/strongdm.rb', line 727

def resources
  @resources
end

#role_resourcesObject (readonly)

RoleResources enumerates the resources to which roles have access. The RoleResources service is read-only.

See SDM::SnapshotRoleResources.



732
733
734
 
# File 'lib/strongdm.rb', line 732

def role_resources
  @role_resources
end

#rolesObject (readonly)

A Role has a list of access rules which determine which Resources the members of the Role have access to. An Account can be a member of multiple Roles via AccountAttachments.

See SDM::SnapshotRoles.



678
679
680
 
# File 'lib/strongdm.rb', line 678

def roles
  @roles
end

#secret_storesObject (readonly)

SecretStores are servers where resource secrets (passwords, keys) are stored.

See SDM::SnapshotSecretStores.



736
737
738
 
# File 'lib/strongdm.rb', line 736

def secret_stores
  @secret_stores
end

#workflow_approversObject (readonly)

WorkflowApprovers is an account or a role with the ability to approve requests bound to a workflow.

See SDM::SnapshotWorkflowApprovers.



740
741
742
 
# File 'lib/strongdm.rb', line 740

def workflow_approvers
  @workflow_approvers
end

#workflow_rolesObject (readonly)

WorkflowRole links a role to a workflow. The linked roles indicate which roles a user must be a part of to request access to a resource via the workflow.

See SDM::SnapshotWorkflowRoles.



745
746
747
 
# File 'lib/strongdm.rb', line 745

def workflow_roles
  @workflow_roles
end

#workflowsObject (readonly)

Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.

See SDM::SnapshotWorkflows.



751
752
753
 
# File 'lib/strongdm.rb', line 751

def workflows
  @workflows
end