strongdm.constants
1# Copyright 2020 StrongDM Inc 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14# 15# @internal Code generated by constgen. DO NOT EDIT. 16 17 18# Permission Levels, shared by all entities capable of making authenticated requests against StrongDM. 19class PermissionLevel: 20 ROOT_ADMIN = "root-admin" 21 ADMIN = "admin" 22 DATABASE_ADMIN = "database-admin" 23 TEAM_LEADER = "multi-team-leader" 24 USER = "user" 25 AUDITOR = "auditor" 26 RELAY = "relay" 27 ADMIN_TOKEN = "admin-token" 28 SCIM_TOKEN = "scim-token" 29 SERVICE_NOW_TOKEN = "servicenow-token" 30 SERVICE = "service" 31 SUSPENDED = "suspended" 32 EMPTY = "" 33 34 35# Node Lifecycle States, defining whether a node was last reported online, offline, restarting, etc. 36class NodeState: 37 NEW = "new" 38 VERIFYING_RESTART = "verifying_restart" 39 AWAITING_RESTART = "awaiting_restart" 40 RESTARTING = "restarting" 41 STARTED = "started" 42 STOPPED = "stopped" 43 DEAD = "dead" 44 45 46# Providers responsible for managing roles and users. 47# None, or an empty string, implies the user is managed by strongDM. 48# Deprecated: Please use SCIMProvider instead. 49class Provider: 50 NONE = "" 51 OKTA = "okta" 52 SAIL_POINT = "sailpoint" 53 AZURE = "azure" 54 GENERIC = "generic" 55 ONE_LOGIN = "onelogin" 56 GOOGLE = "google" 57 58 59# Providers responsible for managing roles and users. 60# None, or an empty string, implies the user is managed by strongDM. 61class SCIMProvider: 62 NONE = "" 63 OKTA = "okta" 64 SAIL_POINT = "sailpoint" 65 AZURE = "azure" 66 GENERIC = "generic" 67 ONE_LOGIN = "onelogin" 68 GOOGLE = "google" 69 70 71# Providers responsible for SSO authentication. 72class AuthProvider: 73 AZURE = "azure" 74 BITIUM = "bitium" 75 GOOGLE = "google" 76 OKTA = "okta" 77 STRONG_DM = "strongdm" 78 ACTIVE_DIRECTORY = "active directory" 79 GENERIC_OIDC = "generic oidc" 80 ONE_LOGIN_OIDC = "oneloginv2" 81 KEYCLOAK = "keycloak" 82 SHIBBOLETH = "shibboleth" 83 AUTH_0 = "auth0" 84 WORKSPACE_ONE = "workspace one" 85 ONE_LOGIN_SAML = "onelogin-saml" 86 GENERIC_SAML = "generic-saml" 87 PING_IDSAML = "ping-identity-saml" 88 89 90# Providers responsible for multi-factor authentication 91class MFAProvider: 92 NONE = "" 93 DUO = "duo" 94 TOTP = "totp" 95 96 97# Activity Entities, all entity types that can be part of an activity. 98class ActivityEntityType: 99 USER = "user" 100 ROLE = "role" 101 LEGACY_COMPOSITE_ROLE = "composite_role" 102 DATASOURCE = "datasource" 103 ORGANIZATION = "organization" 104 INSTALLATION = "installation" 105 SECRET_STORE = "secretstore" 106 REMOTE_IDENTITY_GROUP = "remote_identity_group" 107 REMOTE_IDENTITY = "remote_identity" 108 ACCESS_REQUEST = "access_request" 109 WORKFLOW = "workflow" 110 NODE = "node" 111 PEERING_GROUP = "peering_group" 112 PEERING_GROUP_NODE = "peering_group_node" 113 PEERING_GROUP_RESOURCE = "peering_group_resource" 114 PEERING_GROUP_PEER = "peering_group_peer" 115 116 117# Activity Verbs, describe which kind of activity has taken place. 118class ActivityVerb: 119 USER_ADDED = "user added" 120 USER_DELETED = "user deleted" 121 USER_UPDATED = "user updated" 122 USER_SIGNUP = "user signup" 123 USER_TYPE_CHANGED = "user type changed" 124 USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted" 125 USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked" 126 USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired" 127 USER_ADDED_TO_ROLE = "user added to role" 128 USER_DELETED_FROM_ROLE = "user deleted from role" 129 USER_SUSPENDED = "user suspended" 130 USER_REINSTATED = "user reinstated" 131 USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI" 132 PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org" 133 USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client" 134 SERVICE_ACCOUNT_CREATED = "service account created" 135 SERVICE_ACCOUNT_EXPIRED = "service account expired" 136 ADMIN_TOKEN_ADDED = "admin token created" 137 ADMIN_TOKEN_DELETED = "admin token deleted" 138 ADMIN_TOKEN_EXPIRED = "admin token expired" 139 ADMIN_TOKEN_REKEYED = "admin token rekeyed" 140 ADMIN_TOKEN_CLONED = "admin token cloned" 141 ADMIN_TOKEN_SUSPENDED = "admin token suspended" 142 ADMIN_TOKEN_REINSTATED = "admin token reinstated" 143 SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO" 144 SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO" 145 USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client" 146 USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI" 147 FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI" 148 FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client" 149 MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI" 150 MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client" 151 TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts" 152 ATTEMPT_COUNTER_RESET = "failed login attempt counter reset" 153 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client" 154 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI" 155 SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI" 156 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI" 157 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client" 158 USER_SET_A_PASSWORD = "user set a password" 159 USER_RESET_A_PASSWORD = "user reset their password" 160 USER_CHANGED_PASSWORD = "user changed their password" 161 USER_INVITED = "user invited" 162 USER_CLICKED_INVITATION = "user clicked on their invitation" 163 USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset" 164 USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password" 165 USER_REQUIRE_SSO_LOGIN = "user required to login via SSO" 166 USER_PROVISIONING_ENABLED = "user provisioning enabled" 167 USER_PROVISIONING_DISABLED = "user provisioning disabled" 168 ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset" 169 ROLE_ADDED = "role added" 170 ROLE_DELETED = "role deleted" 171 ROLE_UPDATED = "role updated" 172 ROLE_ACCESS_RULES_UPDATED = "access rules updated" 173 ROLE_ACCESS_RULES_CREATED = "access rules created" 174 ROLE_ACCESS_RULES_DELETED = "access rules deleted" 175 ROLE_PROVISIONING_ENABLED = "role provisioning enabled" 176 ROLE_PROVISIONING_DISABLED = "role provisioning disabled" 177 DATASOURCE_ADDED = "datasource added" 178 DATASOURCE_CLONED = "datasource cloned" 179 DATASOURCE_DELETED = "datasource deleted" 180 DATASOURCE_UPDATED = "datasource updated" 181 DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden" 182 MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden" 183 SERVER_ADDED = "server added" 184 SERVER_CLONED = "server cloned" 185 SERVER_DELETED = "server deleted" 186 SERVER_UPDATED = "server updated" 187 SERVER_PORT_OVERRIDE = "server connection port overriden" 188 MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden" 189 CLUSTER_ADDED = "cluster added" 190 CLUSTER_CLONED = "cluster cloned" 191 CLUSTER_DELETED = "cluster deleted" 192 CLUSTER_UPDATED = "cluster updated" 193 CLUSTER_PORT_OVERRIDE = "cluster connection port overriden" 194 MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden" 195 CLOUD_ADDED = "cloud added" 196 CLOUD_CLONED = "cloud cloned" 197 CLOUD_DELETED = "cloud deleted" 198 CLOUD_UPDATED = "cloud updated" 199 WEBSITE_ADDED = "website added" 200 WEBSITE_CLONED = "website cloned" 201 WEBSITE_DELETED = "website deleted" 202 WEBSITE_UPDATED = "website updated" 203 INSTALLATION_CREATED = "installation created" 204 RELAY_INSTALLATION_CREATED = "installation created for relay" 205 INSTALLATION_APPROVED = "installation approved" 206 INSTALLATION_REVOKED = "installation revoked" 207 RELAY_CREATED = "relay created" 208 RELAY_UPDATED_NAME = "relay name updated" 209 RELAY_DELETED = "relay deleted" 210 ORG_PUBLIC_KEY_UPDATED = "public key updated" 211 ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated" 212 ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated" 213 ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated" 214 ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated" 215 ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated" 216 ORG_NAME_UPDATED = "organization name updated" 217 ORG_SETTING_UPDATED = "organization setting updated" 218 ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated" 219 ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated" 220 ORG_CREATED = "organization created" 221 ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set" 222 ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted" 223 ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set" 224 ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted" 225 CHILD_ORG_ADMIN_INVITED = "child organization admin invited" 226 SERVICE_ACCOUNT_REKEYED = "service account rekeyed" 227 SCIM_TOKEN_ADDED = "SCIM token created" 228 SCIM_TOKEN_DELETED = "SCIM token deleted" 229 SCIM_TOKEN_REKEYED = "SCIM token rekeyed" 230 API_KEY_DELETED = "API key deleted" 231 ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated" 232 ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding" 233 ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding" 234 ORG_ADD_CHILD = "add child organization" 235 ORG_REMOVE_CHILD = "remove child organization" 236 ORG_EXTEND_TRIAL = "trial extended" 237 SECRET_STORE_ADDED = "secret store added" 238 SECRET_STORE_UPDATED = "secret store updated" 239 SECRET_STORE_DELETED = "secret store deleted" 240 REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created" 241 REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated" 242 REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted" 243 IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled" 244 IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled" 245 REMOTE_IDENTITY_CREATED = "remote identity created" 246 REMOTE_IDENTITY_UPDATED = "remote identity updated" 247 REMOTE_IDENTITY_DELETED = "remote identity deleted" 248 IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled" 249 IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled" 250 ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource" 251 ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added" 252 ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled" 253 ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied" 254 ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out" 255 ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted" 256 ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically" 257 ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated" 258 ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet" 259 DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval" 260 DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval" 261 EMULATION_MIGRATION_COMPLETED = "emulation migration completed" 262 ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed" 263 ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers" 264 TOTP_ENROLLMENT_ADDED = "user enrolled a totp device" 265 TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment" 266 SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI" 267 RESOURCE_LOCKED = "user locked a resource" 268 RESOURCE_UNLOCKED = "user unlocked a resource" 269 RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource" 270 ORG_INTEGRATION_INSTALLED = "org integration installed" 271 USER_INTEGRATION_AUTHORIZED = "user authorized integration" 272 ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled" 273 USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration" 274 275 276# Permissions, all permissions that may be granted to an account. 277class Permission: 278 RELAY_LIST = "relay:list" 279 RELAY_CREATE = "relay:create" 280 DATASOURCE_LIST = "datasource:list" 281 DATASOURCE_CREATE = "datasource:create" 282 DATASOURCE_HEALTHCHECK = "datasource:healthcheck" 283 DEPRECATED_DATASOURCE_GRANT = "datasource:grant" 284 DATASOURCE_DELETE = "datasource:delete" 285 DATASOURCE_UPDATE = "datasource:update" 286 RESOURCE_LOCK_DELETE = "resourcelock:delete" 287 RESOURCE_LOCK_LIST = "resourcelock:list" 288 SECRET_STORE_CREATE = "secretstore:create" 289 SECRET_STORE_LIST = "secretstore:list" 290 SECRET_STORE_DELETE = "secretstore:delete" 291 SECRET_STORE_UPDATE = "secretstore:update" 292 SECRET_STORE_STATUS = "secretstore:status" 293 REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write" 294 REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read" 295 REMOTE_IDENTITY_WRITE = "remoteidentity:write" 296 REMOTE_IDENTITY_READ = "remoteidentity:read" 297 USER_CREATE = "user:create" 298 USER_LIST = "user:list" 299 USER_UPDATE_ADMIN = "user:update_admin" 300 USER_CREATE_ADMIN_TOKEN = "user:create_admin_token" 301 USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account" 302 USER_SET_PERMISSION_LEVEL = "user:set_strong_role" 303 USER_UPDATE = "user:update" 304 USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset" 305 USER_DELETE = "user:delete" 306 USER_ASSIGN = "user:assign" 307 USER_SUSPEND = "user:suspend" 308 DEMO_PROVISIONING_REQUEST_CREATE = "demoprovisioningrequest:create" 309 DEMO_PROVISIONING_REQUEST_LIST = "demoprovisioningrequest:list" 310 ROLE_LIST = "role:list" 311 ROLE_CREATE = "role:create" 312 ROLE_DELETE = "role:delete" 313 ROLE_UPDATE = "role:update" 314 ORG_VIEW_SETTINGS = "organization:view_settings" 315 ORG_EDIT_SETTINGS = "organization:edit_settings" 316 ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor" 317 ORG_LIST_CHILDREN = "organization:list_children" 318 ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization" 319 ORG_AUDIT_USERS = "audit:users" 320 ORG_AUDIT_ROLES = "audit:roles" 321 ORG_AUDIT_DATASOURCES = "audit:datasources" 322 ORG_AUDIT_NODES = "audit:nodes" 323 ORG_AUDIT_PERMISSIONS = "audit:permissions" 324 ORG_AUDIT_QUERIES = "audit:queries" 325 ORG_AUDIT_ACTIVITIES = "audit:activities" 326 ORG_AUDIT_SSH = "audit:ssh" 327 ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants" 328 ORG_AUDIT_ORG = "audit:organization" 329 ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities" 330 ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups" 331 ORG_AUDIT_SECRET_STORES = "audit:secretstores" 332 ORG_AUDIT_WORKFLOWS = "audit:workflows" 333 ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows" 334 ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests" 335 WORKFLOW_LIST = "workflow:list" 336 WORKFLOW_EDIT = "workflow:edit" 337 ACCESS_REQUEST_EDIT = "accessrequest:edit" 338 ACCESS_REQUEST_LIST = "accessrequest:list" 339 ACCESS_REQUEST_REQUESTER = "accessrequest:requester" 340 GLOBAL_RDP_RENDER = "rdp:render" 341 GLOBAL_QUERY_BUCKET_TRACKER = "query:bucket_tracker" 342 GLOBAL_ASSETS_GET_LATEST_VERSION_COMMIT_HASH = "assets:get_latest_version_commit_hash" 343 GLOBAL_SDMOS_SERVICE = "sdmos:service" 344 GLOBAL_SDMOS_DEPLOYMENT = "sdmos:deployment" 345 GLOBAL_SDMOS_RELEASE = "sdmos:release" 346 GLOBAL_DEMO_PROVISIONER = "demo:provision" 347 INSTALLATION_BLESS = "installation:bless" 348 INSTALLATION_CREATE = "installation:create" 349 INSTALLATION_REVOKE = "installation:revoke" 350 TESTING_ORG_CREATE = "testing:organization:create" 351 TESTING_ORG_DELETE = "testing:organization:delete" 352 TESTING_NO_PERMISSIONS = "testing:noperms" 353 TESTING_FETCH_QUERIES = "testing:queries:get" 354 GRANT_READ = "grant:read" 355 GRANT_WRITE = "grant:write" 356 REPORT_READ = "report:read" 357 BILLING_READ = "billing:read" 358 CREDENTIAL_READ = "credential:read" 359 CREDENTIAL_WRITE = "credential:write" 360 361 362# Query Categories, all the categories of resource against which queries are logged. 363class QueryCategory: 364 KUBERNETES = "k8s" 365 DATASOURCES = "queries" 366 RDP = "rdp" 367 SSH = "ssh" 368 WEB = "web" 369 CLOUD = "cloud" 370 ALL = "all" 371 372 373# LogRemoteEncoder defines the encryption encoder for the queries are stored in the API. 374class LogRemoteEncoder: 375 STRONG_DM = "strongdm" 376 PUB_KEY = "pubkey" 377 HASH = "hash" 378 379 380# LogLocalStorage defines how queries are stored locally. 381class LogLocalStorage: 382 STDOUT = "stdout" 383 FILE = "file" 384 TCP = "tcp" 385 SOCKET = "socket" 386 SYSLOG = "syslog" 387 NONE = "none" 388 389 390# LogLocalEncoder defines the encryption encoder for queries are stored locally in the relay. 391class LogLocalEncoder: 392 PLAINTEXT = "plaintext" 393 PUB_KEY = "pubkey" 394 395 396# LogLocalFormat defines the format the queries are stored locally in the relay. 397class LogLocalFormat: 398 CSV = "csv" 399 JSON = "json" 400 401 402# OrgKind defines the types of organizations that may exist. 403class OrgKind: 404 SOLO = "solo" 405 ROOT = "root" 406 CHILD = "child" 407 408 409# KeyType defines the supported SSH key types 410class SSHKeyType: 411 RSA_2048 = "rsa-2048" 412 RSA_4096 = "rsa-4096" 413 ECDSA_256 = "ecdsa-256" 414 ECDSA_384 = "ecdsa-384" 415 ECDSA_521 = "ecdsa-521" 416 ED_25519 = "ed25519" 417 418 419# CaptureType designates what type of SSH/RDP/K8s capture we have. 420class CaptureType: 421 SHELL = "shell" 422 SCP_UPLOAD = "scp-upload" 423 SCP_DOWNLOAD = "scp-download" 424 COMMAND = "command" 425 RDP_BASIC = "rdp-basic" 426 RDP_ENHANCED = "rdp-enhanced" 427 K_8_S_EXEC = "k8s-exec" 428 K_8_S_EXEC_TTY = "k8s-execTTY" 429 K_8_S_PORT_FORWARD = "k8s-portForward" 430 K_8_SCP_UPLOAD = "k8s-cp-upload" 431 K_8_SCP_DOWNLOAD = "k8s-cp-download" 432 K_8_S_DESCRIBE = "k8s-describe" 433 K_8_S_GET = "k8s-get" 434 K_8_S_DELETE = "k8s-delete" 435 K_8_S_GENERIC = "k8s-generic" 436 K_8_S_APPLY = "k8s-apply" 437 SSH_PORT_FORWARD = "ssh-portForward" 438 439 440# Providers responsible for device posture enforcement 441class DevicePostureProvider: 442 NONE = "" 443 SENTINEL_ONE = "sentinelone" 444 CROWD_STRIKE = "crowdstrike"
class
PermissionLevel:
20class PermissionLevel: 21 ROOT_ADMIN = "root-admin" 22 ADMIN = "admin" 23 DATABASE_ADMIN = "database-admin" 24 TEAM_LEADER = "multi-team-leader" 25 USER = "user" 26 AUDITOR = "auditor" 27 RELAY = "relay" 28 ADMIN_TOKEN = "admin-token" 29 SCIM_TOKEN = "scim-token" 30 SERVICE_NOW_TOKEN = "servicenow-token" 31 SERVICE = "service" 32 SUSPENDED = "suspended" 33 EMPTY = ""
class
NodeState:
class
Provider:
class
SCIMProvider:
class
AuthProvider:
73class AuthProvider: 74 AZURE = "azure" 75 BITIUM = "bitium" 76 GOOGLE = "google" 77 OKTA = "okta" 78 STRONG_DM = "strongdm" 79 ACTIVE_DIRECTORY = "active directory" 80 GENERIC_OIDC = "generic oidc" 81 ONE_LOGIN_OIDC = "oneloginv2" 82 KEYCLOAK = "keycloak" 83 SHIBBOLETH = "shibboleth" 84 AUTH_0 = "auth0" 85 WORKSPACE_ONE = "workspace one" 86 ONE_LOGIN_SAML = "onelogin-saml" 87 GENERIC_SAML = "generic-saml" 88 PING_IDSAML = "ping-identity-saml"
class
MFAProvider:
class
ActivityEntityType:
99class ActivityEntityType: 100 USER = "user" 101 ROLE = "role" 102 LEGACY_COMPOSITE_ROLE = "composite_role" 103 DATASOURCE = "datasource" 104 ORGANIZATION = "organization" 105 INSTALLATION = "installation" 106 SECRET_STORE = "secretstore" 107 REMOTE_IDENTITY_GROUP = "remote_identity_group" 108 REMOTE_IDENTITY = "remote_identity" 109 ACCESS_REQUEST = "access_request" 110 WORKFLOW = "workflow" 111 NODE = "node" 112 PEERING_GROUP = "peering_group" 113 PEERING_GROUP_NODE = "peering_group_node" 114 PEERING_GROUP_RESOURCE = "peering_group_resource" 115 PEERING_GROUP_PEER = "peering_group_peer"
class
ActivityVerb:
119class ActivityVerb: 120 USER_ADDED = "user added" 121 USER_DELETED = "user deleted" 122 USER_UPDATED = "user updated" 123 USER_SIGNUP = "user signup" 124 USER_TYPE_CHANGED = "user type changed" 125 USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted" 126 USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked" 127 USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired" 128 USER_ADDED_TO_ROLE = "user added to role" 129 USER_DELETED_FROM_ROLE = "user deleted from role" 130 USER_SUSPENDED = "user suspended" 131 USER_REINSTATED = "user reinstated" 132 USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI" 133 PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org" 134 USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client" 135 SERVICE_ACCOUNT_CREATED = "service account created" 136 SERVICE_ACCOUNT_EXPIRED = "service account expired" 137 ADMIN_TOKEN_ADDED = "admin token created" 138 ADMIN_TOKEN_DELETED = "admin token deleted" 139 ADMIN_TOKEN_EXPIRED = "admin token expired" 140 ADMIN_TOKEN_REKEYED = "admin token rekeyed" 141 ADMIN_TOKEN_CLONED = "admin token cloned" 142 ADMIN_TOKEN_SUSPENDED = "admin token suspended" 143 ADMIN_TOKEN_REINSTATED = "admin token reinstated" 144 SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO" 145 SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO" 146 USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client" 147 USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI" 148 FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI" 149 FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client" 150 MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI" 151 MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client" 152 TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts" 153 ATTEMPT_COUNTER_RESET = "failed login attempt counter reset" 154 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client" 155 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI" 156 SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI" 157 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI" 158 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client" 159 USER_SET_A_PASSWORD = "user set a password" 160 USER_RESET_A_PASSWORD = "user reset their password" 161 USER_CHANGED_PASSWORD = "user changed their password" 162 USER_INVITED = "user invited" 163 USER_CLICKED_INVITATION = "user clicked on their invitation" 164 USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset" 165 USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password" 166 USER_REQUIRE_SSO_LOGIN = "user required to login via SSO" 167 USER_PROVISIONING_ENABLED = "user provisioning enabled" 168 USER_PROVISIONING_DISABLED = "user provisioning disabled" 169 ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset" 170 ROLE_ADDED = "role added" 171 ROLE_DELETED = "role deleted" 172 ROLE_UPDATED = "role updated" 173 ROLE_ACCESS_RULES_UPDATED = "access rules updated" 174 ROLE_ACCESS_RULES_CREATED = "access rules created" 175 ROLE_ACCESS_RULES_DELETED = "access rules deleted" 176 ROLE_PROVISIONING_ENABLED = "role provisioning enabled" 177 ROLE_PROVISIONING_DISABLED = "role provisioning disabled" 178 DATASOURCE_ADDED = "datasource added" 179 DATASOURCE_CLONED = "datasource cloned" 180 DATASOURCE_DELETED = "datasource deleted" 181 DATASOURCE_UPDATED = "datasource updated" 182 DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden" 183 MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden" 184 SERVER_ADDED = "server added" 185 SERVER_CLONED = "server cloned" 186 SERVER_DELETED = "server deleted" 187 SERVER_UPDATED = "server updated" 188 SERVER_PORT_OVERRIDE = "server connection port overriden" 189 MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden" 190 CLUSTER_ADDED = "cluster added" 191 CLUSTER_CLONED = "cluster cloned" 192 CLUSTER_DELETED = "cluster deleted" 193 CLUSTER_UPDATED = "cluster updated" 194 CLUSTER_PORT_OVERRIDE = "cluster connection port overriden" 195 MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden" 196 CLOUD_ADDED = "cloud added" 197 CLOUD_CLONED = "cloud cloned" 198 CLOUD_DELETED = "cloud deleted" 199 CLOUD_UPDATED = "cloud updated" 200 WEBSITE_ADDED = "website added" 201 WEBSITE_CLONED = "website cloned" 202 WEBSITE_DELETED = "website deleted" 203 WEBSITE_UPDATED = "website updated" 204 INSTALLATION_CREATED = "installation created" 205 RELAY_INSTALLATION_CREATED = "installation created for relay" 206 INSTALLATION_APPROVED = "installation approved" 207 INSTALLATION_REVOKED = "installation revoked" 208 RELAY_CREATED = "relay created" 209 RELAY_UPDATED_NAME = "relay name updated" 210 RELAY_DELETED = "relay deleted" 211 ORG_PUBLIC_KEY_UPDATED = "public key updated" 212 ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated" 213 ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated" 214 ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated" 215 ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated" 216 ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated" 217 ORG_NAME_UPDATED = "organization name updated" 218 ORG_SETTING_UPDATED = "organization setting updated" 219 ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated" 220 ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated" 221 ORG_CREATED = "organization created" 222 ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set" 223 ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted" 224 ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set" 225 ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted" 226 CHILD_ORG_ADMIN_INVITED = "child organization admin invited" 227 SERVICE_ACCOUNT_REKEYED = "service account rekeyed" 228 SCIM_TOKEN_ADDED = "SCIM token created" 229 SCIM_TOKEN_DELETED = "SCIM token deleted" 230 SCIM_TOKEN_REKEYED = "SCIM token rekeyed" 231 API_KEY_DELETED = "API key deleted" 232 ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated" 233 ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding" 234 ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding" 235 ORG_ADD_CHILD = "add child organization" 236 ORG_REMOVE_CHILD = "remove child organization" 237 ORG_EXTEND_TRIAL = "trial extended" 238 SECRET_STORE_ADDED = "secret store added" 239 SECRET_STORE_UPDATED = "secret store updated" 240 SECRET_STORE_DELETED = "secret store deleted" 241 REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created" 242 REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated" 243 REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted" 244 IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled" 245 IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled" 246 REMOTE_IDENTITY_CREATED = "remote identity created" 247 REMOTE_IDENTITY_UPDATED = "remote identity updated" 248 REMOTE_IDENTITY_DELETED = "remote identity deleted" 249 IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled" 250 IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled" 251 ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource" 252 ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added" 253 ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled" 254 ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied" 255 ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out" 256 ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted" 257 ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically" 258 ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated" 259 ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet" 260 DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval" 261 DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval" 262 EMULATION_MIGRATION_COMPLETED = "emulation migration completed" 263 ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed" 264 ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers" 265 TOTP_ENROLLMENT_ADDED = "user enrolled a totp device" 266 TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment" 267 SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI" 268 RESOURCE_LOCKED = "user locked a resource" 269 RESOURCE_UNLOCKED = "user unlocked a resource" 270 RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource" 271 ORG_INTEGRATION_INSTALLED = "org integration installed" 272 USER_INTEGRATION_AUTHORIZED = "user authorized integration" 273 ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled" 274 USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration"
SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended user from the local client'
SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a suspended service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended service account from the local client'
ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = 'access request to resource granted automatically'
class
Permission:
278class Permission: 279 RELAY_LIST = "relay:list" 280 RELAY_CREATE = "relay:create" 281 DATASOURCE_LIST = "datasource:list" 282 DATASOURCE_CREATE = "datasource:create" 283 DATASOURCE_HEALTHCHECK = "datasource:healthcheck" 284 DEPRECATED_DATASOURCE_GRANT = "datasource:grant" 285 DATASOURCE_DELETE = "datasource:delete" 286 DATASOURCE_UPDATE = "datasource:update" 287 RESOURCE_LOCK_DELETE = "resourcelock:delete" 288 RESOURCE_LOCK_LIST = "resourcelock:list" 289 SECRET_STORE_CREATE = "secretstore:create" 290 SECRET_STORE_LIST = "secretstore:list" 291 SECRET_STORE_DELETE = "secretstore:delete" 292 SECRET_STORE_UPDATE = "secretstore:update" 293 SECRET_STORE_STATUS = "secretstore:status" 294 REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write" 295 REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read" 296 REMOTE_IDENTITY_WRITE = "remoteidentity:write" 297 REMOTE_IDENTITY_READ = "remoteidentity:read" 298 USER_CREATE = "user:create" 299 USER_LIST = "user:list" 300 USER_UPDATE_ADMIN = "user:update_admin" 301 USER_CREATE_ADMIN_TOKEN = "user:create_admin_token" 302 USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account" 303 USER_SET_PERMISSION_LEVEL = "user:set_strong_role" 304 USER_UPDATE = "user:update" 305 USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset" 306 USER_DELETE = "user:delete" 307 USER_ASSIGN = "user:assign" 308 USER_SUSPEND = "user:suspend" 309 DEMO_PROVISIONING_REQUEST_CREATE = "demoprovisioningrequest:create" 310 DEMO_PROVISIONING_REQUEST_LIST = "demoprovisioningrequest:list" 311 ROLE_LIST = "role:list" 312 ROLE_CREATE = "role:create" 313 ROLE_DELETE = "role:delete" 314 ROLE_UPDATE = "role:update" 315 ORG_VIEW_SETTINGS = "organization:view_settings" 316 ORG_EDIT_SETTINGS = "organization:edit_settings" 317 ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor" 318 ORG_LIST_CHILDREN = "organization:list_children" 319 ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization" 320 ORG_AUDIT_USERS = "audit:users" 321 ORG_AUDIT_ROLES = "audit:roles" 322 ORG_AUDIT_DATASOURCES = "audit:datasources" 323 ORG_AUDIT_NODES = "audit:nodes" 324 ORG_AUDIT_PERMISSIONS = "audit:permissions" 325 ORG_AUDIT_QUERIES = "audit:queries" 326 ORG_AUDIT_ACTIVITIES = "audit:activities" 327 ORG_AUDIT_SSH = "audit:ssh" 328 ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants" 329 ORG_AUDIT_ORG = "audit:organization" 330 ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities" 331 ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups" 332 ORG_AUDIT_SECRET_STORES = "audit:secretstores" 333 ORG_AUDIT_WORKFLOWS = "audit:workflows" 334 ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows" 335 ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests" 336 WORKFLOW_LIST = "workflow:list" 337 WORKFLOW_EDIT = "workflow:edit" 338 ACCESS_REQUEST_EDIT = "accessrequest:edit" 339 ACCESS_REQUEST_LIST = "accessrequest:list" 340 ACCESS_REQUEST_REQUESTER = "accessrequest:requester" 341 GLOBAL_RDP_RENDER = "rdp:render" 342 GLOBAL_QUERY_BUCKET_TRACKER = "query:bucket_tracker" 343 GLOBAL_ASSETS_GET_LATEST_VERSION_COMMIT_HASH = "assets:get_latest_version_commit_hash" 344 GLOBAL_SDMOS_SERVICE = "sdmos:service" 345 GLOBAL_SDMOS_DEPLOYMENT = "sdmos:deployment" 346 GLOBAL_SDMOS_RELEASE = "sdmos:release" 347 GLOBAL_DEMO_PROVISIONER = "demo:provision" 348 INSTALLATION_BLESS = "installation:bless" 349 INSTALLATION_CREATE = "installation:create" 350 INSTALLATION_REVOKE = "installation:revoke" 351 TESTING_ORG_CREATE = "testing:organization:create" 352 TESTING_ORG_DELETE = "testing:organization:delete" 353 TESTING_NO_PERMISSIONS = "testing:noperms" 354 TESTING_FETCH_QUERIES = "testing:queries:get" 355 GRANT_READ = "grant:read" 356 GRANT_WRITE = "grant:write" 357 REPORT_READ = "report:read" 358 BILLING_READ = "billing:read" 359 CREDENTIAL_READ = "credential:read" 360 CREDENTIAL_WRITE = "credential:write"
class
QueryCategory:
class
LogRemoteEncoder:
class
LogLocalStorage:
class
LogLocalEncoder:
class
LogLocalFormat:
class
OrgKind:
class
SSHKeyType:
class
CaptureType:
421class CaptureType: 422 SHELL = "shell" 423 SCP_UPLOAD = "scp-upload" 424 SCP_DOWNLOAD = "scp-download" 425 COMMAND = "command" 426 RDP_BASIC = "rdp-basic" 427 RDP_ENHANCED = "rdp-enhanced" 428 K_8_S_EXEC = "k8s-exec" 429 K_8_S_EXEC_TTY = "k8s-execTTY" 430 K_8_S_PORT_FORWARD = "k8s-portForward" 431 K_8_SCP_UPLOAD = "k8s-cp-upload" 432 K_8_SCP_DOWNLOAD = "k8s-cp-download" 433 K_8_S_DESCRIBE = "k8s-describe" 434 K_8_S_GET = "k8s-get" 435 K_8_S_DELETE = "k8s-delete" 436 K_8_S_GENERIC = "k8s-generic" 437 K_8_S_APPLY = "k8s-apply" 438 SSH_PORT_FORWARD = "ssh-portForward"
class
DevicePostureProvider: