strongdm 17.1.0 → 17.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2d31839bb30afbd3f98f50f996081ebc54d38530164b073ec544cab3c99a1e33
-  data.tar.gz: 679cd37356cacd458423ce821f8b99293d50f02cdc324e0e8df90b9c587de157
+  metadata.gz: 580acc1ed9278a0c9561311df9ae116844bddb5201176ee6fc6fb47ea2aaeedf
+  data.tar.gz: 7b3c8d0219a12f1f57a02a0e84a8ddf2bfccaee549fb8025b23751370e543ecf
 SHA512:
-  metadata.gz: 14fd39fe726c2234c06ffce35fe17c3ebe4044fb967618992a5866114b9b374e968a833b4ff821abc0c7e983d711b767ba6f3e70df37efe25ea6ff4e6b5a6fc0
-  data.tar.gz: c2835171eb83ee64ae0ff55795a58307921f951561d99ed24d4d5ea624030f11bc7fdcf7058892e9bd8fbc4405a32d5e894b57b8326df00adee4fa45e249aa0f
+  metadata.gz: ad44932db9ecb1c0e9a8acbe9e9e9abfe5b8cc882d73bf7a5104a8805de20a33ad8112d4a84a9febf6cc5425db1bbe6509d663584b03fad64190fce92f70edf9
+  data.tar.gz: dfef5d51a3bf53a81d64b55ad04dc460473d0157f89db775cd02b3a9e35cb36da1a82918b9c07cb7c2bb67d834eaff65e0985dc286fd0cdf74e1e997b7e19f27

data/.git/ORIG_HEAD

@@ -1 +1 @@
-5f7f719a5c803d95cebb885aebb5dc5161e14c00
+dc10f48d22db35fa4756342f7d1c30bc0c3365a6

data/.git/logs/HEAD

@@ -1,3 +1,3 @@
-0000000000000000000000000000000000000000 5f7f719a5c803d95cebb885aebb5dc5161e14c00 root <root@bdc9df8d7743.(none)> 1776760949 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-5f7f719a5c803d95cebb885aebb5dc5161e14c00 5f7f719a5c803d95cebb885aebb5dc5161e14c00 root <root@bdc9df8d7743.(none)> 1776760949 +0000	checkout: moving from master to master
-5f7f719a5c803d95cebb885aebb5dc5161e14c00 80d8f6f6e484a8fd5ec273cad249e9d7a9767d48 root <root@bdc9df8d7743.(none)> 1776760949 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 dc10f48d22db35fa4756342f7d1c30bc0c3365a6 root <root@4d0dc992c3e3.(none)> 1777908565 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+dc10f48d22db35fa4756342f7d1c30bc0c3365a6 dc10f48d22db35fa4756342f7d1c30bc0c3365a6 root <root@4d0dc992c3e3.(none)> 1777908565 +0000	checkout: moving from master to master
+dc10f48d22db35fa4756342f7d1c30bc0c3365a6 30b485e69242afeb16291ec3ac66be276363f8a1 root <root@4d0dc992c3e3.(none)> 1777908565 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/heads/master

@@ -1,2 +1,2 @@
-0000000000000000000000000000000000000000 5f7f719a5c803d95cebb885aebb5dc5161e14c00 root <root@bdc9df8d7743.(none)> 1776760949 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-5f7f719a5c803d95cebb885aebb5dc5161e14c00 80d8f6f6e484a8fd5ec273cad249e9d7a9767d48 root <root@bdc9df8d7743.(none)> 1776760949 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 dc10f48d22db35fa4756342f7d1c30bc0c3365a6 root <root@4d0dc992c3e3.(none)> 1777908565 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+dc10f48d22db35fa4756342f7d1c30bc0c3365a6 30b485e69242afeb16291ec3ac66be276363f8a1 root <root@4d0dc992c3e3.(none)> 1777908565 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/remotes/origin/HEAD

@@ -1 +1 @@
-0000000000000000000000000000000000000000 5f7f719a5c803d95cebb885aebb5dc5161e14c00 root <root@bdc9df8d7743.(none)> 1776760949 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+0000000000000000000000000000000000000000 dc10f48d22db35fa4756342f7d1c30bc0c3365a6 root <root@4d0dc992c3e3.(none)> 1777908565 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git

data/.git/packed-refs

@@ -1,6 +1,6 @@
 # pack-refs with: peeled fully-peeled sorted 
-80d8f6f6e484a8fd5ec273cad249e9d7a9767d48 refs/remotes/origin/development
-5f7f719a5c803d95cebb885aebb5dc5161e14c00 refs/remotes/origin/master
+30b485e69242afeb16291ec3ac66be276363f8a1 refs/remotes/origin/development
+dc10f48d22db35fa4756342f7d1c30bc0c3365a6 refs/remotes/origin/master
 2e4fe8087177ddea9b3991ca499f758384839c89 refs/tags/untagged-84fd83a4484c785cce63
 04f604866214fab4d5663b5171a3e596331577bd refs/tags/v0.9.4
 6f9a7b75b345c65fb554884907b7060680c807b7 refs/tags/v0.9.5
@@ -160,6 +160,8 @@ f1adf906557d59b87f34abb19d7f8aa1c5665f3f refs/tags/v16.8.0
 9df32bc2f6c5940ddad262b7a8acb01043a09daa refs/tags/v16.8.2
 198062e97957107a8723fb8fbd714b174bc67b90 refs/tags/v16.9.0
 5f7f719a5c803d95cebb885aebb5dc5161e14c00 refs/tags/v17.0.0
+80d8f6f6e484a8fd5ec273cad249e9d7a9767d48 refs/tags/v17.1.0
+dc10f48d22db35fa4756342f7d1c30bc0c3365a6 refs/tags/v17.2.0
 e0b1ec0134c7015ccb8c14464cc713c20034159e refs/tags/v2.0.0
 62a146d9d56852b2ad14ec5d2796cad158d66e1c refs/tags/v2.1.0
 9de04e628082f4ad0eb9511311479a089d302008 refs/tags/v2.2.0

data/.git/refs/heads/master

@@ -1 +1 @@
-80d8f6f6e484a8fd5ec273cad249e9d7a9767d48
+30b485e69242afeb16291ec3ac66be276363f8a1

data/lib/grpc/drivers_pb.rb

@@ -95,6 +95,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :kubernetes_service_account, :message, 804, "v1.KubernetesServiceAccount"
         optional :kubernetes_service_account_user_impersonation, :message, 808, "v1.KubernetesServiceAccountUserImpersonation"
         optional :kubernetes_user_impersonation, :message, 812, "v1.KubernetesUserImpersonation"
+        optional :llm, :message, 4900, "v1.LLM"
         optional :mcp_gateway_no_auth, :message, 4703, "v1.MCPGatewayNoAuth"
         optional :mcp_gateway_o_auth, :message, 4700, "v1.MCPGatewayOAuth"
         optional :mcp_gateway_o_auth_dcr, :message, 4701, "v1.MCPGatewayOAuthDCR"
@@ -1407,6 +1408,21 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :port, :int32, 2
       optional :port_override, :int32, 10
     end
+    add_message "v1.LLM" do
+      optional :id, :string, 32768
+      optional :name, :string, 32769
+      optional :healthy, :bool, 32770
+      optional :tags, :message, 32771, "v1.Tags"
+      optional :secret_store_id, :string, 32772
+      optional :egress_filter, :string, 32773
+      optional :bind_interface, :string, 32774
+      optional :proxy_cluster_id, :string, 32776
+      optional :subdomain, :string, 32775
+      optional :models, :string, 10
+      optional :password, :string, 2
+      optional :port_override, :int32, 4
+      optional :url, :string, 9
+    end
     add_message "v1.MCPGatewayNoAuth" do
       optional :id, :string, 32768
       optional :name, :string, 32769
@@ -2340,6 +2356,7 @@ module V1
   KubernetesServiceAccount = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.KubernetesServiceAccount").msgclass
   KubernetesServiceAccountUserImpersonation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.KubernetesServiceAccountUserImpersonation").msgclass
   KubernetesUserImpersonation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.KubernetesUserImpersonation").msgclass
+  LLM = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.LLM").msgclass
   MCPGatewayNoAuth = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.MCPGatewayNoAuth").msgclass
   MCPGatewayOAuth = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.MCPGatewayOAuth").msgclass
   MCPGatewayOAuthDCR = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.MCPGatewayOAuthDCR").msgclass

data/lib/grpc/organizations_pb.rb

@@ -0,0 +1,102 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: organizations.proto
+
+require "google/protobuf"
+
+require "organization_history_pb"
+require "options_pb"
+require "spec_pb"
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("organizations.proto", :syntax => :proto3) do
+    add_message "v1.OrganizationUpdateRequest" do
+      optional :meta, :message, 1, "v1.UpdateRequestMetadata"
+      optional :organization, :message, 2, "v1.Organization"
+    end
+    add_message "v1.OrganizationUpdateResponse" do
+      optional :meta, :message, 1, "v1.UpdateResponseMetadata"
+      optional :organization, :message, 2, "v1.Organization"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.OrganizationGetRequest" do
+      optional :meta, :message, 1, "v1.GetRequestMetadata"
+    end
+    add_message "v1.OrganizationGetResponse" do
+      optional :meta, :message, 1, "v1.GetResponseMetadata"
+      optional :organization, :message, 2, "v1.Organization"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.MFAConfig" do
+      optional :enabled, :bool, 1
+      optional :provider, :string, 2
+      optional :okta, :message, 3, "v1.OktaMFAConfig"
+    end
+    add_message "v1.OktaMFAConfig" do
+      optional :auth_mode, :string, 1
+      optional :api_token, :string, 2
+      optional :api_token_set, :bool, 3
+      optional :client_id, :string, 4
+      optional :private_key_pem, :string, 5
+      optional :private_key_pem_set, :bool, 6
+      optional :organization_url, :string, 7
+      optional :multidevice_push_enabled, :bool, 8
+      optional :user_lookup, :string, 9
+      optional :private_key_id, :string, 10
+      optional :private_key_id_set, :bool, 11
+    end
+    add_message "v1.OrganizationGetMFARequest" do
+      optional :meta, :message, 1, "v1.GetRequestMetadata"
+    end
+    add_message "v1.OrganizationGetMFAResponse" do
+      optional :meta, :message, 1, "v1.GetResponseMetadata"
+      optional :mfa, :message, 2, "v1.MFAConfig"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.OrganizationUpdateMFARequest" do
+      optional :meta, :message, 1, "v1.UpdateRequestMetadata"
+      optional :mfa, :message, 2, "v1.MFAConfig"
+    end
+    add_message "v1.OrganizationUpdateMFAResponse" do
+      optional :meta, :message, 1, "v1.UpdateResponseMetadata"
+      optional :mfa, :message, 2, "v1.MFAConfig"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.OrganizationTestMFARequest" do
+      optional :meta, :message, 1, "v1.UpdateRequestMetadata"
+      optional :mfa, :message, 2, "v1.MFAConfig"
+    end
+    add_message "v1.OrganizationTestMFAResponse" do
+      optional :meta, :message, 1, "v1.UpdateResponseMetadata"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+  end
+end
+
+module V1
+  OrganizationUpdateRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationUpdateRequest").msgclass
+  OrganizationUpdateResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationUpdateResponse").msgclass
+  OrganizationGetRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationGetRequest").msgclass
+  OrganizationGetResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationGetResponse").msgclass
+  MFAConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.MFAConfig").msgclass
+  OktaMFAConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OktaMFAConfig").msgclass
+  OrganizationGetMFARequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationGetMFARequest").msgclass
+  OrganizationGetMFAResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationGetMFAResponse").msgclass
+  OrganizationUpdateMFARequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationUpdateMFARequest").msgclass
+  OrganizationUpdateMFAResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationUpdateMFAResponse").msgclass
+  OrganizationTestMFARequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationTestMFARequest").msgclass
+  OrganizationTestMFAResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.OrganizationTestMFAResponse").msgclass
+end

data/lib/grpc/organizations_services_pb.rb

@@ -0,0 +1,49 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: organizations.proto for package 'v1'
+
+require "grpc"
+require "organizations_pb"
+
+module V1
+  module Organizations
+    # Organizations exposes organization configuration. Most RPCs remain private to the
+    # go_private SDK; public MFA management is exposed to all public SDK targets.
+    # The terraform-provider target is opted out at the service level because the
+    # provider's data-source generator assumes every service has a List RPC; MFA is
+    # instead surfaced via a hand-written resource template.
+    class Service
+      include ::GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.Organizations"
+
+      # Update updates an existing organization.
+      rpc :Update, ::V1::OrganizationUpdateRequest, ::V1::OrganizationUpdateResponse
+      # Get gets an organization
+      rpc :Get, ::V1::OrganizationGetRequest, ::V1::OrganizationGetResponse
+      # GetMFA gets the organization's MFA configuration.
+      rpc :GetMFA, ::V1::OrganizationGetMFARequest, ::V1::OrganizationGetMFAResponse
+      # UpdateMFA updates the organization's MFA configuration.
+      rpc :UpdateMFA, ::V1::OrganizationUpdateMFARequest, ::V1::OrganizationUpdateMFAResponse
+      # TestMFA validates MFA connectivity without persisting changes.
+      rpc :TestMFA, ::V1::OrganizationTestMFARequest, ::V1::OrganizationTestMFAResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/grpc/plumbing.rb

@@ -66,6 +66,7 @@ require_relative "./managed_secrets_pb"
 require_relative "./nodes_pb"
 require_relative "./nodes_history_pb"
 require_relative "./organization_history_pb"
+require_relative "./organizations_pb"
 require_relative "./peering_group_nodes_pb"
 require_relative "./peering_group_peers_pb"
 require_relative "./peering_group_resources_pb"
@@ -385,6 +386,8 @@ module SDM
         return SDM::ResourceType::RESOURCE_TYPE_KUBERNETES_SERVICE_ACCOUNT_USER_IMPERSONATION
       when V1::ResourceType::RESOURCE_TYPE_KUBERNETES_USER_IMPERSONATION
         return SDM::ResourceType::RESOURCE_TYPE_KUBERNETES_USER_IMPERSONATION
+      when V1::ResourceType::RESOURCE_TYPE_LLM
+        return SDM::ResourceType::RESOURCE_TYPE_LLM
       when V1::ResourceType::RESOURCE_TYPE_MCP_NO_AUTH
         return SDM::ResourceType::RESOURCE_TYPE_MCP_NO_AUTH
       when V1::ResourceType::RESOURCE_TYPE_MCP
@@ -643,6 +646,8 @@ module SDM
         value = V1::ResourceType::RESOURCE_TYPE_KUBERNETES_SERVICE_ACCOUNT_USER_IMPERSONATION
       when SDM::ResourceType::RESOURCE_TYPE_KUBERNETES_USER_IMPERSONATION, "RESOURCE_TYPE_KUBERNETES_USER_IMPERSONATION"
         value = V1::ResourceType::RESOURCE_TYPE_KUBERNETES_USER_IMPERSONATION
+      when SDM::ResourceType::RESOURCE_TYPE_LLM, "RESOURCE_TYPE_LLM"
+        value = V1::ResourceType::RESOURCE_TYPE_LLM
       when SDM::ResourceType::RESOURCE_TYPE_MCP_NO_AUTH, "RESOURCE_TYPE_MCP_NO_AUTH"
         value = V1::ResourceType::RESOURCE_TYPE_MCP_NO_AUTH
       when SDM::ResourceType::RESOURCE_TYPE_MCP, "RESOURCE_TYPE_MCP"
@@ -11026,6 +11031,64 @@ module SDM
       end
       items
     end
+    def self.convert_llm_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = LLM.new()
+      porcelain.bind_interface = (plumbing.bind_interface)
+      porcelain.egress_filter = (plumbing.egress_filter)
+      porcelain.healthy = (plumbing.healthy)
+      porcelain.id = (plumbing.id)
+      porcelain.models = (plumbing.models)
+      porcelain.name = (plumbing.name)
+      porcelain.password = (plumbing.password)
+      porcelain.port_override = (plumbing.port_override)
+      porcelain.proxy_cluster_id = (plumbing.proxy_cluster_id)
+      porcelain.secret_store_id = (plumbing.secret_store_id)
+      porcelain.subdomain = (plumbing.subdomain)
+      porcelain.tags = convert_tags_to_porcelain(plumbing.tags)
+      porcelain.url = (plumbing.url)
+      porcelain
+    end
+
+    def self.convert_llm_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::LLM.new()
+      plumbing.bind_interface = (porcelain.bind_interface)
+      plumbing.egress_filter = (porcelain.egress_filter)
+      plumbing.healthy = (porcelain.healthy)
+      plumbing.id = (porcelain.id)
+      plumbing.models = (porcelain.models)
+      plumbing.name = (porcelain.name)
+      plumbing.password = (porcelain.password)
+      plumbing.port_override = (porcelain.port_override)
+      plumbing.proxy_cluster_id = (porcelain.proxy_cluster_id)
+      plumbing.secret_store_id = (porcelain.secret_store_id)
+      plumbing.subdomain = (porcelain.subdomain)
+      plumbing.tags = convert_tags_to_plumbing(porcelain.tags)
+      plumbing.url = (porcelain.url)
+      plumbing
+    end
+    def self.convert_repeated_llm_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_llm_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_llm_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_llm_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
     def self.convert_log_category_config_to_porcelain(plumbing)
       if plumbing == nil
         return nil
@@ -11352,6 +11415,44 @@ module SDM
       end
       items
     end
+    def self.convert_mfa_config_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = MFAConfig.new()
+      porcelain.enabled = (plumbing.enabled)
+      porcelain.okta = convert_okta_mfa_config_to_porcelain(plumbing.okta)
+      porcelain.provider = (plumbing.provider)
+      porcelain
+    end
+
+    def self.convert_mfa_config_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::MFAConfig.new()
+      plumbing.enabled = (porcelain.enabled)
+      plumbing.okta = convert_okta_mfa_config_to_plumbing(porcelain.okta)
+      plumbing.provider = (porcelain.provider)
+      plumbing
+    end
+    def self.convert_repeated_mfa_config_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_mfa_config_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_mfa_config_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_mfa_config_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
     def self.convert_mtls_mysql_to_porcelain(plumbing)
       if plumbing == nil
         return nil
@@ -13523,6 +13624,60 @@ module SDM
       end
       items
     end
+    def self.convert_okta_mfa_config_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = OktaMFAConfig.new()
+      porcelain.api_token = (plumbing.api_token)
+      porcelain.api_token_set = (plumbing.api_token_set)
+      porcelain.auth_mode = (plumbing.auth_mode)
+      porcelain.client_id = (plumbing.client_id)
+      porcelain.multidevice_push_enabled = (plumbing.multidevice_push_enabled)
+      porcelain.organization_url = (plumbing.organization_url)
+      porcelain.private_key_id = (plumbing.private_key_id)
+      porcelain.private_key_id_set = (plumbing.private_key_id_set)
+      porcelain.private_key_pem = (plumbing.private_key_pem)
+      porcelain.private_key_pem_set = (plumbing.private_key_pem_set)
+      porcelain.user_lookup = (plumbing.user_lookup)
+      porcelain
+    end
+
+    def self.convert_okta_mfa_config_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::OktaMFAConfig.new()
+      plumbing.api_token = (porcelain.api_token)
+      plumbing.api_token_set = (porcelain.api_token_set)
+      plumbing.auth_mode = (porcelain.auth_mode)
+      plumbing.client_id = (porcelain.client_id)
+      plumbing.multidevice_push_enabled = (porcelain.multidevice_push_enabled)
+      plumbing.organization_url = (porcelain.organization_url)
+      plumbing.private_key_id = (porcelain.private_key_id)
+      plumbing.private_key_id_set = (porcelain.private_key_id_set)
+      plumbing.private_key_pem = (porcelain.private_key_pem)
+      plumbing.private_key_pem_set = (porcelain.private_key_pem_set)
+      plumbing.user_lookup = (porcelain.user_lookup)
+      plumbing
+    end
+    def self.convert_repeated_okta_mfa_config_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_okta_mfa_config_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_okta_mfa_config_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_okta_mfa_config_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
     def self.convert_oracle_to_porcelain(plumbing)
       if plumbing == nil
         return nil
@@ -13745,6 +13900,44 @@ module SDM
       end
       items
     end
+    def self.convert_organization_get_mfa_response_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = OrganizationGetMFAResponse.new()
+      porcelain.meta = convert_get_response_metadata_to_porcelain(plumbing.meta)
+      porcelain.mfa = convert_mfa_config_to_porcelain(plumbing.mfa)
+      porcelain.rate_limit = convert_rate_limit_metadata_to_porcelain(plumbing.rate_limit)
+      porcelain
+    end
+
+    def self.convert_organization_get_mfa_response_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::OrganizationGetMFAResponse.new()
+      plumbing.meta = convert_get_response_metadata_to_plumbing(porcelain.meta)
+      plumbing.mfa = convert_mfa_config_to_plumbing(porcelain.mfa)
+      plumbing.rate_limit = convert_rate_limit_metadata_to_plumbing(porcelain.rate_limit)
+      plumbing
+    end
+    def self.convert_repeated_organization_get_mfa_response_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_organization_get_mfa_response_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_organization_get_mfa_response_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_organization_get_mfa_response_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
     def self.convert_organization_history_record_to_porcelain(plumbing)
       if plumbing == nil
         return nil
@@ -13783,6 +13976,76 @@ module SDM
       end
       items
     end
+    def self.convert_organization_test_mfa_response_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = OrganizationTestMFAResponse.new()
+      porcelain.rate_limit = convert_rate_limit_metadata_to_porcelain(plumbing.rate_limit)
+      porcelain
+    end
+
+    def self.convert_organization_test_mfa_response_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::OrganizationTestMFAResponse.new()
+      plumbing.rate_limit = convert_rate_limit_metadata_to_plumbing(porcelain.rate_limit)
+      plumbing
+    end
+    def self.convert_repeated_organization_test_mfa_response_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_organization_test_mfa_response_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_organization_test_mfa_response_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_organization_test_mfa_response_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
+    def self.convert_organization_update_mfa_response_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = OrganizationUpdateMFAResponse.new()
+      porcelain.mfa = convert_mfa_config_to_porcelain(plumbing.mfa)
+      porcelain.rate_limit = convert_rate_limit_metadata_to_porcelain(plumbing.rate_limit)
+      porcelain
+    end
+
+    def self.convert_organization_update_mfa_response_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::OrganizationUpdateMFAResponse.new()
+      plumbing.mfa = convert_mfa_config_to_plumbing(porcelain.mfa)
+      plumbing.rate_limit = convert_rate_limit_metadata_to_plumbing(porcelain.rate_limit)
+      plumbing
+    end
+    def self.convert_repeated_organization_update_mfa_response_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_organization_update_mfa_response_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_organization_update_mfa_response_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_organization_update_mfa_response_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
     def self.convert_peering_group_to_porcelain(plumbing)
       if plumbing == nil
         return nil
@@ -16714,6 +16977,9 @@ module SDM
       if porcelain.instance_of? KubernetesUserImpersonation
         plumbing.kubernetes_user_impersonation = convert_kubernetes_user_impersonation_to_plumbing(porcelain)
       end
+      if porcelain.instance_of? LLM
+        plumbing.llm = convert_llm_to_plumbing(porcelain)
+      end
       if porcelain.instance_of? Maria
         plumbing.maria = convert_maria_to_plumbing(porcelain)
       end
@@ -17072,6 +17338,9 @@ module SDM
       if plumbing.kubernetes_user_impersonation != nil
         return convert_kubernetes_user_impersonation_to_porcelain(plumbing.kubernetes_user_impersonation)
       end
+      if plumbing.llm != nil
+        return convert_llm_to_porcelain(plumbing.llm)
+      end
       if plumbing.maria != nil
         return convert_maria_to_porcelain(plumbing.maria)
       end

data/lib/grpc/resourcetypes_pb.rb

@@ -93,6 +93,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :RESOURCE_TYPE_KUBERNETES_SERVICE_ACCOUNT, 804
       value :RESOURCE_TYPE_KUBERNETES_SERVICE_ACCOUNT_USER_IMPERSONATION, 808
       value :RESOURCE_TYPE_KUBERNETES_USER_IMPERSONATION, 812
+      value :RESOURCE_TYPE_LLM, 4900
       value :RESOURCE_TYPE_MCP_NO_AUTH, 4703
       value :RESOURCE_TYPE_MCP, 4700
       value :RESOURCE_TYPE_MCPDCR, 4701

data/lib/models/porcelain.rb

@@ -163,6 +163,8 @@ module SDM
 
     KUBERNETES_USER_IMPERSONATION = "RESOURCE_TYPE_KUBERNETES_USER_IMPERSONATION"
 
+    LLM = "RESOURCE_TYPE_LLM"
+
     MCP_NO_AUTH = "RESOURCE_TYPE_MCP_NO_AUTH"
 
     MCP = "RESOURCE_TYPE_MCP"
@@ -10285,6 +10287,74 @@ module SDM
     end
   end
 
+  # LLM is currently unstable, and its API may change, or it may be removed, without a major version bump.
+  class LLM
+    # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
+    attr_accessor :bind_interface
+    # A filter applied to the routing logic to pin datasource to nodes.
+    attr_accessor :egress_filter
+    # True if the datasource is reachable and the credentials are valid.
+    attr_accessor :healthy
+    # Unique identifier of the Resource.
+    attr_accessor :id
+    # Space-separated list of model names this resource accepts. Requests for unlisted models are rejected. Leave empty to allow all models.
+    attr_accessor :models
+    # Unique human-readable name of the Resource.
+    attr_accessor :name
+    # The password to authenticate with.
+    attr_accessor :password
+    # The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
+    attr_accessor :port_override
+    # ID of the proxy cluster for this resource, if any.
+    attr_accessor :proxy_cluster_id
+    # ID of the secret store containing credentials for this resource, if any.
+    attr_accessor :secret_store_id
+    # DNS subdomain through which this resource may be accessed on clients.  (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
+    attr_accessor :subdomain
+    # Tags is a map of key, value pairs.
+    attr_accessor :tags
+    # The URL to dial to initiate a connection from the egress node to this resource.
+    attr_accessor :url
+
+    def initialize(
+      bind_interface: nil,
+      egress_filter: nil,
+      healthy: nil,
+      id: nil,
+      models: nil,
+      name: nil,
+      password: nil,
+      port_override: nil,
+      proxy_cluster_id: nil,
+      secret_store_id: nil,
+      subdomain: nil,
+      tags: nil,
+      url: nil
+    )
+      @bind_interface = bind_interface == nil ? "" : bind_interface
+      @egress_filter = egress_filter == nil ? "" : egress_filter
+      @healthy = healthy == nil ? false : healthy
+      @id = id == nil ? "" : id
+      @models = models == nil ? "" : models
+      @name = name == nil ? "" : name
+      @password = password == nil ? "" : password
+      @port_override = port_override == nil ? 0 : port_override
+      @proxy_cluster_id = proxy_cluster_id == nil ? "" : proxy_cluster_id
+      @secret_store_id = secret_store_id == nil ? "" : secret_store_id
+      @subdomain = subdomain == nil ? "" : subdomain
+      @tags = tags == nil ? SDM::_porcelain_zero_value_tags() : tags
+      @url = url == nil ? "" : url
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class LogCategoryConfig
     # Indicates if the Organization should exclude replay data from remote logging for the log category.
     attr_accessor :remote_discard_replays
@@ -10497,7 +10567,6 @@ module SDM
     end
   end
 
-  # MCPGatewayOAuthDCR is currently unstable, and its API may change, or it may be removed, without a major version bump.
   class MCPGatewayOAuthDCR
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
     attr_accessor :bind_interface
@@ -10644,6 +10713,33 @@ module SDM
     end
   end
 
+  class MFAConfig
+    # Indicates if MFA is enabled for the organization.
+    attr_accessor :enabled
+    # Okta MFA configuration. Future providers will be added to this wrapper.
+    attr_accessor :okta
+    # The MFA provider, one of the MFAProvider constants.
+    attr_accessor :provider
+
+    def initialize(
+      enabled: nil,
+      okta: nil,
+      provider: nil
+    )
+      @enabled = enabled == nil ? false : enabled
+      @okta = okta == nil ? nil : okta
+      @provider = provider == nil ? "" : provider
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class MTLSMysql
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
     attr_accessor :bind_interface
@@ -12686,6 +12782,67 @@ module SDM
     end
   end
 
+  class OktaMFAConfig
+    # The API token to authenticate with when auth_mode is api_token.
+    attr_accessor :api_token
+    # Indicates if an API token is already stored.
+    attr_accessor :api_token_set
+    # The Okta auth mode, one of the OktaAuthMode constants.
+    attr_accessor :auth_mode
+    # The Okta client ID to authenticate with when auth_mode is client_credentials.
+    attr_accessor :client_id
+    # Indicates if multidevice push is enabled.
+    attr_accessor :multidevice_push_enabled
+    # The Okta organization URL.
+    attr_accessor :organization_url
+    # The key ID (kid) assigned by Okta to the registered public key.
+    attr_accessor :private_key_id
+    # Indicates if a key ID is already stored or explicitly supplied. This allows
+    # callers to preserve the existing value when omitted or clear it by
+    # sending an empty string with private_key_id_set=true.
+    attr_accessor :private_key_id_set
+    # The PEM encoded private key to authenticate with when auth_mode is client_credentials.
+    attr_accessor :private_key_pem
+    # Indicates if a PEM encoded private key is already stored.
+    attr_accessor :private_key_pem_set
+    # The Okta user lookup strategy, one of the OktaUserLookup constants.
+    attr_accessor :user_lookup
+
+    def initialize(
+      api_token: nil,
+      api_token_set: nil,
+      auth_mode: nil,
+      client_id: nil,
+      multidevice_push_enabled: nil,
+      organization_url: nil,
+      private_key_id: nil,
+      private_key_id_set: nil,
+      private_key_pem: nil,
+      private_key_pem_set: nil,
+      user_lookup: nil
+    )
+      @api_token = api_token == nil ? "" : api_token
+      @api_token_set = api_token_set == nil ? false : api_token_set
+      @auth_mode = auth_mode == nil ? "" : auth_mode
+      @client_id = client_id == nil ? "" : client_id
+      @multidevice_push_enabled = multidevice_push_enabled == nil ? false : multidevice_push_enabled
+      @organization_url = organization_url == nil ? "" : organization_url
+      @private_key_id = private_key_id == nil ? "" : private_key_id
+      @private_key_id_set = private_key_id_set == nil ? false : private_key_id_set
+      @private_key_pem = private_key_pem == nil ? "" : private_key_pem
+      @private_key_pem_set = private_key_pem_set == nil ? false : private_key_pem_set
+      @user_lookup = user_lookup == nil ? "" : user_lookup
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class Oracle
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
     attr_accessor :bind_interface
@@ -12991,6 +13148,33 @@ module SDM
     end
   end
 
+  class OrganizationGetMFAResponse
+    # Reserved for future use.
+    attr_accessor :meta
+    # The current MFA configuration.
+    attr_accessor :mfa
+    # Rate limit information.
+    attr_accessor :rate_limit
+
+    def initialize(
+      meta: nil,
+      mfa: nil,
+      rate_limit: nil
+    )
+      @meta = meta == nil ? nil : meta
+      @mfa = mfa == nil ? nil : mfa
+      @rate_limit = rate_limit == nil ? nil : rate_limit
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   # OrganizationHistoryRecord records the state of an Organization at a given point in time,
   # where every change to an Organization produces an OrganizationHistoryRecord.
   class OrganizationHistoryRecord
@@ -13021,6 +13205,48 @@ module SDM
     end
   end
 
+  class OrganizationTestMFAResponse
+    # Rate limit information.
+    attr_accessor :rate_limit
+
+    def initialize(
+      rate_limit: nil
+    )
+      @rate_limit = rate_limit == nil ? nil : rate_limit
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  class OrganizationUpdateMFAResponse
+    # The updated MFA configuration.
+    attr_accessor :mfa
+    # Rate limit information.
+    attr_accessor :rate_limit
+
+    def initialize(
+      mfa: nil,
+      rate_limit: nil
+    )
+      @mfa = mfa == nil ? nil : mfa
+      @rate_limit = rate_limit == nil ? nil : rate_limit
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   # PeeringGroups are the building blocks used for explicit network topology making.
   # They may be linked to other peering groups. Sets of PeeringGroupResource and PeeringGroupNode can be attached to a peering group.
   class PeeringGroup

data/lib/strongdm.rb

@@ -31,7 +31,7 @@ module SDM #:nodoc:
     DEFAULT_RETRY_FACTOR = 1.6
     DEFAULT_RETRY_JITTER = 0.2
     API_VERSION = "2025-04-14"
-    USER_AGENT = "strongdm-sdk-ruby/17.1.0"
+    USER_AGENT = "strongdm-sdk-ruby/17.4.0"
     private_constant :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :DEFAULT_RETRY_FACTOR, :DEFAULT_RETRY_JITTER, :API_VERSION, :USER_AGENT
 
     # Creates a new strongDM API client.
@@ -102,6 +102,7 @@ module SDM #:nodoc:
       @nodes = Nodes.new(@channel, self)
       @nodes_history = NodesHistory.new(@channel, self)
       @organization_history = OrganizationHistory.new(@channel, self)
+      @organizations = Organizations.new(@channel, self)
       @peering_group_nodes = PeeringGroupNodes.new(@channel, self)
       @peering_group_peers = PeeringGroupPeers.new(@channel, self)
       @peering_group_resources = PeeringGroupResources.new(@channel, self)
@@ -430,6 +431,14 @@ module SDM #:nodoc:
     #
     # See {OrganizationHistory}.
     attr_reader :organization_history
+    # Organizations exposes organization configuration. Most RPCs remain private to the
+    # go_private SDK; public MFA management is exposed to all public SDK targets.
+    # The terraform-provider target is opted out at the service level because the
+    # provider's data-source generator assumes every service has a List RPC; MFA is
+    # instead surfaced via a hand-written resource template.
+    #
+    # See {Organizations}.
+    attr_reader :organizations
     # PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.
     #
     # See {PeeringGroupNodes}.
@@ -617,6 +626,7 @@ module SDM #:nodoc:
       @nodes = Nodes.new(@channel, self)
       @nodes_history = NodesHistory.new(@channel, self)
       @organization_history = OrganizationHistory.new(@channel, self)
+      @organizations = Organizations.new(@channel, self)
       @peering_group_nodes = PeeringGroupNodes.new(@channel, self)
       @peering_group_peers = PeeringGroupPeers.new(@channel, self)
       @peering_group_resources = PeeringGroupResources.new(@channel, self)

data/lib/svc.rb

@@ -5245,6 +5245,126 @@ module SDM #:nodoc:
     end
   end
 
+  # Organizations exposes organization configuration. Most RPCs remain private to the
+  # go_private SDK; public MFA management is exposed to all public SDK targets.
+  # The terraform-provider target is opted out at the service level because the
+  # provider's data-source generator assumes every service has a List RPC; MFA is
+  # instead surfaced via a hand-written resource template.
+  #
+  # See {Organization}.
+  class Organizations
+    extend Gem::Deprecate
+
+    def initialize(channel, parent)
+      begin
+        @stub = V1::Organizations::Stub.new(nil, nil, channel_override: channel)
+      rescue => exception
+        raise Plumbing::convert_error_to_porcelain(exception)
+      end
+      @parent = parent
+    end
+
+    # GetMFA gets the organization's MFA configuration.
+    def get_mfa(
+      deadline: nil
+    )
+      req = V1::OrganizationGetMFARequest.new()
+
+      # Execute before interceptor hooks
+      req = @parent.interceptor.execute_before("Organizations.GetMFA", self, req)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.get_mfa(req, metadata: @parent.get_metadata("Organizations.GetMFA", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception, deadline))
+            tries + +sleep(@parent.exponentialBackoff(tries, deadline))
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      # Execute after interceptor hooks
+      plumbing_response = @parent.interceptor.execute_after("Organizations.GetMFA", self, req, plumbing_response)
+
+      resp = OrganizationGetMFAResponse.new()
+      resp.meta = Plumbing::convert_get_response_metadata_to_porcelain(plumbing_response.meta)
+      resp.mfa = Plumbing::convert_mfa_config_to_porcelain(plumbing_response.mfa)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+
+    # UpdateMFA updates the organization's MFA configuration.
+    def update_mfa(
+      mfa,
+      deadline: nil
+    )
+      req = V1::OrganizationUpdateMFARequest.new()
+
+      req.mfa = Plumbing::convert_mfa_config_to_plumbing(mfa)
+      # Execute before interceptor hooks
+      req = @parent.interceptor.execute_before("Organizations.UpdateMFA", self, req)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.update_mfa(req, metadata: @parent.get_metadata("Organizations.UpdateMFA", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception, deadline))
+            tries + +sleep(@parent.exponentialBackoff(tries, deadline))
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      # Execute after interceptor hooks
+      plumbing_response = @parent.interceptor.execute_after("Organizations.UpdateMFA", self, req, plumbing_response)
+
+      resp = OrganizationUpdateMFAResponse.new()
+      resp.mfa = Plumbing::convert_mfa_config_to_porcelain(plumbing_response.mfa)
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+
+    # TestMFA validates MFA connectivity without persisting changes.
+    def test_mfa(
+      mfa,
+      deadline: nil
+    )
+      req = V1::OrganizationTestMFARequest.new()
+
+      req.mfa = Plumbing::convert_mfa_config_to_plumbing(mfa)
+      # Execute before interceptor hooks
+      req = @parent.interceptor.execute_before("Organizations.TestMFA", self, req)
+      tries = 0
+      plumbing_response = nil
+      loop do
+        begin
+          plumbing_response = @stub.test_mfa(req, metadata: @parent.get_metadata("Organizations.TestMFA", req), deadline: deadline)
+        rescue => exception
+          if (@parent.shouldRetry(tries, exception, deadline))
+            tries + +sleep(@parent.exponentialBackoff(tries, deadline))
+            next
+          end
+          raise Plumbing::convert_error_to_porcelain(exception)
+        end
+        break
+      end
+
+      # Execute after interceptor hooks
+      plumbing_response = @parent.interceptor.execute_after("Organizations.TestMFA", self, req, plumbing_response)
+
+      resp = OrganizationTestMFAResponse.new()
+      resp.rate_limit = Plumbing::convert_rate_limit_metadata_to_porcelain(plumbing_response.rate_limit)
+      resp
+    end
+  end
+
   # PeeringGroupNodes provides the building blocks necessary to obtain attach a node to a peering group.
   #
   # See {PeeringGroupNode}.
@@ -7289,6 +7409,7 @@ module SDM #:nodoc:
   # {KubernetesServiceAccount}
   # {KubernetesServiceAccountUserImpersonation}
   # {KubernetesUserImpersonation}
+  # {LLM}
   # {Maria}
   # {MCPGatewayNoAuth}
   # {MCPGatewayOAuth}

data/lib/version

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "17.1.0"
+  VERSION = "17.4.0"
 end

data/lib/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "17.1.0"
+  VERSION = "17.4.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: strongdm
 version: !ruby/object:Gem::Version
-  version: 17.1.0
+  version: 17.4.0
 platform: ruby
 authors:
 - strongDM Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2026-04-21 00:00:00.000000000 Z
+date: 2026-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
@@ -81,8 +81,8 @@ files:
 - "./.git/logs/HEAD"
 - "./.git/logs/refs/heads/master"
 - "./.git/logs/refs/remotes/origin/HEAD"
-- "./.git/objects/pack/pack-8883014742378b7fdf0c34a97562b9df2d80609b.idx"
-- "./.git/objects/pack/pack-8883014742378b7fdf0c34a97562b9df2d80609b.pack"
+- "./.git/objects/pack/pack-25c93bdf583e394318001c7011476e3b807b6081.idx"
+- "./.git/objects/pack/pack-25c93bdf583e394318001c7011476e3b807b6081.pack"
 - "./.git/packed-refs"
 - "./.git/refs/heads/master"
 - "./.git/refs/remotes/origin/HEAD"
@@ -176,6 +176,8 @@ files:
 - "./lib/grpc/options_pb.rb"
 - "./lib/grpc/organization_history_pb.rb"
 - "./lib/grpc/organization_history_services_pb.rb"
+- "./lib/grpc/organizations_pb.rb"
+- "./lib/grpc/organizations_services_pb.rb"
 - "./lib/grpc/peering_group_nodes_pb.rb"
 - "./lib/grpc/peering_group_nodes_services_pb.rb"
 - "./lib/grpc/peering_group_peers_pb.rb"