Class: SDM::SnapshotClient

Inherits:

Object

• Object
• SDM::SnapshotClient

Defined in:

lib/strongdm.rb

Overview

SnapshotClient exposes methods to query historical records at a provided timestamp.

Instance Attribute Summary

• #access_requests ⇒ Object readonly

  AccessRequests are requests for access to a resource that may match a Workflow.

• #account_attachments ⇒ Object readonly

  AccountAttachments assign an account to a role.

• #account_grants ⇒ Object readonly

  AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.

• #account_permissions ⇒ Object readonly

  AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.

• #account_resources ⇒ Object readonly

  AccountResources enumerates the resources to which accounts have access.

• #accounts ⇒ Object readonly

  Accounts are users that have access to strongDM.

• #accounts_groups ⇒ Object readonly

  An AccountGroup links an account and a group.

• #approval_workflow_approvers ⇒ Object readonly

  ApprovalWorkflowApprovers link approval workflow approvers to an ApprovalWorkflowStep.

• #approval_workflow_steps ⇒ Object readonly

  ApprovalWorkflowSteps link approval workflow steps to an ApprovalWorkflow.

• #approval_workflows ⇒ Object readonly

  ApprovalWorkflows are the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied.

• #discovery_connectors ⇒ Object readonly

  A Discovery Connector is a configuration object for performing Resource Scans in remote systems such as AWS, GCP, Azure, and other systems.

• #granted_account_entitlements ⇒ Object readonly

  GrantedAccountEntitlements enumerates the resources to which an account has been granted access.

• #granted_resource_entitlements ⇒ Object readonly

  GrantedResourceEntitlements enumerates the accounts that have been granted access to a given resource.

• #granted_role_entitlements ⇒ Object readonly

  GrantedRoleEntitlements enumerates the resources to which a role grants access.

• #groups ⇒ Object readonly

  A Group is a set of principals.

• #groups_roles ⇒ Object readonly

  A GroupRole is an assignment of a Group to a Role.

• #identity_aliases ⇒ Object readonly

  IdentityAliases assign an alias to an account within an IdentitySet.

• #identity_sets ⇒ Object readonly

  A IdentitySet is a named grouping of Identity Aliases for Accounts.

• #nodes ⇒ Object readonly

  Nodes make up the StrongDM network, and allow your users to connect securely to your resources.

• #policies ⇒ Object readonly

  Policies are the collection of one or more statements that enforce fine-grained access control for the users of an organization.

• #proxy_cluster_keys ⇒ Object readonly

  Proxy Cluster Keys are authentication keys for all proxies within a cluster.

• #remote_identities ⇒ Object readonly

  RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.

• #remote_identity_groups ⇒ Object readonly

  A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.

• #requestable_account_entitlements ⇒ Object readonly

  RequestableAccountEntitlements enumerates the resources that an account is permitted to request access to.

• #requestable_resource_entitlements ⇒ Object readonly

  RequestableResourceEntitlements enumerates the accounts that are permitted to request access to a given resource.

• #requestable_role_entitlements ⇒ Object readonly

  RequestableRoleEntitlements enumerates the resources that a role permits its members to request access to.

• #resources ⇒ Object readonly

  Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.

• #role_resources ⇒ Object readonly

  RoleResources enumerates the resources to which roles have access.

• #roles ⇒ Object readonly

  A Role has a list of access rules which determine which Resources the members of the Role have access to.

• #secret_stores ⇒ Object readonly

  SecretStores are servers where resource secrets (passwords, keys) are stored.

• #workflow_approvers ⇒ Object readonly

  WorkflowApprovers is an account or a role with the ability to approve requests bound to a workflow.

• #workflow_roles ⇒ Object readonly

  WorkflowRole links a role to a workflow.

• #workflows ⇒ Object readonly

  Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.

Instance Method Summary

• #initialize(client) ⇒ SnapshotClient constructor

  A new instance of SnapshotClient.

Constructor Details

#initialize(client) ⇒ SnapshotClient

Returns a new instance of SnapshotClient.

# File 'lib/strongdm.rb', line 666

def initialize(client)
  @access_requests = SnapshotAccessRequests.new(client.access_requests)
  @account_attachments = SnapshotAccountAttachments.new(client.account_attachments)
  @account_grants = SnapshotAccountGrants.new(client.account_grants)
  @account_permissions = SnapshotAccountPermissions.new(client.account_permissions)
  @account_resources = SnapshotAccountResources.new(client.account_resources)
  @accounts = SnapshotAccounts.new(client.accounts)
  @accounts_groups = SnapshotAccountsGroups.new(client.accounts_groups)
  @approval_workflow_approvers = SnapshotApprovalWorkflowApprovers.new(client.approval_workflow_approvers)
  @approval_workflow_steps = SnapshotApprovalWorkflowSteps.new(client.approval_workflow_steps)
  @approval_workflows = SnapshotApprovalWorkflows.new(client.approval_workflows)
  @discovery_connectors = SnapshotDiscoveryConnectors.new(client.discovery_connectors)
  @granted_account_entitlements = SnapshotGrantedAccountEntitlements.new(client.granted_account_entitlements)
  @granted_resource_entitlements = SnapshotGrantedResourceEntitlements.new(client.granted_resource_entitlements)
  @granted_role_entitlements = SnapshotGrantedRoleEntitlements.new(client.granted_role_entitlements)
  @roles = SnapshotRoles.new(client.roles)
  @groups = SnapshotGroups.new(client.groups)
  @groups_roles = SnapshotGroupsRoles.new(client.groups_roles)
  @identity_aliases = SnapshotIdentityAliases.new(client.identity_aliases)
  @identity_sets = SnapshotIdentitySets.new(client.identity_sets)
  @nodes = SnapshotNodes.new(client.nodes)
  @policies = SnapshotPolicies.new(client.policies)
  @proxy_cluster_keys = SnapshotProxyClusterKeys.new(client.proxy_cluster_keys)
  @remote_identities = SnapshotRemoteIdentities.new(client.remote_identities)
  @remote_identity_groups = SnapshotRemoteIdentityGroups.new(client.remote_identity_groups)
  @requestable_account_entitlements = SnapshotRequestableAccountEntitlements.new(client.requestable_account_entitlements)
  @requestable_resource_entitlements = SnapshotRequestableResourceEntitlements.new(client.requestable_resource_entitlements)
  @requestable_role_entitlements = SnapshotRequestableRoleEntitlements.new(client.requestable_role_entitlements)
  @resources = SnapshotResources.new(client.resources)
  @role_resources = SnapshotRoleResources.new(client.role_resources)
  @secret_stores = SnapshotSecretStores.new(client.secret_stores)
  @workflow_approvers = SnapshotWorkflowApprovers.new(client.workflow_approvers)
  @workflow_roles = SnapshotWorkflowRoles.new(client.workflow_roles)
  @workflows = SnapshotWorkflows.new(client.workflows)
end

Instance Attribute Details

#access_requests ⇒ Object (readonly)

AccessRequests are requests for access to a resource that may match a Workflow.

See SDM::SnapshotAccessRequests.

# File 'lib/strongdm.rb', line 705

def access_requests
  @access_requests
end

#account_attachments ⇒ Object (readonly)

AccountAttachments assign an account to a role.

See SDM::SnapshotAccountAttachments.

# File 'lib/strongdm.rb', line 709

def account_attachments
  @account_attachments
end

#account_grants ⇒ Object (readonly)

AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.

See SDM::SnapshotAccountGrants.

# File 'lib/strongdm.rb', line 713

def account_grants
  @account_grants
end

#account_permissions ⇒ Object (readonly)

AccountPermissions records the granular permissions accounts have, allowing them to execute relevant commands via StrongDM's APIs.

See SDM::SnapshotAccountPermissions.

# File 'lib/strongdm.rb', line 718

def account_permissions
  @account_permissions
end

#account_resources ⇒ Object (readonly)

AccountResources enumerates the resources to which accounts have access. The AccountResources service is read-only.

See SDM::SnapshotAccountResources.

# File 'lib/strongdm.rb', line 723

def account_resources
  @account_resources
end

#accounts ⇒ Object (readonly)

Accounts are users that have access to strongDM. There are two types of accounts:

1. Users: humans who are authenticated through username and password or SSO.
2. Service Accounts: machines that are authenticated using a service token.
3. Tokens are access keys with permissions that can be used for authentication.

See SDM::SnapshotAccounts.

# File 'lib/strongdm.rb', line 730

def accounts
  @accounts
end

#accounts_groups ⇒ Object (readonly)

An AccountGroup links an account and a group.

See SDM::SnapshotAccountsGroups.

# File 'lib/strongdm.rb', line 734

def accounts_groups
  @accounts_groups
end

#approval_workflow_approvers ⇒ Object (readonly)

ApprovalWorkflowApprovers link approval workflow approvers to an ApprovalWorkflowStep

See SDM::SnapshotApprovalWorkflowApprovers.

# File 'lib/strongdm.rb', line 738

def approval_workflow_approvers
  @approval_workflow_approvers
end

#approval_workflow_steps ⇒ Object (readonly)

ApprovalWorkflowSteps link approval workflow steps to an ApprovalWorkflow

See SDM::SnapshotApprovalWorkflowSteps.

# File 'lib/strongdm.rb', line 742

def approval_workflow_steps
  @approval_workflow_steps
end

#approval_workflows ⇒ Object (readonly)

ApprovalWorkflows are the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied.

See SDM::SnapshotApprovalWorkflows.

# File 'lib/strongdm.rb', line 747

def approval_workflows
  @approval_workflows
end

#discovery_connectors ⇒ Object (readonly)

A Discovery Connector is a configuration object for performing Resource Scans in remote systems such as AWS, GCP, Azure, and other systems.

See SDM::SnapshotDiscoveryConnectors.

# File 'lib/strongdm.rb', line 752

def discovery_connectors
  @discovery_connectors
end

#granted_account_entitlements ⇒ Object (readonly)

GrantedAccountEntitlements enumerates the resources to which an account has been granted access. The GrantedAccountEntitlements service is read-only.

See SDM::SnapshotGrantedAccountEntitlements.

# File 'lib/strongdm.rb', line 757

def granted_account_entitlements
  @granted_account_entitlements
end

#granted_resource_entitlements ⇒ Object (readonly)

GrantedResourceEntitlements enumerates the accounts that have been granted access to a given resource. The GrantedResourceEntitlements service is read-only.

See SDM::SnapshotGrantedResourceEntitlements.

# File 'lib/strongdm.rb', line 762

def granted_resource_entitlements
  @granted_resource_entitlements
end

#granted_role_entitlements ⇒ Object (readonly)

GrantedRoleEntitlements enumerates the resources to which a role grants access. The GrantedRoleEntitlements service is read-only.

See SDM::SnapshotGrantedRoleEntitlements.

# File 'lib/strongdm.rb', line 767

def granted_role_entitlements
  @granted_role_entitlements
end

#groups ⇒ Object (readonly)

A Group is a set of principals.

See SDM::SnapshotGroups.

# File 'lib/strongdm.rb', line 777

def groups
  @groups
end

#groups_roles ⇒ Object (readonly)

A GroupRole is an assignment of a Group to a Role.

See SDM::SnapshotGroupsRoles.

# File 'lib/strongdm.rb', line 781

def groups_roles
  @groups_roles
end

#identity_aliases ⇒ Object (readonly)

IdentityAliases assign an alias to an account within an IdentitySet. The alias is used as the username when connecting to a identity supported resource.

See SDM::SnapshotIdentityAliases.

# File 'lib/strongdm.rb', line 786

def identity_aliases
  @identity_aliases
end

#identity_sets ⇒ Object (readonly)

A IdentitySet is a named grouping of Identity Aliases for Accounts. An Account's relationship to a IdentitySet is defined via IdentityAlias objects.

See SDM::SnapshotIdentitySets.

# File 'lib/strongdm.rb', line 791

def identity_sets
  @identity_sets
end

#nodes ⇒ Object (readonly)

Nodes make up the StrongDM network, and allow your users to connect securely to your resources. There are three types of nodes:

1. Relay: creates connectivity to your datasources, while maintaining the egress-only nature of your firewall
2. Gateway: a relay that also listens for connections from StrongDM clients
3. Proxy Cluster: a cluster of workers that together mediate access from clients to resources

See SDM::SnapshotNodes.

# File 'lib/strongdm.rb', line 799

def nodes
  @nodes
end

#policies ⇒ Object (readonly)

Policies are the collection of one or more statements that enforce fine-grained access control for the users of an organization.

See SDM::SnapshotPolicies.

# File 'lib/strongdm.rb', line 804

def policies
  @policies
end

#proxy_cluster_keys ⇒ Object (readonly)

Proxy Cluster Keys are authentication keys for all proxies within a cluster. The proxies within a cluster share the same key. One cluster can have multiple keys in order to facilitate key rotation.

See SDM::SnapshotProxyClusterKeys.

# File 'lib/strongdm.rb', line 810

def proxy_cluster_keys
  @proxy_cluster_keys
end

#remote_identities ⇒ Object (readonly)

RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.

See SDM::SnapshotRemoteIdentities.

# File 'lib/strongdm.rb', line 814

def remote_identities
  @remote_identities
end

#remote_identity_groups ⇒ Object (readonly)

A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts. An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.

See SDM::SnapshotRemoteIdentityGroups.

# File 'lib/strongdm.rb', line 819

def remote_identity_groups
  @remote_identity_groups
end

#requestable_account_entitlements ⇒ Object (readonly)

RequestableAccountEntitlements enumerates the resources that an account is permitted to request access to. The RequestableAccountEntitlements service is read-only.

See SDM::SnapshotRequestableAccountEntitlements.

# File 'lib/strongdm.rb', line 824

def requestable_account_entitlements
  @requestable_account_entitlements
end

#requestable_resource_entitlements ⇒ Object (readonly)

RequestableResourceEntitlements enumerates the accounts that are permitted to request access to a given resource. The RequestableResourceEntitlements service is read-only.

See SDM::SnapshotRequestableResourceEntitlements.

# File 'lib/strongdm.rb', line 829

def requestable_resource_entitlements
  @requestable_resource_entitlements
end

#requestable_role_entitlements ⇒ Object (readonly)

RequestableRoleEntitlements enumerates the resources that a role permits its members to request access to. The RequestableRoleEntitlements service is read-only.

See SDM::SnapshotRequestableRoleEntitlements.

# File 'lib/strongdm.rb', line 834

def requestable_role_entitlements
  @requestable_role_entitlements
end

#resources ⇒ Object (readonly)

Resources are databases, servers, clusters, websites, or clouds that strongDM delegates access to.

See SDM::SnapshotResources.

# File 'lib/strongdm.rb', line 839

def resources
  @resources
end

#role_resources ⇒ Object (readonly)

RoleResources enumerates the resources to which roles have access. The RoleResources service is read-only.

See SDM::SnapshotRoleResources.

# File 'lib/strongdm.rb', line 844

def role_resources
  @role_resources
end

#roles ⇒ Object (readonly)

A Role has a list of access rules which determine which Resources the members of the Role have access to. An Account can be a member of multiple Roles via AccountAttachments.

See SDM::SnapshotRoles.

# File 'lib/strongdm.rb', line 773

def roles
  @roles
end

#secret_stores ⇒ Object (readonly)

SecretStores are servers where resource secrets (passwords, keys) are stored.

See SDM::SnapshotSecretStores.

# File 'lib/strongdm.rb', line 848

def secret_stores
  @secret_stores
end

#workflow_approvers ⇒ Object (readonly)

WorkflowApprovers is an account or a role with the ability to approve requests bound to a workflow.

See SDM::SnapshotWorkflowApprovers.

# File 'lib/strongdm.rb', line 852

def workflow_approvers
  @workflow_approvers
end

#workflow_roles ⇒ Object (readonly)

WorkflowRole links a role to a workflow. The linked roles indicate which roles a user must be a part of to request access to a resource via the workflow.

See SDM::SnapshotWorkflowRoles.

# File 'lib/strongdm.rb', line 857

def workflow_roles
  @workflow_roles
end

#workflows ⇒ Object (readonly)

Workflows are the collection of rules that define the resources to which access can be requested, the users that can request that access, and the mechanism for approving those requests which can either be automatic approval or a set of users authorized to approve the requests.

See SDM::SnapshotWorkflows.

# File 'lib/strongdm.rb', line 863

def workflows
  @workflows
end