### Install strongDM SDK Source: https://github.com/strongdm/strongdm-sdk-python/blob/master/README.md Install the strongDM SDK using pip. It's recommended to pin your dependency to a specific major version. ```bash pip install strongdm ``` -------------------------------- ### Install and Authenticate strongDM SDK Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Install the SDK using pip and set your API credentials as environment variables. Ensure these variables are set before initializing the client. ```bash pip install strongdm export SDM_API_ACCESS_KEY= export SDM_API_SECRET_KEY= ``` -------------------------------- ### Get a Resource by ID Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Fetches a specific resource using its unique identifier. This is useful for retrieving details of a known resource. ```python response = client.resources.get("rs-12345678") resource = response.resource print(f"Resource: {resource.name}") ``` -------------------------------- ### Get a Role by ID Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Fetches a specific role using its unique identifier. This is useful for inspecting or modifying an existing role. ```python response = client.roles.get("r-12345678") role = response.role ``` -------------------------------- ### Get a Specific Node Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Fetches details for a particular node using its ID. This is useful for inspecting the configuration or status of a node. ```python response = client.nodes.get("n-12345678") node = response.node ``` -------------------------------- ### Initialize strongDM Client Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Initialize the Client class with API credentials from environment variables. Optional parameters allow for custom host configuration, enabling retry logic for rate limit errors, and setting page limits for results. ```python import os import strongdm # Initialize the client with credentials from environment variables client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) ``` ```python # Optional: Configure custom host for on-premise deployments client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY"), host='custom.strongdm.com:443', retry_rate_limit_errors=True, page_limit=100 # Limit results per page ) ``` ```python # Always close the client when done try: # ... perform operations pass finally: client.close() ``` -------------------------------- ### Create a Gateway Node Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Configures a gateway node, which listens for client connections and mediates access to resources. Requires specifying listen and bind addresses. ```python gateway = strongdm.Gateway( name="office-gateway-01", listen_address="0.0.0.0:5000", bind_address="0.0.0.0:5001", tags={"location": "headquarters"} ) response = client.nodes.create(gateway) print(f"Gateway ID: {response.node.id}") print(f"Gateway Token: {response.token}") ``` -------------------------------- ### Manage strongDM Resources Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Create various types of resources such as PostgreSQL, Redis, and SSH. Each resource type requires specific connection details and can be tagged for organization. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) ``` ```python # Create a PostgreSQL resource postgres = strongdm.Postgres( name="Production Database", hostname="db.example.com", port=5432, database="myapp", username="app_user", password="secret_password", tags={"env": "production", "region": "us-west-2"} ) response = client.resources.create(postgres) print(f"Created resource: {response.resource.id}") ``` ```python # Create a Redis resource redis = strongdm.Redis( name="Session Cache Server", hostname="redis.example.com", port=6379, port_override=4020, tags={"env": "dev", "region": "us-west"} ) response = client.resources.create(redis) ``` ```python # Create an SSH resource ssh = strongdm.SSH( name="Web Server", hostname="web01.example.com", port=22, username="admin", tags={"env": "staging", "type": "webserver"} ) response = client.resources.create(ssh) ``` -------------------------------- ### List Resources by Type Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Filters resources by their type, such as 'postgres' or 'mysql', to find all instances of a specific database technology. ```python for resource in client.resources.list('type:postgres'): print(f"PostgreSQL: {resource.name}") ``` -------------------------------- ### Manage Groups and Memberships Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Create groups, assign accounts to groups, and link groups to roles. Use the accounts_groups service to manage membership and list existing members. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) # Create a group group = strongdm.Group( name="Backend Engineers", tags={"department": "engineering", "team": "backend"} ) response = client.groups.create(group) print(f"Created group: {response.group.id}") # List all groups for group in client.groups.list(''): print(f"Group: {group.name} ({group.id})") # Add account to group account_group = strongdm.AccountGroup( account_id="a-12345678", group_id="g-87654321" ) response = client.accounts_groups.create(account_group) # Assign group to role group_role = strongdm.GroupRole( group_id="g-12345678", role_id="r-87654321" ) response = client.groups_roles.create(group_role) # List accounts in a group for membership in client.accounts_groups.list('group_id:g-12345678'): print(f"Member account: {membership.account_id}") client.close() ``` -------------------------------- ### Create a Relay Node Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Sets up a new relay node, which is responsible for connecting strongDM to your on-premises or cloud resources. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) relay = strongdm.Relay( name="datacenter-relay-01", tags={"location": "us-west", "datacenter": "dc1"} ) response = client.nodes.create(relay) print(f"Relay ID: {response.node.id}") print(f"Relay Token: {response.token}") ``` -------------------------------- ### List All Resources Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Retrieves a list of all resources managed by strongDM. This is useful for an overview of your infrastructure. ```python for resource in client.resources.list(''): print(f"Resource: {resource.name} ({resource.id})") ``` -------------------------------- ### Manage strongDM Accounts Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Create, list, retrieve, update, and delete user and service accounts. Human users can be created with email, first name, last name, and tags. Service accounts are created with a name and tags, and their credentials are returned upon creation. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) ``` ```python # Create a new user account user = strongdm.User( email="alice@example.com", first_name="Alice", last_name="Smith", tags={"department": "engineering", "team": "backend"} ) response = client.accounts.create(user) print(f"Created user: {response.account.id}") ``` ```python # Create a service account service = strongdm.Service( name="ci-cd-pipeline", tags={"environment": "production", "service": "deployment"} ) response = client.accounts.create(service) print(f"Service account token: {response.token}") print(f"Access key: {response.access_key}") print(f"Secret key: {response.secret_key}") ``` ```python # List all accounts for account in client.accounts.list(''): print(f"Account: {account.id} - {account}") ``` ```python # List accounts with filter for account in client.accounts.list('email:*@example.com'): print(f"Example.com user: {account}") ``` ```python # Get a specific account by ID response = client.accounts.get("a-12345678") account = response.account print(f"Account details: {account}") ``` ```python # Update an account account.tags["role"] = "admin" response = client.accounts.update(account) print(f"Updated account: {response.account.id}") ``` ```python # Delete an account client.accounts.delete("a-12345678") ``` ```python client.close() ``` -------------------------------- ### Create a Kubernetes Cluster Resource Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Use this to create a new Kubernetes resource in strongDM. Ensure you have the necessary certificate and key information. ```python k8s = strongdm.Kubernetes( name="Production Cluster", hostname="k8s.example.com", port=443, certificate_authority="-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----", client_certificate="-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----", client_key="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----", tags={"env": "production", "cluster": "main"} ) response = client.resources.create(k8s) ``` -------------------------------- ### List All Registered Users Source: https://github.com/strongdm/strongdm-sdk-python/blob/master/README.md This Python script lists all registered users in your strongDM environment. Ensure API keys are set as environment variables. ```python import os import strongdm def main(): client = strongdm.Client(os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY")) users = client.accounts.list('') for user in users: print(user) if __name__ == "__main__": main() ``` -------------------------------- ### Set strongDM API Keys Source: https://github.com/strongdm/strongdm-sdk-python/blob/master/README.md Set your strongDM API access and secret keys as environment variables. The SDK requires these for authentication. ```bash export SDM_API_ACCESS_KEY= export SDM_API_SECRET_KEY= ``` -------------------------------- ### Create a Role with Static Resource IDs Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Creates a role that grants access only to a specific list of resource IDs. Use this for highly controlled, explicit access. ```python role = strongdm.Role( name="Specific Access", access_rules=[ {"ids": ["rs-12345678", "rs-87654321"]}, ], ) response = client.roles.create(role) ``` -------------------------------- ### Manage Access Workflows Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Create, list, update, and delete access workflows, and manage their associated approvers and roles. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) # Create an access workflow with auto-approval workflow = strongdm.Workflow( name="Dev Environment Access", description="Auto-approved access to development resources", auto_grant=True, access_rules=[ {"tags": {"env": "dev"}} ] ) response = client.workflows.create(workflow) print(f"Created workflow: {response.workflow.id}") # Create a workflow requiring manual approval workflow = strongdm.Workflow( name="Production Access Request", description="Requires manager approval for production access", auto_grant=False, access_rules=[ {"tags": {"env": "production"}} ] ) response = client.workflows.create(workflow) # List all workflows for workflow in client.workflows.list(''): print(f"Workflow: {workflow.name} ({workflow.id})") # Get a workflow response = client.workflows.get("w-12345678") workflow = response.workflow # Update a workflow workflow.description = "Updated description" response = client.workflows.update(workflow) # Delete a workflow client.workflows.delete("w-12345678") # Add workflow approvers approver = strongdm.WorkflowApprover( workflow_id="w-12345678", account_id="a-87654321" # User who can approve requests ) response = client.workflow_approvers.create(approver) # Link roles to workflows (users in these roles can request access) workflow_role = strongdm.WorkflowRole( workflow_id="w-12345678", role_id="r-12345678" ) response = client.workflow_roles.create(workflow_role) client.close() ``` -------------------------------- ### Create Role with Dynamic Access Rules Source: https://github.com/strongdm/strongdm-sdk-python/wiki/Migrating-from-Role-Grants-to-Access-Rules Grant resources access based on type and tags. This is the recommended approach for dynamic access control. ```python role = strongdm.Role( name = "Engineering", access_rules = [ # grant access to all dev environment resources in us-west { "tags": { "region": "us-west", "env": "dev", }, }, # grant access to all postgres resources { "type": "postgres", }, # grant access to all redis resources in us-east { "type": "redis", "tags": { "region": "us-east", }, }, ], ) role = client.roles.create(role).role ``` -------------------------------- ### Query Historical Snapshots Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Access historical state of accounts, resources, and roles by creating a snapshot client for a specific point in time. ```python import os from datetime import datetime, timezone, timedelta import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) # Create a snapshot client for a specific point in time snapshot_time = datetime.now(timezone.utc) - timedelta(days=7) snapshot_client = client.snapshot_at(snapshot_time) # Query accounts as they existed one week ago for account in snapshot_client.accounts.list(''): print(f"Account (7 days ago): {account}") # Query resources as they existed one week ago for resource in snapshot_client.resources.list(''): print(f"Resource (7 days ago): {resource.name}") # Query roles as they existed one week ago for role in snapshot_client.roles.list(''): print(f"Role (7 days ago): {role.name}") client.close() ``` -------------------------------- ### Create a Role with Dynamic Access Rules Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Defines a role with access rules based on resource types and tags. This allows for dynamic granting of permissions. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) role = strongdm.Role( name="Engineering", access_rules=[ { "tags": { "region": "us-west", "env": "dev", }, }, { "type": "postgres", }, { "type": "redis", "tags": { "region": "us-east", }, }, ], ) response = client.roles.create(role) print(f"Created role: {response.role.id}") ``` -------------------------------- ### List Resources by Tag Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Filters resources based on specific tags, allowing you to find resources belonging to a particular environment or group. ```python for resource in client.resources.list('tags.env:production'): print(f"Production resource: {resource.name}") ``` -------------------------------- ### List All Roles Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Retrieves a list of all defined roles within strongDM. Useful for auditing and managing role assignments. ```python for role in client.roles.list(''): print(f"Role: {role.name} ({role.id})") ``` -------------------------------- ### List All Nodes Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Retrieves a list of all nodes (gateways and relays) in your strongDM network. Useful for monitoring network infrastructure. ```python for node in client.nodes.list(''): print(f"Node: {node.name} ({node.id})") ``` -------------------------------- ### Enumerate Resource Tags Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Lists all unique tags across all resources. This can help in understanding how resources are categorized. ```python for tag in client.resources.enumerate_tags(''): print(f"Tag: {tag}") ``` -------------------------------- ### Attach an Account to a Role Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Assigns a user account to a specific role, granting them the permissions defined by that role. ```python attachment = strongdm.AccountAttachment( account_id="a-12345678", role_id="r-87654321" ) response = client.account_attachments.create(attachment) print(f"Created attachment: {response.account_attachment.id}") ``` -------------------------------- ### List Account Attachments Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Retrieves a list of all account-to-role assignments. This is useful for auditing user permissions. ```python for attachment in client.account_attachments.list('account_id:a-12345678'): print(f"Attachment: {attachment.id}") ``` -------------------------------- ### List Only Gateways Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Filters the list of nodes to show only gateway instances. This helps in managing and monitoring gateway-specific configurations. ```python for node in client.nodes.list('type:gateway'): print(f"Gateway: {node.name}") ``` -------------------------------- ### Load Access Rules from JSON Source: https://github.com/strongdm/strongdm-sdk-python/wiki/Migrating-from-Role-Grants-to-Access-Rules Load access rules from a JSON string. This allows for programmatic definition of complex access rules. ```python import json access_rules_json = '''[ { "type": "postgres", "tags": {"env": "prod"} }, { "ids": ["rs-1234"] } ]''' role.access_rules = json.loads(access_rules_json) # ... ``` -------------------------------- ### Handle SDK Errors Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Implement precise error handling using specific exception types provided by the strongdm.errors module. ```python import os import strongdm from strongdm import errors client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) try: response = client.accounts.get("a-nonexistent") except errors.NotFoundError as e: print(f"Account not found: {e.msg}") except errors.AuthenticationError as e: print(f"Authentication failed: {e.msg}") except errors.PermissionError as e: print(f"Permission denied: {e.msg}") except errors.BadRequestError as e: print(f"Invalid request: {e.msg}") except errors.AlreadyExistsError as e: print(f"Resource already exists: {e.msg}") except errors.RateLimitError as e: print(f"Rate limited: {e.msg}") print(f"Rate limit info: {e.rate_limit}") except errors.TimeoutError: print("Request timed out") except errors.InternalError as e: print(f"Internal error: {e.msg}") except errors.RPCError as e: print(f"RPC error (code {e.code}): {e.msg}") client.close() ``` -------------------------------- ### Audit Resource Queries Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Retrieve read-only logs of client resource interactions, filterable by resource, account, or timestamp. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) # List recent queries for query in client.queries.list(''): print(f"Query: {query.id}") print(f" Resource: {query.resource_id}") print(f" Account: {query.account_id}") print(f" Duration: {query.duration}") # List queries for a specific resource for query in client.queries.list('resource_id:rs-12345678'): print(f"Resource query: {query.id}") # List queries by account for query in client.queries.list('account_id:a-12345678'): print(f"User query: {query.id}") # List queries with time filter for query in client.queries.list('timestamp:>2024-01-01T00:00:00Z'): print(f"Recent query: {query.id}") client.close() ``` -------------------------------- ### Update Role with Static Access Rules Source: https://github.com/strongdm/strongdm-sdk-python/wiki/Migrating-from-Role-Grants-to-Access-Rules Grant access to specific resources by ID, similar to deprecated Role Grants. Use this only if necessary. ```python resource = client.resources.get(resource_id).resource role = client.roles.get(role_id).role role.access_rules = [ { "ids": [resource.id] }, ] role = client.roles.update(role).role ``` -------------------------------- ### List Access Requests Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Retrieve lists of access requests, including pending requests and history, filtered by account. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) # List access requests for request in client.access_requests.list(''): print(f"Request: {request.id} - Status: {request}") # List pending access requests for request in client.access_requests.list('status:pending'): print(f"Pending request: {request.id}") # List access requests for a specific account for request in client.access_requests.list('account_id:a-12345678'): print(f"Request: {request.id}") # Get access request history for history in client.access_requests_history.list(''): print(f"History: {history}") client.close() ``` -------------------------------- ### Create Role Grant (Deprecated) Source: https://github.com/strongdm/strongdm-sdk-python/wiki/Migrating-from-Role-Grants-to-Access-Rules Use this method to grant a role access to specific resources by ID. This method is deprecated. ```python role = strongdm.Role(name = "Engineering") role = client.roles.create(role).role resource = strongdm.Redis( name = "Session Cache Server", hostname = "example.com", port = 6379, port_override = 4020, tags = {"env": "dev", "region": "us-west"}, ) resource = client.resources.create(resource).resource role_grant = strongdm.RoleGrant( role_id = role.id, resource_id = resource.id, ) role_grant = client.role_grants.create(role_grant).role_grant ``` -------------------------------- ### Update a Resource Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Modifies an existing resource, such as updating its tags. Ensure you have the resource object before attempting an update. ```python resource.tags["updated"] = "true" response = client.resources.update(resource) ``` -------------------------------- ### Manage Account Grants Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Assign resources directly to accounts using AccountGrant. Note that this bypasses standard role-based access rules. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) # Create a direct grant from account to resource grant = strongdm.AccountGrant( account_id="a-12345678", resource_id="rs-87654321" ) response = client.account_grants.create(grant) print(f"Created grant: {response.account_grant.id}") # List grants for an account for grant in client.account_grants.list('account_id:a-12345678'): print(f"Grant: {grant.id} -> Resource: {grant.resource_id}") # List grants for a resource for grant in client.account_grants.list('resource_id:rs-87654321'): print(f"Grant: {grant.id} -> Account: {grant.account_id}") ``` -------------------------------- ### Delete a Resource Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Removes a resource from strongDM using its ID. This action is irreversible. ```python client.resources.delete("rs-12345678") ``` -------------------------------- ### Audit System Activities Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Retrieve read-only logs of system activities, filterable by time, actor, or entity type. ```python import os import strongdm client = strongdm.Client( os.getenv("SDM_API_ACCESS_KEY"), os.getenv("SDM_API_SECRET_KEY") ) # List recent activities (defaults to one week) for activity in client.activities.list(''): print(f"Activity: {activity.id}") print(f" Actor: {activity.actor}") print(f" Description: {activity.description}") # List activities with time filter for activity in client.activities.list('after:2024-01-01T00:00:00Z before:2024-01-31T23:59:59Z'): print(f"January activity: {activity.id}") # List activities by actor for activity in client.activities.list('actor_id:a-12345678'): print(f"User activity: {activity.description}") # List activities by type for activity in client.activities.list('entity_type:user'): print(f"User-related activity: {activity.description}") # Get a specific activity response = client.activities.get("activity-12345678") activity = response.activity print(f"Activity details: {activity}") client.close() ``` -------------------------------- ### Update a Node Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Modifies an existing node, such as updating its tags. This allows for dynamic adjustments to node configurations. ```python node.tags["updated"] = "true" response = client.nodes.update(node) ``` -------------------------------- ### Delete an Account Attachment Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Removes an account from a role, revoking the permissions associated with that role for the user. ```python client.account_attachments.delete("aa-12345678") ``` -------------------------------- ### Delete a Role Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Removes a role from strongDM using its ID. Be cautious as this will revoke all associated permissions. ```python client.roles.delete("r-12345678") ``` -------------------------------- ### Update Role Access Rules Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Modifies the access rules for an existing role. This allows you to dynamically change permissions without recreating the role. ```python role.access_rules = [ {"type": "postgres", "tags": {"env": "prod"}}, {"ids": ["rs-1234"]} ] response = client.roles.update(role) ``` -------------------------------- ### Delete an account grant Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Removes a specific grant by its ID and closes the client connection. ```python client.account_grants.delete("ag-12345678") client.close() ``` -------------------------------- ### Delete a Node Source: https://context7.com/strongdm/strongdm-sdk-python/llms.txt Removes a node (gateway or relay) from strongDM using its ID. This action will disrupt connectivity managed by that node. ```python client.nodes.delete("n-12345678") ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.