Class: Smplkit::Audit::Forwarder

Inherits:

Object

• Object
• Smplkit::Audit::Forwarder

Defined in:

lib/smplkit/audit/models.rb

Overview

A SIEM streaming forwarder configured on the customer’s account.

Active-record style: instantiate via mgmt.audit.forwarders.new_forwarder(…), mutate fields directly, and call #save to persist or #delete to remove. Header values in configuration.headers are returned redacted on reads — the GET path on the audit API replaces every header value with “<redacted>”. Re-supply real values before calling #save; the SDK does not cache them client-side.

Instance Attribute Summary

• #configuration ⇒ HttpConfiguration

  Destination request configuration.

• #created_at ⇒ String^?

  ISO-8601 timestamp of first persist.

• #deleted_at ⇒ String^?

  Soft-delete timestamp.

• #description ⇒ String^?

  Optional free-text description.

• #enabled ⇒ Boolean

  When false, the audit service skips delivery for this forwarder but still records filtered_out deliveries.

• #filter ⇒ Hash^?

  Optional JSON Logic expression evaluated per event.

• #forwarder_type ⇒ String

  One of Smplkit::Audit::ForwarderType::VALUES.

• #id ⇒ String^?

  Caller-supplied unique identifier (key) for this forwarder.

• #name ⇒ String

  Display name.

• #transform ⇒ Object^?

  Optional template applied to each event before delivery.

• #transform_type ⇒ String^?

  Engine that evaluates #transform — one of TransformType::VALUES.

• #updated_at ⇒ String^?

  ISO-8601 timestamp of the most recent mutation.

• #version ⇒ Integer^?

  Monotonic version counter, bumped on every server-side write.

Class Method Summary

• .from_resource(resource, client: nil) ⇒ Object
• .validate_transform_pair!(transform, transform_type) ⇒ Object private

  Validate the (transform, transform_type) pair.

Instance Method Summary

• #_apply(other) ⇒ Object private
• #delete ⇒ nil (also: #delete!)

  Soft-delete this forwarder on the server.

• #initialize(client = nil, name:, forwarder_type:, configuration:, id: nil, enabled: true, description: nil, filter: nil, transform: nil, transform_type: nil, created_at: nil, updated_at: nil, deleted_at: nil, version: nil) ⇒ Forwarder constructor

  A new instance of Forwarder.

• #save ⇒ self (also: #save!)

  Create or update this forwarder on the server.

Constructor Details

#initialize(client = nil, name:, forwarder_type:, configuration:, id: nil, enabled: true, description: nil, filter: nil, transform: nil, transform_type: nil, created_at: nil, updated_at: nil, deleted_at: nil, version: nil) ⇒ Forwarder

Returns a new instance of Forwarder.

# File 'lib/smplkit/audit/models.rb', line 395

def initialize(client = nil, name:, forwarder_type:, configuration:,
               id: nil, enabled: true, description: nil,
               filter: nil, transform: nil, transform_type: nil,
               created_at: nil, updated_at: nil, deleted_at: nil, version: nil)
  @client = client
  @id = id
  @name = name
  @forwarder_type = ForwarderType.coerce(forwarder_type)
  @configuration = configuration
  @enabled = enabled
  @description = description
  @filter = filter
  @transform = transform
  @transform_type = TransformType.coerce(transform_type)
  @created_at = created_at
  @updated_at = updated_at
  @deleted_at = deleted_at
  @version = version
end

Instance Attribute Details

#configuration ⇒ HttpConfiguration

Returns Destination request configuration.

Returns:

• (HttpConfiguration) —

  Destination request configuration.

# File 'lib/smplkit/audit/models.rb', line 362

def configuration
  @configuration
end

#created_at ⇒ String^?

Returns ISO-8601 timestamp of first persist. nil for an unsaved instance.

Returns:

• (String, nil) —

  ISO-8601 timestamp of first persist. nil for an unsaved instance.

# File 'lib/smplkit/audit/models.rb', line 384

def created_at
  @created_at
end

#deleted_at ⇒ String^?

Returns Soft-delete timestamp. nil for live forwarders.

Returns:

• (String, nil) —

  Soft-delete timestamp. nil for live forwarders.

# File 'lib/smplkit/audit/models.rb', line 390

def deleted_at
  @deleted_at
end

#description ⇒ String^?

Returns Optional free-text description.

Returns:

• (String, nil) —

  Optional free-text description.

# File 'lib/smplkit/audit/models.rb', line 365

def description
  @description
end

#enabled ⇒ Boolean

Returns When false, the audit service skips delivery for this forwarder but still records filtered_out deliveries.

Returns:

• (Boolean) —

  When false, the audit service skips delivery for this forwarder but still records filtered_out deliveries.

# File 'lib/smplkit/audit/models.rb', line 359

def enabled
  @enabled
end

#filter ⇒ Hash^?

Returns Optional JSON Logic expression evaluated per event. When set, events that don’t match are recorded as filtered_out deliveries instead of being delivered to the destination.

Returns:

• (Hash, nil) —

  Optional JSON Logic expression evaluated per event. When set, events that don’t match are recorded as filtered_out deliveries instead of being delivered to the destination.

# File 'lib/smplkit/audit/models.rb', line 370

def filter
  @filter
end

#forwarder_type ⇒ String

Returns One of Smplkit::Audit::ForwarderType::VALUES.

Returns:

• (String) —

  One of Smplkit::Audit::ForwarderType::VALUES.

# File 'lib/smplkit/audit/models.rb', line 355

def forwarder_type
  @forwarder_type
end

#id ⇒ String^?

Returns Caller-supplied unique identifier (key) for this forwarder. Unique within an account; immutable for the lifetime of the forwarder. nil only while the object represents an unsaved instance constructed without an id (which #save would then reject).

Returns:

• (String, nil) —

  Caller-supplied unique identifier (key) for this forwarder. Unique within an account; immutable for the lifetime of the forwarder. nil only while the object represents an unsaved instance constructed without an id (which #save would then reject).

# File 'lib/smplkit/audit/models.rb', line 349

def id
  @id
end

#name ⇒ String

Returns Display name. Free-form.

Returns:

• (String) —

  Display name. Free-form.

# File 'lib/smplkit/audit/models.rb', line 352

def name
  @name
end

#transform ⇒ Object^?

Returns Optional template applied to each event before delivery. Free-form — the audit service passes the value verbatim to the engine named by #transform_type. For TransformType::JSONATA a JSONata expression string; nil delivers the event JSON as-is. Must be paired with a non-nil #transform_type.

Returns:

• (Object, nil) —

  Optional template applied to each event before delivery. Free-form — the audit service passes the value verbatim to the engine named by #transform_type. For TransformType::JSONATA a JSONata expression string; nil delivers the event JSON as-is. Must be paired with a non-nil #transform_type.

# File 'lib/smplkit/audit/models.rb', line 377

def transform
  @transform
end

#transform_type ⇒ String^?

Returns Engine that evaluates #transform — one of TransformType::VALUES. Required whenever #transform is set.

Returns:

• (String, nil) —

  Engine that evaluates #transform — one of TransformType::VALUES. Required whenever #transform is set.

# File 'lib/smplkit/audit/models.rb', line 381

def transform_type
  @transform_type
end

#updated_at ⇒ String^?

Returns ISO-8601 timestamp of the most recent mutation.

Returns:

• (String, nil) —

  ISO-8601 timestamp of the most recent mutation.

# File 'lib/smplkit/audit/models.rb', line 387

def updated_at
  @updated_at
end

#version ⇒ Integer^?

Returns Monotonic version counter, bumped on every server-side write.

Returns:

• (Integer, nil) —

  Monotonic version counter, bumped on every server-side write.

# File 'lib/smplkit/audit/models.rb', line 393

def version
  @version
end

Class Method Details

.from_resource(resource, client: nil) ⇒ Object

# File 'lib/smplkit/audit/models.rb', line 484

def self.from_resource(resource, client: nil)
  a = resource.attributes
  new(
    client,
    id: resource.id,
    name: a.name,
    description: a.description,
    forwarder_type: a.forwarder_type,
    enabled: a.enabled.nil? || a.enabled,
    filter: a.filter.nil? ? nil : Smplkit::Helpers.deep_stringify_keys(a.filter),
    transform_type: a.transform_type,
    transform: a.transform,
    configuration: HttpConfiguration.from_wire(a.configuration),
    created_at: a.created_at,
    updated_at: a.updated_at,
    deleted_at: a.deleted_at,
    version: a.version
  )
end

.validate_transform_pair!(transform, transform_type) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Validate the (transform, transform_type) pair.

Both must be nil or both must be set. When transform_type is TransformType::JSONATA, transform must be a String (the JSONata expression). Other engines accept any value.

Raises:

• (ArgumentError)

# File 'lib/smplkit/audit/models.rb', line 471

def self.validate_transform_pair!(transform, transform_type)
  if transform.nil? != transform_type.nil?
    raise ArgumentError,
          "transform and transform_type must be specified together (both nil or both set)"
  end
  return if transform.nil?
  return unless transform_type == TransformType::JSONATA && !transform.is_a?(String)

  raise ArgumentError,
        "transform must be a String when transform_type is JSONATA " \
        "(got #{transform.class})"
end

Instance Method Details

#_apply(other) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/smplkit/audit/models.rb', line 448

def _apply(other)
  @id = other.id
  @name = other.name
  @forwarder_type = other.forwarder_type
  @configuration = other.configuration
  @enabled = other.enabled
  @description = other.description
  @filter = other.filter
  @transform = other.transform
  @transform_type = other.transform_type
  @created_at = other.created_at
  @updated_at = other.updated_at
  @deleted_at = other.deleted_at
  @version = other.version
end

#delete ⇒ nil Also known as: delete!

Soft-delete this forwarder on the server.

Returns:

• (nil)

# File 'lib/smplkit/audit/models.rb', line 440

def delete
  raise "Forwarder was constructed without a client or id; cannot delete" if @client.nil? || @id.nil?

  @client.delete(@id)
end

#save ⇒ self Also known as: save!

Create or update this forwarder on the server.

Upsert behavior is driven by #created_at: a forwarder with no created_at is created (POST); otherwise it’s full-replace updated (PUT). After the call, every field is refreshed from the server response (including newly-assigned id, created_at, updated_at, version).

Returns:

• (self)

Raises:

• (ArgumentError) —

  when #transform and #transform_type are not both nil or both set, or when #transform_type is JSONATA and #transform is not a String.

# File 'lib/smplkit/audit/models.rb', line 427

def save
  raise "Forwarder was constructed without a client; cannot save" if @client.nil?

  self.class.send(:validate_transform_pair!, @transform, @transform_type)
  updated = @created_at.nil? ? @client._create_forwarder(self) : @client._update_forwarder(self)
  _apply(updated)
  self
end