strongdm.constants
1# Copyright 2020 StrongDM Inc 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14# 15# @internal Code generated by constgen. DO NOT EDIT. 16 17 18# Permission Levels, shared by all entities capable of making authenticated requests against StrongDM. 19class PermissionLevel: 20 ROOT_ADMIN = "root-admin" 21 ADMIN = "admin" 22 DATABASE_ADMIN = "database-admin" 23 DATABASE_OPERATOR = "database-operator" 24 TEAM_LEADER = "multi-team-leader" 25 USER = "user" 26 AUDITOR = "auditor" 27 RELAY = "relay" 28 ADMIN_TOKEN = "admin-token" 29 SCIM_TOKEN = "scim-token" 30 SERVICE_NOW_TOKEN = "servicenow-token" 31 SERVICE = "service" 32 SUSPENDED = "suspended" 33 EMPTY = "" 34 35 36# Node Lifecycle States, defining whether a node was last reported online, offline, restarting, etc. 37class NodeState: 38 NEW = "new" 39 VERIFYING_RESTART = "verifying_restart" 40 AWAITING_RESTART = "awaiting_restart" 41 RESTARTING = "restarting" 42 STARTED = "started" 43 STOPPED = "stopped" 44 DEAD = "dead" 45 46 47# Providers responsible for managing roles and users. 48# None, or an empty string, implies the user is managed by strongDM. 49# Deprecated: Please use SCIMProvider instead. 50class Provider: 51 NONE = "" 52 OKTA = "okta" 53 SAIL_POINT = "sailpoint" 54 AZURE = "azure" 55 GENERIC = "generic" 56 ONE_LOGIN = "onelogin" 57 GOOGLE = "google" 58 59 60# Providers responsible for managing roles and users. 61# None, or an empty string, implies the user is managed by strongDM. 62class SCIMProvider: 63 NONE = "" 64 OKTA = "okta" 65 SAIL_POINT = "sailpoint" 66 AZURE = "azure" 67 GENERIC = "generic" 68 ONE_LOGIN = "onelogin" 69 GOOGLE = "google" 70 71 72# Providers responsible for SSO authentication. 73class AuthProvider: 74 AZURE = "azure" 75 BITIUM = "bitium" 76 GOOGLE = "google" 77 OKTA = "okta" 78 STRONG_DM = "strongdm" 79 ACTIVE_DIRECTORY = "active directory" 80 GENERIC_OIDC = "generic oidc" 81 ONE_LOGIN_OIDC = "oneloginv2" 82 KEYCLOAK = "keycloak" 83 SHIBBOLETH = "shibboleth" 84 AUTH_0 = "auth0" 85 WORKSPACE_ONE = "workspace one" 86 ONE_LOGIN_SAML = "onelogin-saml" 87 GENERIC_SAML = "generic-saml" 88 PING_IDSAML = "ping-identity-saml" 89 PING_IDOIDC = "ping-identity-oidc" 90 91 92# Providers responsible for multi-factor authentication 93class MFAProvider: 94 NONE = "" 95 DUO = "duo" 96 TOTP = "totp" 97 OKTA = "okta" 98 RSA = "rsa" 99 100 101# Activity Entities, all entity types that can be part of an activity. 102class ActivityEntityType: 103 USER = "user" 104 ROLE = "role" 105 LEGACY_COMPOSITE_ROLE = "composite_role" 106 DATASOURCE = "datasource" 107 ORGANIZATION = "organization" 108 INSTALLATION = "installation" 109 SECRET_STORE = "secretstore" 110 SECRET_ENGINE = "secretengine" 111 REMOTE_IDENTITY_GROUP = "remote_identity_group" 112 REMOTE_IDENTITY = "remote_identity" 113 IDENTITY_SET = "identity_set" 114 IDENTITY_ALIAS = "identity_alias" 115 ACCESS_REQUEST = "access_request" 116 WORKFLOW = "workflow" 117 APPROVAL_FLOW = "approval_flow" 118 APPROVAL_FLOW_STEP = "approval_flow_step" 119 APPROVAL_FLOW_APPROVER = "approval_flow_approver" 120 MANAGED_SECRET = "managed_secret" 121 NODE = "node" 122 PEERING_GROUP = "peering_group" 123 PEERING_GROUP_NODE = "peering_group_node" 124 PEERING_GROUP_RESOURCE = "peering_group_resource" 125 PEERING_GROUP_PEER = "peering_group_peer" 126 ORG_INTEGRATION = "org_integration" 127 CREDENTIAL = "credential" 128 CERTIFICATE_AUTHORITY = "certificate_authority" 129 POLICY = "policy" 130 PROXY_CLUSTER_KEY = "proxy_cluster_key" 131 132 133# Activity Verbs, describe which kind of activity has taken place. 134class ActivityVerb: 135 USER_ADDED = "user added" 136 USER_DELETED = "user deleted" 137 USER_UPDATED = "user updated" 138 USER_SIGNUP = "user signup" 139 USER_TYPE_CHANGED = "user type changed" 140 USER_PASSWORD_CHANGED = "user password changed" 141 USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted" 142 USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked" 143 USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired" 144 USER_ADDED_TO_ROLE = "user added to role" 145 USER_DELETED_FROM_ROLE = "user deleted from role" 146 USER_SUSPENDED = "user suspended" 147 USER_REINSTATED = "user reinstated" 148 USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI" 149 PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org" 150 USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client" 151 SERVICE_ACCOUNT_CREATED = "service account created" 152 SERVICE_ACCOUNT_EXPIRED = "service account expired" 153 ADMIN_TOKEN_ADDED = "admin token created" 154 ADMIN_TOKEN_DELETED = "admin token deleted" 155 ADMIN_TOKEN_EXPIRED = "admin token expired" 156 ADMIN_TOKEN_REKEYED = "admin token rekeyed" 157 ADMIN_TOKEN_CLONED = "admin token cloned" 158 ADMIN_TOKEN_SUSPENDED = "admin token suspended" 159 ADMIN_TOKEN_REINSTATED = "admin token reinstated" 160 SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO" 161 SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO" 162 USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client" 163 USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI" 164 FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI" 165 FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client" 166 MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI" 167 MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client" 168 TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts" 169 ATTEMPT_COUNTER_RESET = "failed login attempt counter reset" 170 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client" 171 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI" 172 SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI" 173 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI" 174 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client" 175 USER_SET_A_PASSWORD = "user set a password" 176 USER_RESET_A_PASSWORD = "user reset their password" 177 USER_CHANGED_PASSWORD = "user changed their password" 178 USER_INVITED = "user invited" 179 USER_CLICKED_INVITATION = "user clicked on their invitation" 180 USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset" 181 USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password" 182 USER_REQUIRE_SSO_LOGIN = "user required to login via SSO" 183 USER_PROVISIONING_ENABLED = "user provisioning enabled" 184 USER_PROVISIONING_DISABLED = "user provisioning disabled" 185 ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset" 186 ROLE_ADDED = "role added" 187 ROLE_DELETED = "role deleted" 188 ROLE_UPDATED = "role updated" 189 ROLE_ACCESS_RULES_UPDATED = "access rules updated" 190 ROLE_ACCESS_RULES_CREATED = "access rules created" 191 ROLE_ACCESS_RULES_DELETED = "access rules deleted" 192 ROLE_PROVISIONING_ENABLED = "role provisioning enabled" 193 ROLE_PROVISIONING_DISABLED = "role provisioning disabled" 194 DATASOURCE_ADDED = "datasource added" 195 DATASOURCE_CLONED = "datasource cloned" 196 DATASOURCE_DELETED = "datasource deleted" 197 DATASOURCE_UPDATED = "datasource updated" 198 DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden" 199 MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden" 200 SERVER_ADDED = "server added" 201 SERVER_CLONED = "server cloned" 202 SERVER_DELETED = "server deleted" 203 SERVER_UPDATED = "server updated" 204 SERVER_PORT_OVERRIDE = "server connection port overriden" 205 MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden" 206 CLUSTER_ADDED = "cluster added" 207 CLUSTER_CLONED = "cluster cloned" 208 CLUSTER_DELETED = "cluster deleted" 209 CLUSTER_UPDATED = "cluster updated" 210 CLUSTER_PORT_OVERRIDE = "cluster connection port overriden" 211 MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden" 212 CLOUD_ADDED = "cloud added" 213 CLOUD_CLONED = "cloud cloned" 214 CLOUD_DELETED = "cloud deleted" 215 CLOUD_UPDATED = "cloud updated" 216 WEBSITE_ADDED = "website added" 217 WEBSITE_CLONED = "website cloned" 218 WEBSITE_DELETED = "website deleted" 219 WEBSITE_UPDATED = "website updated" 220 INSTALLATION_CREATED = "installation created" 221 RELAY_INSTALLATION_CREATED = "installation created for relay" 222 INSTALLATION_APPROVED = "installation approved" 223 INSTALLATION_REVOKED = "installation revoked" 224 RELAY_CREATED = "relay created" 225 RELAY_UPDATED_NAME = "relay name updated" 226 RELAY_DELETED = "relay deleted" 227 ORG_PUBLIC_KEY_UPDATED = "public key updated" 228 ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated" 229 ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated" 230 ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated" 231 ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated" 232 ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated" 233 ORG_NAME_UPDATED = "organization name updated" 234 ORG_SETTING_UPDATED = "organization setting updated" 235 ORG_LOG_CONFIG_UPDATED = "organization logging configuration updated" 236 ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated" 237 ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated" 238 ORG_CREATED = "organization created" 239 ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set" 240 ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted" 241 ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set" 242 ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted" 243 CHILD_ORG_ADMIN_INVITED = "child organization admin invited" 244 SERVICE_ACCOUNT_REKEYED = "service account rekeyed" 245 SCIM_TOKEN_ADDED = "SCIM token created" 246 SCIM_TOKEN_DELETED = "SCIM token deleted" 247 SCIM_TOKEN_REKEYED = "SCIM token rekeyed" 248 API_KEY_DELETED = "API key deleted" 249 ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated" 250 ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding" 251 ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding" 252 ORG_ADD_CHILD = "add child organization" 253 ORG_REMOVE_CHILD = "remove child organization" 254 ORG_EXTEND_TRIAL = "trial extended" 255 SECRET_STORE_ADDED = "secret store added" 256 SECRET_STORE_UPDATED = "secret store updated" 257 SECRET_STORE_DELETED = "secret store deleted" 258 SECRET_ENGINE_ADDED = "secret engine added" 259 SECRET_ENGINE_UPDATED = "secret engine updated" 260 SECRET_ENGINE_ROTATED = "secret engine's credentials updated" 261 SECRET_ENGINE_DELETED = "secret engine deleted" 262 REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created" 263 REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated" 264 REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted" 265 IDENTITY_SET_CREATED = "identity set created" 266 IDENTITY_SET_UPDATED = "identity set updated" 267 IDENTITY_SET_DELETED = "identity set deleted" 268 IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled" 269 IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled" 270 REMOTE_IDENTITY_CREATED = "remote identity created" 271 REMOTE_IDENTITY_UPDATED = "remote identity updated" 272 REMOTE_IDENTITY_DELETED = "remote identity deleted" 273 IDENTITY_ALIAS_CREATED = "identity alias created" 274 IDENTITY_ALIAS_UPDATED = "identity alias updated" 275 IDENTITY_ALIAS_DELETED = "identity alias deleted" 276 IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled" 277 IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled" 278 ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource" 279 ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added" 280 ACCESS_REQUEST_TO_RESOURCE_STEP_SKIPPED = "access request to resource step skipped" 281 ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled" 282 ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied" 283 ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out" 284 ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted" 285 ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically" 286 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = "access request to resource approved via ServiceNow" 287 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = "access request to resource approved via Jira" 288 WORKFLOW_DELETED = "workflow deleted" 289 WORKFLOW_ADDED = "workflow added" 290 DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow" 291 DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow" 292 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow" 293 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow" 294 DEPRECATED_WORKFLOW_APPROVERS_UPDATED = "workflow approvers updated" 295 DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = "workflow auto grant updated" 296 DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = "workflow approval criteria updated" 297 WORKFLOW_ROLES_UPDATED = "workflow roles updated" 298 WORKFLOW_NAME_UPDATED = "workflow name updated" 299 WORKFLOW_DESCRIPTION_UPDATED = "workflow description updated" 300 WORKFLOW_REQUIRES_REASON_UPDATED = "workflow requires reason updated" 301 WORKFLOW_SETTINGS_UPDATED = "workflow settings updated" 302 WORKFLOW_ACCESS_RULES_UPDATED = "workflow access rules updated" 303 WORKFLOW_ACCESS_RULES_DELETED = "workflow access rules deleted" 304 WORKFLOW_ACCESS_RULES_CREATED = "workflow access rules created" 305 WORKFLOW_ENABLED = "workflow enabled" 306 WORKFLOW_DISABLED = "workflow disabled" 307 APPROVAL_FLOW_ADDED = "approval workflow added" 308 APPROVAL_FLOW_DELETED = "approval workflow deleted" 309 APPROVAL_FLOW_UPDATED = "approval workflow updated" 310 APPROVAL_FLOW_STEP_ADDED = "approval workflow step added" 311 APPROVAL_FLOW_STEP_DELETED = "approval workflow step deleted" 312 APPROVAL_FLOW_STEP_UPDATED = "approval workflow step updated" 313 APPROVAL_FLOW_APPROVER_ADDED = "approval workflow approver added" 314 APPROVAL_FLOW_APPROVER_DELETED = "approval workflow approver deleted" 315 ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated" 316 ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet" 317 DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval" 318 DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval" 319 EMULATION_MIGRATION_COMPLETED = "emulation migration completed" 320 ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed" 321 ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers" 322 TOTP_ENROLLMENT_ADDED = "user enrolled a totp device" 323 TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment" 324 SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI" 325 RESOURCE_LOCKED = "user locked a resource" 326 RESOURCE_UNLOCKED = "user unlocked a resource" 327 RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource" 328 CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings" 329 PEERING_GROUP_TOGGLED = "peering group toggled" 330 PEERING_GROUP_CREATED = "peering group created" 331 PEERING_GROUP_DELETED = "peering group deleted" 332 PEERING_GROUP_LINKED = "peering groups linked" 333 PEERING_GROUP_UNLINKED = "peering groups unlinked" 334 PEERING_GROUP_ATTACHED = "entity attached to peering group" 335 PEERING_GROUP_DETACHED = "entity detached from peering group" 336 ORG_INTEGRATION_INSTALLED = "org integration installed" 337 USER_INTEGRATION_AUTHORIZED = "user authorized integration" 338 ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled" 339 USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration" 340 SERVICE_NOW_TOKEN_ADDED = "ServiceNow token created" 341 SERVICE_NOW_TOKEN_DELETED = "ServiceNow token deleted" 342 CREDENTIAL_CREATED = "credential created" 343 CREDENTIAL_DELETED = "credential deleted" 344 CERTIFICATE_AUTHORITY_UPDATED = "certificate authority updated" 345 POLICY_CREATED = "policy created" 346 POLICY_UPDATED = "policy updated" 347 POLICY_DELETED = "policy deleted" 348 AUTHENTICATION_REVOKED_BY_POLICY = "authentication revoked by policy" 349 PROXY_CLUSTER_KEY_CREATED = "proxy cluster key created" 350 PROXY_CLUSTER_KEY_DELETED = "proxy cluster key deleted" 351 MANAGED_SECRET_CREATED = "managed secret created" 352 MANAGED_SECRET_UPDATED = "managed secret updated" 353 MANAGED_SECRET_EXPIRATION_TIME_UPDATED = "managed secret expiration time updated" 354 MANAGED_SECRET_CONFIG_UPDATED = "managed secret config updated" 355 MANAGED_SECRET_DELETED = "managed secret deleted" 356 357 358# Permissions, all permissions that may be granted to an account. 359class Permission: 360 GROUP_READ = "group:read" 361 GROUP_WRITE = "group:write" 362 GROUP_ROLE_READ = "grouprole:read" 363 GROUP_ROLE_WRITE = "grouprole:write" 364 ACCOUNT_GROUP_READ = "accountgroup:read" 365 ACCOUNT_GROUP_WRITE = "accountgroup:write" 366 RELAY_LIST = "relay:list" 367 RELAY_CREATE = "relay:create" 368 DATASOURCE_LIST = "datasource:list" 369 DATASOURCE_CREATE = "datasource:create" 370 DATASOURCE_HEALTHCHECK = "datasource:healthcheck" 371 DEPRECATED_DATASOURCE_GRANT = "datasource:grant" 372 DATASOURCE_DELETE = "datasource:delete" 373 DATASOURCE_UPDATE = "datasource:update" 374 RESOURCE_LOCK_DELETE = "resourcelock:delete" 375 RESOURCE_LOCK_LIST = "resourcelock:list" 376 SECRET_ENGINE_CREATE = "secretengine:create" 377 SECRET_ENGINE_LIST = "secretengine:list" 378 SECRET_ENGINE_DELETE = "secretengine:delete" 379 SECRET_ENGINE_UPDATE = "secretengine:update" 380 SECRET_ENGINE_STATUS = "secretengine:status" 381 SECRET_STORE_CREATE = "secretstore:create" 382 SECRET_STORE_LIST = "secretstore:list" 383 SECRET_STORE_DELETE = "secretstore:delete" 384 SECRET_STORE_UPDATE = "secretstore:update" 385 SECRET_STORE_STATUS = "secretstore:status" 386 REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write" 387 REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read" 388 REMOTE_IDENTITY_WRITE = "remoteidentity:write" 389 REMOTE_IDENTITY_READ = "remoteidentity:read" 390 USER_CREATE = "user:create" 391 USER_LIST = "user:list" 392 USER_UPDATE_ADMIN = "user:update_admin" 393 USER_CREATE_ADMIN_TOKEN = "user:create_admin_token" 394 USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account" 395 USER_SET_PERMISSION_LEVEL = "user:set_strong_role" 396 USER_UPDATE = "user:update" 397 USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset" 398 USER_DELETE = "user:delete" 399 USER_ASSIGN = "user:assign" 400 USER_SUSPEND = "user:suspend" 401 USER_SET_PASSWORD = "user:set_password" 402 ROLE_LIST = "role:list" 403 ROLE_CREATE = "role:create" 404 ROLE_DELETE = "role:delete" 405 ROLE_UPDATE = "role:update" 406 ORG_VIEW_SETTINGS = "organization:view_settings" 407 ORG_EDIT_SETTINGS = "organization:edit_settings" 408 ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor" 409 ORG_LIST_CHILDREN = "organization:list_children" 410 ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization" 411 ORG_AUDIT_USERS = "audit:users" 412 ORG_AUDIT_ROLES = "audit:roles" 413 ORG_AUDIT_DATASOURCES = "audit:datasources" 414 ORG_AUDIT_NODES = "audit:nodes" 415 ORG_AUDIT_PERMISSIONS = "audit:permissions" 416 ORG_AUDIT_QUERIES = "audit:queries" 417 ORG_AUDIT_ACTIVITIES = "audit:activities" 418 ORG_AUDIT_SSH = "audit:ssh" 419 ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants" 420 ORG_AUDIT_ORG = "audit:organization" 421 ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities" 422 ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups" 423 ORG_AUDIT_SECRET_ENGINES = "audit:secretengines" 424 ORG_AUDIT_SECRET_STORES = "audit:secretstores" 425 ORG_AUDIT_WORKFLOWS = "audit:workflows" 426 ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows" 427 ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests" 428 ORG_AUDIT_POLICIES = "audit:policies" 429 ORG_AUDIT_GROUPS = "audit:groups" 430 WORKFLOW_LIST = "workflow:list" 431 WORKFLOW_EDIT = "workflow:edit" 432 ACCESS_REQUEST_LIST = "accessrequest:list" 433 ACCESS_REQUEST_REQUESTER = "accessrequest:requester" 434 APPROVAL_FLOW_EDIT = "approvalflow:edit" 435 APPROVAL_FLOW_LIST = "approvalflow:list" 436 INSTALLATION_BLESS = "installation:bless" 437 INSTALLATION_CREATE = "installation:create" 438 INSTALLATION_REVOKE = "installation:revoke" 439 TESTING_ORG_CREATE = "testing:organization:create" 440 TESTING_ORG_DELETE = "testing:organization:delete" 441 TESTING_NO_PERMISSIONS = "testing:noperms" 442 TESTING_FETCH_QUERIES = "testing:queries:get" 443 GRANT_READ = "grant:read" 444 GRANT_WRITE = "grant:write" 445 REPORT_READ = "report:read" 446 BILLING_READ = "billing:read" 447 CREDENTIAL_READ = "credential:read" 448 CREDENTIAL_WRITE = "credential:write" 449 POLICY_READ = "policy:read" 450 POLICY_WRITE = "policy:write" 451 MANAGED_SECRET_CREATE = "managedsecret:create" 452 MANAGED_SECRET_LIST = "managedsecret:list" 453 MANAGED_SECRET_DELETE = "managedsecret:delete" 454 MANAGED_SECRET_UPDATE = "managedsecret:update" 455 MANAGED_SECRET_READ = "managedsecret:read" 456 457 458# Query Categories, all the categories of resource against which queries are logged. 459class QueryCategory: 460 KUBERNETES = "k8s" 461 DATASOURCES = "queries" 462 RDP = "rdp" 463 SSH = "ssh" 464 WEB = "web" 465 CLOUD = "cloud" 466 ALL = "all" 467 468 469# LogRemoteEncoder defines the encryption encoder for the queries are stored in the API. 470class LogRemoteEncoder: 471 STRONG_DM = "strongdm" 472 PUB_KEY = "pubkey" 473 HASH = "hash" 474 475 476# LogLocalStorage defines how queries are stored locally. 477class LogLocalStorage: 478 STDOUT = "stdout" 479 FILE = "file" 480 TCP = "tcp" 481 SOCKET = "socket" 482 SYSLOG = "syslog" 483 NONE = "none" 484 485 486# LogLocalEncoder defines the encryption encoder for queries are stored locally in the relay. 487class LogLocalEncoder: 488 PLAINTEXT = "plaintext" 489 PUB_KEY = "pubkey" 490 491 492# LogLocalFormat defines the format the queries are stored locally in the relay. 493class LogLocalFormat: 494 CSV = "csv" 495 JSON = "json" 496 497 498# OrgKind defines the types of organizations that may exist. 499class OrgKind: 500 SOLO = "solo" 501 ROOT = "root" 502 CHILD = "child" 503 504 505# KeyType defines the supported SSH key types 506class SSHKeyType: 507 RSA_2048 = "rsa-2048" 508 RSA_4096 = "rsa-4096" 509 ECDSA_256 = "ecdsa-256" 510 ECDSA_384 = "ecdsa-384" 511 ECDSA_521 = "ecdsa-521" 512 ED_25519 = "ed25519" 513 514 515# CaptureType designates what type of SSH/RDP/K8s capture we have. 516class CaptureType: 517 SHELL = "shell" 518 SCP_UPLOAD = "scp-upload" 519 SCP_DOWNLOAD = "scp-download" 520 COMMAND = "command" 521 RDP_BASIC = "rdp-basic" 522 RDP_ENHANCED = "rdp-enhanced" 523 K_8_S_EXEC = "k8s-exec" 524 K_8_S_EXEC_TTY = "k8s-execTTY" 525 K_8_S_PORT_FORWARD = "k8s-portForward" 526 K_8_SCP_UPLOAD = "k8s-cp-upload" 527 K_8_SCP_DOWNLOAD = "k8s-cp-download" 528 K_8_S_DESCRIBE = "k8s-describe" 529 K_8_S_GET = "k8s-get" 530 K_8_S_DELETE = "k8s-delete" 531 K_8_S_GENERIC = "k8s-generic" 532 K_8_S_APPLY = "k8s-apply" 533 SSH_PORT_FORWARD = "ssh-portForward" 534 535 536# Providers responsible for device trust enforcement 537class DeviceTrustProvider: 538 NONE = "" 539 SENTINEL_ONE = "sentinelone" 540 CROWD_STRIKE = "crowdstrike" 541 MICROSOFT_DEFENDER = "microsoftdefender" 542 DUO = "duo" 543 544 545# APIHost defines the API host for various control planes. 546class APIHost: 547 US = "app.strongdm.com:443" 548 UK = "app.uk.strongdm.com:443" 549 EU = "app.eu.strongdm.com:443" 550 551 552# ApproverReference defines the type for approver references. 553class ApproverReference: 554 NONE = "" 555 MANAGER_OF_REQUESTER = "manager-of-requester" 556 MANAGER_OF_MANAGER_OF_REQUESTER = "manager-of-manager-of-requester" 557 558 559# ResourceIPAllocationMode defines how to allocate IP addresses on resource create and update. 560class ResourceIPAllocationMode: 561 UNSET = "" 562 DEFAULT = "default" 563 LOOPBACK = "loopback" 564 VNM = "vnm"
class
PermissionLevel:
20class PermissionLevel: 21 ROOT_ADMIN = "root-admin" 22 ADMIN = "admin" 23 DATABASE_ADMIN = "database-admin" 24 DATABASE_OPERATOR = "database-operator" 25 TEAM_LEADER = "multi-team-leader" 26 USER = "user" 27 AUDITOR = "auditor" 28 RELAY = "relay" 29 ADMIN_TOKEN = "admin-token" 30 SCIM_TOKEN = "scim-token" 31 SERVICE_NOW_TOKEN = "servicenow-token" 32 SERVICE = "service" 33 SUSPENDED = "suspended" 34 EMPTY = ""
class
NodeState:
class
Provider:
class
SCIMProvider:
class
AuthProvider:
74class AuthProvider: 75 AZURE = "azure" 76 BITIUM = "bitium" 77 GOOGLE = "google" 78 OKTA = "okta" 79 STRONG_DM = "strongdm" 80 ACTIVE_DIRECTORY = "active directory" 81 GENERIC_OIDC = "generic oidc" 82 ONE_LOGIN_OIDC = "oneloginv2" 83 KEYCLOAK = "keycloak" 84 SHIBBOLETH = "shibboleth" 85 AUTH_0 = "auth0" 86 WORKSPACE_ONE = "workspace one" 87 ONE_LOGIN_SAML = "onelogin-saml" 88 GENERIC_SAML = "generic-saml" 89 PING_IDSAML = "ping-identity-saml" 90 PING_IDOIDC = "ping-identity-oidc"
class
MFAProvider:
class
ActivityEntityType:
103class ActivityEntityType: 104 USER = "user" 105 ROLE = "role" 106 LEGACY_COMPOSITE_ROLE = "composite_role" 107 DATASOURCE = "datasource" 108 ORGANIZATION = "organization" 109 INSTALLATION = "installation" 110 SECRET_STORE = "secretstore" 111 SECRET_ENGINE = "secretengine" 112 REMOTE_IDENTITY_GROUP = "remote_identity_group" 113 REMOTE_IDENTITY = "remote_identity" 114 IDENTITY_SET = "identity_set" 115 IDENTITY_ALIAS = "identity_alias" 116 ACCESS_REQUEST = "access_request" 117 WORKFLOW = "workflow" 118 APPROVAL_FLOW = "approval_flow" 119 APPROVAL_FLOW_STEP = "approval_flow_step" 120 APPROVAL_FLOW_APPROVER = "approval_flow_approver" 121 MANAGED_SECRET = "managed_secret" 122 NODE = "node" 123 PEERING_GROUP = "peering_group" 124 PEERING_GROUP_NODE = "peering_group_node" 125 PEERING_GROUP_RESOURCE = "peering_group_resource" 126 PEERING_GROUP_PEER = "peering_group_peer" 127 ORG_INTEGRATION = "org_integration" 128 CREDENTIAL = "credential" 129 CERTIFICATE_AUTHORITY = "certificate_authority" 130 POLICY = "policy" 131 PROXY_CLUSTER_KEY = "proxy_cluster_key"
class
ActivityVerb:
135class ActivityVerb: 136 USER_ADDED = "user added" 137 USER_DELETED = "user deleted" 138 USER_UPDATED = "user updated" 139 USER_SIGNUP = "user signup" 140 USER_TYPE_CHANGED = "user type changed" 141 USER_PASSWORD_CHANGED = "user password changed" 142 USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted" 143 USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked" 144 USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired" 145 USER_ADDED_TO_ROLE = "user added to role" 146 USER_DELETED_FROM_ROLE = "user deleted from role" 147 USER_SUSPENDED = "user suspended" 148 USER_REINSTATED = "user reinstated" 149 USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI" 150 PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org" 151 USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client" 152 SERVICE_ACCOUNT_CREATED = "service account created" 153 SERVICE_ACCOUNT_EXPIRED = "service account expired" 154 ADMIN_TOKEN_ADDED = "admin token created" 155 ADMIN_TOKEN_DELETED = "admin token deleted" 156 ADMIN_TOKEN_EXPIRED = "admin token expired" 157 ADMIN_TOKEN_REKEYED = "admin token rekeyed" 158 ADMIN_TOKEN_CLONED = "admin token cloned" 159 ADMIN_TOKEN_SUSPENDED = "admin token suspended" 160 ADMIN_TOKEN_REINSTATED = "admin token reinstated" 161 SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO" 162 SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO" 163 USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client" 164 USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI" 165 FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI" 166 FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client" 167 MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI" 168 MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client" 169 TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts" 170 ATTEMPT_COUNTER_RESET = "failed login attempt counter reset" 171 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client" 172 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI" 173 SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI" 174 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI" 175 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client" 176 USER_SET_A_PASSWORD = "user set a password" 177 USER_RESET_A_PASSWORD = "user reset their password" 178 USER_CHANGED_PASSWORD = "user changed their password" 179 USER_INVITED = "user invited" 180 USER_CLICKED_INVITATION = "user clicked on their invitation" 181 USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset" 182 USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password" 183 USER_REQUIRE_SSO_LOGIN = "user required to login via SSO" 184 USER_PROVISIONING_ENABLED = "user provisioning enabled" 185 USER_PROVISIONING_DISABLED = "user provisioning disabled" 186 ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset" 187 ROLE_ADDED = "role added" 188 ROLE_DELETED = "role deleted" 189 ROLE_UPDATED = "role updated" 190 ROLE_ACCESS_RULES_UPDATED = "access rules updated" 191 ROLE_ACCESS_RULES_CREATED = "access rules created" 192 ROLE_ACCESS_RULES_DELETED = "access rules deleted" 193 ROLE_PROVISIONING_ENABLED = "role provisioning enabled" 194 ROLE_PROVISIONING_DISABLED = "role provisioning disabled" 195 DATASOURCE_ADDED = "datasource added" 196 DATASOURCE_CLONED = "datasource cloned" 197 DATASOURCE_DELETED = "datasource deleted" 198 DATASOURCE_UPDATED = "datasource updated" 199 DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden" 200 MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden" 201 SERVER_ADDED = "server added" 202 SERVER_CLONED = "server cloned" 203 SERVER_DELETED = "server deleted" 204 SERVER_UPDATED = "server updated" 205 SERVER_PORT_OVERRIDE = "server connection port overriden" 206 MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden" 207 CLUSTER_ADDED = "cluster added" 208 CLUSTER_CLONED = "cluster cloned" 209 CLUSTER_DELETED = "cluster deleted" 210 CLUSTER_UPDATED = "cluster updated" 211 CLUSTER_PORT_OVERRIDE = "cluster connection port overriden" 212 MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden" 213 CLOUD_ADDED = "cloud added" 214 CLOUD_CLONED = "cloud cloned" 215 CLOUD_DELETED = "cloud deleted" 216 CLOUD_UPDATED = "cloud updated" 217 WEBSITE_ADDED = "website added" 218 WEBSITE_CLONED = "website cloned" 219 WEBSITE_DELETED = "website deleted" 220 WEBSITE_UPDATED = "website updated" 221 INSTALLATION_CREATED = "installation created" 222 RELAY_INSTALLATION_CREATED = "installation created for relay" 223 INSTALLATION_APPROVED = "installation approved" 224 INSTALLATION_REVOKED = "installation revoked" 225 RELAY_CREATED = "relay created" 226 RELAY_UPDATED_NAME = "relay name updated" 227 RELAY_DELETED = "relay deleted" 228 ORG_PUBLIC_KEY_UPDATED = "public key updated" 229 ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated" 230 ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated" 231 ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated" 232 ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated" 233 ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated" 234 ORG_NAME_UPDATED = "organization name updated" 235 ORG_SETTING_UPDATED = "organization setting updated" 236 ORG_LOG_CONFIG_UPDATED = "organization logging configuration updated" 237 ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated" 238 ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated" 239 ORG_CREATED = "organization created" 240 ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set" 241 ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted" 242 ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set" 243 ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted" 244 CHILD_ORG_ADMIN_INVITED = "child organization admin invited" 245 SERVICE_ACCOUNT_REKEYED = "service account rekeyed" 246 SCIM_TOKEN_ADDED = "SCIM token created" 247 SCIM_TOKEN_DELETED = "SCIM token deleted" 248 SCIM_TOKEN_REKEYED = "SCIM token rekeyed" 249 API_KEY_DELETED = "API key deleted" 250 ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated" 251 ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding" 252 ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding" 253 ORG_ADD_CHILD = "add child organization" 254 ORG_REMOVE_CHILD = "remove child organization" 255 ORG_EXTEND_TRIAL = "trial extended" 256 SECRET_STORE_ADDED = "secret store added" 257 SECRET_STORE_UPDATED = "secret store updated" 258 SECRET_STORE_DELETED = "secret store deleted" 259 SECRET_ENGINE_ADDED = "secret engine added" 260 SECRET_ENGINE_UPDATED = "secret engine updated" 261 SECRET_ENGINE_ROTATED = "secret engine's credentials updated" 262 SECRET_ENGINE_DELETED = "secret engine deleted" 263 REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created" 264 REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated" 265 REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted" 266 IDENTITY_SET_CREATED = "identity set created" 267 IDENTITY_SET_UPDATED = "identity set updated" 268 IDENTITY_SET_DELETED = "identity set deleted" 269 IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled" 270 IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled" 271 REMOTE_IDENTITY_CREATED = "remote identity created" 272 REMOTE_IDENTITY_UPDATED = "remote identity updated" 273 REMOTE_IDENTITY_DELETED = "remote identity deleted" 274 IDENTITY_ALIAS_CREATED = "identity alias created" 275 IDENTITY_ALIAS_UPDATED = "identity alias updated" 276 IDENTITY_ALIAS_DELETED = "identity alias deleted" 277 IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled" 278 IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled" 279 ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource" 280 ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added" 281 ACCESS_REQUEST_TO_RESOURCE_STEP_SKIPPED = "access request to resource step skipped" 282 ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled" 283 ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied" 284 ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out" 285 ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted" 286 ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically" 287 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = "access request to resource approved via ServiceNow" 288 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = "access request to resource approved via Jira" 289 WORKFLOW_DELETED = "workflow deleted" 290 WORKFLOW_ADDED = "workflow added" 291 DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow" 292 DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow" 293 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow" 294 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow" 295 DEPRECATED_WORKFLOW_APPROVERS_UPDATED = "workflow approvers updated" 296 DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = "workflow auto grant updated" 297 DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = "workflow approval criteria updated" 298 WORKFLOW_ROLES_UPDATED = "workflow roles updated" 299 WORKFLOW_NAME_UPDATED = "workflow name updated" 300 WORKFLOW_DESCRIPTION_UPDATED = "workflow description updated" 301 WORKFLOW_REQUIRES_REASON_UPDATED = "workflow requires reason updated" 302 WORKFLOW_SETTINGS_UPDATED = "workflow settings updated" 303 WORKFLOW_ACCESS_RULES_UPDATED = "workflow access rules updated" 304 WORKFLOW_ACCESS_RULES_DELETED = "workflow access rules deleted" 305 WORKFLOW_ACCESS_RULES_CREATED = "workflow access rules created" 306 WORKFLOW_ENABLED = "workflow enabled" 307 WORKFLOW_DISABLED = "workflow disabled" 308 APPROVAL_FLOW_ADDED = "approval workflow added" 309 APPROVAL_FLOW_DELETED = "approval workflow deleted" 310 APPROVAL_FLOW_UPDATED = "approval workflow updated" 311 APPROVAL_FLOW_STEP_ADDED = "approval workflow step added" 312 APPROVAL_FLOW_STEP_DELETED = "approval workflow step deleted" 313 APPROVAL_FLOW_STEP_UPDATED = "approval workflow step updated" 314 APPROVAL_FLOW_APPROVER_ADDED = "approval workflow approver added" 315 APPROVAL_FLOW_APPROVER_DELETED = "approval workflow approver deleted" 316 ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated" 317 ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet" 318 DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval" 319 DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval" 320 EMULATION_MIGRATION_COMPLETED = "emulation migration completed" 321 ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed" 322 ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers" 323 TOTP_ENROLLMENT_ADDED = "user enrolled a totp device" 324 TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment" 325 SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI" 326 RESOURCE_LOCKED = "user locked a resource" 327 RESOURCE_UNLOCKED = "user unlocked a resource" 328 RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource" 329 CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings" 330 PEERING_GROUP_TOGGLED = "peering group toggled" 331 PEERING_GROUP_CREATED = "peering group created" 332 PEERING_GROUP_DELETED = "peering group deleted" 333 PEERING_GROUP_LINKED = "peering groups linked" 334 PEERING_GROUP_UNLINKED = "peering groups unlinked" 335 PEERING_GROUP_ATTACHED = "entity attached to peering group" 336 PEERING_GROUP_DETACHED = "entity detached from peering group" 337 ORG_INTEGRATION_INSTALLED = "org integration installed" 338 USER_INTEGRATION_AUTHORIZED = "user authorized integration" 339 ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled" 340 USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration" 341 SERVICE_NOW_TOKEN_ADDED = "ServiceNow token created" 342 SERVICE_NOW_TOKEN_DELETED = "ServiceNow token deleted" 343 CREDENTIAL_CREATED = "credential created" 344 CREDENTIAL_DELETED = "credential deleted" 345 CERTIFICATE_AUTHORITY_UPDATED = "certificate authority updated" 346 POLICY_CREATED = "policy created" 347 POLICY_UPDATED = "policy updated" 348 POLICY_DELETED = "policy deleted" 349 AUTHENTICATION_REVOKED_BY_POLICY = "authentication revoked by policy" 350 PROXY_CLUSTER_KEY_CREATED = "proxy cluster key created" 351 PROXY_CLUSTER_KEY_DELETED = "proxy cluster key deleted" 352 MANAGED_SECRET_CREATED = "managed secret created" 353 MANAGED_SECRET_UPDATED = "managed secret updated" 354 MANAGED_SECRET_EXPIRATION_TIME_UPDATED = "managed secret expiration time updated" 355 MANAGED_SECRET_CONFIG_UPDATED = "managed secret config updated" 356 MANAGED_SECRET_DELETED = "managed secret deleted"
SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended user from the local client'
SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a suspended service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended service account from the local client'
ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = 'access request to resource granted automatically'
ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = 'access request to resource approved via ServiceNow'
SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = 'attempt to enroll by a suspended user from the Admin UI'
class
Permission:
360class Permission: 361 GROUP_READ = "group:read" 362 GROUP_WRITE = "group:write" 363 GROUP_ROLE_READ = "grouprole:read" 364 GROUP_ROLE_WRITE = "grouprole:write" 365 ACCOUNT_GROUP_READ = "accountgroup:read" 366 ACCOUNT_GROUP_WRITE = "accountgroup:write" 367 RELAY_LIST = "relay:list" 368 RELAY_CREATE = "relay:create" 369 DATASOURCE_LIST = "datasource:list" 370 DATASOURCE_CREATE = "datasource:create" 371 DATASOURCE_HEALTHCHECK = "datasource:healthcheck" 372 DEPRECATED_DATASOURCE_GRANT = "datasource:grant" 373 DATASOURCE_DELETE = "datasource:delete" 374 DATASOURCE_UPDATE = "datasource:update" 375 RESOURCE_LOCK_DELETE = "resourcelock:delete" 376 RESOURCE_LOCK_LIST = "resourcelock:list" 377 SECRET_ENGINE_CREATE = "secretengine:create" 378 SECRET_ENGINE_LIST = "secretengine:list" 379 SECRET_ENGINE_DELETE = "secretengine:delete" 380 SECRET_ENGINE_UPDATE = "secretengine:update" 381 SECRET_ENGINE_STATUS = "secretengine:status" 382 SECRET_STORE_CREATE = "secretstore:create" 383 SECRET_STORE_LIST = "secretstore:list" 384 SECRET_STORE_DELETE = "secretstore:delete" 385 SECRET_STORE_UPDATE = "secretstore:update" 386 SECRET_STORE_STATUS = "secretstore:status" 387 REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write" 388 REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read" 389 REMOTE_IDENTITY_WRITE = "remoteidentity:write" 390 REMOTE_IDENTITY_READ = "remoteidentity:read" 391 USER_CREATE = "user:create" 392 USER_LIST = "user:list" 393 USER_UPDATE_ADMIN = "user:update_admin" 394 USER_CREATE_ADMIN_TOKEN = "user:create_admin_token" 395 USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account" 396 USER_SET_PERMISSION_LEVEL = "user:set_strong_role" 397 USER_UPDATE = "user:update" 398 USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset" 399 USER_DELETE = "user:delete" 400 USER_ASSIGN = "user:assign" 401 USER_SUSPEND = "user:suspend" 402 USER_SET_PASSWORD = "user:set_password" 403 ROLE_LIST = "role:list" 404 ROLE_CREATE = "role:create" 405 ROLE_DELETE = "role:delete" 406 ROLE_UPDATE = "role:update" 407 ORG_VIEW_SETTINGS = "organization:view_settings" 408 ORG_EDIT_SETTINGS = "organization:edit_settings" 409 ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor" 410 ORG_LIST_CHILDREN = "organization:list_children" 411 ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization" 412 ORG_AUDIT_USERS = "audit:users" 413 ORG_AUDIT_ROLES = "audit:roles" 414 ORG_AUDIT_DATASOURCES = "audit:datasources" 415 ORG_AUDIT_NODES = "audit:nodes" 416 ORG_AUDIT_PERMISSIONS = "audit:permissions" 417 ORG_AUDIT_QUERIES = "audit:queries" 418 ORG_AUDIT_ACTIVITIES = "audit:activities" 419 ORG_AUDIT_SSH = "audit:ssh" 420 ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants" 421 ORG_AUDIT_ORG = "audit:organization" 422 ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities" 423 ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups" 424 ORG_AUDIT_SECRET_ENGINES = "audit:secretengines" 425 ORG_AUDIT_SECRET_STORES = "audit:secretstores" 426 ORG_AUDIT_WORKFLOWS = "audit:workflows" 427 ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows" 428 ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests" 429 ORG_AUDIT_POLICIES = "audit:policies" 430 ORG_AUDIT_GROUPS = "audit:groups" 431 WORKFLOW_LIST = "workflow:list" 432 WORKFLOW_EDIT = "workflow:edit" 433 ACCESS_REQUEST_LIST = "accessrequest:list" 434 ACCESS_REQUEST_REQUESTER = "accessrequest:requester" 435 APPROVAL_FLOW_EDIT = "approvalflow:edit" 436 APPROVAL_FLOW_LIST = "approvalflow:list" 437 INSTALLATION_BLESS = "installation:bless" 438 INSTALLATION_CREATE = "installation:create" 439 INSTALLATION_REVOKE = "installation:revoke" 440 TESTING_ORG_CREATE = "testing:organization:create" 441 TESTING_ORG_DELETE = "testing:organization:delete" 442 TESTING_NO_PERMISSIONS = "testing:noperms" 443 TESTING_FETCH_QUERIES = "testing:queries:get" 444 GRANT_READ = "grant:read" 445 GRANT_WRITE = "grant:write" 446 REPORT_READ = "report:read" 447 BILLING_READ = "billing:read" 448 CREDENTIAL_READ = "credential:read" 449 CREDENTIAL_WRITE = "credential:write" 450 POLICY_READ = "policy:read" 451 POLICY_WRITE = "policy:write" 452 MANAGED_SECRET_CREATE = "managedsecret:create" 453 MANAGED_SECRET_LIST = "managedsecret:list" 454 MANAGED_SECRET_DELETE = "managedsecret:delete" 455 MANAGED_SECRET_UPDATE = "managedsecret:update" 456 MANAGED_SECRET_READ = "managedsecret:read"
class
QueryCategory:
class
LogRemoteEncoder:
class
LogLocalStorage:
class
LogLocalEncoder:
class
LogLocalFormat:
class
OrgKind:
class
SSHKeyType:
class
CaptureType:
517class CaptureType: 518 SHELL = "shell" 519 SCP_UPLOAD = "scp-upload" 520 SCP_DOWNLOAD = "scp-download" 521 COMMAND = "command" 522 RDP_BASIC = "rdp-basic" 523 RDP_ENHANCED = "rdp-enhanced" 524 K_8_S_EXEC = "k8s-exec" 525 K_8_S_EXEC_TTY = "k8s-execTTY" 526 K_8_S_PORT_FORWARD = "k8s-portForward" 527 K_8_SCP_UPLOAD = "k8s-cp-upload" 528 K_8_SCP_DOWNLOAD = "k8s-cp-download" 529 K_8_S_DESCRIBE = "k8s-describe" 530 K_8_S_GET = "k8s-get" 531 K_8_S_DELETE = "k8s-delete" 532 K_8_S_GENERIC = "k8s-generic" 533 K_8_S_APPLY = "k8s-apply" 534 SSH_PORT_FORWARD = "ssh-portForward"
class
DeviceTrustProvider:
class
APIHost:
class
ApproverReference:
class
ResourceIPAllocationMode: