class SDM::Client
Client bundles all the services together and initializes them.
Attributes
AccountAttachments assign an account to a role.
AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
Accounts are users that have access to strongDM. There are two types of accounts:
-
**Regular users:** humans who are authenticated through username and password or SSO
-
**Service users:** machines that are authneticated using a service token
API authentication token (read-only).
Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
-
*Relay:* creates connectivity to your datasources, while maintaining the egress-only nature of your firewall
-
*Gateways:* a relay that also listens for connections from strongDM clients
RoleAttachments represent relationships between composite roles and the roles that make up those composite roles. When a composite role is attached to another role, the permissions granted to members of the composite role are augmented to include the permissions granted to members of the attached role.
RoleGrants represent relationships between composite roles and the roles that make up those composite roles. When a composite role is attached to another role, the permissions granted to members of the composite role are augmented to include the permissions granted to members of the attached role.
Roles are tools for controlling user access to resources. Each Role holds a list of resources which they grant access to. Composite roles are a special type of Role which have no resource associations of their own, but instead grant access to the combined resources associated with a set of child roles. Each user can be a member of one Role or composite role.
Public Class Methods
Creates a new strongDM API client.
# File lib/strongdm.rb, line 31 def initialize(api_access_key, api_secret_key, host:"api.strongdm.com:443", insecure:false) @api_access_key = api_access_key @api_secret_key = Base64.strict_decode64(api_secret_key) @max_retries = DEFAULT_MAX_RETRIES @base_retry_delay = DEFAULT_BASE_RETRY_DELAY @max_retry_delay = DEFAULT_MAX_RETRY_DELAY @account_attachments = AccountAttachments.new(host, insecure, self) @account_grants = AccountGrants.new(host, insecure, self) @accounts = Accounts.new(host, insecure, self) @nodes = Nodes.new(host, insecure, self) @resources = Resources.new(host, insecure, self) @role_attachments = RoleAttachments.new(host, insecure, self) @role_grants = RoleGrants.new(host, insecure, self) @roles = Roles.new(host, insecure, self) @_test_options = Hash.new end
Public Instance Methods
# File lib/strongdm.rb, line 48 def get_metadata(method_name, req) return { 'x-sdm-authentication': @api_access_key,'x-sdm-signature': self.sign(method_name, req.to_proto)} end
# File lib/strongdm.rb, line 68 def jitterSleep(iter) dur_max = @base_retry_delay * 2**iter if (dur_max > @max_retry_delay) dur_max = @max_retry_delay end dur = rand() * dur_max sleep(dur) end
# File lib/strongdm.rb, line 77 def shouldRetry(iter, err) if (iter >= @max_retries-1) return false end if not err .is_a? GRPC::BadStatus return true end return err.code() == 13 end
# File lib/strongdm.rb, line 52 def sign(method_name, msg_bytes) current_utc_date = Time.now.utc date = sprintf("%04d-%02d-%02d",current_utc_date.year, current_utc_date.month, current_utc_date.day) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @api_secret_key, date) signing_key = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, 'sdm_api_v1') sha_req = Digest::SHA256.new sha_req << method_name sha_req << "\n" sha_req << msg_bytes request_hash = sha_req.digest return Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signing_key, request_hash)) end