Class: SDM::Client
- Inherits:
-
Object
- Object
- SDM::Client
- Defined in:
- lib/strongdm.rb
Overview
Client bundles all the services together and initializes them.
Instance Attribute Summary collapse
-
#account_attachments ⇒ Object
readonly
AccountAttachments assign an account to a role.
-
#account_grants ⇒ Object
readonly
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#accounts ⇒ Object
readonly
Accounts are users that have access to strongDM.
-
#api_access_key ⇒ Object
readonly
API authentication token (read-only).
-
#base_retry_delay ⇒ Object
readonly
Returns the value of attribute base_retry_delay.
-
#control_panel ⇒ Object
readonly
ControlPanel contains all administrative controls.
-
#max_retries ⇒ Object
readonly
Returns the value of attribute max_retries.
-
#max_retry_delay ⇒ Object
readonly
Returns the value of attribute max_retry_delay.
-
#nodes ⇒ Object
readonly
Nodes make up the strongDM network, and allow your users to connect securely to your resources.
-
#remote_identities ⇒ Object
readonly
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
-
#remote_identity_groups ⇒ Object
readonly
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
-
#resources ⇒ Object
readonly
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
-
#roles ⇒ Object
readonly
A Role has a list of access rules which determine which Resources the members of the Role have access to.
-
#secret_stores ⇒ Object
readonly
SecretStores are servers where resource secrets (passwords, keys) are stored.
Instance Method Summary collapse
-
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true) ⇒ Client
constructor
Creates a new strongDM API client.
- #sign(method_name, msg_bytes) ⇒ Object
Constructor Details
#initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true) ⇒ Client
Creates a new strongDM API client.
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/strongdm.rb', line 35 def initialize(api_access_key, api_secret_key, host: "api.strongdm.com:443", insecure: false, retry_rate_limit_errors: true) raise TypeError, "client access key must be a string" unless api_access_key.kind_of?(String) raise TypeError, "client secret key must be a string" unless api_secret_key.kind_of?(String) raise TypeError, "client host must be a string" unless host.kind_of?(String) @api_access_key = api_access_key.strip @api_secret_key = Base64.strict_decode64(api_secret_key.strip) @max_retries = DEFAULT_MAX_RETRIES @base_retry_delay = DEFAULT_BASE_RETRY_DELAY @max_retry_delay = DEFAULT_MAX_RETRY_DELAY @expose_rate_limit_errors = (not retry_rate_limit_errors) @account_attachments = AccountAttachments.new(host, insecure, self) @account_grants = AccountGrants.new(host, insecure, self) @accounts = Accounts.new(host, insecure, self) @control_panel = ControlPanel.new(host, insecure, self) @nodes = Nodes.new(host, insecure, self) @remote_identities = RemoteIdentities.new(host, insecure, self) @remote_identity_groups = RemoteIdentityGroups.new(host, insecure, self) @resources = Resources.new(host, insecure, self) @roles = Roles.new(host, insecure, self) @secret_stores = SecretStores.new(host, insecure, self) @_test_options = Hash.new end |
Instance Attribute Details
#account_attachments ⇒ Object (readonly)
AccountAttachments assign an account to a role.
See AccountAttachments.
125 126 127 |
# File 'lib/strongdm.rb', line 125 def @account_attachments end |
#account_grants ⇒ Object (readonly)
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
See AccountGrants.
129 130 131 |
# File 'lib/strongdm.rb', line 129 def account_grants @account_grants end |
#accounts ⇒ Object (readonly)
Accounts are users that have access to strongDM. There are two types of accounts:
- Users: humans who are authenticated through username and password or SSO.
- Service Accounts: machines that are authenticated using a service token.
See Accounts.
135 136 137 |
# File 'lib/strongdm.rb', line 135 def accounts @accounts end |
#api_access_key ⇒ Object (readonly)
API authentication token (read-only).
121 122 123 |
# File 'lib/strongdm.rb', line 121 def api_access_key @api_access_key end |
#base_retry_delay ⇒ Object (readonly)
Returns the value of attribute base_retry_delay.
117 118 119 |
# File 'lib/strongdm.rb', line 117 def base_retry_delay @base_retry_delay end |
#control_panel ⇒ Object (readonly)
ControlPanel contains all administrative controls.
See SDM::ControlPanel.
139 140 141 |
# File 'lib/strongdm.rb', line 139 def control_panel @control_panel end |
#max_retries ⇒ Object (readonly)
Returns the value of attribute max_retries.
116 117 118 |
# File 'lib/strongdm.rb', line 116 def max_retries @max_retries end |
#max_retry_delay ⇒ Object (readonly)
Returns the value of attribute max_retry_delay.
118 119 120 |
# File 'lib/strongdm.rb', line 118 def max_retry_delay @max_retry_delay end |
#nodes ⇒ Object (readonly)
Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
- Gateways are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
- Relays are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
See Nodes.
145 146 147 |
# File 'lib/strongdm.rb', line 145 def nodes @nodes end |
#remote_identities ⇒ Object (readonly)
RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
See RemoteIdentities.
149 150 151 |
# File 'lib/strongdm.rb', line 149 def remote_identities @remote_identities end |
#remote_identity_groups ⇒ Object (readonly)
A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts. An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
See RemoteIdentityGroups.
154 155 156 |
# File 'lib/strongdm.rb', line 154 def remote_identity_groups @remote_identity_groups end |
#resources ⇒ Object (readonly)
Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.
See Resources.
159 160 161 |
# File 'lib/strongdm.rb', line 159 def resources @resources end |
#roles ⇒ Object (readonly)
A Role has a list of access rules which determine which Resources the members of the Role have access to. An Account can be a member of multiple Roles via AccountAttachments.
See Roles.
165 166 167 |
# File 'lib/strongdm.rb', line 165 def roles @roles end |
#secret_stores ⇒ Object (readonly)
SecretStores are servers where resource secrets (passwords, keys) are stored.
See SecretStores.
169 170 171 |
# File 'lib/strongdm.rb', line 169 def secret_stores @secret_stores end |
Instance Method Details
#sign(method_name, msg_bytes) ⇒ Object
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/strongdm.rb', line 68 def sign(method_name, msg_bytes) current_utc_date = Time.now.utc date = sprintf("%04d-%02d-%02d", current_utc_date.year, current_utc_date.month, current_utc_date.day) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @api_secret_key, date) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, "sdm_api_v1") sha_req = Digest::SHA256.new sha_req << method_name sha_req << "\n" sha_req << msg_bytes request_hash = sha_req.digest return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash)) end |