strongdm
diff --git a/‎com/strongdm/api/Client.java‎
Lines changed: 36 additions & 0 deletions b/‎com/strongdm/api/Client.java‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎com/strongdm/api/GrantedAccountEntitlement.java‎
Lines changed: 82 additions & 0 deletions b/‎com/strongdm/api/GrantedAccountEntitlement.java‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎com/strongdm/api/GrantedAccountEntitlements.java‎
Lines changed: 125 additions & 0 deletions b/‎com/strongdm/api/GrantedAccountEntitlements.java‎
Lines changed: 125 additions & 0 deletions
diff --git a/‎com/strongdm/api/GrantedEntitlementKubernetesPrivileges.java‎
Lines changed: 36 additions & 0 deletions b/‎com/strongdm/api/GrantedEntitlementKubernetesPrivileges.java‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎com/strongdm/api/GrantedResourceEntitlement.java‎
Lines changed: 82 additions & 0 deletions b/‎com/strongdm/api/GrantedResourceEntitlement.java‎
Lines changed: 82 additions & 0 deletions
@@ -241,6 +241,36 @@ public DiscoveryConnectors discoveryConnectors() {
     return this.discoveryConnectors;
   }
 
+  protected final GrantedAccountEntitlements grantedAccountEntitlements;
+
+  /**
+   * GrantedAccountEntitlements enumerates the resources to which an account has been granted
+   * access. The GrantedAccountEntitlements service is read-only.
+   */
+  public GrantedAccountEntitlements grantedAccountEntitlements() {
+    return this.grantedAccountEntitlements;
+  }
+
+  protected final GrantedResourceEntitlements grantedResourceEntitlements;
+
+  /**
+   * GrantedResourceEntitlements enumerates the accounts that have been granted access to a given
+   * resource. The GrantedResourceEntitlements service is read-only.
+   */
+  public GrantedResourceEntitlements grantedResourceEntitlements() {
+    return this.grantedResourceEntitlements;
+  }
+
+  protected final GrantedRoleEntitlements grantedRoleEntitlements;
+
+  /**
+   * GrantedRoleEntitlements enumerates the resources to which a role grants access. The
+   * GrantedRoleEntitlements service is read-only.
+   */
+  public GrantedRoleEntitlements grantedRoleEntitlements() {
+    return this.grantedRoleEntitlements;
+  }
+
   protected final Roles roles;
 
   /**
@@ -649,6 +679,9 @@ private Client(Client client) {
     this.approvalWorkflowsHistory = new ApprovalWorkflowsHistory(this.channel, this);
     this.controlPanel = new ControlPanel(this.channel, this);
     this.discoveryConnectors = new DiscoveryConnectors(this.channel, this);
+    this.grantedAccountEntitlements = new GrantedAccountEntitlements(this.channel, this);
+    this.grantedResourceEntitlements = new GrantedResourceEntitlements(this.channel, this);
+    this.grantedRoleEntitlements = new GrantedRoleEntitlements(this.channel, this);
     this.roles = new Roles(this.channel, this);
     this.groups = new Groups(this.channel, this);
     this.groupsHistory = new GroupsHistory(this.channel, this);
@@ -737,6 +770,9 @@ public Client(String apiAccessKey, String apiSecretKey, ClientOptions options)
       this.approvalWorkflowsHistory = new ApprovalWorkflowsHistory(this.channel, this);
       this.controlPanel = new ControlPanel(this.channel, this);
       this.discoveryConnectors = new DiscoveryConnectors(this.channel, this);
+      this.grantedAccountEntitlements = new GrantedAccountEntitlements(this.channel, this);
+      this.grantedResourceEntitlements = new GrantedResourceEntitlements(this.channel, this);
+      this.grantedRoleEntitlements = new GrantedRoleEntitlements(this.channel, this);
       this.roles = new Roles(this.channel, this);
       this.groups = new Groups(this.channel, this);
       this.groupsHistory = new GroupsHistory(this.channel, this);
 
@@ -0,0 +1,82 @@
+// Copyright 2020 StrongDM Inc
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// Code generated by protogen. DO NOT EDIT.
+
+package com.strongdm.api;
+
+import java.util.Date;
+
+/**
+ * GrantedAccountEntitlement represents an individual entitlement of an Account to a Resource that
+ * has been granted.
+ */
+public class GrantedAccountEntitlement {
+  private String groupId;
+  /** The unique identifier of the group associated with this entitlement, if any. */
+  public String getGroupId() {
+    return this.groupId;
+  }
+  /** The unique identifier of the group associated with this entitlement, if any. */
+  public void setGroupId(String in) {
+    this.groupId = in;
+  }
+
+  private Date lastAccessed;
+  /**
+   * The most recent time at which the account accessed this resource. Empty if the resource has
+   * never been accessed.
+   */
+  public Date getLastAccessed() {
+    return this.lastAccessed;
+  }
+  /**
+   * The most recent time at which the account accessed this resource. Empty if the resource has
+   * never been accessed.
+   */
+  public void setLastAccessed(Date in) {
+    this.lastAccessed = in;
+  }
+
+  private MappedIdentities mappedIdentities;
+  /** The mapped identity privileges for this entitlement, such as Kubernetes group memberships. */
+  public MappedIdentities getMappedIdentities() {
+    return this.mappedIdentities;
+  }
+  /** The mapped identity privileges for this entitlement, such as Kubernetes group memberships. */
+  public void setMappedIdentities(MappedIdentities in) {
+    this.mappedIdentities = in;
+  }
+
+  private String originId;
+  /** The unique identifier of the origin of this entitlement (e.g., a Role or AccountGrant ID). */
+  public String getOriginId() {
+    return this.originId;
+  }
+  /** The unique identifier of the origin of this entitlement (e.g., a Role or AccountGrant ID). */
+  public void setOriginId(String in) {
+    this.originId = in;
+  }
+
+  private String resourceId;
+  /** The unique identifier of the Resource to which access is granted. */
+  public String getResourceId() {
+    return this.resourceId;
+  }
+  /** The unique identifier of the Resource to which access is granted. */
+  public void setResourceId(String in) {
+    this.resourceId = in;
+  }
+}
@@ -0,0 +1,125 @@
+// Copyright 2020 StrongDM Inc
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// Code generated by protogen. DO NOT EDIT.
+
+package com.strongdm.api;
+
+import com.strongdm.api.plumbing.GrantedAccountEntitlementsGrpc;
+import com.strongdm.api.plumbing.GrantedAccountEntitlementsPlumbing;
+import com.strongdm.api.plumbing.PageIterator;
+import com.strongdm.api.plumbing.PageResult;
+import com.strongdm.api.plumbing.Plumbing;
+import com.strongdm.api.plumbing.Spec.ListRequestMetadata;
+import io.grpc.Deadline;
+import io.grpc.ManagedChannel;
+import java.util.Iterator;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Supplier;
+
+/**
+ * GrantedAccountEntitlements enumerates the resources to which an account has been granted access.
+ * The GrantedAccountEntitlements service is read-only.
+ */
+public class GrantedAccountEntitlements implements SnapshotGrantedAccountEntitlements {
+  private final GrantedAccountEntitlementsGrpc.GrantedAccountEntitlementsBlockingStub stub;
+  private final Client parent;
+  private final Deadline deadline;
+
+  public GrantedAccountEntitlements(ManagedChannel channel, Client client) {
+    this.stub = GrantedAccountEntitlementsGrpc.newBlockingStub(channel);
+    this.parent = client;
+    this.deadline = null;
+  }
+
+  private GrantedAccountEntitlements(
+      GrantedAccountEntitlementsGrpc.GrantedAccountEntitlementsBlockingStub stub,
+      Client client,
+      Deadline deadline) {
+    this.stub = stub;
+    this.parent = client;
+    this.deadline = deadline;
+  }
+
+  /**
+   * This function returns a copy of the GrantedAccountEntitlements service which has the given
+   * deadline set for all method calls.
+   */
+  public GrantedAccountEntitlements withDeadlineAfter(long duration, TimeUnit units) {
+    Deadline deadline = Deadline.after(duration, units);
+    return new GrantedAccountEntitlements(this.stub.withDeadline(deadline), this.parent, deadline);
+  }
+  /** List gets a list of GrantedAccountEntitlement records matching a given set of criteria. */
+  public Iterable<GrantedAccountEntitlement> list(String accountId, String filter, Object... args)
+      throws RpcException {
+    GrantedAccountEntitlementsPlumbing.GrantedAccountEntitlementListRequest.Builder builder =
+        GrantedAccountEntitlementsPlumbing.GrantedAccountEntitlementListRequest.newBuilder();
+    builder.setAccountId((accountId));
+    builder.setFilter(Plumbing.quoteFilterArgs(filter, args));
+    ListRequestMetadata.Builder metaBuilder = ListRequestMetadata.newBuilder();
+    if (this.parent.pageLimit > 0) {
+      metaBuilder.setLimit(this.parent.pageLimit);
+    }
+    if (this.parent.snapshotDate != null) {
+      metaBuilder.setSnapshotAt(Plumbing.convertTimestampToPlumbing(this.parent.snapshotDate));
+    }
+    builder.setMeta(metaBuilder);
+
+    Supplier<PageResult<GrantedAccountEntitlement>> pageFetcher =
+        () -> {
+          // Note: this closure captures and reuses the builder to set the next page
+          GrantedAccountEntitlementsPlumbing.GrantedAccountEntitlementListRequest req =
+              builder.build();
+          GrantedAccountEntitlementsPlumbing.GrantedAccountEntitlementListResponse plumbingResponse;
+          int tries = 0;
+          while (true) {
+            try {
+              plumbingResponse =
+                  this.stub
+                      .withCallCredentials(
+                          this.parent.getCallCredentials("GrantedAccountEntitlements.List", req))
+                      .list(req);
+            } catch (Exception e) {
+              if (this.parent.shouldRetry(tries, e, this.deadline)) {
+                tries++;
+                try {
+                  Thread.sleep(this.parent.exponentialBackoff(tries, this.deadline));
+                } catch (Exception ignored) {
+                }
+                continue;
+              }
+              throw Plumbing.convertExceptionToPorcelain(e);
+            }
+            break;
+          }
+
+          List<GrantedAccountEntitlement> page =
+              Plumbing.convertRepeatedGrantedAccountEntitlementToPorcelain(
+                  plumbingResponse.getGrantedAccountEntitlementsList());
+
+          boolean hasNextCursor = plumbingResponse.getMeta().getNextCursor() != "";
+          builder.setMeta(
+              ListRequestMetadata.newBuilder()
+                  .setCursor(plumbingResponse.getMeta().getNextCursor()));
+
+          return new PageResult<GrantedAccountEntitlement>(page, hasNextCursor);
+        };
+
+    Iterator<GrantedAccountEntitlement> iterator = new PageIterator<>(pageFetcher);
+
+    return () -> iterator;
+  }
+}
@@ -0,0 +1,36 @@
+// Copyright 2020 StrongDM Inc
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// Code generated by protogen. DO NOT EDIT.
+
+package com.strongdm.api;
+
+import java.util.List;
+
+/**
+ * GrantedEntitlementKubernetesPrivileges holds Kubernetes group memberships for a granted
+ * entitlement.
+ */
+public class GrantedEntitlementKubernetesPrivileges {
+  private List<String> groups;
+  /** The Kubernetes groups granted to this principal for this resource. */
+  public List<String> getGroups() {
+    return this.groups;
+  }
+  /** The Kubernetes groups granted to this principal for this resource. */
+  public void setGroups(List<String> in) {
+    this.groups = in;
+  }
+}
@@ -0,0 +1,82 @@
+// Copyright 2020 StrongDM Inc
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// Code generated by protogen. DO NOT EDIT.
+
+package com.strongdm.api;
+
+import java.util.Date;
+
+/**
+ * GrantedResourceEntitlement represents an individual entitlement of an Account to a Resource,
+ * viewed from the resource's perspective.
+ */
+public class GrantedResourceEntitlement {
+  private String accountId;
+  /** The unique identifier of the Account that has access to this resource. */
+  public String getAccountId() {
+    return this.accountId;
+  }
+  /** The unique identifier of the Account that has access to this resource. */
+  public void setAccountId(String in) {
+    this.accountId = in;
+  }
+
+  private String groupId;
+  /** The unique identifier of the group associated with this entitlement, if any. */
+  public String getGroupId() {
+    return this.groupId;
+  }
+  /** The unique identifier of the group associated with this entitlement, if any. */
+  public void setGroupId(String in) {
+    this.groupId = in;
+  }
+
+  private Date lastAccessed;
+  /**
+   * The most recent time at which the account accessed this resource. Empty if the resource has
+   * never been accessed.
+   */
+  public Date getLastAccessed() {
+    return this.lastAccessed;
+  }
+  /**
+   * The most recent time at which the account accessed this resource. Empty if the resource has
+   * never been accessed.
+   */
+  public void setLastAccessed(Date in) {
+    this.lastAccessed = in;
+  }
+
+  private MappedIdentities mappedIdentities;
+  /** The mapped identity privileges for this entitlement, such as Kubernetes group memberships. */
+  public MappedIdentities getMappedIdentities() {
+    return this.mappedIdentities;
+  }
+  /** The mapped identity privileges for this entitlement, such as Kubernetes group memberships. */
+  public void setMappedIdentities(MappedIdentities in) {
+    this.mappedIdentities = in;
+  }
+
+  private String originId;
+  /** The unique identifier of the origin of this entitlement (e.g., a Role or AccountGrant ID). */
+  public String getOriginId() {
+    return this.originId;
+  }
+  /** The unique identifier of the origin of this entitlement (e.g., a Role or AccountGrant ID). */
+  public void setOriginId(String in) {
+    this.originId = in;
+  }
+}