Class: Smplkit::Management::ForwardersNamespace

Inherits:

Object

• Object
• Smplkit::Management::ForwardersNamespace

Defined in:

lib/smplkit/management/audit.rb

Overview

mgmt.audit.forwarders.* — manage the customer’s configured SIEM forwarders.

Instance Method Summary

• #create(name:, forwarder_type:, configuration:, description: nil, enabled: true, filter: nil, transform_type: nil, transform: nil) ⇒ Object

  Create a forwarder.

• #delete(forwarder_id) ⇒ Object
• #get(forwarder_id) ⇒ Object
• #initialize(api) ⇒ ForwardersNamespace constructor

  A new instance of ForwardersNamespace.

• #list(forwarder_type: nil, enabled: nil, page_number: nil, page_size: nil, meta_total: nil) ⇒ Object
• #update(forwarder_id, name:, forwarder_type:, configuration:, description: nil, enabled: true, filter: nil, transform_type: nil, transform: nil) ⇒ Object

  Full-replace update.

Constructor Details

#initialize(api) ⇒ ForwardersNamespace

Returns a new instance of ForwardersNamespace.

# File 'lib/smplkit/management/audit.rb', line 23

def initialize(api)
  @api = api
end

Instance Method Details

#create(name:, forwarder_type:, configuration:, description: nil, enabled: true, filter: nil, transform_type: nil, transform: nil) ⇒ Object

Create a forwarder.

Parameters:

• name (String) —

  Display name.

• forwarder_type (String, Smplkit::Audit::ForwarderType) —

  One of the published Audit::ForwarderType constants (or the equivalent string).

• configuration (Smplkit::Audit::HttpConfiguration, Hash) —

  Transport-specific delivery configuration. Today every forwarder_type uses HttpConfiguration; the URL and header values inside are stored encrypted server-side and round-trip to GET in plaintext.

• description (String, nil) (defaults to: nil) —

  Optional free-text description.

• enabled (Boolean) (defaults to: true) —

  Whether the forwarder is active.

• filter (Hash, nil) (defaults to: nil) —

  Optional JSON Logic filter; events that don’t match are recorded as filtered_out deliveries.

• transform_type (String, nil) (defaults to: nil) —

  Engine that evaluates transform. Set to “JSONATA” whenever transform is set.

• transform (String, nil) (defaults to: nil) —

  Optional template applied to the event payload before delivery (for JSONATA, a JSONata expression). Nil sends the event JSON unchanged.

# File 'lib/smplkit/management/audit.rb', line 47

def create(name:, forwarder_type:, configuration:, description: nil, enabled: true,
           filter: nil, transform_type: nil, transform: nil)
  body = build_body(nil, name: name, forwarder_type: forwarder_type,
                         configuration: configuration, description: description,
                         enabled: enabled, filter: filter,
                         transform_type: transform_type, transform: transform)
  resp = Smplkit::Audit.call_api { @api.create_forwarder(body) }
  Smplkit::Audit::Forwarder.from_resource(resp.data)
end

#delete(forwarder_id) ⇒ Object

# File 'lib/smplkit/management/audit.rb', line 90

def delete(forwarder_id)
  Smplkit::Audit.call_api { @api.delete_forwarder(forwarder_id) }
  nil
end

#get(forwarder_id) ⇒ Object

# File 'lib/smplkit/management/audit.rb', line 70

def get(forwarder_id)
  resp = Smplkit::Audit.call_api { @api.get_forwarder(forwarder_id) }
  Smplkit::Audit::Forwarder.from_resource(resp.data)
end

#list(forwarder_type: nil, enabled: nil, page_number: nil, page_size: nil, meta_total: nil) ⇒ Object

# File 'lib/smplkit/management/audit.rb', line 57

def list(forwarder_type: nil, enabled: nil, page_number: nil, page_size: nil, meta_total: nil)
  opts = {}
  opts[:filter_forwarder_type] = Smplkit::Audit::ForwarderType.coerce(forwarder_type) if forwarder_type
  opts[:filter_enabled] = enabled unless enabled.nil?
  opts[:page_number] = page_number if page_number
  opts[:page_size] = page_size if page_size
  opts[:meta_total] = meta_total unless meta_total.nil?

  resp = Smplkit::Audit.call_api { @api.list_forwarders(opts) }
  forwarders = (resp.data || []).map { |r| Smplkit::Audit::Forwarder.from_resource(r) }
  ForwarderListPage.new(forwarders, Smplkit::Audit.extract_pagination(resp.meta))
end

#update(forwarder_id, name:, forwarder_type:, configuration:, description: nil, enabled: true, filter: nil, transform_type: nil, transform: nil) ⇒ Object

Full-replace update. PUT semantics — every field is overwritten.

The URL and header values inside configuration are returned in plaintext on GET, so a fetched forwarder can be round-tripped to PUT without re-entering secrets.

# File 'lib/smplkit/management/audit.rb', line 80

def update(forwarder_id, name:, forwarder_type:, configuration:, description: nil,
           enabled: true, filter: nil, transform_type: nil, transform: nil)
  body = build_body(forwarder_id, name: name, forwarder_type: forwarder_type,
                                  configuration: configuration, description: description,
                                  enabled: enabled, filter: filter,
                                  transform_type: transform_type, transform: transform)
  resp = Smplkit::Audit.call_api { @api.update_forwarder(forwarder_id, body) }
  Smplkit::Audit::Forwarder.from_resource(resp.data)
end