strongdm.constants
1# Copyright 2020 StrongDM Inc 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14# 15# @internal Code generated by constgen. DO NOT EDIT. 16 17 18# Permission Levels, shared by all entities capable of making authenticated requests against StrongDM. 19class PermissionLevel: 20 ROOT_ADMIN = "root-admin" 21 ADMIN = "admin" 22 DATABASE_ADMIN = "database-admin" 23 TEAM_LEADER = "multi-team-leader" 24 USER = "user" 25 AUDITOR = "auditor" 26 RELAY = "relay" 27 ADMIN_TOKEN = "admin-token" 28 SCIM_TOKEN = "scim-token" 29 SERVICE_NOW_TOKEN = "servicenow-token" 30 SERVICE = "service" 31 SUSPENDED = "suspended" 32 EMPTY = "" 33 34 35# Node Lifecycle States, defining whether a node was last reported online, offline, restarting, etc. 36class NodeState: 37 NEW = "new" 38 VERIFYING_RESTART = "verifying_restart" 39 AWAITING_RESTART = "awaiting_restart" 40 RESTARTING = "restarting" 41 STARTED = "started" 42 STOPPED = "stopped" 43 DEAD = "dead" 44 45 46# Providers responsible for managing roles and users. 47# None, or an empty string, implies the user is managed by strongDM. 48# Deprecated: Please use SCIMProvider instead. 49class Provider: 50 NONE = "" 51 OKTA = "okta" 52 SAIL_POINT = "sailpoint" 53 AZURE = "azure" 54 GENERIC = "generic" 55 ONE_LOGIN = "onelogin" 56 GOOGLE = "google" 57 58 59# Providers responsible for managing roles and users. 60# None, or an empty string, implies the user is managed by strongDM. 61class SCIMProvider: 62 NONE = "" 63 OKTA = "okta" 64 SAIL_POINT = "sailpoint" 65 AZURE = "azure" 66 GENERIC = "generic" 67 ONE_LOGIN = "onelogin" 68 GOOGLE = "google" 69 70 71# Providers responsible for SSO authentication. 72class AuthProvider: 73 AZURE = "azure" 74 BITIUM = "bitium" 75 GOOGLE = "google" 76 OKTA = "okta" 77 STRONG_DM = "strongdm" 78 ACTIVE_DIRECTORY = "active directory" 79 GENERIC_OIDC = "generic oidc" 80 ONE_LOGIN_OIDC = "oneloginv2" 81 KEYCLOAK = "keycloak" 82 SHIBBOLETH = "shibboleth" 83 AUTH_0 = "auth0" 84 WORKSPACE_ONE = "workspace one" 85 ONE_LOGIN_SAML = "onelogin-saml" 86 GENERIC_SAML = "generic-saml" 87 PING_IDSAML = "ping-identity-saml" 88 PING_IDOIDC = "ping-identity-oidc" 89 90 91# Providers responsible for multi-factor authentication 92class MFAProvider: 93 NONE = "" 94 DUO = "duo" 95 TOTP = "totp" 96 OKTA = "okta" 97 98 99# Activity Entities, all entity types that can be part of an activity. 100class ActivityEntityType: 101 USER = "user" 102 ROLE = "role" 103 LEGACY_COMPOSITE_ROLE = "composite_role" 104 DATASOURCE = "datasource" 105 ORGANIZATION = "organization" 106 INSTALLATION = "installation" 107 SECRET_STORE = "secretstore" 108 SECRET_ENGINE = "secretengine" 109 REMOTE_IDENTITY_GROUP = "remote_identity_group" 110 REMOTE_IDENTITY = "remote_identity" 111 IDENTITY_SET = "identity_set" 112 IDENTITY_ALIAS = "identity_alias" 113 ACCESS_REQUEST = "access_request" 114 WORKFLOW = "workflow" 115 APPROVAL_FLOW = "approval_flow" 116 APPROVAL_FLOW_STEP = "approval_flow_step" 117 APPROVAL_FLOW_APPROVER = "approval_flow_approver" 118 MANAGED_SECRET = "managed_secret" 119 NODE = "node" 120 PEERING_GROUP = "peering_group" 121 PEERING_GROUP_NODE = "peering_group_node" 122 PEERING_GROUP_RESOURCE = "peering_group_resource" 123 PEERING_GROUP_PEER = "peering_group_peer" 124 125 126# Activity Verbs, describe which kind of activity has taken place. 127class ActivityVerb: 128 USER_ADDED = "user added" 129 USER_DELETED = "user deleted" 130 USER_UPDATED = "user updated" 131 USER_SIGNUP = "user signup" 132 USER_TYPE_CHANGED = "user type changed" 133 USER_PASSWORD_CHANGED = "user password changed" 134 USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted" 135 USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked" 136 USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired" 137 USER_ADDED_TO_ROLE = "user added to role" 138 USER_DELETED_FROM_ROLE = "user deleted from role" 139 USER_SUSPENDED = "user suspended" 140 USER_REINSTATED = "user reinstated" 141 USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI" 142 PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org" 143 USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client" 144 SERVICE_ACCOUNT_CREATED = "service account created" 145 SERVICE_ACCOUNT_EXPIRED = "service account expired" 146 ADMIN_TOKEN_ADDED = "admin token created" 147 ADMIN_TOKEN_DELETED = "admin token deleted" 148 ADMIN_TOKEN_EXPIRED = "admin token expired" 149 ADMIN_TOKEN_REKEYED = "admin token rekeyed" 150 ADMIN_TOKEN_CLONED = "admin token cloned" 151 ADMIN_TOKEN_SUSPENDED = "admin token suspended" 152 ADMIN_TOKEN_REINSTATED = "admin token reinstated" 153 SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO" 154 SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO" 155 USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client" 156 USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI" 157 FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI" 158 FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client" 159 MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI" 160 MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client" 161 TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts" 162 ATTEMPT_COUNTER_RESET = "failed login attempt counter reset" 163 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client" 164 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI" 165 SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI" 166 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI" 167 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client" 168 USER_SET_A_PASSWORD = "user set a password" 169 USER_RESET_A_PASSWORD = "user reset their password" 170 USER_CHANGED_PASSWORD = "user changed their password" 171 USER_INVITED = "user invited" 172 USER_CLICKED_INVITATION = "user clicked on their invitation" 173 USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset" 174 USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password" 175 USER_REQUIRE_SSO_LOGIN = "user required to login via SSO" 176 USER_PROVISIONING_ENABLED = "user provisioning enabled" 177 USER_PROVISIONING_DISABLED = "user provisioning disabled" 178 ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset" 179 ROLE_ADDED = "role added" 180 ROLE_DELETED = "role deleted" 181 ROLE_UPDATED = "role updated" 182 ROLE_ACCESS_RULES_UPDATED = "access rules updated" 183 ROLE_ACCESS_RULES_CREATED = "access rules created" 184 ROLE_ACCESS_RULES_DELETED = "access rules deleted" 185 ROLE_PROVISIONING_ENABLED = "role provisioning enabled" 186 ROLE_PROVISIONING_DISABLED = "role provisioning disabled" 187 DATASOURCE_ADDED = "datasource added" 188 DATASOURCE_CLONED = "datasource cloned" 189 DATASOURCE_DELETED = "datasource deleted" 190 DATASOURCE_UPDATED = "datasource updated" 191 DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden" 192 MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden" 193 SERVER_ADDED = "server added" 194 SERVER_CLONED = "server cloned" 195 SERVER_DELETED = "server deleted" 196 SERVER_UPDATED = "server updated" 197 SERVER_PORT_OVERRIDE = "server connection port overriden" 198 MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden" 199 CLUSTER_ADDED = "cluster added" 200 CLUSTER_CLONED = "cluster cloned" 201 CLUSTER_DELETED = "cluster deleted" 202 CLUSTER_UPDATED = "cluster updated" 203 CLUSTER_PORT_OVERRIDE = "cluster connection port overriden" 204 MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden" 205 CLOUD_ADDED = "cloud added" 206 CLOUD_CLONED = "cloud cloned" 207 CLOUD_DELETED = "cloud deleted" 208 CLOUD_UPDATED = "cloud updated" 209 WEBSITE_ADDED = "website added" 210 WEBSITE_CLONED = "website cloned" 211 WEBSITE_DELETED = "website deleted" 212 WEBSITE_UPDATED = "website updated" 213 INSTALLATION_CREATED = "installation created" 214 RELAY_INSTALLATION_CREATED = "installation created for relay" 215 INSTALLATION_APPROVED = "installation approved" 216 INSTALLATION_REVOKED = "installation revoked" 217 RELAY_CREATED = "relay created" 218 RELAY_UPDATED_NAME = "relay name updated" 219 RELAY_DELETED = "relay deleted" 220 ORG_PUBLIC_KEY_UPDATED = "public key updated" 221 ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated" 222 ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated" 223 ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated" 224 ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated" 225 ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated" 226 ORG_NAME_UPDATED = "organization name updated" 227 ORG_SETTING_UPDATED = "organization setting updated" 228 ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated" 229 ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated" 230 ORG_CREATED = "organization created" 231 ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set" 232 ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted" 233 ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set" 234 ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted" 235 CHILD_ORG_ADMIN_INVITED = "child organization admin invited" 236 SERVICE_ACCOUNT_REKEYED = "service account rekeyed" 237 SCIM_TOKEN_ADDED = "SCIM token created" 238 SCIM_TOKEN_DELETED = "SCIM token deleted" 239 SCIM_TOKEN_REKEYED = "SCIM token rekeyed" 240 API_KEY_DELETED = "API key deleted" 241 ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated" 242 ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding" 243 ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding" 244 ORG_ADD_CHILD = "add child organization" 245 ORG_REMOVE_CHILD = "remove child organization" 246 ORG_EXTEND_TRIAL = "trial extended" 247 SECRET_STORE_ADDED = "secret store added" 248 SECRET_STORE_UPDATED = "secret store updated" 249 SECRET_STORE_DELETED = "secret store deleted" 250 SECRET_ENGINE_ADDED = "secret engine added" 251 SECRET_ENGINE_UPDATED = "secret engine updated" 252 SECRET_ENGINE_DELETED = "secret engine deleted" 253 REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created" 254 REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated" 255 REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted" 256 IDENTITY_SET_CREATED = "identity set created" 257 IDENTITY_SET_UPDATED = "identity set updated" 258 IDENTITY_SET_DELETED = "identity set deleted" 259 IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled" 260 IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled" 261 REMOTE_IDENTITY_CREATED = "remote identity created" 262 REMOTE_IDENTITY_UPDATED = "remote identity updated" 263 REMOTE_IDENTITY_DELETED = "remote identity deleted" 264 IDENTITY_ALIAS_CREATED = "identity alias created" 265 IDENTITY_ALIAS_UPDATED = "identity alias updated" 266 IDENTITY_ALIAS_DELETED = "identity alias deleted" 267 IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled" 268 IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled" 269 ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource" 270 ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added" 271 ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled" 272 ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied" 273 ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out" 274 ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted" 275 ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically" 276 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = "access request to resource approved via ServiceNow" 277 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = "access request to resource approved via Jira" 278 WORKFLOW_DELETED = "workflow deleted" 279 WORKFLOW_ADDED = "workflow added" 280 DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow" 281 DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow" 282 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow" 283 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow" 284 DEPRECATED_WORKFLOW_APPROVERS_UPDATED = "workflow approvers updated" 285 DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = "workflow auto grant updated" 286 DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = "workflow approval criteria updated" 287 WORKFLOW_ROLES_UPDATED = "workflow roles updated" 288 WORKFLOW_NAME_UPDATED = "workflow name updated" 289 WORKFLOW_DESCRIPTION_UPDATED = "workflow description updated" 290 WORKFLOW_REQUIRES_REASON_UPDATED = "workflow requires reason updated" 291 WORKFLOW_ACCESS_RULES_UPDATED = "workflow access rules updated" 292 WORKFLOW_ACCESS_RULES_DELETED = "workflow access rules deleted" 293 WORKFLOW_ACCESS_RULES_CREATED = "workflow access rules created" 294 WORKFLOW_ENABLED = "workflow enabled" 295 WORKFLOW_DISABLED = "workflow disabled" 296 APPROVAL_FLOW_ADDED = "approval workflow added" 297 APPROVAL_FLOW_DELETED = "approval workflow deleted" 298 APPROVAL_FLOW_UPDATED = "approval workflow updated" 299 APPROVAL_FLOW_STEP_ADDED = "approval workflow step added" 300 APPROVAL_FLOW_STEP_DELETED = "approval workflow step deleted" 301 APPROVAL_FLOW_STEP_UPDATED = "approval workflow step updated" 302 APPROVAL_FLOW_APPROVER_ADDED = "approval workflow approver added" 303 APPROVAL_FLOW_APPROVER_DELETED = "approval workflow approver deleted" 304 ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated" 305 ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet" 306 DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval" 307 DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval" 308 EMULATION_MIGRATION_COMPLETED = "emulation migration completed" 309 ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed" 310 ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers" 311 TOTP_ENROLLMENT_ADDED = "user enrolled a totp device" 312 TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment" 313 SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI" 314 RESOURCE_LOCKED = "user locked a resource" 315 RESOURCE_UNLOCKED = "user unlocked a resource" 316 RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource" 317 CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings" 318 ORG_INTEGRATION_INSTALLED = "org integration installed" 319 USER_INTEGRATION_AUTHORIZED = "user authorized integration" 320 ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled" 321 USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration" 322 SERVICE_NOW_TOKEN_ADDED = "ServiceNow token created" 323 SERVICE_NOW_TOKEN_DELETED = "ServiceNow token deleted" 324 MANAGED_SECRET_CREATED = "managed secret created" 325 MANAGED_SECRET_UPDATED = "managed secret updated" 326 MANAGED_SECRET_EXPIRATION_TIME_UPDATED = "managed secret expiration time updated" 327 MANAGED_SECRET_DELETED = "managed secret deleted" 328 329 330# Permissions, all permissions that may be granted to an account. 331class Permission: 332 RELAY_LIST = "relay:list" 333 RELAY_CREATE = "relay:create" 334 DATASOURCE_LIST = "datasource:list" 335 DATASOURCE_CREATE = "datasource:create" 336 DATASOURCE_HEALTHCHECK = "datasource:healthcheck" 337 DEPRECATED_DATASOURCE_GRANT = "datasource:grant" 338 DATASOURCE_DELETE = "datasource:delete" 339 DATASOURCE_UPDATE = "datasource:update" 340 RESOURCE_LOCK_DELETE = "resourcelock:delete" 341 RESOURCE_LOCK_LIST = "resourcelock:list" 342 SECRET_ENGINE_CREATE = "secretengine:create" 343 SECRET_ENGINE_LIST = "secretengine:list" 344 SECRET_ENGINE_DELETE = "secretengine:delete" 345 SECRET_ENGINE_UPDATE = "secretengine:update" 346 SECRET_ENGINE_STATUS = "secretengine:status" 347 SECRET_STORE_CREATE = "secretstore:create" 348 SECRET_STORE_LIST = "secretstore:list" 349 SECRET_STORE_DELETE = "secretstore:delete" 350 SECRET_STORE_UPDATE = "secretstore:update" 351 SECRET_STORE_STATUS = "secretstore:status" 352 REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write" 353 REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read" 354 REMOTE_IDENTITY_WRITE = "remoteidentity:write" 355 REMOTE_IDENTITY_READ = "remoteidentity:read" 356 USER_CREATE = "user:create" 357 USER_LIST = "user:list" 358 USER_UPDATE_ADMIN = "user:update_admin" 359 USER_CREATE_ADMIN_TOKEN = "user:create_admin_token" 360 USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account" 361 USER_SET_PERMISSION_LEVEL = "user:set_strong_role" 362 USER_UPDATE = "user:update" 363 USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset" 364 USER_DELETE = "user:delete" 365 USER_ASSIGN = "user:assign" 366 USER_SUSPEND = "user:suspend" 367 USER_SET_PASSWORD = "user:set_password" 368 DEMO_PROVISIONING_REQUEST_CREATE = "demoprovisioningrequest:create" 369 DEMO_PROVISIONING_REQUEST_LIST = "demoprovisioningrequest:list" 370 ROLE_LIST = "role:list" 371 ROLE_CREATE = "role:create" 372 ROLE_DELETE = "role:delete" 373 ROLE_UPDATE = "role:update" 374 ORG_VIEW_SETTINGS = "organization:view_settings" 375 ORG_EDIT_SETTINGS = "organization:edit_settings" 376 ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor" 377 ORG_LIST_CHILDREN = "organization:list_children" 378 ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization" 379 ORG_AUDIT_USERS = "audit:users" 380 ORG_AUDIT_ROLES = "audit:roles" 381 ORG_AUDIT_DATASOURCES = "audit:datasources" 382 ORG_AUDIT_NODES = "audit:nodes" 383 ORG_AUDIT_PERMISSIONS = "audit:permissions" 384 ORG_AUDIT_QUERIES = "audit:queries" 385 ORG_AUDIT_ACTIVITIES = "audit:activities" 386 ORG_AUDIT_SSH = "audit:ssh" 387 ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants" 388 ORG_AUDIT_ORG = "audit:organization" 389 ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities" 390 ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups" 391 ORG_AUDIT_SECRET_ENGINES = "audit:secretengines" 392 ORG_AUDIT_SECRET_STORES = "audit:secretstores" 393 ORG_AUDIT_WORKFLOWS = "audit:workflows" 394 ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows" 395 ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests" 396 ORG_AUDIT_POLICIES = "audit:policies" 397 WORKFLOW_LIST = "workflow:list" 398 WORKFLOW_EDIT = "workflow:edit" 399 ACCESS_REQUEST_EDIT = "accessrequest:edit" 400 ACCESS_REQUEST_LIST = "accessrequest:list" 401 ACCESS_REQUEST_REQUESTER = "accessrequest:requester" 402 APPROVAL_FLOW_EDIT = "approvalflow:edit" 403 APPROVAL_FLOW_LIST = "approvalflow:list" 404 GLOBAL_RDP_RENDER = "rdp:render" 405 GLOBAL_QUERY_BUCKET_TRACKER = "query:bucket_tracker" 406 GLOBAL_ASSETS_GET_LATEST_VERSION_COMMIT_HASH = "assets:get_latest_version_commit_hash" 407 GLOBAL_SDMOS_SERVICE = "sdmos:service" 408 GLOBAL_SDMOS_DEPLOYMENT = "sdmos:deployment" 409 GLOBAL_SDMOS_RELEASE = "sdmos:release" 410 GLOBAL_DEMO_PROVISIONER = "demo:provision" 411 INSTALLATION_BLESS = "installation:bless" 412 INSTALLATION_CREATE = "installation:create" 413 INSTALLATION_REVOKE = "installation:revoke" 414 TESTING_ORG_CREATE = "testing:organization:create" 415 TESTING_ORG_DELETE = "testing:organization:delete" 416 TESTING_NO_PERMISSIONS = "testing:noperms" 417 TESTING_FETCH_QUERIES = "testing:queries:get" 418 GRANT_READ = "grant:read" 419 GRANT_WRITE = "grant:write" 420 REPORT_READ = "report:read" 421 BILLING_READ = "billing:read" 422 CREDENTIAL_READ = "credential:read" 423 CREDENTIAL_WRITE = "credential:write" 424 MANAGED_SECRET_CREATE = "managedsecret:create" 425 MANAGED_SECRET_LIST = "managedsecret:list" 426 MANAGED_SECRET_DELETE = "managedsecret:delete" 427 MANAGED_SECRET_UPDATE = "managedsecret:update" 428 MANAGED_SECRET_READ = "managedsecret:read" 429 430 431# Query Categories, all the categories of resource against which queries are logged. 432class QueryCategory: 433 KUBERNETES = "k8s" 434 DATASOURCES = "queries" 435 RDP = "rdp" 436 SSH = "ssh" 437 WEB = "web" 438 CLOUD = "cloud" 439 ALL = "all" 440 441 442# LogRemoteEncoder defines the encryption encoder for the queries are stored in the API. 443class LogRemoteEncoder: 444 STRONG_DM = "strongdm" 445 PUB_KEY = "pubkey" 446 HASH = "hash" 447 448 449# LogLocalStorage defines how queries are stored locally. 450class LogLocalStorage: 451 STDOUT = "stdout" 452 FILE = "file" 453 TCP = "tcp" 454 SOCKET = "socket" 455 SYSLOG = "syslog" 456 NONE = "none" 457 458 459# LogLocalEncoder defines the encryption encoder for queries are stored locally in the relay. 460class LogLocalEncoder: 461 PLAINTEXT = "plaintext" 462 PUB_KEY = "pubkey" 463 464 465# LogLocalFormat defines the format the queries are stored locally in the relay. 466class LogLocalFormat: 467 CSV = "csv" 468 JSON = "json" 469 470 471# OrgKind defines the types of organizations that may exist. 472class OrgKind: 473 SOLO = "solo" 474 ROOT = "root" 475 CHILD = "child" 476 477 478# KeyType defines the supported SSH key types 479class SSHKeyType: 480 RSA_2048 = "rsa-2048" 481 RSA_4096 = "rsa-4096" 482 ECDSA_256 = "ecdsa-256" 483 ECDSA_384 = "ecdsa-384" 484 ECDSA_521 = "ecdsa-521" 485 ED_25519 = "ed25519" 486 487 488# CaptureType designates what type of SSH/RDP/K8s capture we have. 489class CaptureType: 490 SHELL = "shell" 491 SCP_UPLOAD = "scp-upload" 492 SCP_DOWNLOAD = "scp-download" 493 COMMAND = "command" 494 RDP_BASIC = "rdp-basic" 495 RDP_ENHANCED = "rdp-enhanced" 496 K_8_S_EXEC = "k8s-exec" 497 K_8_S_EXEC_TTY = "k8s-execTTY" 498 K_8_S_PORT_FORWARD = "k8s-portForward" 499 K_8_SCP_UPLOAD = "k8s-cp-upload" 500 K_8_SCP_DOWNLOAD = "k8s-cp-download" 501 K_8_S_DESCRIBE = "k8s-describe" 502 K_8_S_GET = "k8s-get" 503 K_8_S_DELETE = "k8s-delete" 504 K_8_S_GENERIC = "k8s-generic" 505 K_8_S_APPLY = "k8s-apply" 506 SSH_PORT_FORWARD = "ssh-portForward" 507 508 509# Providers responsible for device trust enforcement 510class DeviceTrustProvider: 511 NONE = "" 512 SENTINEL_ONE = "sentinelone" 513 CROWD_STRIKE = "crowdstrike" 514 MICROSOFT_DEFENDER = "microsoftdefender" 515 DUO = "duo" 516 517 518# APIHost defines the API host for various control planes. 519class APIHost: 520 US = "api.strongdm.com:443" 521 UK = "api.uk.strongdm.com:443"
class
PermissionLevel:
20class PermissionLevel: 21 ROOT_ADMIN = "root-admin" 22 ADMIN = "admin" 23 DATABASE_ADMIN = "database-admin" 24 TEAM_LEADER = "multi-team-leader" 25 USER = "user" 26 AUDITOR = "auditor" 27 RELAY = "relay" 28 ADMIN_TOKEN = "admin-token" 29 SCIM_TOKEN = "scim-token" 30 SERVICE_NOW_TOKEN = "servicenow-token" 31 SERVICE = "service" 32 SUSPENDED = "suspended" 33 EMPTY = ""
class
NodeState:
class
Provider:
class
SCIMProvider:
class
AuthProvider:
73class AuthProvider: 74 AZURE = "azure" 75 BITIUM = "bitium" 76 GOOGLE = "google" 77 OKTA = "okta" 78 STRONG_DM = "strongdm" 79 ACTIVE_DIRECTORY = "active directory" 80 GENERIC_OIDC = "generic oidc" 81 ONE_LOGIN_OIDC = "oneloginv2" 82 KEYCLOAK = "keycloak" 83 SHIBBOLETH = "shibboleth" 84 AUTH_0 = "auth0" 85 WORKSPACE_ONE = "workspace one" 86 ONE_LOGIN_SAML = "onelogin-saml" 87 GENERIC_SAML = "generic-saml" 88 PING_IDSAML = "ping-identity-saml" 89 PING_IDOIDC = "ping-identity-oidc"
class
MFAProvider:
class
ActivityEntityType:
101class ActivityEntityType: 102 USER = "user" 103 ROLE = "role" 104 LEGACY_COMPOSITE_ROLE = "composite_role" 105 DATASOURCE = "datasource" 106 ORGANIZATION = "organization" 107 INSTALLATION = "installation" 108 SECRET_STORE = "secretstore" 109 SECRET_ENGINE = "secretengine" 110 REMOTE_IDENTITY_GROUP = "remote_identity_group" 111 REMOTE_IDENTITY = "remote_identity" 112 IDENTITY_SET = "identity_set" 113 IDENTITY_ALIAS = "identity_alias" 114 ACCESS_REQUEST = "access_request" 115 WORKFLOW = "workflow" 116 APPROVAL_FLOW = "approval_flow" 117 APPROVAL_FLOW_STEP = "approval_flow_step" 118 APPROVAL_FLOW_APPROVER = "approval_flow_approver" 119 MANAGED_SECRET = "managed_secret" 120 NODE = "node" 121 PEERING_GROUP = "peering_group" 122 PEERING_GROUP_NODE = "peering_group_node" 123 PEERING_GROUP_RESOURCE = "peering_group_resource" 124 PEERING_GROUP_PEER = "peering_group_peer"
class
ActivityVerb:
128class ActivityVerb: 129 USER_ADDED = "user added" 130 USER_DELETED = "user deleted" 131 USER_UPDATED = "user updated" 132 USER_SIGNUP = "user signup" 133 USER_TYPE_CHANGED = "user type changed" 134 USER_PASSWORD_CHANGED = "user password changed" 135 USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted" 136 USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked" 137 USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired" 138 USER_ADDED_TO_ROLE = "user added to role" 139 USER_DELETED_FROM_ROLE = "user deleted from role" 140 USER_SUSPENDED = "user suspended" 141 USER_REINSTATED = "user reinstated" 142 USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI" 143 PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org" 144 USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client" 145 SERVICE_ACCOUNT_CREATED = "service account created" 146 SERVICE_ACCOUNT_EXPIRED = "service account expired" 147 ADMIN_TOKEN_ADDED = "admin token created" 148 ADMIN_TOKEN_DELETED = "admin token deleted" 149 ADMIN_TOKEN_EXPIRED = "admin token expired" 150 ADMIN_TOKEN_REKEYED = "admin token rekeyed" 151 ADMIN_TOKEN_CLONED = "admin token cloned" 152 ADMIN_TOKEN_SUSPENDED = "admin token suspended" 153 ADMIN_TOKEN_REINSTATED = "admin token reinstated" 154 SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO" 155 SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO" 156 USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client" 157 USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI" 158 FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI" 159 FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client" 160 MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI" 161 MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client" 162 TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts" 163 ATTEMPT_COUNTER_RESET = "failed login attempt counter reset" 164 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client" 165 SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI" 166 SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI" 167 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI" 168 SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client" 169 USER_SET_A_PASSWORD = "user set a password" 170 USER_RESET_A_PASSWORD = "user reset their password" 171 USER_CHANGED_PASSWORD = "user changed their password" 172 USER_INVITED = "user invited" 173 USER_CLICKED_INVITATION = "user clicked on their invitation" 174 USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset" 175 USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password" 176 USER_REQUIRE_SSO_LOGIN = "user required to login via SSO" 177 USER_PROVISIONING_ENABLED = "user provisioning enabled" 178 USER_PROVISIONING_DISABLED = "user provisioning disabled" 179 ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset" 180 ROLE_ADDED = "role added" 181 ROLE_DELETED = "role deleted" 182 ROLE_UPDATED = "role updated" 183 ROLE_ACCESS_RULES_UPDATED = "access rules updated" 184 ROLE_ACCESS_RULES_CREATED = "access rules created" 185 ROLE_ACCESS_RULES_DELETED = "access rules deleted" 186 ROLE_PROVISIONING_ENABLED = "role provisioning enabled" 187 ROLE_PROVISIONING_DISABLED = "role provisioning disabled" 188 DATASOURCE_ADDED = "datasource added" 189 DATASOURCE_CLONED = "datasource cloned" 190 DATASOURCE_DELETED = "datasource deleted" 191 DATASOURCE_UPDATED = "datasource updated" 192 DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden" 193 MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden" 194 SERVER_ADDED = "server added" 195 SERVER_CLONED = "server cloned" 196 SERVER_DELETED = "server deleted" 197 SERVER_UPDATED = "server updated" 198 SERVER_PORT_OVERRIDE = "server connection port overriden" 199 MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden" 200 CLUSTER_ADDED = "cluster added" 201 CLUSTER_CLONED = "cluster cloned" 202 CLUSTER_DELETED = "cluster deleted" 203 CLUSTER_UPDATED = "cluster updated" 204 CLUSTER_PORT_OVERRIDE = "cluster connection port overriden" 205 MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden" 206 CLOUD_ADDED = "cloud added" 207 CLOUD_CLONED = "cloud cloned" 208 CLOUD_DELETED = "cloud deleted" 209 CLOUD_UPDATED = "cloud updated" 210 WEBSITE_ADDED = "website added" 211 WEBSITE_CLONED = "website cloned" 212 WEBSITE_DELETED = "website deleted" 213 WEBSITE_UPDATED = "website updated" 214 INSTALLATION_CREATED = "installation created" 215 RELAY_INSTALLATION_CREATED = "installation created for relay" 216 INSTALLATION_APPROVED = "installation approved" 217 INSTALLATION_REVOKED = "installation revoked" 218 RELAY_CREATED = "relay created" 219 RELAY_UPDATED_NAME = "relay name updated" 220 RELAY_DELETED = "relay deleted" 221 ORG_PUBLIC_KEY_UPDATED = "public key updated" 222 ORG_DISCARD_REPLAYS_UPDATED = "discard replays updated" 223 ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated" 224 ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated" 225 ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated" 226 ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated" 227 ORG_NAME_UPDATED = "organization name updated" 228 ORG_SETTING_UPDATED = "organization setting updated" 229 ORG_LOG_SYNC_SETTING_UPDATED = "organization log stream setting updated" 230 ORG_WORKFLOW_SETTING_UPDATED = "organization workflow setting updated" 231 ORG_CREATED = "organization created" 232 ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set" 233 ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted" 234 ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set" 235 ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted" 236 CHILD_ORG_ADMIN_INVITED = "child organization admin invited" 237 SERVICE_ACCOUNT_REKEYED = "service account rekeyed" 238 SCIM_TOKEN_ADDED = "SCIM token created" 239 SCIM_TOKEN_DELETED = "SCIM token deleted" 240 SCIM_TOKEN_REKEYED = "SCIM token rekeyed" 241 API_KEY_DELETED = "API key deleted" 242 ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated" 243 ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding" 244 ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding" 245 ORG_ADD_CHILD = "add child organization" 246 ORG_REMOVE_CHILD = "remove child organization" 247 ORG_EXTEND_TRIAL = "trial extended" 248 SECRET_STORE_ADDED = "secret store added" 249 SECRET_STORE_UPDATED = "secret store updated" 250 SECRET_STORE_DELETED = "secret store deleted" 251 SECRET_ENGINE_ADDED = "secret engine added" 252 SECRET_ENGINE_UPDATED = "secret engine updated" 253 SECRET_ENGINE_DELETED = "secret engine deleted" 254 REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created" 255 REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated" 256 REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted" 257 IDENTITY_SET_CREATED = "identity set created" 258 IDENTITY_SET_UPDATED = "identity set updated" 259 IDENTITY_SET_DELETED = "identity set deleted" 260 IDENTITY_SET_PROVISIONING_ENABLED = "identity set provisioning enabled" 261 IDENTITY_SET_PROVISIONING_DISABLED = "identity set provisioning disabled" 262 REMOTE_IDENTITY_CREATED = "remote identity created" 263 REMOTE_IDENTITY_UPDATED = "remote identity updated" 264 REMOTE_IDENTITY_DELETED = "remote identity deleted" 265 IDENTITY_ALIAS_CREATED = "identity alias created" 266 IDENTITY_ALIAS_UPDATED = "identity alias updated" 267 IDENTITY_ALIAS_DELETED = "identity alias deleted" 268 IDENTITY_ALIAS_PROVISIONING_ENABLED = "identity alias provisioning enabled" 269 IDENTITY_ALIAS_PROVISIONING_DISABLED = "identity alias provisioning disabled" 270 ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource" 271 ACCESS_REQUEST_TO_RESOURCE_APPROVAL_ADDED = "access request to resource approval added" 272 ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled" 273 ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied" 274 ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out" 275 ACCESS_REQUEST_TO_RESOURCE_GRANTED = "access request to resource granted" 276 ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = "access request to resource granted automatically" 277 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = "access request to resource approved via ServiceNow" 278 ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_JIRA = "access request to resource approved via Jira" 279 WORKFLOW_DELETED = "workflow deleted" 280 WORKFLOW_ADDED = "workflow added" 281 DEPRECATED_WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow" 282 DEPRECATED_WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow" 283 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow" 284 DEPRECATED_WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow" 285 DEPRECATED_WORKFLOW_APPROVERS_UPDATED = "workflow approvers updated" 286 DEPRECATED_WORKFLOW_AUTO_GRANT_UPDATED = "workflow auto grant updated" 287 DEPRECATED_WORKFLOW_APPROVAL_CRITERIA_UPDATED = "workflow approval criteria updated" 288 WORKFLOW_ROLES_UPDATED = "workflow roles updated" 289 WORKFLOW_NAME_UPDATED = "workflow name updated" 290 WORKFLOW_DESCRIPTION_UPDATED = "workflow description updated" 291 WORKFLOW_REQUIRES_REASON_UPDATED = "workflow requires reason updated" 292 WORKFLOW_ACCESS_RULES_UPDATED = "workflow access rules updated" 293 WORKFLOW_ACCESS_RULES_DELETED = "workflow access rules deleted" 294 WORKFLOW_ACCESS_RULES_CREATED = "workflow access rules created" 295 WORKFLOW_ENABLED = "workflow enabled" 296 WORKFLOW_DISABLED = "workflow disabled" 297 APPROVAL_FLOW_ADDED = "approval workflow added" 298 APPROVAL_FLOW_DELETED = "approval workflow deleted" 299 APPROVAL_FLOW_UPDATED = "approval workflow updated" 300 APPROVAL_FLOW_STEP_ADDED = "approval workflow step added" 301 APPROVAL_FLOW_STEP_DELETED = "approval workflow step deleted" 302 APPROVAL_FLOW_STEP_UPDATED = "approval workflow step updated" 303 APPROVAL_FLOW_APPROVER_ADDED = "approval workflow approver added" 304 APPROVAL_FLOW_APPROVER_DELETED = "approval workflow approver deleted" 305 ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated" 306 ORG_VNM_RESOURCES_ALLOCATED = "organization resources allocated within VNM subnet" 307 DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval" 308 DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval" 309 EMULATION_MIGRATION_COMPLETED = "emulation migration completed" 310 ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed" 311 ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers" 312 TOTP_ENROLLMENT_ADDED = "user enrolled a totp device" 313 TOTP_ENROLLMENT_DELETED = "user reset their totp enrollment" 314 SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = "attempt to enroll by a suspended user from the Admin UI" 315 RESOURCE_LOCKED = "user locked a resource" 316 RESOURCE_UNLOCKED = "user unlocked a resource" 317 RESOURCE_FORCE_UNLOCKED = "admin force-unlocked a resource" 318 CONCURRENT_AUTHENTICATION_REVOKED_PER_ORG_SETTING = "concurrent authentications revoked per organization settings" 319 ORG_INTEGRATION_INSTALLED = "org integration installed" 320 USER_INTEGRATION_AUTHORIZED = "user authorized integration" 321 ORG_INTEGRATION_UNINSTALLED = "org integration uninstalled" 322 USER_INTEGRATION_DEAUTHORIZED = "user deauthorized integration" 323 SERVICE_NOW_TOKEN_ADDED = "ServiceNow token created" 324 SERVICE_NOW_TOKEN_DELETED = "ServiceNow token deleted" 325 MANAGED_SECRET_CREATED = "managed secret created" 326 MANAGED_SECRET_UPDATED = "managed secret updated" 327 MANAGED_SECRET_EXPIRATION_TIME_UPDATED = "managed secret expiration time updated" 328 MANAGED_SECRET_DELETED = "managed secret deleted"
SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended user from the local client'
SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = 'attempted to login by a suspended service account from the Admin UI'
SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = 'attempt to login by a suspended service account from the local client'
ACCESS_REQUEST_TO_RESOURCE_GRANTED_AUTOMATICALLY = 'access request to resource granted automatically'
ACCESS_REQUEST_TO_RESOURCE_APPROVED_VIA_SERVICE_NOW = 'access request to resource approved via ServiceNow'
SUSPENDED_USER_ENROLL_ATTEMPT_FROM_THE_UI = 'attempt to enroll by a suspended user from the Admin UI'
class
Permission:
332class Permission: 333 RELAY_LIST = "relay:list" 334 RELAY_CREATE = "relay:create" 335 DATASOURCE_LIST = "datasource:list" 336 DATASOURCE_CREATE = "datasource:create" 337 DATASOURCE_HEALTHCHECK = "datasource:healthcheck" 338 DEPRECATED_DATASOURCE_GRANT = "datasource:grant" 339 DATASOURCE_DELETE = "datasource:delete" 340 DATASOURCE_UPDATE = "datasource:update" 341 RESOURCE_LOCK_DELETE = "resourcelock:delete" 342 RESOURCE_LOCK_LIST = "resourcelock:list" 343 SECRET_ENGINE_CREATE = "secretengine:create" 344 SECRET_ENGINE_LIST = "secretengine:list" 345 SECRET_ENGINE_DELETE = "secretengine:delete" 346 SECRET_ENGINE_UPDATE = "secretengine:update" 347 SECRET_ENGINE_STATUS = "secretengine:status" 348 SECRET_STORE_CREATE = "secretstore:create" 349 SECRET_STORE_LIST = "secretstore:list" 350 SECRET_STORE_DELETE = "secretstore:delete" 351 SECRET_STORE_UPDATE = "secretstore:update" 352 SECRET_STORE_STATUS = "secretstore:status" 353 REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write" 354 REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read" 355 REMOTE_IDENTITY_WRITE = "remoteidentity:write" 356 REMOTE_IDENTITY_READ = "remoteidentity:read" 357 USER_CREATE = "user:create" 358 USER_LIST = "user:list" 359 USER_UPDATE_ADMIN = "user:update_admin" 360 USER_CREATE_ADMIN_TOKEN = "user:create_admin_token" 361 USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account" 362 USER_SET_PERMISSION_LEVEL = "user:set_strong_role" 363 USER_UPDATE = "user:update" 364 USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset" 365 USER_DELETE = "user:delete" 366 USER_ASSIGN = "user:assign" 367 USER_SUSPEND = "user:suspend" 368 USER_SET_PASSWORD = "user:set_password" 369 DEMO_PROVISIONING_REQUEST_CREATE = "demoprovisioningrequest:create" 370 DEMO_PROVISIONING_REQUEST_LIST = "demoprovisioningrequest:list" 371 ROLE_LIST = "role:list" 372 ROLE_CREATE = "role:create" 373 ROLE_DELETE = "role:delete" 374 ROLE_UPDATE = "role:update" 375 ORG_VIEW_SETTINGS = "organization:view_settings" 376 ORG_EDIT_SETTINGS = "organization:edit_settings" 377 ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor" 378 ORG_LIST_CHILDREN = "organization:list_children" 379 ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization" 380 ORG_AUDIT_USERS = "audit:users" 381 ORG_AUDIT_ROLES = "audit:roles" 382 ORG_AUDIT_DATASOURCES = "audit:datasources" 383 ORG_AUDIT_NODES = "audit:nodes" 384 ORG_AUDIT_PERMISSIONS = "audit:permissions" 385 ORG_AUDIT_QUERIES = "audit:queries" 386 ORG_AUDIT_ACTIVITIES = "audit:activities" 387 ORG_AUDIT_SSH = "audit:ssh" 388 ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants" 389 ORG_AUDIT_ORG = "audit:organization" 390 ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities" 391 ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups" 392 ORG_AUDIT_SECRET_ENGINES = "audit:secretengines" 393 ORG_AUDIT_SECRET_STORES = "audit:secretstores" 394 ORG_AUDIT_WORKFLOWS = "audit:workflows" 395 ORG_AUDIT_APPROVAL_FLOWS = "audit:approvalflows" 396 ORG_AUDIT_ACCESS_REQUESTS = "audit:accessrequests" 397 ORG_AUDIT_POLICIES = "audit:policies" 398 WORKFLOW_LIST = "workflow:list" 399 WORKFLOW_EDIT = "workflow:edit" 400 ACCESS_REQUEST_EDIT = "accessrequest:edit" 401 ACCESS_REQUEST_LIST = "accessrequest:list" 402 ACCESS_REQUEST_REQUESTER = "accessrequest:requester" 403 APPROVAL_FLOW_EDIT = "approvalflow:edit" 404 APPROVAL_FLOW_LIST = "approvalflow:list" 405 GLOBAL_RDP_RENDER = "rdp:render" 406 GLOBAL_QUERY_BUCKET_TRACKER = "query:bucket_tracker" 407 GLOBAL_ASSETS_GET_LATEST_VERSION_COMMIT_HASH = "assets:get_latest_version_commit_hash" 408 GLOBAL_SDMOS_SERVICE = "sdmos:service" 409 GLOBAL_SDMOS_DEPLOYMENT = "sdmos:deployment" 410 GLOBAL_SDMOS_RELEASE = "sdmos:release" 411 GLOBAL_DEMO_PROVISIONER = "demo:provision" 412 INSTALLATION_BLESS = "installation:bless" 413 INSTALLATION_CREATE = "installation:create" 414 INSTALLATION_REVOKE = "installation:revoke" 415 TESTING_ORG_CREATE = "testing:organization:create" 416 TESTING_ORG_DELETE = "testing:organization:delete" 417 TESTING_NO_PERMISSIONS = "testing:noperms" 418 TESTING_FETCH_QUERIES = "testing:queries:get" 419 GRANT_READ = "grant:read" 420 GRANT_WRITE = "grant:write" 421 REPORT_READ = "report:read" 422 BILLING_READ = "billing:read" 423 CREDENTIAL_READ = "credential:read" 424 CREDENTIAL_WRITE = "credential:write" 425 MANAGED_SECRET_CREATE = "managedsecret:create" 426 MANAGED_SECRET_LIST = "managedsecret:list" 427 MANAGED_SECRET_DELETE = "managedsecret:delete" 428 MANAGED_SECRET_UPDATE = "managedsecret:update" 429 MANAGED_SECRET_READ = "managedsecret:read"
class
QueryCategory:
class
LogRemoteEncoder:
class
LogLocalStorage:
class
LogLocalEncoder:
class
LogLocalFormat:
class
OrgKind:
class
SSHKeyType:
class
CaptureType:
490class CaptureType: 491 SHELL = "shell" 492 SCP_UPLOAD = "scp-upload" 493 SCP_DOWNLOAD = "scp-download" 494 COMMAND = "command" 495 RDP_BASIC = "rdp-basic" 496 RDP_ENHANCED = "rdp-enhanced" 497 K_8_S_EXEC = "k8s-exec" 498 K_8_S_EXEC_TTY = "k8s-execTTY" 499 K_8_S_PORT_FORWARD = "k8s-portForward" 500 K_8_SCP_UPLOAD = "k8s-cp-upload" 501 K_8_SCP_DOWNLOAD = "k8s-cp-download" 502 K_8_S_DESCRIBE = "k8s-describe" 503 K_8_S_GET = "k8s-get" 504 K_8_S_DELETE = "k8s-delete" 505 K_8_S_GENERIC = "k8s-generic" 506 K_8_S_APPLY = "k8s-apply" 507 SSH_PORT_FORWARD = "ssh-portForward"
class
DeviceTrustProvider:
class
APIHost: