Class: Smplkit::Management::ForwardersNamespace

Inherits:
Object
  • Object
show all
Defined in:
lib/smplkit/management/audit.rb

Overview

mgmt.audit.forwarders.* — manage the customer’s configured SIEM forwarders.

Instance Method Summary collapse

Constructor Details

#initialize(api) ⇒ ForwardersNamespace

Returns a new instance of ForwardersNamespace.



23
24
25
 
# File 'lib/smplkit/management/audit.rb', line 23

def initialize(api)
  @api = api
end

Instance Method Details

#create(name:, forwarder_type:, http:, enabled: true, filter: nil, transform: nil) ⇒ Object

Create a forwarder.

Parameters:

  • name (String)

    Display name. The slug is derived server-side.

  • forwarder_type (String, Smplkit::Audit::ForwarderType)

    One of the published Audit::ForwarderType constants (or the equivalent string).

  • http (Smplkit::Audit::ForwarderHttp, Hash)

    Destination configuration. Headers carry credentials and are encrypted at rest server-side; reads return them redacted.

  • enabled (Boolean) (defaults to: true)

    Whether the forwarder is active.

  • filter (Hash, nil) (defaults to: nil)

    Optional JSON Logic filter; events that don’t match are recorded as filtered_out deliveries.

  • transform (String, nil) (defaults to: nil)

    Optional JSONata template applied to the event payload before POST. Nil/empty sends the event as-is.



43
44
45
46
47
48
49
50
 
# File 'lib/smplkit/management/audit.rb', line 43

def create(name:, forwarder_type:, http:, enabled: true,
           filter: nil, transform: nil)
  body = build_body(nil, name: name, forwarder_type: forwarder_type,
                         http: http, enabled: enabled,
                         filter: filter, transform: transform)
  resp = Smplkit::Audit.call_api { @api.create_forwarder(body) }
  Smplkit::Audit::Forwarder.from_resource(resp.data)
end

#delete(forwarder_id) ⇒ Object 



84
85
86
87
 
# File 'lib/smplkit/management/audit.rb', line 84

def delete(forwarder_id)
  Smplkit::Audit.call_api { @api.delete_forwarder(forwarder_id) }
  nil
end

#get(forwarder_id) ⇒ Object 



64
65
66
67
 
# File 'lib/smplkit/management/audit.rb', line 64

def get(forwarder_id)
  resp = Smplkit::Audit.call_api { @api.get_forwarder(forwarder_id) }
  Smplkit::Audit::Forwarder.from_resource(resp.data)
end

#list(forwarder_type: nil, enabled: nil, page_size: nil, page_after: nil) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/smplkit/management/audit.rb', line 52

def list(forwarder_type: nil, enabled: nil, page_size: nil, page_after: nil)
  opts = {}
  opts[:filter_forwarder_type] = Smplkit::Audit::ForwarderType.coerce(forwarder_type) if forwarder_type
  opts[:filter_enabled] = enabled unless enabled.nil?
  opts[:page_size] = page_size if page_size
  opts[:page_after] = page_after if page_after

  resp = Smplkit::Audit.call_api { @api.list_forwarders(opts) }
  forwarders = (resp.data || []).map { |r| Smplkit::Audit::Forwarder.from_resource(r) }
  ForwarderListPage.new(forwarders, Smplkit::Audit.next_cursor(resp.links&._next))
end

#update(forwarder_id, name:, forwarder_type:, http:, enabled: true, filter: nil, transform: nil) ⇒ Object

Full-replace update. PUT semantics — every field is overwritten.

Header values must be re-supplied as plaintext; the GET path redacts them, so a PUT body containing “<redacted>” would persist that literal. Track real header values client-side and round-trip them on update.



75
76
77
78
79
80
81
82
 
# File 'lib/smplkit/management/audit.rb', line 75

def update(forwarder_id, name:, forwarder_type:, http:, enabled: true,
           filter: nil, transform: nil)
  body = build_body(forwarder_id, name: name, forwarder_type: forwarder_type,
                                  http: http, enabled: enabled,
                                  filter: filter, transform: transform)
  resp = Smplkit::Audit.call_api { @api.update_forwarder(forwarder_id, body) }
  Smplkit::Audit::Forwarder.from_resource(resp.data)
end