strongdm.constants

  1# Copyright 2020 StrongDM Inc
  2#
  3# Licensed under the Apache License, Version 2.0 (the "License");
  4# you may not use this file except in compliance with the License.
  5# You may obtain a copy of the License at
  6#
  7#     http://www.apache.org/licenses/LICENSE-2.0
  8#
  9# Unless required by applicable law or agreed to in writing, software
 10# distributed under the License is distributed on an "AS IS" BASIS,
 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12# See the License for the specific language governing permissions and
 13# limitations under the License.
 14#
 15# @internal Code generated by constgen. DO NOT EDIT.
 16
 17
 18# Permission Levels, shared by all entities capable of making authenticated requests against StrongDM.
 19class PermissionLevel:
 20    ROOT_ADMIN = "root-admin"
 21    ADMIN = "admin"
 22    DATABASE_ADMIN = "database-admin"
 23    DATABASE_OPERATOR = "database-operator"
 24    TEAM_LEADER = "multi-team-leader"
 25    USER = "user"
 26    AUDITOR = "auditor"
 27    RELAY = "relay"
 28    ADMIN_TOKEN = "admin-token"
 29    SCIM_TOKEN = "scim-token"
 30    SERVICE_NOW_TOKEN = "servicenow-token"
 31    SERVICE = "service"
 32    SUSPENDED = "suspended"
 33    EMPTY = ""
 34
 35
 36# Node Lifecycle States, defining whether a node was last reported online, offline, restarting, etc.
 37class NodeState:
 38    NEW = "new"
 39    VERIFYING_RESTART = "verifying_restart"
 40    AWAITING_RESTART = "awaiting_restart"
 41    RESTARTING = "restarting"
 42    STARTED = "started"
 43    STOPPED = "stopped"
 44    DEAD = "dead"
 45
 46
 47# Providers responsible for managing roles and users.
 48# None, or an empty string, implies the user is managed by strongDM.
 49# Deprecated: Please use SCIMProvider instead.
 50class Provider:
 51    NONE = ""
 52    OKTA = "okta"
 53    SAIL_POINT = "sailpoint"
 54    AZURE = "azure"
 55    GENERIC = "generic"
 56    ONE_LOGIN = "onelogin"
 57    GOOGLE = "google"
 58
 59
 60# Providers responsible for managing roles and users.
 61# None, or an empty string, implies the user is managed by strongDM.
 62class SCIMProvider:
 63    NONE = ""
 64    OKTA = "okta"
 65    SAIL_POINT = "sailpoint"
 66    AZURE = "azure"
 67    GENERIC = "generic"
 68    ONE_LOGIN = "onelogin"
 69    GOOGLE = "google"
 70
 71
 72# Providers responsible for SSO authentication.
 73class AuthProvider:
 74    AZURE = "azure"
 75    BITIUM = "bitium"
 76    GOOGLE = "google"
 77    OKTA = "okta"
 78    STRONG_DM = "strongdm"
 79    ACTIVE_DIRECTORY = "active directory"
 80    GENERIC_OIDC = "generic oidc"
 81    ONE_LOGIN_OIDC = "oneloginv2"
 82    KEYCLOAK = "keycloak"
 83    SHIBBOLETH = "shibboleth"
 84    AUTH_0 = "auth0"
 85    WORKSPACE_ONE = "workspace one"
 86    ONE_LOGIN_SAML = "onelogin-saml"
 87    GENERIC_SAML = "generic-saml"
 88    PING_IDSAML = "ping-identity-saml"
 89    PING_IDOIDC = "ping-identity-oidc"
 90
 91
 92# Providers responsible for multi-factor authentication
 93class MFAProvider:
 94    NONE = ""
 95    DUO = "duo"
 96    TOTP = "totp"
 97    OKTA = "okta"
 98    RSA = "rsa"
 99
100
101# Activity Entities, all entity types that can be part of an activity.
102class ActivityEntityType:
103    USER = "user"
104    ROLE = "role"
105    LEGACY_COMPOSITE_ROLE = "composite_role"
106    DATASOURCE = "datasource"
107    ORGANIZATION = "organization"
108    INSTALLATION = "installation"
109    SECRET_STORE = "secretstore"
110    SECRET_ENGINE = "secretengine"
111    REMOTE_IDENTITY_GROUP = "remote_identity_group"
112    REMOTE_IDENTITY = "remote_identity"
113    IDENTITY_SET = "identity_set"
114    IDENTITY_ALIAS = "identity_alias"
115    ACCESS_REQUEST = "access_request"
116    WORKFLOW = "workflow"
117    APPROVAL_FLOW = "approval_flow"
118    APPROVAL_FLOW_STEP = "approval_flow_step"
119    APPROVAL_FLOW_APPROVER = "approval_flow_approver"
120    MANAGED_SECRET = "managed_secret"
121    NODE = "node"
122    PEERING_GROUP = "peering_group"
123    PEERING_GROUP_NODE = "peering_group_node"
124    PEERING_GROUP_RESOURCE = "peering_group_resource"
125    PEERING_GROUP_PEER = "peering_group_peer"
126    ORG_INTEGRATION = "org_integration"
127    CREDENTIAL = "credential"
128    CERTIFICATE_AUTHORITY = "certificate_authority"
129    POLICY = "policy"
130    PROXY_CLUSTER_KEY = "proxy_cluster_key"
131
132
133# Activity Verbs, describe which kind of activity has taken place.
134class ActivityVerb:
135    USER_ADDED = "user added"
136    USER_DELETED = "user deleted"
137    USER_UPDATED = "user updated"
138    USER_SIGNUP = "user signup"
139    USER_TYPE_CHANGED = "user type changed"
140    USER_PASSWORD_CHANGED = "user password changed"
141    USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted"
142    USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked"
143    USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired"
144    USER_ADDED_TO_ROLE = "user added to role"
145    USER_DELETED_FROM_ROLE = "user deleted from role"
146    USER_SUSPENDED = "user suspended"
147    USER_REINSTATED = "user reinstated"
148    USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI"
149    PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org"
150    USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client"
151    SERVICE_ACCOUNT_CREATED = "service account created"
152    SERVICE_ACCOUNT_EXPIRED = "service account expired"
153    ADMIN_TOKEN_ADDED = "admin token created"
154    ADMIN_TOKEN_DELETED = "admin token deleted"
155    ADMIN_TOKEN_EXPIRED = "admin token expired"
156    ADMIN_TOKEN_REKEYED = "admin token rekeyed"
157    ADMIN_TOKEN_CLONED = "admin token cloned"
158    ADMIN_TOKEN_SUSPENDED = "admin token suspended"
159    ADMIN_TOKEN_REINSTATED = "admin token reinstated"
160    SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO"
161    SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO"
162    USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client"
163    USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI"
164    FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI"
165    FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client"
166    MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI"
167    MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client"
168    TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts"
169    ATTEMPT_COUNTER_RESET = "failed login attempt counter reset"
170    SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client"
171    SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI"
172    SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI"
173    SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI"
174    SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client"
175    USER_SET_A_PASSWORD = "user set a password"
176    USER_RESET_A_PASSWORD = "user reset their password"
177    USER_CHANGED_PASSWORD = "user changed their password"
178    USER_INVITED = "user invited"
179    USER_CLICKED_INVITATION = "user clicked on their invitation"
180    USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset"
181    USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password"
182    USER_REQUIRE_SSO_LOGIN = "user required to login via SSO"
183    USER_PROVISIONING_ENABLED = "user provisioning enabled"
184    USER_PROVISIONING_DISABLED = "user provisioning disabled"
185    ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset"
186    ROLE_ADDED = "role added"
187    ROLE_DELETED = "role deleted"
188    ROLE_UPDATED = "role updated"
189    ROLE_ACCESS_RULES_UPDATED = "access rules updated"
190    ROLE_ACCESS_RULES_CREATED = "access rules created"
191    ROLE_ACCESS_RULES_DELETED = "access rules deleted"
192    ROLE_PROVISIONING_ENABLED = "role provisioning enabled"
193    ROLE_PROVISIONING_DISABLED = "role provisioning disabled"
194    DATASOURCE_ADDED = "datasource added"
195    DATASOURCE_CLONED = "datasource cloned"
196    DATASOURCE_DELETED = "datasource deleted"
197    DATASOURCE_UPDATED = "datasource updated"
198    DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden"
199    MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden"
200    SERVER_ADDED = "server added"
201    SERVER_CLONED = "server cloned"
202    SERVER_DELETED = "server deleted"
203    SERVER_UPDATED = "server updated"
204    SERVER_PORT_OVERRIDE = "server connection port overriden"
205    MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden"
206    CLUSTER_ADDED = "cluster added"
207    CLUSTER_CLONED = "cluster cloned"
208    CLUSTER_DELETED = "cluster deleted"
209    CLUSTER_UPDATED = "cluster updated"
210    CLUSTER_PORT_OVERRIDE = "cluster connection port overriden"
211    MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden"
212    CLOUD_ADDED = "cloud added"
213    CLOUD_CLONED = "cloud cloned"
214    CLOUD_DELETED = "cloud deleted"
215    CLOUD_UPDATED = "cloud updated"
216    WEBSITE_ADDED = "website added"
217    WEBSITE_CLONED = "website cloned"
218    WEBSITE_DELETED = "website deleted"
219    WEBSITE_UPDATED = "website updated"
220    INSTALLATION_CREATED = "installation created"
221    RELAY_INSTALLATION_CREATED = "installation created for relay"
222    INSTALLATION_APPROVED = "installation approved"
223    INSTALLATION_REVOKED = "installation revoked"
224    RELAY_CREATED = "relay created"
225    RELAY_UPDATED_NAME = "relay name updated"
226    RELAY_DELETED = "relay deleted"
227    ORG_PUBLIC_KEY_UPDATED = "public key updated"
228    ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated"
229    ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated"
230    ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated"
231    ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated"
232    ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated"
233    ORG_NAME_UPDATED = "organization name updated"
234    ORG_SETTING_UPDATED = "organization setting updated"
235    ORG_LOG_CONFIG_UPDATED = "organization logging configuration updated"
236    ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated"
237    ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated"
238    ORG_CREATED = "organization created"
239    ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set"
240    ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted"
241    ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set"
242    ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted"
243    CHILD_ORG_ADMIN_INVITED = "child organization admin invited"
244    SERVICE_ACCOUNT_REKEYED = "service account rekeyed"
245    SCIM_TOKEN_ADDED = "SCIM token created"
246    SCIM_TOKEN_DELETED = "SCIM token deleted"
247    SCIM_TOKEN_REKEYED = "SCIM token rekeyed"
248    API_KEY_DELETED = "API key deleted"
249    ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated"
250    ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding"
251    ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding"
252    ORG_ADD_CHILD = "add child organization"
253    ORG_REMOVE_CHILD = "remove child organization"
254    ORG_EXTEND_TRIAL = "trial extended"
255    SECRET_STORE_ADDED = "secret store added"
256    SECRET_STORE_UPDATED = "secret store updated"
257    SECRET_STORE_DELETED = "secret store deleted"
258    SECRET_ENGINE_ADDED = "secret engine added"
259    SECRET_ENGINE_UPDATED = "secret engine updated"
260    SECRET_ENGINE_ROTATED = "secret engine's credentials updated"
261    SECRET_ENGINE_DELETED = "secret engine deleted"
262    REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created"
263    REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated"
264    REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted"
265    IDENTITY_SET_CREATED = "identity set created"
266    IDENTITY_SET_UPDATED = "identity set updated"
267    IDENTITY_SET_DELETED = "identity set deleted"
268    IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled"
269    IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled"
270    REMOTE_IDENTITY_CREATED = "remote identity created"
271    REMOTE_IDENTITY_UPDATED = "remote identity updated"
272    REMOTE_IDENTITY_DELETED = "remote identity deleted"
273    IDENTITY_ALIAS_CREATED = "identity alias created"
274    IDENTITY_ALIAS_UPDATED = "identity alias updated"
275    IDENTITY_ALIAS_DELETED = "identity alias deleted"
276    IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled"
277    IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled"
278    ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource"
279    ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added"
280    ACCESS_REQUEST_TO_RESOURCE_STEP_SKIPPED = "access request to resource step skipped"
281    ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled"
282    ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied"
283    ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out"
284    ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted"
285    ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically"
286    ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = "access request to resource approved via ServiceNow"
287    ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = "access request to resource approved via Jira"
288    WORKFLOW_DELETED = "workflow deleted"
289    WORKFLOW_ADDED = "workflow added"
290    DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow"
291    DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow"
292    DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow"
293    DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow"
294    DEPRECATED_WORKFLOW_APPROVERS_UPDATED = "workflow approvers updated"
295    DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = "workflow auto grant updated"
296    DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = "workflow approval criteria updated"
297    WORKFLOW_ROLES_UPDATED = "workflow roles updated"
298    WORKFLOW_NAME_UPDATED = "workflow name updated"
299    WORKFLOW_DESCRIPTION_UPDATED = "workflow description updated"
300    WORKFLOW_REQUIRES_REASON_UPDATED = "workflow requires reason updated"
301    WORKFLOW_SETTINGS_UPDATED = "workflow settings updated"
302    WORKFLOW_ACCESS_RULES_UPDATED = "workflow access rules updated"
303    WORKFLOW_ACCESS_RULES_DELETED = "workflow access rules deleted"
304    WORKFLOW_ACCESS_RULES_CREATED = "workflow access rules created"
305    WORKFLOW_ENABLED = "workflow enabled"
306    WORKFLOW_DISABLED = "workflow disabled"
307    APPROVAL_FLOW_ADDED = "approval workflow added"
308    APPROVAL_FLOW_DELETED = "approval workflow deleted"
309    APPROVAL_FLOW_UPDATED = "approval workflow updated"
310    APPROVAL_FLOW_STEP_ADDED = "approval workflow step added"
311    APPROVAL_FLOW_STEP_DELETED = "approval workflow step deleted"
312    APPROVAL_FLOW_STEP_UPDATED = "approval workflow step updated"
313    APPROVAL_FLOW_APPROVER_ADDED = "approval workflow approver added"
314    APPROVAL_FLOW_APPROVER_DELETED = "approval workflow approver deleted"
315    ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated"
316    ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet"
317    DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval"
318    DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval"
319    EMULATION_MIGRATION_COMPLETED = "emulation migration completed"
320    ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed"
321    ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers"
322    TOTP_ENROLLMENT_ADDED = "user enrolled a totp device"
323    TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment"
324    SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI"
325    RESOURCE_LOCKED = "user locked a resource"
326    RESOURCE_UNLOCKED = "user unlocked a resource"
327    RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource"
328    CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings"
329    PEERING_GROUP_TOGGLED = "peering group toggled"
330    PEERING_GROUP_CREATED = "peering group created"
331    PEERING_GROUP_DELETED = "peering group deleted"
332    PEERING_GROUP_LINKED = "peering groups linked"
333    PEERING_GROUP_UNLINKED = "peering groups unlinked"
334    PEERING_GROUP_ATTACHED = "entity attached to peering group"
335    PEERING_GROUP_DETACHED = "entity detached from peering group"
336    ORG_INTEGRATION_INSTALLED = "org integration installed"
337    USER_INTEGRATION_AUTHORIZED = "user authorized integration"
338    ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled"
339    USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration"
340    SERVICE_NOW_TOKEN_ADDED = "ServiceNow token created"
341    SERVICE_NOW_TOKEN_DELETED = "ServiceNow token deleted"
342    CREDENTIAL_CREATED = "credential created"
343    CREDENTIAL_DELETED = "credential deleted"
344    CERTIFICATE_AUTHORITY_UPDATED = "certificate authority updated"
345    POLICY_CREATED = "policy created"
346    POLICY_UPDATED = "policy updated"
347    POLICY_DELETED = "policy deleted"
348    AUTHENTICATION_REVOKED_BY_POLICY = "authentication revoked by policy"
349    PROXY_CLUSTER_KEY_CREATED = "proxy cluster key created"
350    PROXY_CLUSTER_KEY_DELETED = "proxy cluster key deleted"
351    MANAGED_SECRET_CREATED = "managed secret created"
352    MANAGED_SECRET_UPDATED = "managed secret updated"
353    MANAGED_SECRET_EXPIRATION_TIME_UPDATED = "managed secret expiration time updated"
354    MANAGED_SECRET_CONFIG_UPDATED = "managed secret config updated"
355    MANAGED_SECRET_DELETED = "managed secret deleted"
356
357
358# Permissions, all permissions that may be granted to an account.
359class Permission:
360    RELAY_LIST = "relay:list"
361    RELAY_CREATE = "relay:create"
362    DATASOURCE_LIST = "datasource:list"
363    DATASOURCE_CREATE = "datasource:create"
364    DATASOURCE_HEALTHCHECK = "datasource:healthcheck"
365    DEPRECATED_DATASOURCE_GRANT = "datasource:grant"
366    DATASOURCE_DELETE = "datasource:delete"
367    DATASOURCE_UPDATE = "datasource:update"
368    RESOURCE_LOCK_DELETE = "resourcelock:delete"
369    RESOURCE_LOCK_LIST = "resourcelock:list"
370    SECRET_ENGINE_CREATE = "secretengine:create"
371    SECRET_ENGINE_LIST = "secretengine:list"
372    SECRET_ENGINE_DELETE = "secretengine:delete"
373    SECRET_ENGINE_UPDATE = "secretengine:update"
374    SECRET_ENGINE_STATUS = "secretengine:status"
375    SECRET_STORE_CREATE = "secretstore:create"
376    SECRET_STORE_LIST = "secretstore:list"
377    SECRET_STORE_DELETE = "secretstore:delete"
378    SECRET_STORE_UPDATE = "secretstore:update"
379    SECRET_STORE_STATUS = "secretstore:status"
380    REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write"
381    REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read"
382    REMOTE_IDENTITY_WRITE = "remoteidentity:write"
383    REMOTE_IDENTITY_READ = "remoteidentity:read"
384    USER_CREATE = "user:create"
385    USER_LIST = "user:list"
386    USER_UPDATE_ADMIN = "user:update_admin"
387    USER_CREATE_ADMIN_TOKEN = "user:create_admin_token"
388    USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account"
389    USER_SET_PERMISSION_LEVEL = "user:set_strong_role"
390    USER_UPDATE = "user:update"
391    USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset"
392    USER_DELETE = "user:delete"
393    USER_ASSIGN = "user:assign"
394    USER_SUSPEND = "user:suspend"
395    USER_SET_PASSWORD = "user:set_password"
396    ROLE_LIST = "role:list"
397    ROLE_CREATE = "role:create"
398    ROLE_DELETE = "role:delete"
399    ROLE_UPDATE = "role:update"
400    ORG_VIEW_SETTINGS = "organization:view_settings"
401    ORG_EDIT_SETTINGS = "organization:edit_settings"
402    ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor"
403    ORG_LIST_CHILDREN = "organization:list_children"
404    ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization"
405    ORG_AUDIT_USERS = "audit:users"
406    ORG_AUDIT_ROLES = "audit:roles"
407    ORG_AUDIT_DATASOURCES = "audit:datasources"
408    ORG_AUDIT_NODES = "audit:nodes"
409    ORG_AUDIT_PERMISSIONS = "audit:permissions"
410    ORG_AUDIT_QUERIES = "audit:queries"
411    ORG_AUDIT_ACTIVITIES = "audit:activities"
412    ORG_AUDIT_SSH = "audit:ssh"
413    ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants"
414    ORG_AUDIT_ORG = "audit:organization"
415    ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities"
416    ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups"
417    ORG_AUDIT_SECRET_ENGINES = "audit:secretengines"
418    ORG_AUDIT_SECRET_STORES = "audit:secretstores"
419    ORG_AUDIT_WORKFLOWS = "audit:workflows"
420    ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows"
421    ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests"
422    ORG_AUDIT_POLICIES = "audit:policies"
423    WORKFLOW_LIST = "workflow:list"
424    WORKFLOW_EDIT = "workflow:edit"
425    ACCESS_REQUEST_LIST = "accessrequest:list"
426    ACCESS_REQUEST_REQUESTER = "accessrequest:requester"
427    APPROVAL_FLOW_EDIT = "approvalflow:edit"
428    APPROVAL_FLOW_LIST = "approvalflow:list"
429    INSTALLATION_BLESS = "installation:bless"
430    INSTALLATION_CREATE = "installation:create"
431    INSTALLATION_REVOKE = "installation:revoke"
432    TESTING_ORG_CREATE = "testing:organization:create"
433    TESTING_ORG_DELETE = "testing:organization:delete"
434    TESTING_NO_PERMISSIONS = "testing:noperms"
435    TESTING_FETCH_QUERIES = "testing:queries:get"
436    GRANT_READ = "grant:read"
437    GRANT_WRITE = "grant:write"
438    REPORT_READ = "report:read"
439    BILLING_READ = "billing:read"
440    CREDENTIAL_READ = "credential:read"
441    CREDENTIAL_WRITE = "credential:write"
442    POLICY_READ = "policy:read"
443    POLICY_WRITE = "policy:write"
444    MANAGED_SECRET_CREATE = "managedsecret:create"
445    MANAGED_SECRET_LIST = "managedsecret:list"
446    MANAGED_SECRET_DELETE = "managedsecret:delete"
447    MANAGED_SECRET_UPDATE = "managedsecret:update"
448    MANAGED_SECRET_READ = "managedsecret:read"
449
450
451# Query Categories, all the categories of resource against which queries are logged.
452class QueryCategory:
453    KUBERNETES = "k8s"
454    DATASOURCES = "queries"
455    RDP = "rdp"
456    SSH = "ssh"
457    WEB = "web"
458    CLOUD = "cloud"
459    ALL = "all"
460
461
462# LogRemoteEncoder defines the encryption encoder for the queries are stored in the API.
463class LogRemoteEncoder:
464    STRONG_DM = "strongdm"
465    PUB_KEY = "pubkey"
466    HASH = "hash"
467
468
469# LogLocalStorage defines how queries are stored locally.
470class LogLocalStorage:
471    STDOUT = "stdout"
472    FILE = "file"
473    TCP = "tcp"
474    SOCKET = "socket"
475    SYSLOG = "syslog"
476    NONE = "none"
477
478
479# LogLocalEncoder defines the encryption encoder for queries are stored locally in the relay.
480class LogLocalEncoder:
481    PLAINTEXT = "plaintext"
482    PUB_KEY = "pubkey"
483
484
485# LogLocalFormat defines the format the queries are stored locally in the relay.
486class LogLocalFormat:
487    CSV = "csv"
488    JSON = "json"
489
490
491# OrgKind defines the types of organizations that may exist.
492class OrgKind:
493    SOLO = "solo"
494    ROOT = "root"
495    CHILD = "child"
496
497
498# KeyType defines the supported SSH key types
499class SSHKeyType:
500    RSA_2048 = "rsa-2048"
501    RSA_4096 = "rsa-4096"
502    ECDSA_256 = "ecdsa-256"
503    ECDSA_384 = "ecdsa-384"
504    ECDSA_521 = "ecdsa-521"
505    ED_25519 = "ed25519"
506
507
508# CaptureType designates what type of SSH/RDP/K8s capture we have.
509class CaptureType:
510    SHELL = "shell"
511    SCP_UPLOAD = "scp-upload"
512    SCP_DOWNLOAD = "scp-download"
513    COMMAND = "command"
514    RDP_BASIC = "rdp-basic"
515    RDP_ENHANCED = "rdp-enhanced"
516    K_8_S_EXEC = "k8s-exec"
517    K_8_S_EXEC_TTY = "k8s-execTTY"
518    K_8_S_PORT_FORWARD = "k8s-portForward"
519    K_8_SCP_UPLOAD = "k8s-cp-upload"
520    K_8_SCP_DOWNLOAD = "k8s-cp-download"
521    K_8_S_DESCRIBE = "k8s-describe"
522    K_8_S_GET = "k8s-get"
523    K_8_S_DELETE = "k8s-delete"
524    K_8_S_GENERIC = "k8s-generic"
525    K_8_S_APPLY = "k8s-apply"
526    SSH_PORT_FORWARD = "ssh-portForward"
527
528
529# Providers responsible for device trust enforcement
530class DeviceTrustProvider:
531    NONE = ""
532    SENTINEL_ONE = "sentinelone"
533    CROWD_STRIKE = "crowdstrike"
534    MICROSOFT_DEFENDER = "microsoftdefender"
535    DUO = "duo"
536
537
538# APIHost defines the API host for various control planes.
539class APIHost:
540    US = "app.strongdm.com:443"
541    UK = "app.uk.strongdm.com:443"
542    EU = "app.eu.strongdm.com:443"
543
544
545# ApproverReference defines the type for approver references.
546class ApproverReference:
547    NONE = ""
548    MANAGER_OF_REQUESTER = "manager-of-requester"
549    MANAGER_OF_MANAGER_OF_REQUESTER = "manager-of-manager-of-requester"
class PermissionLevel:
20class PermissionLevel:
21    ROOT_ADMIN = "root-admin"
22    ADMIN = "admin"
23    DATABASE_ADMIN = "database-admin"
24    DATABASE_OPERATOR = "database-operator"
25    TEAM_LEADER = "multi-team-leader"
26    USER = "user"
27    AUDITOR = "auditor"
28    RELAY = "relay"
29    ADMIN_TOKEN = "admin-token"
30    SCIM_TOKEN = "scim-token"
31    SERVICE_NOW_TOKEN = "servicenow-token"
32    SERVICE = "service"
33    SUSPENDED = "suspended"
34    EMPTY = ""
PermissionLevel()
ROOT_ADMIN = 'root-admin'
ADMIN = 'admin'
DATABASE_ADMIN = 'database-admin'
DATABASE_OPERATOR = 'database-operator'
TEAM_LEADER = 'multi-team-leader'
USER = 'user'
AUDITOR = 'auditor'
RELAY = 'relay'
ADMIN_TOKEN = 'admin-token'
SCIM_TOKEN = 'scim-token'
SERVICE_NOW_TOKEN = 'servicenow-token'
SERVICE = 'service'
SUSPENDED = 'suspended'
EMPTY = ''
class NodeState:
38class NodeState:
39    NEW = "new"
40    VERIFYING_RESTART = "verifying_restart"
41    AWAITING_RESTART = "awaiting_restart"
42    RESTARTING = "restarting"
43    STARTED = "started"
44    STOPPED = "stopped"
45    DEAD = "dead"
NodeState()
NEW = 'new'
VERIFYING_RESTART = 'verifying_restart'
AWAITING_RESTART = 'awaiting_restart'
RESTARTING = 'restarting'
STARTED = 'started'
STOPPED = 'stopped'
DEAD = 'dead'
class Provider:
51class Provider:
52    NONE = ""
53    OKTA = "okta"
54    SAIL_POINT = "sailpoint"
55    AZURE = "azure"
56    GENERIC = "generic"
57    ONE_LOGIN = "onelogin"
58    GOOGLE = "google"
Provider()
NONE = ''
OKTA = 'okta'
SAIL_POINT = 'sailpoint'
AZURE = 'azure'
GENERIC = 'generic'
ONE_LOGIN = 'onelogin'
GOOGLE = 'google'
class SCIMProvider:
63class SCIMProvider:
64    NONE = ""
65    OKTA = "okta"
66    SAIL_POINT = "sailpoint"
67    AZURE = "azure"
68    GENERIC = "generic"
69    ONE_LOGIN = "onelogin"
70    GOOGLE = "google"
SCIMProvider()
NONE = ''
OKTA = 'okta'
SAIL_POINT = 'sailpoint'
AZURE = 'azure'
GENERIC = 'generic'
ONE_LOGIN = 'onelogin'
GOOGLE = 'google'
class AuthProvider:
74class AuthProvider:
75    AZURE = "azure"
76    BITIUM = "bitium"
77    GOOGLE = "google"
78    OKTA = "okta"
79    STRONG_DM = "strongdm"
80    ACTIVE_DIRECTORY = "active directory"
81    GENERIC_OIDC = "generic oidc"
82    ONE_LOGIN_OIDC = "oneloginv2"
83    KEYCLOAK = "keycloak"
84    SHIBBOLETH = "shibboleth"
85    AUTH_0 = "auth0"
86    WORKSPACE_ONE = "workspace one"
87    ONE_LOGIN_SAML = "onelogin-saml"
88    GENERIC_SAML = "generic-saml"
89    PING_IDSAML = "ping-identity-saml"
90    PING_IDOIDC = "ping-identity-oidc"
AuthProvider()
AZURE = 'azure'
BITIUM = 'bitium'
GOOGLE = 'google'
OKTA = 'okta'
STRONG_DM = 'strongdm'
ACTIVE_DIRECTORY = 'active directory'
GENERIC_OIDC = 'generic oidc'
ONE_LOGIN_OIDC = 'oneloginv2'
KEYCLOAK = 'keycloak'
SHIBBOLETH = 'shibboleth'
AUTH_0 = 'auth0'
WORKSPACE_ONE = 'workspace one'
ONE_LOGIN_SAML = 'onelogin-saml'
GENERIC_SAML = 'generic-saml'
PING_IDSAML = 'ping-identity-saml'
PING_IDOIDC = 'ping-identity-oidc'
class MFAProvider:
94class MFAProvider:
95    NONE = ""
96    DUO = "duo"
97    TOTP = "totp"
98    OKTA = "okta"
99    RSA = "rsa"
MFAProvider()
NONE = ''
DUO = 'duo'
TOTP = 'totp'
OKTA = 'okta'
RSA = 'rsa'
class ActivityEntityType:
103class ActivityEntityType:
104    USER = "user"
105    ROLE = "role"
106    LEGACY_COMPOSITE_ROLE = "composite_role"
107    DATASOURCE = "datasource"
108    ORGANIZATION = "organization"
109    INSTALLATION = "installation"
110    SECRET_STORE = "secretstore"
111    SECRET_ENGINE = "secretengine"
112    REMOTE_IDENTITY_GROUP = "remote_identity_group"
113    REMOTE_IDENTITY = "remote_identity"
114    IDENTITY_SET = "identity_set"
115    IDENTITY_ALIAS = "identity_alias"
116    ACCESS_REQUEST = "access_request"
117    WORKFLOW = "workflow"
118    APPROVAL_FLOW = "approval_flow"
119    APPROVAL_FLOW_STEP = "approval_flow_step"
120    APPROVAL_FLOW_APPROVER = "approval_flow_approver"
121    MANAGED_SECRET = "managed_secret"
122    NODE = "node"
123    PEERING_GROUP = "peering_group"
124    PEERING_GROUP_NODE = "peering_group_node"
125    PEERING_GROUP_RESOURCE = "peering_group_resource"
126    PEERING_GROUP_PEER = "peering_group_peer"
127    ORG_INTEGRATION = "org_integration"
128    CREDENTIAL = "credential"
129    CERTIFICATE_AUTHORITY = "certificate_authority"
130    POLICY = "policy"
131    PROXY_CLUSTER_KEY = "proxy_cluster_key"
ActivityEntityType()
USER = 'user'
ROLE = 'role'
LEGACY_COMPOSITE_ROLE = 'composite_role'
DATASOURCE = 'datasource'
ORGANIZATION = 'organization'
INSTALLATION = 'installation'
SECRET_STORE = 'secretstore'
SECRET_ENGINE = 'secretengine'
REMOTE_IDENTITY_GROUP = 'remote_identity_group'
REMOTE_IDENTITY = 'remote_identity'
IDENTITY_SET = 'identity_set'
IDENTITY_ALIAS = 'identity_alias'
ACCESS_REQUEST = 'access_request'
WORKFLOW = 'workflow'
APPROVAL_FLOW = 'approval_flow'
APPROVAL_FLOW_STEP = 'approval_flow_step'
APPROVAL_FLOW_APPROVER = 'approval_flow_approver'
MANAGED_SECRET = 'managed_secret'
NODE = 'node'
PEERING_GROUP = 'peering_group'
PEERING_GROUP_NODE = 'peering_group_node'
PEERING_GROUP_RESOURCE = 'peering_group_resource'
PEERING_GROUP_PEER = 'peering_group_peer'
ORG_INTEGRATION = 'org_integration'
CREDENTIAL = 'credential'
CERTIFICATE_AUTHORITY = 'certificate_authority'
POLICY = 'policy'
PROXY_CLUSTER_KEY = 'proxy_cluster_key'
class ActivityVerb:
135class ActivityVerb:
136    USER_ADDED = "user added"
137    USER_DELETED = "user deleted"
138    USER_UPDATED = "user updated"
139    USER_SIGNUP = "user signup"
140    USER_TYPE_CHANGED = "user type changed"
141    USER_PASSWORD_CHANGED = "user password changed"
142    USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted"
143    USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked"
144    USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired"
145    USER_ADDED_TO_ROLE = "user added to role"
146    USER_DELETED_FROM_ROLE = "user deleted from role"
147    USER_SUSPENDED = "user suspended"
148    USER_REINSTATED = "user reinstated"
149    USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI"
150    PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org"
151    USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client"
152    SERVICE_ACCOUNT_CREATED = "service account created"
153    SERVICE_ACCOUNT_EXPIRED = "service account expired"
154    ADMIN_TOKEN_ADDED = "admin token created"
155    ADMIN_TOKEN_DELETED = "admin token deleted"
156    ADMIN_TOKEN_EXPIRED = "admin token expired"
157    ADMIN_TOKEN_REKEYED = "admin token rekeyed"
158    ADMIN_TOKEN_CLONED = "admin token cloned"
159    ADMIN_TOKEN_SUSPENDED = "admin token suspended"
160    ADMIN_TOKEN_REINSTATED = "admin token reinstated"
161    SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO"
162    SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO"
163    USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client"
164    USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI"
165    FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI"
166    FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client"
167    MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI"
168    MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client"
169    TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts"
170    ATTEMPT_COUNTER_RESET = "failed login attempt counter reset"
171    SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client"
172    SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI"
173    SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI"
174    SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI"
175    SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client"
176    USER_SET_A_PASSWORD = "user set a password"
177    USER_RESET_A_PASSWORD = "user reset their password"
178    USER_CHANGED_PASSWORD = "user changed their password"
179    USER_INVITED = "user invited"
180    USER_CLICKED_INVITATION = "user clicked on their invitation"
181    USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset"
182    USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password"
183    USER_REQUIRE_SSO_LOGIN = "user required to login via SSO"
184    USER_PROVISIONING_ENABLED = "user provisioning enabled"
185    USER_PROVISIONING_DISABLED = "user provisioning disabled"
186    ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset"
187    ROLE_ADDED = "role added"
188    ROLE_DELETED = "role deleted"
189    ROLE_UPDATED = "role updated"
190    ROLE_ACCESS_RULES_UPDATED = "access rules updated"
191    ROLE_ACCESS_RULES_CREATED = "access rules created"
192    ROLE_ACCESS_RULES_DELETED = "access rules deleted"
193    ROLE_PROVISIONING_ENABLED = "role provisioning enabled"
194    ROLE_PROVISIONING_DISABLED = "role provisioning disabled"
195    DATASOURCE_ADDED = "datasource added"
196    DATASOURCE_CLONED = "datasource cloned"
197    DATASOURCE_DELETED = "datasource deleted"
198    DATASOURCE_UPDATED = "datasource updated"
199    DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden"
200    MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden"
201    SERVER_ADDED = "server added"
202    SERVER_CLONED = "server cloned"
203    SERVER_DELETED = "server deleted"
204    SERVER_UPDATED = "server updated"
205    SERVER_PORT_OVERRIDE = "server connection port overriden"
206    MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden"
207    CLUSTER_ADDED = "cluster added"
208    CLUSTER_CLONED = "cluster cloned"
209    CLUSTER_DELETED = "cluster deleted"
210    CLUSTER_UPDATED = "cluster updated"
211    CLUSTER_PORT_OVERRIDE = "cluster connection port overriden"
212    MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden"
213    CLOUD_ADDED = "cloud added"
214    CLOUD_CLONED = "cloud cloned"
215    CLOUD_DELETED = "cloud deleted"
216    CLOUD_UPDATED = "cloud updated"
217    WEBSITE_ADDED = "website added"
218    WEBSITE_CLONED = "website cloned"
219    WEBSITE_DELETED = "website deleted"
220    WEBSITE_UPDATED = "website updated"
221    INSTALLATION_CREATED = "installation created"
222    RELAY_INSTALLATION_CREATED = "installation created for relay"
223    INSTALLATION_APPROVED = "installation approved"
224    INSTALLATION_REVOKED = "installation revoked"
225    RELAY_CREATED = "relay created"
226    RELAY_UPDATED_NAME = "relay name updated"
227    RELAY_DELETED = "relay deleted"
228    ORG_PUBLIC_KEY_UPDATED = "public key updated"
229    ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated"
230    ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated"
231    ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated"
232    ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated"
233    ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated"
234    ORG_NAME_UPDATED = "organization name updated"
235    ORG_SETTING_UPDATED = "organization setting updated"
236    ORG_LOG_CONFIG_UPDATED = "organization logging configuration updated"
237    ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated"
238    ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated"
239    ORG_CREATED = "organization created"
240    ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set"
241    ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted"
242    ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set"
243    ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted"
244    CHILD_ORG_ADMIN_INVITED = "child organization admin invited"
245    SERVICE_ACCOUNT_REKEYED = "service account rekeyed"
246    SCIM_TOKEN_ADDED = "SCIM token created"
247    SCIM_TOKEN_DELETED = "SCIM token deleted"
248    SCIM_TOKEN_REKEYED = "SCIM token rekeyed"
249    API_KEY_DELETED = "API key deleted"
250    ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated"
251    ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding"
252    ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding"
253    ORG_ADD_CHILD = "add child organization"
254    ORG_REMOVE_CHILD = "remove child organization"
255    ORG_EXTEND_TRIAL = "trial extended"
256    SECRET_STORE_ADDED = "secret store added"
257    SECRET_STORE_UPDATED = "secret store updated"
258    SECRET_STORE_DELETED = "secret store deleted"
259    SECRET_ENGINE_ADDED = "secret engine added"
260    SECRET_ENGINE_UPDATED = "secret engine updated"
261    SECRET_ENGINE_ROTATED = "secret engine's credentials updated"
262    SECRET_ENGINE_DELETED = "secret engine deleted"
263    REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created"
264    REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated"
265    REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted"
266    IDENTITY_SET_CREATED = "identity set created"
267    IDENTITY_SET_UPDATED = "identity set updated"
268    IDENTITY_SET_DELETED = "identity set deleted"
269    IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled"
270    IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled"
271    REMOTE_IDENTITY_CREATED = "remote identity created"
272    REMOTE_IDENTITY_UPDATED = "remote identity updated"
273    REMOTE_IDENTITY_DELETED = "remote identity deleted"
274    IDENTITY_ALIAS_CREATED = "identity alias created"
275    IDENTITY_ALIAS_UPDATED = "identity alias updated"
276    IDENTITY_ALIAS_DELETED = "identity alias deleted"
277    IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled"
278    IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled"
279    ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource"
280    ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added"
281    ACCESS_REQUEST_TO_RESOURCE_STEP_SKIPPED = "access request to resource step skipped"
282    ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled"
283    ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied"
284    ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out"
285    ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted"
286    ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically"
287    ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = "access request to resource approved via ServiceNow"
288    ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = "access request to resource approved via Jira"
289    WORKFLOW_DELETED = "workflow deleted"
290    WORKFLOW_ADDED = "workflow added"
291    DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow"
292    DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow"
293    DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow"
294    DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow"
295    DEPRECATED_WORKFLOW_APPROVERS_UPDATED = "workflow approvers updated"
296    DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = "workflow auto grant updated"
297    DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = "workflow approval criteria updated"
298    WORKFLOW_ROLES_UPDATED = "workflow roles updated"
299    WORKFLOW_NAME_UPDATED = "workflow name updated"
300    WORKFLOW_DESCRIPTION_UPDATED = "workflow description updated"
301    WORKFLOW_REQUIRES_REASON_UPDATED = "workflow requires reason updated"
302    WORKFLOW_SETTINGS_UPDATED = "workflow settings updated"
303    WORKFLOW_ACCESS_RULES_UPDATED = "workflow access rules updated"
304    WORKFLOW_ACCESS_RULES_DELETED = "workflow access rules deleted"
305    WORKFLOW_ACCESS_RULES_CREATED = "workflow access rules created"
306    WORKFLOW_ENABLED = "workflow enabled"
307    WORKFLOW_DISABLED = "workflow disabled"
308    APPROVAL_FLOW_ADDED = "approval workflow added"
309    APPROVAL_FLOW_DELETED = "approval workflow deleted"
310    APPROVAL_FLOW_UPDATED = "approval workflow updated"
311    APPROVAL_FLOW_STEP_ADDED = "approval workflow step added"
312    APPROVAL_FLOW_STEP_DELETED = "approval workflow step deleted"
313    APPROVAL_FLOW_STEP_UPDATED = "approval workflow step updated"
314    APPROVAL_FLOW_APPROVER_ADDED = "approval workflow approver added"
315    APPROVAL_FLOW_APPROVER_DELETED = "approval workflow approver deleted"
316    ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated"
317    ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet"
318    DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval"
319    DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval"
320    EMULATION_MIGRATION_COMPLETED = "emulation migration completed"
321    ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed"
322    ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers"
323    TOTP_ENROLLMENT_ADDED = "user enrolled a totp device"
324    TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment"
325    SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI"
326    RESOURCE_LOCKED = "user locked a resource"
327    RESOURCE_UNLOCKED = "user unlocked a resource"
328    RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource"
329    CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings"
330    PEERING_GROUP_TOGGLED = "peering group toggled"
331    PEERING_GROUP_CREATED = "peering group created"
332    PEERING_GROUP_DELETED = "peering group deleted"
333    PEERING_GROUP_LINKED = "peering groups linked"
334    PEERING_GROUP_UNLINKED = "peering groups unlinked"
335    PEERING_GROUP_ATTACHED = "entity attached to peering group"
336    PEERING_GROUP_DETACHED = "entity detached from peering group"
337    ORG_INTEGRATION_INSTALLED = "org integration installed"
338    USER_INTEGRATION_AUTHORIZED = "user authorized integration"
339    ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled"
340    USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration"
341    SERVICE_NOW_TOKEN_ADDED = "ServiceNow token created"
342    SERVICE_NOW_TOKEN_DELETED = "ServiceNow token deleted"
343    CREDENTIAL_CREATED = "credential created"
344    CREDENTIAL_DELETED = "credential deleted"
345    CERTIFICATE_AUTHORITY_UPDATED = "certificate authority updated"
346    POLICY_CREATED = "policy created"
347    POLICY_UPDATED = "policy updated"
348    POLICY_DELETED = "policy deleted"
349    AUTHENTICATION_REVOKED_BY_POLICY = "authentication revoked by policy"
350    PROXY_CLUSTER_KEY_CREATED = "proxy cluster key created"
351    PROXY_CLUSTER_KEY_DELETED = "proxy cluster key deleted"
352    MANAGED_SECRET_CREATED = "managed secret created"
353    MANAGED_SECRET_UPDATED = "managed secret updated"
354    MANAGED_SECRET_EXPIRATION_TIME_UPDATED = "managed secret expiration time updated"
355    MANAGED_SECRET_CONFIG_UPDATED = "managed secret config updated"
356    MANAGED_SECRET_DELETED = "managed secret deleted"
ActivityVerb()
USER_ADDED = 'user added'
USER_DELETED = 'user deleted'
USER_UPDATED = 'user updated'
USER_SIGNUP = 'user signup'
USER_TYPE_CHANGED = 'user type changed'
USER_PASSWORD_CHANGED = 'user password changed'
USER_TEMPORARY_ACCESS_GRANTED = 'user temporary access granted'
USER_TEMPORARY_ACCESS_REVOKED = 'user temporary access revoked'
USER_TEMPORARY_ACCESS_EXPIRED = 'user temporary access expired'
USER_ADDED_TO_ROLE = 'user added to role'
USER_DELETED_FROM_ROLE = 'user deleted from role'
USER_SUSPENDED = 'user suspended'
USER_REINSTATED = 'user reinstated'
USER_LOGGED_INTO_THE_UI = 'user logged into the Admin UI'
PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = 'parent admin logged into the child org'
USER_LOGGED_INTO_THE_CLIENT = 'user logged into the local client'
SERVICE_ACCOUNT_CREATED = 'service account created'
SERVICE_ACCOUNT_EXPIRED = 'service account expired'
ADMIN_TOKEN_ADDED = 'admin token created'
ADMIN_TOKEN_DELETED = 'admin token deleted'
ADMIN_TOKEN_EXPIRED = 'admin token expired'
ADMIN_TOKEN_REKEYED = 'admin token rekeyed'
ADMIN_TOKEN_CLONED = 'admin token cloned'
ADMIN_TOKEN_SUSPENDED = 'admin token suspended'
ADMIN_TOKEN_REINSTATED = 'admin token reinstated'
SSO_USER_LOGGED_INTO_THE_UI = 'user logged into the Admin UI using SSO'
SSO_USER_LOGGED_INTO_THE_CLIENT = 'user logged into the local client using SSO'
USER_LOGGED_OUT_FROM_THE_CLIENT = 'user logged out from the local client'
USER_LOGGED_OUT_FROM_THE_UI = 'user logged out from the Admin UI'
FAILED_LOGIN_FROM_THE_UI = 'failed login attempt from the Admin UI'
FAILED_LOGIN_FROM_THE_CLIENT = 'failed login attempt from the local client'
MFA_DENIED_FROM_THE_UI = 'MFA denied access for the Admin UI'
MFA_DENIED_FROM_THE_CLIENT = 'MFA denied access for the local client'
TOO_MANY_ATTEMPTS_LOCKOUT = 'user account locked due to failed login attempts'
ATTEMPT_COUNTER_RESET = 'failed login attempt counter reset'
SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended user from the local client'
SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = 'attempt to login by a suspended user from the Admin UI'
SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a suspended service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended service account from the local client'
USER_SET_A_PASSWORD = 'user set a password'
USER_RESET_A_PASSWORD = 'user reset their password'
USER_CHANGED_PASSWORD = 'user changed their password'
USER_INVITED = 'user invited'
USER_CLICKED_INVITATION = 'user clicked on their invitation'
USER_CLICKED_PASSWORD_RESET = 'user clicked on their password reset'
USER_ALLOW_PASSWORD_LOGIN = 'user allowed to login via password'
USER_REQUIRE_SSO_LOGIN = 'user required to login via SSO'
USER_PROVISIONING_ENABLED = 'user provisioning enabled'
USER_PROVISIONING_DISABLED = 'user provisioning disabled'
ADMIN_INITIATED_PASSWORD_RESET = 'admin initiated password reset'
ROLE_ADDED = 'role added'
ROLE_DELETED = 'role deleted'
ROLE_UPDATED = 'role updated'
ROLE_ACCESS_RULES_UPDATED = 'access rules updated'
ROLE_ACCESS_RULES_CREATED = 'access rules created'
ROLE_ACCESS_RULES_DELETED = 'access rules deleted'
ROLE_PROVISIONING_ENABLED = 'role provisioning enabled'
ROLE_PROVISIONING_DISABLED = 'role provisioning disabled'
DATASOURCE_ADDED = 'datasource added'
DATASOURCE_CLONED = 'datasource cloned'
DATASOURCE_DELETED = 'datasource deleted'
DATASOURCE_UPDATED = 'datasource updated'
DATASOURCE_PORT_OVERRIDE = 'datasource connection port overriden'
MULTIPLE_DATASOURCE_PORT_OVERRIDE = 'multiple datasource ports overriden'
SERVER_ADDED = 'server added'
SERVER_CLONED = 'server cloned'
SERVER_DELETED = 'server deleted'
SERVER_UPDATED = 'server updated'
SERVER_PORT_OVERRIDE = 'server connection port overriden'
MULTIPLE_SERVER_PORT_OVERRIDE = 'multiple server ports overriden'
CLUSTER_ADDED = 'cluster added'
CLUSTER_CLONED = 'cluster cloned'
CLUSTER_DELETED = 'cluster deleted'
CLUSTER_UPDATED = 'cluster updated'
CLUSTER_PORT_OVERRIDE = 'cluster connection port overriden'
MULTIPLE_CLUSTER_PORT_OVERRIDE = 'multiple cluster ports overriden'
CLOUD_ADDED = 'cloud added'
CLOUD_CLONED = 'cloud cloned'
CLOUD_DELETED = 'cloud deleted'
CLOUD_UPDATED = 'cloud updated'
WEBSITE_ADDED = 'website added'
WEBSITE_CLONED = 'website cloned'
WEBSITE_DELETED = 'website deleted'
WEBSITE_UPDATED = 'website updated'
INSTALLATION_CREATED = 'installation created'
RELAY_INSTALLATION_CREATED = 'installation created for relay'
INSTALLATION_APPROVED = 'installation approved'
INSTALLATION_REVOKED = 'installation revoked'
RELAY_CREATED = 'relay created'
RELAY_UPDATED_NAME = 'relay name updated'
RELAY_DELETED = 'relay deleted'
ORG_PUBLIC_KEY_UPDATED = 'public key updated'
ORG_DISCARD_REPLAYS_UPDATED = 'discard replays updated'
ORG_ENFORCE_PORT_OVERRIDES_UPDATED = 'port override enforcement updated'
ORG_SERVICE_AUTO_CONNECT_UPDATED = 'service account auto-connect updated'
ORG_SELF_REGISTRATION_ACTIVATED = 'self-registration activated'
ORG_SELF_REGISTRATION_DEACTIVATED = 'self-registration deactivated'
ORG_NAME_UPDATED = 'organization name updated'
ORG_SETTING_UPDATED = 'organization setting updated'
ORG_LOG_CONFIG_UPDATED = 'organization logging configuration updated'
ORG_LOG_SYNC_SETTING_UPDATED = 'organization log stream setting updated'
ORG_WORKFLOW_SETTING_UPDATED = 'organization workflow setting updated'
ORG_CREATED = 'organization created'
ORG_SCIM_PROVISIONING_UPDATED = 'SCIM provider set'
ORG_SCIM_PROVISIONING_DELETED = 'SCIM provider deleted'
ORG_CUSTOM_PROVISIONING_UPDATED = 'Provisioning provider set'
ORG_CUSTOM_PROVISIONING_DELETED = 'Provisioning provider deleted'
CHILD_ORG_ADMIN_INVITED = 'child organization admin invited'
SERVICE_ACCOUNT_REKEYED = 'service account rekeyed'
SCIM_TOKEN_ADDED = 'SCIM token created'
SCIM_TOKEN_DELETED = 'SCIM token deleted'
SCIM_TOKEN_REKEYED = 'SCIM token rekeyed'
API_KEY_DELETED = 'API key deleted'
ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = 'organization SSH certificate authority rotated'
ORG_SSH_ALLOW_PORT_FORWARDING = 'allowed SSH port forwarding'
ORG_SSH_DISALLOW_PORT_FORWARDING = 'disallowed SSH port forwarding'
ORG_ADD_CHILD = 'add child organization'
ORG_REMOVE_CHILD = 'remove child organization'
ORG_EXTEND_TRIAL = 'trial extended'
SECRET_STORE_ADDED = 'secret store added'
SECRET_STORE_UPDATED = 'secret store updated'
SECRET_STORE_DELETED = 'secret store deleted'
SECRET_ENGINE_ADDED = 'secret engine added'
SECRET_ENGINE_UPDATED = 'secret engine updated'
SECRET_ENGINE_ROTATED = "secret engine's credentials updated"
SECRET_ENGINE_DELETED = 'secret engine deleted'
REMOTE_IDENTITY_GROUP_CREATED = 'remote identity group created'
REMOTE_IDENTITY_GROUP_UPDATED = 'remote identity group updated'
REMOTE_IDENTITY_GROUP_DELETED = 'remote identity group deleted'
IDENTITY_SET_CREATED = 'identity set created'
IDENTITY_SET_UPDATED = 'identity set updated'
IDENTITY_SET_DELETED = 'identity set deleted'
IDENTITY_SET_PROVISIONING_ENABLED = 'identity set provisioning enabled'
IDENTITY_SET_PROVISIONING_DISABLED = 'identity set provisioning disabled'
REMOTE_IDENTITY_CREATED = 'remote identity created'
REMOTE_IDENTITY_UPDATED = 'remote identity updated'
REMOTE_IDENTITY_DELETED = 'remote identity deleted'
IDENTITY_ALIAS_CREATED = 'identity alias created'
IDENTITY_ALIAS_UPDATED = 'identity alias updated'
IDENTITY_ALIAS_DELETED = 'identity alias deleted'
IDENTITY_ALIAS_PROVISIONING_ENABLED = 'identity alias provisioning enabled'
IDENTITY_ALIAS_PROVISIONING_DISABLED = 'identity alias provisioning disabled'
ACCESS_REQUESTED_TO_RESOURCE = 'access requested to resource'
ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = 'access request to resource approval added'
ACCESS_REQUEST_TO_RESOURCE_STEP_SKIPPED = 'access request to resource step skipped'
ACCESS_REQUEST_TO_RESOURCE_CANCELED = 'access request to resource canceled'
ACCESS_REQUEST_TO_RESOURCE_DENIED = 'access request to resource denied'
ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = 'access request to resource timed out'
ACCESS_REQUEST_TO_RESOURCE_GRANTED = 'access request to resource granted'
ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = 'access request to resource granted automatically'
ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = 'access request to resource approved via ServiceNow'
ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = 'access request to resource approved via Jira'
WORKFLOW_DELETED = 'workflow deleted'
WORKFLOW_ADDED = 'workflow added'
DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = 'resource assigned to workflow'
DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = 'resource unassigned from workflow'
DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = 'multiple resources assigned to workflow'
DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = 'multiple resources unassigned from workflow'
DEPRECATED_WORKFLOW_APPROVERS_UPDATED = 'workflow approvers updated'
DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = 'workflow auto grant updated'
DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = 'workflow approval criteria updated'
WORKFLOW_ROLES_UPDATED = 'workflow roles updated'
WORKFLOW_NAME_UPDATED = 'workflow name updated'
WORKFLOW_DESCRIPTION_UPDATED = 'workflow description updated'
WORKFLOW_REQUIRES_REASON_UPDATED = 'workflow requires reason updated'
WORKFLOW_SETTINGS_UPDATED = 'workflow settings updated'
WORKFLOW_ACCESS_RULES_UPDATED = 'workflow access rules updated'
WORKFLOW_ACCESS_RULES_DELETED = 'workflow access rules deleted'
WORKFLOW_ACCESS_RULES_CREATED = 'workflow access rules created'
WORKFLOW_ENABLED = 'workflow enabled'
WORKFLOW_DISABLED = 'workflow disabled'
APPROVAL_FLOW_ADDED = 'approval workflow added'
APPROVAL_FLOW_DELETED = 'approval workflow deleted'
APPROVAL_FLOW_UPDATED = 'approval workflow updated'
APPROVAL_FLOW_STEP_ADDED = 'approval workflow step added'
APPROVAL_FLOW_STEP_DELETED = 'approval workflow step deleted'
APPROVAL_FLOW_STEP_UPDATED = 'approval workflow step updated'
APPROVAL_FLOW_APPROVER_ADDED = 'approval workflow approver added'
APPROVAL_FLOW_APPROVER_DELETED = 'approval workflow approver deleted'
ORG_VNM_SUBNET_UPDATED = 'organization VNM subnet updated'
ORG_VNM_RESOURCES_ALLOCATED = 'organization resources allocated within VNM subnet'
DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = 'activate device approval'
DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = 'deactivate device approval'
EMULATION_MIGRATION_COMPLETED = 'emulation migration completed'
ACCESS_OVERHAUL_MIGRATION_COMPLETED = 'access overhaul migration completed'
ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = 'enabled SSH port forwarding on all servers'
TOTP_ENROLLMENT_ADDED = 'user enrolled a totp device'
TOTP_ENROLLMENT_DELETED = 'user reset their totp enrollment'
SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = 'attempt to enroll by a suspended user from the Admin UI'
RESOURCE_LOCKED = 'user locked a resource'
RESOURCE_UNLOCKED = 'user unlocked a resource'
RESOURCE_FORCE_UNLOCKED = 'admin force-unlocked a resource'
CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = 'concurrent authentications revoked per organization settings'
PEERING_GROUP_TOGGLED = 'peering group toggled'
PEERING_GROUP_CREATED = 'peering group created'
PEERING_GROUP_DELETED = 'peering group deleted'
PEERING_GROUP_LINKED = 'peering groups linked'
PEERING_GROUP_UNLINKED = 'peering groups unlinked'
PEERING_GROUP_ATTACHED = 'entity attached to peering group'
PEERING_GROUP_DETACHED = 'entity detached from peering group'
ORG_INTEGRATION_INSTALLED = 'org integration installed'
USER_INTEGRATION_AUTHORIZED = 'user authorized integration'
ORG_INTEGRATION_UNINSTALLED = 'org integration uninstalled'
USER_INTEGRATION_DEAUTHORIZED = 'user deauthorized integration'
SERVICE_NOW_TOKEN_ADDED = 'ServiceNow token created'
SERVICE_NOW_TOKEN_DELETED = 'ServiceNow token deleted'
CREDENTIAL_CREATED = 'credential created'
CREDENTIAL_DELETED = 'credential deleted'
CERTIFICATE_AUTHORITY_UPDATED = 'certificate authority updated'
POLICY_CREATED = 'policy created'
POLICY_UPDATED = 'policy updated'
POLICY_DELETED = 'policy deleted'
AUTHENTICATION_REVOKED_BY_POLICY = 'authentication revoked by policy'
PROXY_CLUSTER_KEY_CREATED = 'proxy cluster key created'
PROXY_CLUSTER_KEY_DELETED = 'proxy cluster key deleted'
MANAGED_SECRET_CREATED = 'managed secret created'
MANAGED_SECRET_UPDATED = 'managed secret updated'
MANAGED_SECRET_EXPIRATION_TIME_UPDATED = 'managed secret expiration time updated'
MANAGED_SECRET_CONFIG_UPDATED = 'managed secret config updated'
MANAGED_SECRET_DELETED = 'managed secret deleted'
class Permission:
360class Permission:
361    RELAY_LIST = "relay:list"
362    RELAY_CREATE = "relay:create"
363    DATASOURCE_LIST = "datasource:list"
364    DATASOURCE_CREATE = "datasource:create"
365    DATASOURCE_HEALTHCHECK = "datasource:healthcheck"
366    DEPRECATED_DATASOURCE_GRANT = "datasource:grant"
367    DATASOURCE_DELETE = "datasource:delete"
368    DATASOURCE_UPDATE = "datasource:update"
369    RESOURCE_LOCK_DELETE = "resourcelock:delete"
370    RESOURCE_LOCK_LIST = "resourcelock:list"
371    SECRET_ENGINE_CREATE = "secretengine:create"
372    SECRET_ENGINE_LIST = "secretengine:list"
373    SECRET_ENGINE_DELETE = "secretengine:delete"
374    SECRET_ENGINE_UPDATE = "secretengine:update"
375    SECRET_ENGINE_STATUS = "secretengine:status"
376    SECRET_STORE_CREATE = "secretstore:create"
377    SECRET_STORE_LIST = "secretstore:list"
378    SECRET_STORE_DELETE = "secretstore:delete"
379    SECRET_STORE_UPDATE = "secretstore:update"
380    SECRET_STORE_STATUS = "secretstore:status"
381    REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write"
382    REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read"
383    REMOTE_IDENTITY_WRITE = "remoteidentity:write"
384    REMOTE_IDENTITY_READ = "remoteidentity:read"
385    USER_CREATE = "user:create"
386    USER_LIST = "user:list"
387    USER_UPDATE_ADMIN = "user:update_admin"
388    USER_CREATE_ADMIN_TOKEN = "user:create_admin_token"
389    USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account"
390    USER_SET_PERMISSION_LEVEL = "user:set_strong_role"
391    USER_UPDATE = "user:update"
392    USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset"
393    USER_DELETE = "user:delete"
394    USER_ASSIGN = "user:assign"
395    USER_SUSPEND = "user:suspend"
396    USER_SET_PASSWORD = "user:set_password"
397    ROLE_LIST = "role:list"
398    ROLE_CREATE = "role:create"
399    ROLE_DELETE = "role:delete"
400    ROLE_UPDATE = "role:update"
401    ORG_VIEW_SETTINGS = "organization:view_settings"
402    ORG_EDIT_SETTINGS = "organization:edit_settings"
403    ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor"
404    ORG_LIST_CHILDREN = "organization:list_children"
405    ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization"
406    ORG_AUDIT_USERS = "audit:users"
407    ORG_AUDIT_ROLES = "audit:roles"
408    ORG_AUDIT_DATASOURCES = "audit:datasources"
409    ORG_AUDIT_NODES = "audit:nodes"
410    ORG_AUDIT_PERMISSIONS = "audit:permissions"
411    ORG_AUDIT_QUERIES = "audit:queries"
412    ORG_AUDIT_ACTIVITIES = "audit:activities"
413    ORG_AUDIT_SSH = "audit:ssh"
414    ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants"
415    ORG_AUDIT_ORG = "audit:organization"
416    ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities"
417    ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups"
418    ORG_AUDIT_SECRET_ENGINES = "audit:secretengines"
419    ORG_AUDIT_SECRET_STORES = "audit:secretstores"
420    ORG_AUDIT_WORKFLOWS = "audit:workflows"
421    ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows"
422    ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests"
423    ORG_AUDIT_POLICIES = "audit:policies"
424    WORKFLOW_LIST = "workflow:list"
425    WORKFLOW_EDIT = "workflow:edit"
426    ACCESS_REQUEST_LIST = "accessrequest:list"
427    ACCESS_REQUEST_REQUESTER = "accessrequest:requester"
428    APPROVAL_FLOW_EDIT = "approvalflow:edit"
429    APPROVAL_FLOW_LIST = "approvalflow:list"
430    INSTALLATION_BLESS = "installation:bless"
431    INSTALLATION_CREATE = "installation:create"
432    INSTALLATION_REVOKE = "installation:revoke"
433    TESTING_ORG_CREATE = "testing:organization:create"
434    TESTING_ORG_DELETE = "testing:organization:delete"
435    TESTING_NO_PERMISSIONS = "testing:noperms"
436    TESTING_FETCH_QUERIES = "testing:queries:get"
437    GRANT_READ = "grant:read"
438    GRANT_WRITE = "grant:write"
439    REPORT_READ = "report:read"
440    BILLING_READ = "billing:read"
441    CREDENTIAL_READ = "credential:read"
442    CREDENTIAL_WRITE = "credential:write"
443    POLICY_READ = "policy:read"
444    POLICY_WRITE = "policy:write"
445    MANAGED_SECRET_CREATE = "managedsecret:create"
446    MANAGED_SECRET_LIST = "managedsecret:list"
447    MANAGED_SECRET_DELETE = "managedsecret:delete"
448    MANAGED_SECRET_UPDATE = "managedsecret:update"
449    MANAGED_SECRET_READ = "managedsecret:read"
Permission()
RELAY_LIST = 'relay:list'
RELAY_CREATE = 'relay:create'
DATASOURCE_LIST = 'datasource:list'
DATASOURCE_CREATE = 'datasource:create'
DATASOURCE_HEALTHCHECK = 'datasource:healthcheck'
DEPRECATED_DATASOURCE_GRANT = 'datasource:grant'
DATASOURCE_DELETE = 'datasource:delete'
DATASOURCE_UPDATE = 'datasource:update'
RESOURCE_LOCK_DELETE = 'resourcelock:delete'
RESOURCE_LOCK_LIST = 'resourcelock:list'
SECRET_ENGINE_CREATE = 'secretengine:create'
SECRET_ENGINE_LIST = 'secretengine:list'
SECRET_ENGINE_DELETE = 'secretengine:delete'
SECRET_ENGINE_UPDATE = 'secretengine:update'
SECRET_ENGINE_STATUS = 'secretengine:status'
SECRET_STORE_CREATE = 'secretstore:create'
SECRET_STORE_LIST = 'secretstore:list'
SECRET_STORE_DELETE = 'secretstore:delete'
SECRET_STORE_UPDATE = 'secretstore:update'
SECRET_STORE_STATUS = 'secretstore:status'
REMOTE_IDENTITY_GROUP_WRITE = 'remoteidentitygroup:write'
REMOTE_IDENTITY_GROUP_READ = 'remoteidentitygroup:read'
REMOTE_IDENTITY_WRITE = 'remoteidentity:write'
REMOTE_IDENTITY_READ = 'remoteidentity:read'
USER_CREATE = 'user:create'
USER_LIST = 'user:list'
USER_UPDATE_ADMIN = 'user:update_admin'
USER_CREATE_ADMIN_TOKEN = 'user:create_admin_token'
USER_CREATE_SERVICE_ACCOUNT = 'user:create_service_account'
USER_SET_PERMISSION_LEVEL = 'user:set_strong_role'
USER_UPDATE = 'user:update'
USER_INITIATE_PASSWORD_RESET = 'user:initiate_password_reset'
USER_DELETE = 'user:delete'
USER_ASSIGN = 'user:assign'
USER_SUSPEND = 'user:suspend'
USER_SET_PASSWORD = 'user:set_password'
ROLE_LIST = 'role:list'
ROLE_CREATE = 'role:create'
ROLE_DELETE = 'role:delete'
ROLE_UPDATE = 'role:update'
ORG_VIEW_SETTINGS = 'organization:view_settings'
ORG_EDIT_SETTINGS = 'organization:edit_settings'
ORG_DEPLOYMENT_DOCTOR = 'organization:deployment_doctor'
ORG_LIST_CHILDREN = 'organization:list_children'
ORG_CREATE_CHILD_ORGANIZATION = 'organization:create_child_organization'
ORG_AUDIT_USERS = 'audit:users'
ORG_AUDIT_ROLES = 'audit:roles'
ORG_AUDIT_DATASOURCES = 'audit:datasources'
ORG_AUDIT_NODES = 'audit:nodes'
ORG_AUDIT_PERMISSIONS = 'audit:permissions'
ORG_AUDIT_QUERIES = 'audit:queries'
ORG_AUDIT_ACTIVITIES = 'audit:activities'
ORG_AUDIT_SSH = 'audit:ssh'
ORG_AUDIT_ACCOUNT_GRANTS = 'audit:accountgrants'
ORG_AUDIT_ORG = 'audit:organization'
ORG_AUDIT_REMOTE_IDENTITIES = 'audit:remoteidentities'
ORG_AUDIT_REMOTE_IDENTITY_GROUPS = 'audit:remoteidentitygroups'
ORG_AUDIT_SECRET_ENGINES = 'audit:secretengines'
ORG_AUDIT_SECRET_STORES = 'audit:secretstores'
ORG_AUDIT_WORKFLOWS = 'audit:workflows'
ORG_AUDIT_APPROVAL_FLOWS = 'audit:approvalflows'
ORG_AUDIT_ACCESS_REQUESTS = 'audit:accessrequests'
ORG_AUDIT_POLICIES = 'audit:policies'
WORKFLOW_LIST = 'workflow:list'
WORKFLOW_EDIT = 'workflow:edit'
ACCESS_REQUEST_LIST = 'accessrequest:list'
ACCESS_REQUEST_REQUESTER = 'accessrequest:requester'
APPROVAL_FLOW_EDIT = 'approvalflow:edit'
APPROVAL_FLOW_LIST = 'approvalflow:list'
INSTALLATION_BLESS = 'installation:bless'
INSTALLATION_CREATE = 'installation:create'
INSTALLATION_REVOKE = 'installation:revoke'
TESTING_ORG_CREATE = 'testing:organization:create'
TESTING_ORG_DELETE = 'testing:organization:delete'
TESTING_NO_PERMISSIONS = 'testing:noperms'
TESTING_FETCH_QUERIES = 'testing:queries:get'
GRANT_READ = 'grant:read'
GRANT_WRITE = 'grant:write'
REPORT_READ = 'report:read'
BILLING_READ = 'billing:read'
CREDENTIAL_READ = 'credential:read'
CREDENTIAL_WRITE = 'credential:write'
POLICY_READ = 'policy:read'
POLICY_WRITE = 'policy:write'
MANAGED_SECRET_CREATE = 'managedsecret:create'
MANAGED_SECRET_LIST = 'managedsecret:list'
MANAGED_SECRET_DELETE = 'managedsecret:delete'
MANAGED_SECRET_UPDATE = 'managedsecret:update'
MANAGED_SECRET_READ = 'managedsecret:read'
class QueryCategory:
453class QueryCategory:
454    KUBERNETES = "k8s"
455    DATASOURCES = "queries"
456    RDP = "rdp"
457    SSH = "ssh"
458    WEB = "web"
459    CLOUD = "cloud"
460    ALL = "all"
QueryCategory()
KUBERNETES = 'k8s'
DATASOURCES = 'queries'
RDP = 'rdp'
SSH = 'ssh'
WEB = 'web'
CLOUD = 'cloud'
ALL = 'all'
class LogRemoteEncoder:
464class LogRemoteEncoder:
465    STRONG_DM = "strongdm"
466    PUB_KEY = "pubkey"
467    HASH = "hash"
LogRemoteEncoder()
STRONG_DM = 'strongdm'
PUB_KEY = 'pubkey'
HASH = 'hash'
class LogLocalStorage:
471class LogLocalStorage:
472    STDOUT = "stdout"
473    FILE = "file"
474    TCP = "tcp"
475    SOCKET = "socket"
476    SYSLOG = "syslog"
477    NONE = "none"
LogLocalStorage()
STDOUT = 'stdout'
FILE = 'file'
TCP = 'tcp'
SOCKET = 'socket'
SYSLOG = 'syslog'
NONE = 'none'
class LogLocalEncoder:
481class LogLocalEncoder:
482    PLAINTEXT = "plaintext"
483    PUB_KEY = "pubkey"
LogLocalEncoder()
PLAINTEXT = 'plaintext'
PUB_KEY = 'pubkey'
class LogLocalFormat:
487class LogLocalFormat:
488    CSV = "csv"
489    JSON = "json"
LogLocalFormat()
CSV = 'csv'
JSON = 'json'
class OrgKind:
493class OrgKind:
494    SOLO = "solo"
495    ROOT = "root"
496    CHILD = "child"
OrgKind()
SOLO = 'solo'
ROOT = 'root'
CHILD = 'child'
class SSHKeyType:
500class SSHKeyType:
501    RSA_2048 = "rsa-2048"
502    RSA_4096 = "rsa-4096"
503    ECDSA_256 = "ecdsa-256"
504    ECDSA_384 = "ecdsa-384"
505    ECDSA_521 = "ecdsa-521"
506    ED_25519 = "ed25519"
SSHKeyType()
RSA_2048 = 'rsa-2048'
RSA_4096 = 'rsa-4096'
ECDSA_256 = 'ecdsa-256'
ECDSA_384 = 'ecdsa-384'
ECDSA_521 = 'ecdsa-521'
ED_25519 = 'ed25519'
class CaptureType:
510class CaptureType:
511    SHELL = "shell"
512    SCP_UPLOAD = "scp-upload"
513    SCP_DOWNLOAD = "scp-download"
514    COMMAND = "command"
515    RDP_BASIC = "rdp-basic"
516    RDP_ENHANCED = "rdp-enhanced"
517    K_8_S_EXEC = "k8s-exec"
518    K_8_S_EXEC_TTY = "k8s-execTTY"
519    K_8_S_PORT_FORWARD = "k8s-portForward"
520    K_8_SCP_UPLOAD = "k8s-cp-upload"
521    K_8_SCP_DOWNLOAD = "k8s-cp-download"
522    K_8_S_DESCRIBE = "k8s-describe"
523    K_8_S_GET = "k8s-get"
524    K_8_S_DELETE = "k8s-delete"
525    K_8_S_GENERIC = "k8s-generic"
526    K_8_S_APPLY = "k8s-apply"
527    SSH_PORT_FORWARD = "ssh-portForward"
CaptureType()
SHELL = 'shell'
SCP_UPLOAD = 'scp-upload'
SCP_DOWNLOAD = 'scp-download'
COMMAND = 'command'
RDP_BASIC = 'rdp-basic'
RDP_ENHANCED = 'rdp-enhanced'
K_8_S_EXEC = 'k8s-exec'
K_8_S_EXEC_TTY = 'k8s-execTTY'
K_8_S_PORT_FORWARD = 'k8s-portForward'
K_8_SCP_UPLOAD = 'k8s-cp-upload'
K_8_SCP_DOWNLOAD = 'k8s-cp-download'
K_8_S_DESCRIBE = 'k8s-describe'
K_8_S_GET = 'k8s-get'
K_8_S_DELETE = 'k8s-delete'
K_8_S_GENERIC = 'k8s-generic'
K_8_S_APPLY = 'k8s-apply'
SSH_PORT_FORWARD = 'ssh-portForward'
class DeviceTrustProvider:
531class DeviceTrustProvider:
532    NONE = ""
533    SENTINEL_ONE = "sentinelone"
534    CROWD_STRIKE = "crowdstrike"
535    MICROSOFT_DEFENDER = "microsoftdefender"
536    DUO = "duo"
DeviceTrustProvider()
NONE = ''
SENTINEL_ONE = 'sentinelone'
CROWD_STRIKE = 'crowdstrike'
MICROSOFT_DEFENDER = 'microsoftdefender'
DUO = 'duo'
class APIHost:
540class APIHost:
541    US = "app.strongdm.com:443"
542    UK = "app.uk.strongdm.com:443"
543    EU = "app.eu.strongdm.com:443"
APIHost()
US = 'app.strongdm.com:443'
UK = 'app.uk.strongdm.com:443'
EU = 'app.eu.strongdm.com:443'
class ApproverReference:
547class ApproverReference:
548    NONE = ""
549    MANAGER_OF_REQUESTER = "manager-of-requester"
550    MANAGER_OF_MANAGER_OF_REQUESTER = "manager-of-manager-of-requester"
ApproverReference()
NONE = ''
MANAGER_OF_REQUESTER = 'manager-of-requester'
MANAGER_OF_MANAGER_OF_REQUESTER = 'manager-of-manager-of-requester'