strongdm.constants
1# Copyright 2020 StrongDM Inc 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14# 15# @internal Code generated by constgen. DO NOT EDIT. 16 17 18# Permission Levels, shared by all entities capable of making authenticated requests against StrongDM. 19class PermissionLevel: 20 ROOT_ADMIN = "root-admin" 21 ADMIN = "admin" 22 DATABASE_ADMIN = "database-admin" 23 DATABASE_OPERATOR = "database-operator" 24 TEAM_LEADER = "multi-team-leader" 25 USER = "user" 26 AUDITOR = "auditor" 27 RELAY = "relay" 28 ADMIN_TOKEN = "admin-token" 29 SCIM_TOKEN = "scim-token" 30 SERVICE_NOW_TOKEN = "servicenow-token" 31 SERVICE = "service" 32 SUSPENDED = "suspended" 33 EMPTY = "" 34 35 36# Node Lifecycle States, defining whether a node was last reported online, offline, restarting, etc. 37class NodeState: 38 NEW = "new" 39 VERIFYING_RESTART = "verifying_restart" 40 AWAITING_RESTART = "awaiting_restart" 41 RESTARTING = "restarting" 42 STARTED = "started" 43 STOPPED = "stopped" 44 DEAD = "dead" 45 46 47# Providers responsible for managing roles and users. 48# None, or an empty string, implies the user is managed by strongDM. 49# Deprecated: Please use SCIMProvider instead. 50class Provider: 51 NONE = "" 52 OKTA = "okta" 53 SAIL_POINT = "sailpoint" 54 AZURE = "azure" 55 GENERIC = "generic" 56 ONE_LOGIN = "onelogin" 57 GOOGLE = "google" 58 59 60# Providers responsible for managing roles and users. 61# None, or an empty string, implies the user is managed by strongDM. 62class SCIMProvider: 63 NONE = "" 64 OKTA = "okta" 65 SAIL_POINT = "sailpoint" 66 AZURE = "azure" 67 GENERIC = "generic" 68 ONE_LOGIN = "onelogin" 69 GOOGLE = "google" 70 71 72# Providers responsible for SSO authentication. 73class AuthProvider: 74 AZURE = "azure" 75 BITIUM = "bitium" 76 GOOGLE = "google" 77 OKTA = "okta" 78 STRONG_DM = "strongdm" 79 ACTIVE_DIRECTORY = "active directory" 80 GENERIC_OIDC = "generic oidc" 81 ONE_LOGIN_OIDC = "oneloginv2" 82 KEYCLOAK = "keycloak" 83 SHIBBOLETH = "shibboleth" 84 AUTH_0 = "auth0" 85 WORKSPACE_ONE = "workspace one" 86 ONE_LOGIN_SAML = "onelogin-saml" 87 GENERIC_SAML = "generic-saml" 88 PING_IDSAML = "ping-identity-saml" 89 PING_IDOIDC = "ping-identity-oidc" 90 91 92# Providers responsible for multi-factor authentication 93class MFAProvider: 94 NONE = "" 95 DUO = "duo" 96 TOTP = "totp" 97 OKTA = "okta" 98 RSA = "rsa" 99 100 101# Activity Entities, all entity types that can be part of an activity. 102class ActivityEntityType: 103 USER = "user" 104 ROLE = "role" 105 LEGACY_COMPOSITE_ROLE = "composite_role" 106 DATASOURCE = "datasource" 107 ORGANIZATION = "organization" 108 INSTALLATION = "installation" 109 SECRET_STORE = "secretstore" 110 SECRET_ENGINE = "secretengine" 111 REMOTE_IDENTITY_GROUP = "remote_identity_group" 112 REMOTE_IDENTITY = "remote_identity" 113 IDENTITY_SET = "identity_set" 114 IDENTITY_ALIAS = "identity_alias" 115 ACCESS_REQUEST = "access_request" 116 WORKFLOW = "workflow" 117 APPROVAL_FLOW = "approval_flow" 118 APPROVAL_FLOW_STEP = "approval_flow_step" 119 APPROVAL_FLOW_APPROVER = "approval_flow_approver" 120 MANAGED_SECRET = "managed_secret" 121 NODE = "node" 122 PEERING_GROUP = "peering_group" 123 PEERING_GROUP_NODE = "peering_group_node" 124 PEERING_GROUP_RESOURCE = "peering_group_resource" 125 PEERING_GROUP_PEER = "peering_group_peer" 126 ORG_INTEGRATION = "org_integration" 127 CREDENTIAL = "credential" 128 USER_O_AUTH_TOKEN = "user_oauth_token" 129 CERTIFICATE_AUTHORITY = "certificate_authority" 130 POLICY = "policy" 131 PROXY_CLUSTER_KEY = "proxy_cluster_key" 132 TRUST_DOMAIN = "trust_domain" 133 134 135# Activity Verbs, describe which kind of activity has taken place. 136class ActivityVerb: 137 USER_ADDED = "user added" 138 USER_DELETED = "user deleted" 139 USER_UPDATED = "user updated" 140 USER_SIGNUP = "user signup" 141 USER_TYPE_CHANGED = "user type changed" 142 USER_PASSWORD_CHANGED = "user password changed" 143 USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted" 144 USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked" 145 USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired" 146 USER_ADDED_TO_ROLE = "user added to role" 147 USER_DELETED_FROM_ROLE = "user deleted from role" 148 USER_SUSPENDED = "user suspended" 149 USER_REINSTATED = "user reinstated" 150 USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI" 151 PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org" 152 USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client" 153 SERVICE_ACCOUNT_CREATED = "service account created" 154 SERVICE_ACCOUNT_EXPIRED = "service account expired" 155 ADMIN_TOKEN_ADDED = "admin token created" 156 ADMIN_TOKEN_DELETED = "admin token deleted" 157 ADMIN_TOKEN_EXPIRED = "admin token expired" 158 ADMIN_TOKEN_REKEYED = "admin token rekeyed" 159 ADMIN_TOKEN_CLONED = "admin token cloned" 160 ADMIN_TOKEN_SUSPENDED = "admin token suspended" 161 ADMIN_TOKEN_REINSTATED = "admin token reinstated" 162 USER_O_AUTH_TOKEN_UPSERTED = "user oauth token for resource upserted" 163 USER_O_AUTH_TOKEN_DELETED = "user oauth token for resource deleted" 164 SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO" 165 SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO" 166 USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client" 167 USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI" 168 FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI" 169 FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client" 170 MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI" 171 MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client" 172 TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts" 173 ATTEMPT_COUNTER_RESET = "failed login attempt counter reset" 174 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client" 175 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI" 176 SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI" 177 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI" 178 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client" 179 USER_SET_A_PASSWORD = "user set a password" 180 USER_RESET_A_PASSWORD = "user reset their password" 181 USER_CHANGED_PASSWORD = "user changed their password" 182 USER_INVITED = "user invited" 183 USER_CLICKED_INVITATION = "user clicked on their invitation" 184 USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset" 185 USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password" 186 USER_REQUIRE_SSO_LOGIN = "user required to login via SSO" 187 USER_PROVISIONING_ENABLED = "user provisioning enabled" 188 USER_PROVISIONING_DISABLED = "user provisioning disabled" 189 ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset" 190 ROLE_ADDED = "role added" 191 ROLE_DELETED = "role deleted" 192 ROLE_UPDATED = "role updated" 193 ROLE_ACCESS_RULES_UPDATED = "access rules updated" 194 ROLE_ACCESS_RULES_CREATED = "access rules created" 195 ROLE_ACCESS_RULES_DELETED = "access rules deleted" 196 ROLE_PROVISIONING_ENABLED = "role provisioning enabled" 197 ROLE_PROVISIONING_DISABLED = "role provisioning disabled" 198 DATASOURCE_ADDED = "datasource added" 199 DATASOURCE_CLONED = "datasource cloned" 200 DATASOURCE_DELETED = "datasource deleted" 201 DATASOURCE_UPDATED = "datasource updated" 202 DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden" 203 MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden" 204 SERVER_ADDED = "server added" 205 SERVER_CLONED = "server cloned" 206 SERVER_DELETED = "server deleted" 207 SERVER_UPDATED = "server updated" 208 SERVER_PORT_OVERRIDE = "server connection port overriden" 209 MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden" 210 CLUSTER_ADDED = "cluster added" 211 CLUSTER_CLONED = "cluster cloned" 212 CLUSTER_DELETED = "cluster deleted" 213 CLUSTER_UPDATED = "cluster updated" 214 CLUSTER_PORT_OVERRIDE = "cluster connection port overriden" 215 MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden" 216 CLOUD_ADDED = "cloud added" 217 CLOUD_CLONED = "cloud cloned" 218 CLOUD_DELETED = "cloud deleted" 219 CLOUD_UPDATED = "cloud updated" 220 WEBSITE_ADDED = "website added" 221 WEBSITE_CLONED = "website cloned" 222 WEBSITE_DELETED = "website deleted" 223 WEBSITE_UPDATED = "website updated" 224 INSTALLATION_CREATED = "installation created" 225 RELAY_INSTALLATION_CREATED = "installation created for relay" 226 INSTALLATION_APPROVED = "installation approved" 227 INSTALLATION_REVOKED = "installation revoked" 228 RELAY_CREATED = "relay created" 229 RELAY_UPDATED_NAME = "relay name updated" 230 RELAY_DELETED = "relay deleted" 231 ORG_PUBLIC_KEY_UPDATED = "public key updated" 232 ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated" 233 ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated" 234 ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated" 235 ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated" 236 ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated" 237 ORG_NAME_UPDATED = "organization name updated" 238 ORG_SETTING_UPDATED = "organization setting updated" 239 ORG_LOG_CONFIG_UPDATED = "organization logging configuration updated" 240 ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated" 241 ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated" 242 ORG_CREATED = "organization created" 243 ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set" 244 ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted" 245 ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set" 246 ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted" 247 CHILD_ORG_ADMIN_INVITED = "child organization admin invited" 248 SERVICE_ACCOUNT_REKEYED = "service account rekeyed" 249 SCIM_TOKEN_ADDED = "SCIM token created" 250 SCIM_TOKEN_DELETED = "SCIM token deleted" 251 SCIM_TOKEN_REKEYED = "SCIM token rekeyed" 252 API_KEY_DELETED = "API key deleted" 253 ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated" 254 ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding" 255 ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding" 256 ORG_ADD_CHILD = "add child organization" 257 ORG_REMOVE_CHILD = "remove child organization" 258 ORG_EXTEND_TRIAL = "trial extended" 259 SECRET_STORE_ADDED = "secret store added" 260 SECRET_STORE_UPDATED = "secret store updated" 261 SECRET_STORE_DELETED = "secret store deleted" 262 SECRET_ENGINE_ADDED = "secret engine added" 263 SECRET_ENGINE_UPDATED = "secret engine updated" 264 SECRET_ENGINE_ROTATED = "secret engine's credentials updated" 265 SECRET_ENGINE_DELETED = "secret engine deleted" 266 TRUST_DOMAIN_CREATED = "trust domain created" 267 TRUST_DOMAIN_UPDATED = "trust domain updated" 268 TRUST_DOMAIN_DELETED = "trust domain deleted" 269 REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created" 270 REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated" 271 REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted" 272 IDENTITY_SET_CREATED = "identity set created" 273 IDENTITY_SET_UPDATED = "identity set updated" 274 IDENTITY_SET_DELETED = "identity set deleted" 275 IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled" 276 IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled" 277 REMOTE_IDENTITY_CREATED = "remote identity created" 278 REMOTE_IDENTITY_UPDATED = "remote identity updated" 279 REMOTE_IDENTITY_DELETED = "remote identity deleted" 280 IDENTITY_ALIAS_CREATED = "identity alias created" 281 IDENTITY_ALIAS_UPDATED = "identity alias updated" 282 IDENTITY_ALIAS_DELETED = "identity alias deleted" 283 IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled" 284 IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled" 285 ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource" 286 ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added" 287 ACCESS_REQUEST_TO_RESOURCE_STEP_SKIPPED = "access request to resource step skipped" 288 ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled" 289 ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied" 290 ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out" 291 ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted" 292 ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically" 293 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = "access request to resource approved via ServiceNow" 294 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = "access request to resource approved via Jira" 295 WORKFLOW_DELETED = "workflow deleted" 296 WORKFLOW_ADDED = "workflow added" 297 DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow" 298 DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow" 299 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow" 300 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow" 301 DEPRECATED_WORKFLOW_APPROVERS_UPDATED = "workflow approvers updated" 302 DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = "workflow auto grant updated" 303 DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = "workflow approval criteria updated" 304 WORKFLOW_ROLES_UPDATED = "workflow roles updated" 305 WORKFLOW_NAME_UPDATED = "workflow name updated" 306 WORKFLOW_DESCRIPTION_UPDATED = "workflow description updated" 307 WORKFLOW_REQUIRES_REASON_UPDATED = "workflow requires reason updated" 308 WORKFLOW_SETTINGS_UPDATED = "workflow settings updated" 309 WORKFLOW_ACCESS_RULES_UPDATED = "workflow access rules updated" 310 WORKFLOW_ACCESS_RULES_DELETED = "workflow access rules deleted" 311 WORKFLOW_ACCESS_RULES_CREATED = "workflow access rules created" 312 WORKFLOW_ENABLED = "workflow enabled" 313 WORKFLOW_DISABLED = "workflow disabled" 314 APPROVAL_FLOW_ADDED = "approval workflow added" 315 APPROVAL_FLOW_DELETED = "approval workflow deleted" 316 APPROVAL_FLOW_UPDATED = "approval workflow updated" 317 APPROVAL_FLOW_STEP_ADDED = "approval workflow step added" 318 APPROVAL_FLOW_STEP_DELETED = "approval workflow step deleted" 319 APPROVAL_FLOW_STEP_UPDATED = "approval workflow step updated" 320 APPROVAL_FLOW_APPROVER_ADDED = "approval workflow approver added" 321 APPROVAL_FLOW_APPROVER_DELETED = "approval workflow approver deleted" 322 ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated" 323 ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet" 324 DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval" 325 DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval" 326 EMULATION_MIGRATION_COMPLETED = "emulation migration completed" 327 ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed" 328 ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers" 329 TOTP_ENROLLMENT_ADDED = "user enrolled a totp device" 330 TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment" 331 SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI" 332 RESOURCE_LOCKED = "user locked a resource" 333 RESOURCE_UNLOCKED = "user unlocked a resource" 334 RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource" 335 CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings" 336 PEERING_GROUP_TOGGLED = "peering group toggled" 337 PEERING_GROUP_CREATED = "peering group created" 338 PEERING_GROUP_DELETED = "peering group deleted" 339 PEERING_GROUP_LINKED = "peering groups linked" 340 PEERING_GROUP_UNLINKED = "peering groups unlinked" 341 PEERING_GROUP_ATTACHED = "entity attached to peering group" 342 PEERING_GROUP_DETACHED = "entity detached from peering group" 343 ORG_INTEGRATION_INSTALLED = "org integration installed" 344 USER_INTEGRATION_AUTHORIZED = "user authorized integration" 345 ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled" 346 USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration" 347 SERVICE_NOW_TOKEN_ADDED = "ServiceNow token created" 348 SERVICE_NOW_TOKEN_DELETED = "ServiceNow token deleted" 349 CREDENTIAL_CREATED = "credential created" 350 CREDENTIAL_DELETED = "credential deleted" 351 CERTIFICATE_AUTHORITY_UPDATED = "certificate authority updated" 352 POLICY_CREATED = "policy created" 353 POLICY_UPDATED = "policy updated" 354 POLICY_DELETED = "policy deleted" 355 AUTHENTICATION_REVOKED_BY_POLICY = "authentication revoked by policy" 356 PROXY_CLUSTER_KEY_CREATED = "proxy cluster key created" 357 PROXY_CLUSTER_KEY_DELETED = "proxy cluster key deleted" 358 MANAGED_SECRET_CREATED = "managed secret created" 359 MANAGED_SECRET_UPDATED = "managed secret updated" 360 MANAGED_SECRET_EXPIRATION_TIME_UPDATED = "managed secret expiration time updated" 361 MANAGED_SECRET_CONFIG_UPDATED = "managed secret config updated" 362 MANAGED_SECRET_DELETED = "managed secret deleted" 363 364 365# Permissions, all permissions that may be granted to an account. 366class Permission: 367 GROUP_READ = "group:read" 368 GROUP_WRITE = "group:write" 369 GROUP_ROLE_READ = "grouprole:read" 370 GROUP_ROLE_WRITE = "grouprole:write" 371 ACCOUNT_GROUP_READ = "accountgroup:read" 372 ACCOUNT_GROUP_WRITE = "accountgroup:write" 373 RELAY_LIST = "relay:list" 374 RELAY_CREATE = "relay:create" 375 DATASOURCE_LIST = "datasource:list" 376 DATASOURCE_CREATE = "datasource:create" 377 DATASOURCE_HEALTHCHECK = "datasource:healthcheck" 378 DEPRECATED_DATASOURCE_GRANT = "datasource:grant" 379 DATASOURCE_DELETE = "datasource:delete" 380 DATASOURCE_UPDATE = "datasource:update" 381 RESOURCE_LOCK_DELETE = "resourcelock:delete" 382 RESOURCE_LOCK_LIST = "resourcelock:list" 383 SECRET_ENGINE_CREATE = "secretengine:create" 384 SECRET_ENGINE_LIST = "secretengine:list" 385 SECRET_ENGINE_DELETE = "secretengine:delete" 386 SECRET_ENGINE_UPDATE = "secretengine:update" 387 SECRET_ENGINE_STATUS = "secretengine:status" 388 SECRET_STORE_CREATE = "secretstore:create" 389 SECRET_STORE_LIST = "secretstore:list" 390 SECRET_STORE_DELETE = "secretstore:delete" 391 SECRET_STORE_UPDATE = "secretstore:update" 392 SECRET_STORE_STATUS = "secretstore:status" 393 REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write" 394 REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read" 395 REMOTE_IDENTITY_WRITE = "remoteidentity:write" 396 REMOTE_IDENTITY_READ = "remoteidentity:read" 397 USER_CREATE = "user:create" 398 USER_LIST = "user:list" 399 USER_UPDATE_ADMIN = "user:update_admin" 400 USER_CREATE_ADMIN_TOKEN = "user:create_admin_token" 401 USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account" 402 USER_SET_PERMISSION_LEVEL = "user:set_strong_role" 403 USER_UPDATE = "user:update" 404 USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset" 405 USER_DELETE = "user:delete" 406 USER_ASSIGN = "user:assign" 407 USER_SUSPEND = "user:suspend" 408 USER_SET_PASSWORD = "user:set_password" 409 ROLE_LIST = "role:list" 410 ROLE_CREATE = "role:create" 411 ROLE_DELETE = "role:delete" 412 ROLE_UPDATE = "role:update" 413 ORG_VIEW_SETTINGS = "organization:view_settings" 414 ORG_EDIT_SETTINGS = "organization:edit_settings" 415 ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor" 416 ORG_LIST_CHILDREN = "organization:list_children" 417 ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization" 418 ORG_AUDIT_USERS = "audit:users" 419 ORG_AUDIT_ROLES = "audit:roles" 420 ORG_AUDIT_DATASOURCES = "audit:datasources" 421 ORG_AUDIT_NODES = "audit:nodes" 422 ORG_AUDIT_PERMISSIONS = "audit:permissions" 423 ORG_AUDIT_QUERIES = "audit:queries" 424 ORG_AUDIT_ACTIVITIES = "audit:activities" 425 ORG_AUDIT_SSH = "audit:ssh" 426 ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants" 427 ORG_AUDIT_ORG = "audit:organization" 428 ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities" 429 ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups" 430 ORG_AUDIT_SECRET_ENGINES = "audit:secretengines" 431 ORG_AUDIT_SECRET_STORES = "audit:secretstores" 432 ORG_AUDIT_WORKFLOWS = "audit:workflows" 433 ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows" 434 ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests" 435 ORG_AUDIT_POLICIES = "audit:policies" 436 ORG_AUDIT_GROUPS = "audit:groups" 437 WORKFLOW_LIST = "workflow:list" 438 WORKFLOW_EDIT = "workflow:edit" 439 ACCESS_REQUEST_LIST = "accessrequest:list" 440 ACCESS_REQUEST_REQUESTER = "accessrequest:requester" 441 APPROVAL_FLOW_EDIT = "approvalflow:edit" 442 APPROVAL_FLOW_LIST = "approvalflow:list" 443 INSTALLATION_BLESS = "installation:bless" 444 INSTALLATION_CREATE = "installation:create" 445 INSTALLATION_REVOKE = "installation:revoke" 446 TESTING_ORG_CREATE = "testing:organization:create" 447 TESTING_ORG_DELETE = "testing:organization:delete" 448 TESTING_NO_PERMISSIONS = "testing:noperms" 449 TESTING_FETCH_QUERIES = "testing:queries:get" 450 GRANT_READ = "grant:read" 451 GRANT_WRITE = "grant:write" 452 REPORT_READ = "report:read" 453 BILLING_READ = "billing:read" 454 CREDENTIAL_READ = "credential:read" 455 CREDENTIAL_WRITE = "credential:write" 456 POLICY_READ = "policy:read" 457 POLICY_WRITE = "policy:write" 458 MANAGED_SECRET_CREATE = "managedsecret:create" 459 MANAGED_SECRET_LIST = "managedsecret:list" 460 MANAGED_SECRET_DELETE = "managedsecret:delete" 461 MANAGED_SECRET_UPDATE = "managedsecret:update" 462 MANAGED_SECRET_READ = "managedsecret:read" 463 464 465# Query Categories, all the categories of resource against which queries are logged. 466class QueryCategory: 467 KUBERNETES = "k8s" 468 DATASOURCES = "queries" 469 RDP = "rdp" 470 SSH = "ssh" 471 WEB = "web" 472 CLOUD = "cloud" 473 ALL = "all" 474 475 476# LogRemoteEncoder defines the encryption encoder for the queries are stored in the API. 477class LogRemoteEncoder: 478 STRONG_DM = "strongdm" 479 PUB_KEY = "pubkey" 480 HASH = "hash" 481 482 483# LogLocalStorage defines how queries are stored locally. 484class LogLocalStorage: 485 STDOUT = "stdout" 486 FILE = "file" 487 TCP = "tcp" 488 SOCKET = "socket" 489 SYSLOG = "syslog" 490 NONE = "none" 491 492 493# LogLocalEncoder defines the encryption encoder for queries are stored locally in the relay. 494class LogLocalEncoder: 495 PLAINTEXT = "plaintext" 496 PUB_KEY = "pubkey" 497 498 499# LogLocalFormat defines the format the queries are stored locally in the relay. 500class LogLocalFormat: 501 CSV = "csv" 502 JSON = "json" 503 504 505# OrgKind defines the types of organizations that may exist. 506class OrgKind: 507 SOLO = "solo" 508 ROOT = "root" 509 CHILD = "child" 510 511 512# KeyType defines the supported SSH key types 513class SSHKeyType: 514 RSA_2048 = "rsa-2048" 515 RSA_4096 = "rsa-4096" 516 ECDSA_256 = "ecdsa-256" 517 ECDSA_384 = "ecdsa-384" 518 ECDSA_521 = "ecdsa-521" 519 ED_25519 = "ed25519" 520 521 522# CaptureType designates what type of SSH/RDP/K8s capture we have. 523class CaptureType: 524 SHELL = "shell" 525 SCP_UPLOAD = "scp-upload" 526 SCP_DOWNLOAD = "scp-download" 527 COMMAND = "command" 528 RDP_BASIC = "rdp-basic" 529 RDP_ENHANCED = "rdp-enhanced" 530 K_8_S_EXEC = "k8s-exec" 531 K_8_S_EXEC_TTY = "k8s-execTTY" 532 K_8_S_PORT_FORWARD = "k8s-portForward" 533 K_8_SCP_UPLOAD = "k8s-cp-upload" 534 K_8_SCP_DOWNLOAD = "k8s-cp-download" 535 K_8_S_DESCRIBE = "k8s-describe" 536 K_8_S_GET = "k8s-get" 537 K_8_S_DELETE = "k8s-delete" 538 K_8_S_GENERIC = "k8s-generic" 539 K_8_S_APPLY = "k8s-apply" 540 SSH_PORT_FORWARD = "ssh-portForward" 541 542 543# Providers responsible for device trust enforcement 544class DeviceTrustProvider: 545 NONE = "" 546 SENTINEL_ONE = "sentinelone" 547 CROWD_STRIKE = "crowdstrike" 548 MICROSOFT_DEFENDER = "microsoftdefender" 549 DUO = "duo" 550 551 552# APIHost defines the API host for various control planes. 553class APIHost: 554 US = "app.strongdm.com:443" 555 UK = "app.uk.strongdm.com:443" 556 EU = "app.eu.strongdm.com:443" 557 558 559# ApproverReference defines the type for approver references. 560class ApproverReference: 561 NONE = "" 562 MANAGER_OF_REQUESTER = "manager-of-requester" 563 MANAGER_OF_MANAGER_OF_REQUESTER = "manager-of-manager-of-requester" 564 565 566# ResourceIPAllocationMode defines how to allocate IP addresses on resource create and update. 567class ResourceIPAllocationMode: 568 UNSET = "" 569 DEFAULT = "default" 570 LOOPBACK = "loopback" 571 VNM = "vnm"
class
PermissionLevel:
20class PermissionLevel: 21 ROOT_ADMIN = "root-admin" 22 ADMIN = "admin" 23 DATABASE_ADMIN = "database-admin" 24 DATABASE_OPERATOR = "database-operator" 25 TEAM_LEADER = "multi-team-leader" 26 USER = "user" 27 AUDITOR = "auditor" 28 RELAY = "relay" 29 ADMIN_TOKEN = "admin-token" 30 SCIM_TOKEN = "scim-token" 31 SERVICE_NOW_TOKEN = "servicenow-token" 32 SERVICE = "service" 33 SUSPENDED = "suspended" 34 EMPTY = ""
class
NodeState:
class
Provider:
class
SCIMProvider:
class
AuthProvider:
74class AuthProvider: 75 AZURE = "azure" 76 BITIUM = "bitium" 77 GOOGLE = "google" 78 OKTA = "okta" 79 STRONG_DM = "strongdm" 80 ACTIVE_DIRECTORY = "active directory" 81 GENERIC_OIDC = "generic oidc" 82 ONE_LOGIN_OIDC = "oneloginv2" 83 KEYCLOAK = "keycloak" 84 SHIBBOLETH = "shibboleth" 85 AUTH_0 = "auth0" 86 WORKSPACE_ONE = "workspace one" 87 ONE_LOGIN_SAML = "onelogin-saml" 88 GENERIC_SAML = "generic-saml" 89 PING_IDSAML = "ping-identity-saml" 90 PING_IDOIDC = "ping-identity-oidc"
class
MFAProvider:
class
ActivityEntityType:
103class ActivityEntityType: 104 USER = "user" 105 ROLE = "role" 106 LEGACY_COMPOSITE_ROLE = "composite_role" 107 DATASOURCE = "datasource" 108 ORGANIZATION = "organization" 109 INSTALLATION = "installation" 110 SECRET_STORE = "secretstore" 111 SECRET_ENGINE = "secretengine" 112 REMOTE_IDENTITY_GROUP = "remote_identity_group" 113 REMOTE_IDENTITY = "remote_identity" 114 IDENTITY_SET = "identity_set" 115 IDENTITY_ALIAS = "identity_alias" 116 ACCESS_REQUEST = "access_request" 117 WORKFLOW = "workflow" 118 APPROVAL_FLOW = "approval_flow" 119 APPROVAL_FLOW_STEP = "approval_flow_step" 120 APPROVAL_FLOW_APPROVER = "approval_flow_approver" 121 MANAGED_SECRET = "managed_secret" 122 NODE = "node" 123 PEERING_GROUP = "peering_group" 124 PEERING_GROUP_NODE = "peering_group_node" 125 PEERING_GROUP_RESOURCE = "peering_group_resource" 126 PEERING_GROUP_PEER = "peering_group_peer" 127 ORG_INTEGRATION = "org_integration" 128 CREDENTIAL = "credential" 129 USER_O_AUTH_TOKEN = "user_oauth_token" 130 CERTIFICATE_AUTHORITY = "certificate_authority" 131 POLICY = "policy" 132 PROXY_CLUSTER_KEY = "proxy_cluster_key" 133 TRUST_DOMAIN = "trust_domain"
class
ActivityVerb:
137class ActivityVerb: 138 USER_ADDED = "user added" 139 USER_DELETED = "user deleted" 140 USER_UPDATED = "user updated" 141 USER_SIGNUP = "user signup" 142 USER_TYPE_CHANGED = "user type changed" 143 USER_PASSWORD_CHANGED = "user password changed" 144 USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted" 145 USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked" 146 USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired" 147 USER_ADDED_TO_ROLE = "user added to role" 148 USER_DELETED_FROM_ROLE = "user deleted from role" 149 USER_SUSPENDED = "user suspended" 150 USER_REINSTATED = "user reinstated" 151 USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI" 152 PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org" 153 USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client" 154 SERVICE_ACCOUNT_CREATED = "service account created" 155 SERVICE_ACCOUNT_EXPIRED = "service account expired" 156 ADMIN_TOKEN_ADDED = "admin token created" 157 ADMIN_TOKEN_DELETED = "admin token deleted" 158 ADMIN_TOKEN_EXPIRED = "admin token expired" 159 ADMIN_TOKEN_REKEYED = "admin token rekeyed" 160 ADMIN_TOKEN_CLONED = "admin token cloned" 161 ADMIN_TOKEN_SUSPENDED = "admin token suspended" 162 ADMIN_TOKEN_REINSTATED = "admin token reinstated" 163 USER_O_AUTH_TOKEN_UPSERTED = "user oauth token for resource upserted" 164 USER_O_AUTH_TOKEN_DELETED = "user oauth token for resource deleted" 165 SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO" 166 SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO" 167 USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client" 168 USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI" 169 FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI" 170 FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client" 171 MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI" 172 MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client" 173 TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts" 174 ATTEMPT_COUNTER_RESET = "failed login attempt counter reset" 175 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client" 176 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI" 177 SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI" 178 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI" 179 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client" 180 USER_SET_A_PASSWORD = "user set a password" 181 USER_RESET_A_PASSWORD = "user reset their password" 182 USER_CHANGED_PASSWORD = "user changed their password" 183 USER_INVITED = "user invited" 184 USER_CLICKED_INVITATION = "user clicked on their invitation" 185 USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset" 186 USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password" 187 USER_REQUIRE_SSO_LOGIN = "user required to login via SSO" 188 USER_PROVISIONING_ENABLED = "user provisioning enabled" 189 USER_PROVISIONING_DISABLED = "user provisioning disabled" 190 ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset" 191 ROLE_ADDED = "role added" 192 ROLE_DELETED = "role deleted" 193 ROLE_UPDATED = "role updated" 194 ROLE_ACCESS_RULES_UPDATED = "access rules updated" 195 ROLE_ACCESS_RULES_CREATED = "access rules created" 196 ROLE_ACCESS_RULES_DELETED = "access rules deleted" 197 ROLE_PROVISIONING_ENABLED = "role provisioning enabled" 198 ROLE_PROVISIONING_DISABLED = "role provisioning disabled" 199 DATASOURCE_ADDED = "datasource added" 200 DATASOURCE_CLONED = "datasource cloned" 201 DATASOURCE_DELETED = "datasource deleted" 202 DATASOURCE_UPDATED = "datasource updated" 203 DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden" 204 MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden" 205 SERVER_ADDED = "server added" 206 SERVER_CLONED = "server cloned" 207 SERVER_DELETED = "server deleted" 208 SERVER_UPDATED = "server updated" 209 SERVER_PORT_OVERRIDE = "server connection port overriden" 210 MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden" 211 CLUSTER_ADDED = "cluster added" 212 CLUSTER_CLONED = "cluster cloned" 213 CLUSTER_DELETED = "cluster deleted" 214 CLUSTER_UPDATED = "cluster updated" 215 CLUSTER_PORT_OVERRIDE = "cluster connection port overriden" 216 MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden" 217 CLOUD_ADDED = "cloud added" 218 CLOUD_CLONED = "cloud cloned" 219 CLOUD_DELETED = "cloud deleted" 220 CLOUD_UPDATED = "cloud updated" 221 WEBSITE_ADDED = "website added" 222 WEBSITE_CLONED = "website cloned" 223 WEBSITE_DELETED = "website deleted" 224 WEBSITE_UPDATED = "website updated" 225 INSTALLATION_CREATED = "installation created" 226 RELAY_INSTALLATION_CREATED = "installation created for relay" 227 INSTALLATION_APPROVED = "installation approved" 228 INSTALLATION_REVOKED = "installation revoked" 229 RELAY_CREATED = "relay created" 230 RELAY_UPDATED_NAME = "relay name updated" 231 RELAY_DELETED = "relay deleted" 232 ORG_PUBLIC_KEY_UPDATED = "public key updated" 233 ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated" 234 ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated" 235 ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated" 236 ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated" 237 ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated" 238 ORG_NAME_UPDATED = "organization name updated" 239 ORG_SETTING_UPDATED = "organization setting updated" 240 ORG_LOG_CONFIG_UPDATED = "organization logging configuration updated" 241 ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated" 242 ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated" 243 ORG_CREATED = "organization created" 244 ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set" 245 ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted" 246 ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set" 247 ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted" 248 CHILD_ORG_ADMIN_INVITED = "child organization admin invited" 249 SERVICE_ACCOUNT_REKEYED = "service account rekeyed" 250 SCIM_TOKEN_ADDED = "SCIM token created" 251 SCIM_TOKEN_DELETED = "SCIM token deleted" 252 SCIM_TOKEN_REKEYED = "SCIM token rekeyed" 253 API_KEY_DELETED = "API key deleted" 254 ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated" 255 ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding" 256 ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding" 257 ORG_ADD_CHILD = "add child organization" 258 ORG_REMOVE_CHILD = "remove child organization" 259 ORG_EXTEND_TRIAL = "trial extended" 260 SECRET_STORE_ADDED = "secret store added" 261 SECRET_STORE_UPDATED = "secret store updated" 262 SECRET_STORE_DELETED = "secret store deleted" 263 SECRET_ENGINE_ADDED = "secret engine added" 264 SECRET_ENGINE_UPDATED = "secret engine updated" 265 SECRET_ENGINE_ROTATED = "secret engine's credentials updated" 266 SECRET_ENGINE_DELETED = "secret engine deleted" 267 TRUST_DOMAIN_CREATED = "trust domain created" 268 TRUST_DOMAIN_UPDATED = "trust domain updated" 269 TRUST_DOMAIN_DELETED = "trust domain deleted" 270 REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created" 271 REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated" 272 REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted" 273 IDENTITY_SET_CREATED = "identity set created" 274 IDENTITY_SET_UPDATED = "identity set updated" 275 IDENTITY_SET_DELETED = "identity set deleted" 276 IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled" 277 IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled" 278 REMOTE_IDENTITY_CREATED = "remote identity created" 279 REMOTE_IDENTITY_UPDATED = "remote identity updated" 280 REMOTE_IDENTITY_DELETED = "remote identity deleted" 281 IDENTITY_ALIAS_CREATED = "identity alias created" 282 IDENTITY_ALIAS_UPDATED = "identity alias updated" 283 IDENTITY_ALIAS_DELETED = "identity alias deleted" 284 IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled" 285 IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled" 286 ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource" 287 ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added" 288 ACCESS_REQUEST_TO_RESOURCE_STEP_SKIPPED = "access request to resource step skipped" 289 ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled" 290 ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied" 291 ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out" 292 ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted" 293 ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically" 294 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = "access request to resource approved via ServiceNow" 295 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = "access request to resource approved via Jira" 296 WORKFLOW_DELETED = "workflow deleted" 297 WORKFLOW_ADDED = "workflow added" 298 DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow" 299 DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow" 300 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow" 301 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow" 302 DEPRECATED_WORKFLOW_APPROVERS_UPDATED = "workflow approvers updated" 303 DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = "workflow auto grant updated" 304 DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = "workflow approval criteria updated" 305 WORKFLOW_ROLES_UPDATED = "workflow roles updated" 306 WORKFLOW_NAME_UPDATED = "workflow name updated" 307 WORKFLOW_DESCRIPTION_UPDATED = "workflow description updated" 308 WORKFLOW_REQUIRES_REASON_UPDATED = "workflow requires reason updated" 309 WORKFLOW_SETTINGS_UPDATED = "workflow settings updated" 310 WORKFLOW_ACCESS_RULES_UPDATED = "workflow access rules updated" 311 WORKFLOW_ACCESS_RULES_DELETED = "workflow access rules deleted" 312 WORKFLOW_ACCESS_RULES_CREATED = "workflow access rules created" 313 WORKFLOW_ENABLED = "workflow enabled" 314 WORKFLOW_DISABLED = "workflow disabled" 315 APPROVAL_FLOW_ADDED = "approval workflow added" 316 APPROVAL_FLOW_DELETED = "approval workflow deleted" 317 APPROVAL_FLOW_UPDATED = "approval workflow updated" 318 APPROVAL_FLOW_STEP_ADDED = "approval workflow step added" 319 APPROVAL_FLOW_STEP_DELETED = "approval workflow step deleted" 320 APPROVAL_FLOW_STEP_UPDATED = "approval workflow step updated" 321 APPROVAL_FLOW_APPROVER_ADDED = "approval workflow approver added" 322 APPROVAL_FLOW_APPROVER_DELETED = "approval workflow approver deleted" 323 ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated" 324 ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet" 325 DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval" 326 DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval" 327 EMULATION_MIGRATION_COMPLETED = "emulation migration completed" 328 ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed" 329 ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers" 330 TOTP_ENROLLMENT_ADDED = "user enrolled a totp device" 331 TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment" 332 SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI" 333 RESOURCE_LOCKED = "user locked a resource" 334 RESOURCE_UNLOCKED = "user unlocked a resource" 335 RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource" 336 CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings" 337 PEERING_GROUP_TOGGLED = "peering group toggled" 338 PEERING_GROUP_CREATED = "peering group created" 339 PEERING_GROUP_DELETED = "peering group deleted" 340 PEERING_GROUP_LINKED = "peering groups linked" 341 PEERING_GROUP_UNLINKED = "peering groups unlinked" 342 PEERING_GROUP_ATTACHED = "entity attached to peering group" 343 PEERING_GROUP_DETACHED = "entity detached from peering group" 344 ORG_INTEGRATION_INSTALLED = "org integration installed" 345 USER_INTEGRATION_AUTHORIZED = "user authorized integration" 346 ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled" 347 USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration" 348 SERVICE_NOW_TOKEN_ADDED = "ServiceNow token created" 349 SERVICE_NOW_TOKEN_DELETED = "ServiceNow token deleted" 350 CREDENTIAL_CREATED = "credential created" 351 CREDENTIAL_DELETED = "credential deleted" 352 CERTIFICATE_AUTHORITY_UPDATED = "certificate authority updated" 353 POLICY_CREATED = "policy created" 354 POLICY_UPDATED = "policy updated" 355 POLICY_DELETED = "policy deleted" 356 AUTHENTICATION_REVOKED_BY_POLICY = "authentication revoked by policy" 357 PROXY_CLUSTER_KEY_CREATED = "proxy cluster key created" 358 PROXY_CLUSTER_KEY_DELETED = "proxy cluster key deleted" 359 MANAGED_SECRET_CREATED = "managed secret created" 360 MANAGED_SECRET_UPDATED = "managed secret updated" 361 MANAGED_SECRET_EXPIRATION_TIME_UPDATED = "managed secret expiration time updated" 362 MANAGED_SECRET_CONFIG_UPDATED = "managed secret config updated" 363 MANAGED_SECRET_DELETED = "managed secret deleted"
SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended user from the local client'
SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a suspended service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended service account from the local client'
ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = 'access request to resource granted automatically'
ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = 'access request to resource approved via ServiceNow'
SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = 'attempt to enroll by a suspended user from the Admin UI'
class
Permission:
367class Permission: 368 GROUP_READ = "group:read" 369 GROUP_WRITE = "group:write" 370 GROUP_ROLE_READ = "grouprole:read" 371 GROUP_ROLE_WRITE = "grouprole:write" 372 ACCOUNT_GROUP_READ = "accountgroup:read" 373 ACCOUNT_GROUP_WRITE = "accountgroup:write" 374 RELAY_LIST = "relay:list" 375 RELAY_CREATE = "relay:create" 376 DATASOURCE_LIST = "datasource:list" 377 DATASOURCE_CREATE = "datasource:create" 378 DATASOURCE_HEALTHCHECK = "datasource:healthcheck" 379 DEPRECATED_DATASOURCE_GRANT = "datasource:grant" 380 DATASOURCE_DELETE = "datasource:delete" 381 DATASOURCE_UPDATE = "datasource:update" 382 RESOURCE_LOCK_DELETE = "resourcelock:delete" 383 RESOURCE_LOCK_LIST = "resourcelock:list" 384 SECRET_ENGINE_CREATE = "secretengine:create" 385 SECRET_ENGINE_LIST = "secretengine:list" 386 SECRET_ENGINE_DELETE = "secretengine:delete" 387 SECRET_ENGINE_UPDATE = "secretengine:update" 388 SECRET_ENGINE_STATUS = "secretengine:status" 389 SECRET_STORE_CREATE = "secretstore:create" 390 SECRET_STORE_LIST = "secretstore:list" 391 SECRET_STORE_DELETE = "secretstore:delete" 392 SECRET_STORE_UPDATE = "secretstore:update" 393 SECRET_STORE_STATUS = "secretstore:status" 394 REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write" 395 REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read" 396 REMOTE_IDENTITY_WRITE = "remoteidentity:write" 397 REMOTE_IDENTITY_READ = "remoteidentity:read" 398 USER_CREATE = "user:create" 399 USER_LIST = "user:list" 400 USER_UPDATE_ADMIN = "user:update_admin" 401 USER_CREATE_ADMIN_TOKEN = "user:create_admin_token" 402 USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account" 403 USER_SET_PERMISSION_LEVEL = "user:set_strong_role" 404 USER_UPDATE = "user:update" 405 USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset" 406 USER_DELETE = "user:delete" 407 USER_ASSIGN = "user:assign" 408 USER_SUSPEND = "user:suspend" 409 USER_SET_PASSWORD = "user:set_password" 410 ROLE_LIST = "role:list" 411 ROLE_CREATE = "role:create" 412 ROLE_DELETE = "role:delete" 413 ROLE_UPDATE = "role:update" 414 ORG_VIEW_SETTINGS = "organization:view_settings" 415 ORG_EDIT_SETTINGS = "organization:edit_settings" 416 ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor" 417 ORG_LIST_CHILDREN = "organization:list_children" 418 ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization" 419 ORG_AUDIT_USERS = "audit:users" 420 ORG_AUDIT_ROLES = "audit:roles" 421 ORG_AUDIT_DATASOURCES = "audit:datasources" 422 ORG_AUDIT_NODES = "audit:nodes" 423 ORG_AUDIT_PERMISSIONS = "audit:permissions" 424 ORG_AUDIT_QUERIES = "audit:queries" 425 ORG_AUDIT_ACTIVITIES = "audit:activities" 426 ORG_AUDIT_SSH = "audit:ssh" 427 ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants" 428 ORG_AUDIT_ORG = "audit:organization" 429 ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities" 430 ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups" 431 ORG_AUDIT_SECRET_ENGINES = "audit:secretengines" 432 ORG_AUDIT_SECRET_STORES = "audit:secretstores" 433 ORG_AUDIT_WORKFLOWS = "audit:workflows" 434 ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows" 435 ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests" 436 ORG_AUDIT_POLICIES = "audit:policies" 437 ORG_AUDIT_GROUPS = "audit:groups" 438 WORKFLOW_LIST = "workflow:list" 439 WORKFLOW_EDIT = "workflow:edit" 440 ACCESS_REQUEST_LIST = "accessrequest:list" 441 ACCESS_REQUEST_REQUESTER = "accessrequest:requester" 442 APPROVAL_FLOW_EDIT = "approvalflow:edit" 443 APPROVAL_FLOW_LIST = "approvalflow:list" 444 INSTALLATION_BLESS = "installation:bless" 445 INSTALLATION_CREATE = "installation:create" 446 INSTALLATION_REVOKE = "installation:revoke" 447 TESTING_ORG_CREATE = "testing:organization:create" 448 TESTING_ORG_DELETE = "testing:organization:delete" 449 TESTING_NO_PERMISSIONS = "testing:noperms" 450 TESTING_FETCH_QUERIES = "testing:queries:get" 451 GRANT_READ = "grant:read" 452 GRANT_WRITE = "grant:write" 453 REPORT_READ = "report:read" 454 BILLING_READ = "billing:read" 455 CREDENTIAL_READ = "credential:read" 456 CREDENTIAL_WRITE = "credential:write" 457 POLICY_READ = "policy:read" 458 POLICY_WRITE = "policy:write" 459 MANAGED_SECRET_CREATE = "managedsecret:create" 460 MANAGED_SECRET_LIST = "managedsecret:list" 461 MANAGED_SECRET_DELETE = "managedsecret:delete" 462 MANAGED_SECRET_UPDATE = "managedsecret:update" 463 MANAGED_SECRET_READ = "managedsecret:read"
class
QueryCategory:
class
LogRemoteEncoder:
class
LogLocalStorage:
class
LogLocalEncoder:
class
LogLocalFormat:
class
OrgKind:
class
SSHKeyType:
class
CaptureType:
524class CaptureType: 525 SHELL = "shell" 526 SCP_UPLOAD = "scp-upload" 527 SCP_DOWNLOAD = "scp-download" 528 COMMAND = "command" 529 RDP_BASIC = "rdp-basic" 530 RDP_ENHANCED = "rdp-enhanced" 531 K_8_S_EXEC = "k8s-exec" 532 K_8_S_EXEC_TTY = "k8s-execTTY" 533 K_8_S_PORT_FORWARD = "k8s-portForward" 534 K_8_SCP_UPLOAD = "k8s-cp-upload" 535 K_8_SCP_DOWNLOAD = "k8s-cp-download" 536 K_8_S_DESCRIBE = "k8s-describe" 537 K_8_S_GET = "k8s-get" 538 K_8_S_DELETE = "k8s-delete" 539 K_8_S_GENERIC = "k8s-generic" 540 K_8_S_APPLY = "k8s-apply" 541 SSH_PORT_FORWARD = "ssh-portForward"
class
DeviceTrustProvider:
class
APIHost:
class
ApproverReference:
class
ResourceIPAllocationMode: