@@ -61,6 +61,7 @@ type Client struct {
6161 userAgent string
6262 disableSigning bool
6363 pageLimit int
64+ snapshotAt time.Time
6465 dialer dialer
6566
6667 grpcConn * grpc.ClientConn
@@ -461,6 +462,138 @@ func (c *Client) SecretStoresHistory() *SecretStoresHistory {
461462 return c .secretStoresHistory
462463}
463464
465+ type SnapshotClient struct {
466+ client * Client
467+ }
468+
469+ // SnapshotAt constructs a read-only client that will provide historical data
470+ // from the provided timestamp.
471+ func (c * Client ) SnapshotAt (t time.Time ) * SnapshotClient {
472+ clientCopy := * c
473+ snapshotClient := & SnapshotClient {& clientCopy }
474+ snapshotClient .client .snapshotAt = t
475+ snapshotClient .client .accountAttachments = & AccountAttachments {
476+ client : plumbing .NewAccountAttachmentsClient (snapshotClient .client .grpcConn ),
477+ parent : snapshotClient .client ,
478+ }
479+ snapshotClient .client .accountGrants = & AccountGrants {
480+ client : plumbing .NewAccountGrantsClient (snapshotClient .client .grpcConn ),
481+ parent : snapshotClient .client ,
482+ }
483+ snapshotClient .client .accountPermissions = & AccountPermissions {
484+ client : plumbing .NewAccountPermissionsClient (snapshotClient .client .grpcConn ),
485+ parent : snapshotClient .client ,
486+ }
487+ snapshotClient .client .accountResources = & AccountResources {
488+ client : plumbing .NewAccountResourcesClient (snapshotClient .client .grpcConn ),
489+ parent : snapshotClient .client ,
490+ }
491+ snapshotClient .client .accounts = & Accounts {
492+ client : plumbing .NewAccountsClient (snapshotClient .client .grpcConn ),
493+ parent : snapshotClient .client ,
494+ }
495+ snapshotClient .client .nodes = & Nodes {
496+ client : plumbing .NewNodesClient (snapshotClient .client .grpcConn ),
497+ parent : snapshotClient .client ,
498+ }
499+ snapshotClient .client .remoteIdentities = & RemoteIdentities {
500+ client : plumbing .NewRemoteIdentitiesClient (snapshotClient .client .grpcConn ),
501+ parent : snapshotClient .client ,
502+ }
503+ snapshotClient .client .remoteIdentityGroups = & RemoteIdentityGroups {
504+ client : plumbing .NewRemoteIdentityGroupsClient (snapshotClient .client .grpcConn ),
505+ parent : snapshotClient .client ,
506+ }
507+ snapshotClient .client .resources = & Resources {
508+ client : plumbing .NewResourcesClient (snapshotClient .client .grpcConn ),
509+ parent : snapshotClient .client ,
510+ }
511+ snapshotClient .client .roleResources = & RoleResources {
512+ client : plumbing .NewRoleResourcesClient (snapshotClient .client .grpcConn ),
513+ parent : snapshotClient .client ,
514+ }
515+ snapshotClient .client .roles = & Roles {
516+ client : plumbing .NewRolesClient (snapshotClient .client .grpcConn ),
517+ parent : snapshotClient .client ,
518+ }
519+ snapshotClient .client .secretStores = & SecretStores {
520+ client : plumbing .NewSecretStoresClient (snapshotClient .client .grpcConn ),
521+ parent : snapshotClient .client ,
522+ }
523+ return snapshotClient
524+ }
525+
526+ // AccountAttachments assign an account to a role.
527+ func (c * SnapshotClient ) AccountAttachments () SnapshotAccountAttachments {
528+ return c .client .accountAttachments
529+ }
530+
531+ // AccountGrants assign a resource directly to an account, giving the account the permission to connect to that resource.
532+ func (c * SnapshotClient ) AccountGrants () SnapshotAccountGrants {
533+ return c .client .accountGrants
534+ }
535+
536+ // AccountPermissions records the granular permissions accounts have, allowing them to execute
537+ // relevant commands via StrongDM's APIs.
538+ func (c * SnapshotClient ) AccountPermissions () SnapshotAccountPermissions {
539+ return c .client .accountPermissions
540+ }
541+
542+ // AccountResources enumerates the resources to which accounts have access.
543+ // The AccountResources service is read-only.
544+ func (c * SnapshotClient ) AccountResources () SnapshotAccountResources {
545+ return c .client .accountResources
546+ }
547+
548+ // Accounts are users that have access to strongDM. There are two types of accounts:
549+ // 1. **Users:** humans who are authenticated through username and password or SSO.
550+ // 2. **Service Accounts:** machines that are authenticated using a service token.
551+ func (c * SnapshotClient ) Accounts () SnapshotAccounts {
552+ return c .client .accounts
553+ }
554+
555+ // Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes:
556+ // - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers.
557+ // - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections.
558+ func (c * SnapshotClient ) Nodes () SnapshotNodes {
559+ return c .client .nodes
560+ }
561+
562+ // RemoteIdentities assign a resource directly to an account, giving the account the permission to connect to that resource.
563+ func (c * SnapshotClient ) RemoteIdentities () SnapshotRemoteIdentities {
564+ return c .client .remoteIdentities
565+ }
566+
567+ // A RemoteIdentityGroup is a named grouping of Remote Identities for Accounts.
568+ // An Account's relationship to a RemoteIdentityGroup is defined via RemoteIdentity objects.
569+ func (c * SnapshotClient ) RemoteIdentityGroups () SnapshotRemoteIdentityGroups {
570+ return c .client .remoteIdentityGroups
571+ }
572+
573+ // Resources are databases, servers, clusters, websites, or clouds that strongDM
574+ // delegates access to.
575+ func (c * SnapshotClient ) Resources () SnapshotResources {
576+ return c .client .resources
577+ }
578+
579+ // RoleResources enumerates the resources to which roles have access.
580+ // The RoleResources service is read-only.
581+ func (c * SnapshotClient ) RoleResources () SnapshotRoleResources {
582+ return c .client .roleResources
583+ }
584+
585+ // A Role has a list of access rules which determine which Resources the members
586+ // of the Role have access to. An Account can be a member of multiple Roles via
587+ // AccountAttachments.
588+ func (c * SnapshotClient ) Roles () SnapshotRoles {
589+ return c .client .roles
590+ }
591+
592+ // SecretStores are servers where resource secrets (passwords, keys) are stored.
593+ func (c * SnapshotClient ) SecretStores () SnapshotSecretStores {
594+ return c .client .secretStores
595+ }
596+
464597// Sign returns the signature for the given byte array
465598func (c * Client ) Sign (methodName string , message []byte ) string {
466599 if c .disableSigning {
0 commit comments