strongdm 3.6.1 → 3.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/.git/ORIG_HEAD +1 -1
  3. data/.git/index +0 -0
  4. data/.git/logs/HEAD +3 -3
  5. data/.git/logs/refs/heads/master +2 -2
  6. data/.git/logs/refs/remotes/origin/HEAD +1 -1
  7. data/.git/objects/pack/{pack-c0eff6575c38c9865988c2b59ce4060fff518355.idx → pack-6ff24cd25221e788819ff2b8012b5e54f3c5d426.idx} +0 -0
  8. data/.git/objects/pack/{pack-c0eff6575c38c9865988c2b59ce4060fff518355.pack → pack-6ff24cd25221e788819ff2b8012b5e54f3c5d426.pack} +0 -0
  9. data/.git/packed-refs +3 -2
  10. data/.git/refs/heads/master +1 -1
  11. data/lib/constants.rb +311 -0
  12. data/lib/grpc/account_attachments_history_pb.rb +48 -0
  13. data/lib/grpc/account_attachments_history_services_pb.rb +37 -0
  14. data/lib/grpc/account_grants_history_pb.rb +48 -0
  15. data/lib/grpc/account_grants_history_services_pb.rb +37 -0
  16. data/lib/grpc/account_permissions_pb.rb +48 -0
  17. data/lib/grpc/account_permissions_services_pb.rb +38 -0
  18. data/lib/grpc/account_resources_pb.rb +49 -0
  19. data/lib/grpc/account_resources_services_pb.rb +38 -0
  20. data/lib/grpc/accounts_history_pb.rb +48 -0
  21. data/lib/grpc/accounts_history_services_pb.rb +37 -0
  22. data/lib/grpc/activities_pb.rb +77 -0
  23. data/lib/grpc/activities_services_pb.rb +41 -0
  24. data/lib/grpc/nodes_history_pb.rb +48 -0
  25. data/lib/grpc/nodes_history_services_pb.rb +37 -0
  26. data/lib/grpc/organization_history_pb.rb +74 -0
  27. data/lib/grpc/organization_history_services_pb.rb +37 -0
  28. data/lib/grpc/plumbing.rb +977 -4
  29. data/lib/grpc/queries_pb.rb +67 -0
  30. data/lib/grpc/queries_services_pb.rb +39 -0
  31. data/lib/grpc/remote_identities_history_pb.rb +48 -0
  32. data/lib/grpc/remote_identities_history_services_pb.rb +37 -0
  33. data/lib/grpc/remote_identity_groups_history_pb.rb +48 -0
  34. data/lib/grpc/remote_identity_groups_history_services_pb.rb +37 -0
  35. data/lib/grpc/replays_pb.rb +50 -0
  36. data/lib/grpc/replays_services_pb.rb +38 -0
  37. data/lib/grpc/resources_history_pb.rb +48 -0
  38. data/lib/grpc/resources_history_services_pb.rb +37 -0
  39. data/lib/grpc/role_resources_history_pb.rb +48 -0
  40. data/lib/grpc/role_resources_history_services_pb.rb +37 -0
  41. data/lib/grpc/role_resources_pb.rb +46 -0
  42. data/lib/grpc/role_resources_services_pb.rb +38 -0
  43. data/lib/grpc/roles_history_pb.rb +48 -0
  44. data/lib/grpc/roles_history_services_pb.rb +37 -0
  45. data/lib/grpc/secret_stores_history_pb.rb +48 -0
  46. data/lib/grpc/secret_stores_history_services_pb.rb +37 -0
  47. data/lib/models/porcelain.rb +912 -0
  48. data/lib/strongdm.rb +219 -1
  49. data/lib/svc.rb +1555 -120
  50. data/lib/version +1 -1
  51. data/lib/version.rb +1 -1
  52. metadata +38 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0422edba8bf3e651e34ee80a04636820bf84c3091cf6ce57ea33ad4e0d554720
4
- data.tar.gz: 803d2fece2c378b009e06da5676969a07fdf34ef8187dd0ebe65cc0412c102f7
3
+ metadata.gz: 5d98068f83e8e37ff45f3525677c3565d90ada5dfdd5c5f443b0f816ff0ca4c9
4
+ data.tar.gz: 9b6f90d8f1cb4c31a6fad97a8781eede0b998d67bf9d63f4365a79dd8b22cd90
5
5
  SHA512:
6
- metadata.gz: 134fdc741aa68a757e732a3d51719fb4ad441593b52e4f39d3d015569f5f478d5bb44151602ff62c74f0c98bad99291ebc21fa7ca8c363cc068d6155360af82c
7
- data.tar.gz: 9230544165b6e5a015170105f6edc97d323e8011421b828ea9007e52b60bb6d999b2c2546235a28bafc7f80aff4ec07a03dca5718734716396a8470bd22c3053
6
+ metadata.gz: 50c064d45a840df5b01d122917716cae7b8b21fabfc91764c65aaf9aa353f6b4add8eebdec2584e3a6e9b52dace1658ab5e2faa35441f1ba099f9e72e3087e7b
7
+ data.tar.gz: ab0f1a802843e25430587c54dcffae15ea1df6e3e607b75a8a0259c1960e92906c7b10df749489a8b5eaa4cd380618a332ea608cd2d9c86252ee350bdebfcb48
data/.git/ORIG_HEAD CHANGED
@@ -1 +1 @@
1
- 7f688fbda6c715ebd7f057720b4e16216ff54064
1
+ ffd4706f2b64466550868d42ee2a5a4b88b3a372
data/.git/index CHANGED
Binary file
data/.git/logs/HEAD CHANGED
@@ -1,3 +1,3 @@
1
- 0000000000000000000000000000000000000000 7f688fbda6c715ebd7f057720b4e16216ff54064 root <root@a1a787bc334e.(none)> 1676573766 +0000 clone: from github.com:strongdm/strongdm-sdk-ruby.git
2
- 7f688fbda6c715ebd7f057720b4e16216ff54064 7f688fbda6c715ebd7f057720b4e16216ff54064 root <root@a1a787bc334e.(none)> 1676573766 +0000 checkout: moving from master to master
3
- 7f688fbda6c715ebd7f057720b4e16216ff54064 ffd4706f2b64466550868d42ee2a5a4b88b3a372 root <root@a1a787bc334e.(none)> 1676573766 +0000 merge origin/development: Fast-forward
1
+ 0000000000000000000000000000000000000000 ffd4706f2b64466550868d42ee2a5a4b88b3a372 root <root@cf5147c441ef.(none)> 1679090962 +0000 clone: from github.com:strongdm/strongdm-sdk-ruby.git
2
+ ffd4706f2b64466550868d42ee2a5a4b88b3a372 ffd4706f2b64466550868d42ee2a5a4b88b3a372 root <root@cf5147c441ef.(none)> 1679090962 +0000 checkout: moving from master to master
3
+ ffd4706f2b64466550868d42ee2a5a4b88b3a372 10a9195bd9e91e5d6047500b92d08df567d60f78 root <root@cf5147c441ef.(none)> 1679090962 +0000 merge origin/development: Fast-forward
@@ -1,2 +1,2 @@
1
- 0000000000000000000000000000000000000000 7f688fbda6c715ebd7f057720b4e16216ff54064 root <root@a1a787bc334e.(none)> 1676573766 +0000 clone: from github.com:strongdm/strongdm-sdk-ruby.git
2
- 7f688fbda6c715ebd7f057720b4e16216ff54064 ffd4706f2b64466550868d42ee2a5a4b88b3a372 root <root@a1a787bc334e.(none)> 1676573766 +0000 merge origin/development: Fast-forward
1
+ 0000000000000000000000000000000000000000 ffd4706f2b64466550868d42ee2a5a4b88b3a372 root <root@cf5147c441ef.(none)> 1679090962 +0000 clone: from github.com:strongdm/strongdm-sdk-ruby.git
2
+ ffd4706f2b64466550868d42ee2a5a4b88b3a372 10a9195bd9e91e5d6047500b92d08df567d60f78 root <root@cf5147c441ef.(none)> 1679090962 +0000 merge origin/development: Fast-forward
@@ -1 +1 @@
1
- 0000000000000000000000000000000000000000 7f688fbda6c715ebd7f057720b4e16216ff54064 root <root@a1a787bc334e.(none)> 1676573766 +0000 clone: from github.com:strongdm/strongdm-sdk-ruby.git
1
+ 0000000000000000000000000000000000000000 ffd4706f2b64466550868d42ee2a5a4b88b3a372 root <root@cf5147c441ef.(none)> 1679090962 +0000 clone: from github.com:strongdm/strongdm-sdk-ruby.git
data/.git/packed-refs CHANGED
@@ -1,6 +1,6 @@
1
1
  # pack-refs with: peeled fully-peeled sorted
2
- ffd4706f2b64466550868d42ee2a5a4b88b3a372 refs/remotes/origin/development
3
- 7f688fbda6c715ebd7f057720b4e16216ff54064 refs/remotes/origin/master
2
+ 10a9195bd9e91e5d6047500b92d08df567d60f78 refs/remotes/origin/development
3
+ ffd4706f2b64466550868d42ee2a5a4b88b3a372 refs/remotes/origin/master
4
4
  2e4fe8087177ddea9b3991ca499f758384839c89 refs/tags/untagged-84fd83a4484c785cce63
5
5
  04f604866214fab4d5663b5171a3e596331577bd refs/tags/v0.9.4
6
6
  6f9a7b75b345c65fb554884907b7060680c807b7 refs/tags/v0.9.5
@@ -55,3 +55,4 @@ bfb8a3cdb41c617913f0295b25ac7ecc7398d2c2 refs/tags/v3.5.0
55
55
  67d9309e77842e64a4b43d8c3fa2c52ece706a3d refs/tags/v3.5.4
56
56
  ed61eaceb77e62a0c1a0bb8d36fc0bda7b242af4 refs/tags/v3.5.5
57
57
  7f688fbda6c715ebd7f057720b4e16216ff54064 refs/tags/v3.6.0
58
+ ffd4706f2b64466550868d42ee2a5a4b88b3a372 refs/tags/v3.6.1
@@ -1 +1 @@
1
- ffd4706f2b64466550868d42ee2a5a4b88b3a372
1
+ 10a9195bd9e91e5d6047500b92d08df567d60f78
data/lib/constants.rb CHANGED
@@ -66,4 +66,315 @@ module SDM
66
66
  ONE_LOGIN = "onelogin"
67
67
  GOOGLE = "google"
68
68
  end
69
+
70
+ # Providers responsible for SSO authentication.
71
+ module AuthProvider
72
+ AZURE = "azure"
73
+ BITIUM = "bitium"
74
+ GOOGLE = "google"
75
+ OKTA = "okta"
76
+ STRONG_DM = "strongdm"
77
+ ACTIVE_DIRECTORY = "active directory"
78
+ GENERIC_OIDC = "generic oidc"
79
+ ONE_LOGIN_OIDC = "oneloginv2"
80
+ KEYCLOAK = "keycloak"
81
+ SHIBBOLETH = "shibboleth"
82
+ AUTH_0 = "auth0"
83
+ WORKSPACE_ONE = "workspace one"
84
+ ONE_LOGIN_SAML = "onelogin-saml"
85
+ GENERIC_SAML = "generic-saml"
86
+ PING_IDSAML = "ping-identity-saml"
87
+ end
88
+
89
+ # Providers responsible for multi-factor authentication
90
+ module MFAProvider
91
+ NONE = ""
92
+ DUO = "duo"
93
+ end
94
+
95
+ # Activity Entities, all entity types that can be part of an activity.
96
+ module ActivityEntityType
97
+ USER = "user"
98
+ ROLE = "role"
99
+ LEGACY_COMPOSITE_ROLE = "composite_role"
100
+ DATASOURCE = "datasource"
101
+ ORGANIZATION = "organization"
102
+ INSTALLATION = "installation"
103
+ SECRET_STORE = "secretstore"
104
+ REMOTE_IDENTITY_GROUP = "remote_identity_group"
105
+ REMOTE_IDENTITY = "remote_identity"
106
+ ACCESS_REQUEST = "access_request"
107
+ WORKFLOW = "workflow"
108
+ end
109
+
110
+ # Activity Verbs, describe which kind of activity has taken place.
111
+ module ActivityVerb
112
+ USER_ADDED = "user added"
113
+ USER_DELETED = "user deleted"
114
+ USER_UPDATED = "user updated"
115
+ USER_SIGNUP = "user signup"
116
+ USER_TYPE_CHANGED = "user type changed"
117
+ USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted"
118
+ USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked"
119
+ USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired"
120
+ USER_ADDED_TO_ROLE = "user added to role"
121
+ USER_DELETED_FROM_ROLE = "user deleted from role"
122
+ USER_SUSPENDED = "user suspended"
123
+ USER_REINSTATED = "user reinstated"
124
+ USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI"
125
+ PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org"
126
+ USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client"
127
+ SERVICE_ACCOUNT_CREATED = "service account created"
128
+ SERVICE_ACCOUNT_EXPIRED = "service account expired"
129
+ ADMIN_TOKEN_ADDED = "admin token created"
130
+ ADMIN_TOKEN_DELETED = "admin token deleted"
131
+ ADMIN_TOKEN_EXPIRED = "admin token expired"
132
+ ADMIN_TOKEN_REKEYED = "admin token rekeyed"
133
+ ADMIN_TOKEN_CLONED = "admin token cloned"
134
+ ADMIN_TOKEN_SUSPENDED = "admin token suspended"
135
+ ADMIN_TOKEN_REINSTATED = "admin token reinstated"
136
+ SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO"
137
+ SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO"
138
+ USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client"
139
+ USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI"
140
+ FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI"
141
+ FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client"
142
+ MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI"
143
+ MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client"
144
+ TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts"
145
+ ATTEMPT_COUNTER_RESET = "failed login attempt counter reset"
146
+ SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client"
147
+ SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI"
148
+ SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI"
149
+ SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI"
150
+ SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client"
151
+ USER_SET_A_PASSWORD = "user set a password"
152
+ USER_RESET_A_PASSWORD = "user reset their password"
153
+ USER_CHANGED_PASSWORD = "user changed their password"
154
+ USER_INVITED = "user invited"
155
+ USER_CLICKED_INVITATION = "user clicked on their invitation"
156
+ USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset"
157
+ USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password"
158
+ USER_REQUIRE_SSO_LOGIN = "user required to login via SSO"
159
+ USER_PROVISIONING_ENABLED = "user provisioning enabled"
160
+ USER_PROVISIONING_DISABLED = "user provisioning disabled"
161
+ ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset"
162
+ ROLE_ADDED = "role added"
163
+ ROLE_DELETED = "role deleted"
164
+ ROLE_UPDATED = "role updated"
165
+ ROLE_ACCESS_RULES_UPDATED = "access rules updated"
166
+ ROLE_ACCESS_RULES_CREATED = "access rules created"
167
+ ROLE_ACCESS_RULES_DELETED = "access rules deleted"
168
+ ROLE_PROVISIONING_ENABLED = "role provisioning enabled"
169
+ ROLE_PROVISIONING_DISABLED = "role provisioning disabled"
170
+ DATASOURCE_ADDED = "datasource added"
171
+ DATASOURCE_CLONED = "datasource cloned"
172
+ DATASOURCE_DELETED = "datasource deleted"
173
+ DATASOURCE_UPDATED = "datasource updated"
174
+ DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden"
175
+ MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden"
176
+ SERVER_ADDED = "server added"
177
+ SERVER_CLONED = "server cloned"
178
+ SERVER_DELETED = "server deleted"
179
+ SERVER_UPDATED = "server updated"
180
+ SERVER_PORT_OVERRIDE = "server connection port overriden"
181
+ MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden"
182
+ CLUSTER_ADDED = "cluster added"
183
+ CLUSTER_CLONED = "cluster cloned"
184
+ CLUSTER_DELETED = "cluster deleted"
185
+ CLUSTER_UPDATED = "cluster updated"
186
+ CLUSTER_PORT_OVERRIDE = "cluster connection port overriden"
187
+ MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden"
188
+ CLOUD_ADDED = "cloud added"
189
+ CLOUD_CLONED = "cloud cloned"
190
+ CLOUD_DELETED = "cloud deleted"
191
+ CLOUD_UPDATED = "cloud updated"
192
+ WEBSITE_ADDED = "website added"
193
+ WEBSITE_CLONED = "website cloned"
194
+ WEBSITE_DELETED = "website deleted"
195
+ WEBSITE_UPDATED = "website updated"
196
+ INSTALLATION_CREATED = "installation created"
197
+ RELAY_INSTALLATION_CREATED = "installation created for relay"
198
+ INSTALLATION_APPROVED = "installation approved"
199
+ INSTALLATION_REVOKED = "installation revoked"
200
+ RELAY_CREATED = "relay created"
201
+ RELAY_UPDATED_NAME = "relay name updated"
202
+ RELAY_DELETED = "relay deleted"
203
+ ORG_PUBLIC_KEY_UPDATED = "public key updated"
204
+ ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated"
205
+ ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated"
206
+ ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated"
207
+ ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated"
208
+ ORG_NAME_UPDATED = "organization name updated"
209
+ ORG_SETTING_UPDATED = "organization setting updated"
210
+ ORG_CREATED = "organization created"
211
+ ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set"
212
+ ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted"
213
+ ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set"
214
+ ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted"
215
+ CHILD_ORG_ADMIN_INVITED = "child organization admin invited"
216
+ SERVICE_ACCOUNT_REKEYED = "service account rekeyed"
217
+ SCIM_TOKEN_ADDED = "SCIM token created"
218
+ SCIM_TOKEN_DELETED = "SCIM token deleted"
219
+ SCIM_TOKEN_REKEYED = "SCIM token rekeyed"
220
+ API_KEY_DELETED = "API key deleted"
221
+ ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated"
222
+ ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding"
223
+ ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding"
224
+ ORG_ADD_CHILD = "add child organization"
225
+ ORG_REMOVE_CHILD = "remove child organization"
226
+ ORG_EXTEND_TRIAL = "trial extended"
227
+ SECRET_STORE_ADDED = "secret store added"
228
+ SECRET_STORE_UPDATED = "secret store updated"
229
+ SECRET_STORE_DELETED = "secret store deleted"
230
+ REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created"
231
+ REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated"
232
+ REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted"
233
+ REMOTE_IDENTITY_CREATED = "remote identity created"
234
+ REMOTE_IDENTITY_UPDATED = "remote identity updated"
235
+ REMOTE_IDENTITY_DELETED = "remote identity deleted"
236
+ ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource"
237
+ ACCESS_REQUEST_TO_RESOURCE_APPROVED = "access request to resource approved"
238
+ ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled"
239
+ ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied"
240
+ ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out"
241
+ WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow"
242
+ WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow"
243
+ WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow"
244
+ WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow"
245
+ WORKFLOW_NOTIFICATION_OPTION_ADDED = "workflow notification type added"
246
+ WORKFLOW_NOTIFICATION_OPTION_REMOVED = "workflow notification type removed"
247
+ WORKFLOW_NOTIFICATION_OPTIONS_UPDATED = "workflow notification settings updated"
248
+ ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated"
249
+ DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval"
250
+ DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval"
251
+ EMULATION_MIGRATION_COMPLETED = "emulation migration completed"
252
+ ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed"
253
+ ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers"
254
+ end
255
+
256
+ # Permissions, all permissions that may be granted to an account.
257
+ module Permission
258
+ RELAY_LIST = "relay:list"
259
+ RELAY_CREATE = "relay:create"
260
+ DATASOURCE_LIST = "datasource:list"
261
+ DATASOURCE_CREATE = "datasource:create"
262
+ DATASOURCE_HEALTHCHECK = "datasource:healthcheck"
263
+ DEPRECATED_DATASOURCE_GRANT = "datasource:grant"
264
+ DATASOURCE_DELETE = "datasource:delete"
265
+ DATASOURCE_UPDATE = "datasource:update"
266
+ SECRET_STORE_CREATE = "secretstore:create"
267
+ SECRET_STORE_LIST = "secretstore:list"
268
+ SECRET_STORE_DELETE = "secretstore:delete"
269
+ SECRET_STORE_UPDATE = "secretstore:update"
270
+ SECRET_STORE_STATUS = "secretstore:status"
271
+ REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write"
272
+ REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read"
273
+ REMOTE_IDENTITY_WRITE = "remoteidentity:write"
274
+ REMOTE_IDENTITY_READ = "remoteidentity:read"
275
+ USER_CREATE = "user:create"
276
+ USER_LIST = "user:list"
277
+ USER_UPDATE_ADMIN = "user:update_admin"
278
+ USER_CREATE_ADMIN_TOKEN = "user:create_admin_token"
279
+ USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account"
280
+ USER_SET_PERMISSION_LEVEL = "user:set_strong_role"
281
+ USER_UPDATE = "user:update"
282
+ USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset"
283
+ USER_DELETE = "user:delete"
284
+ USER_ASSIGN = "user:assign"
285
+ USER_SUSPEND = "user:suspend"
286
+ DEMO_PROVISIONING_REQUEST_CREATE = "demoprovisioningrequest:create"
287
+ DEMO_PROVISIONING_REQUEST_LIST = "demoprovisioningrequest:list"
288
+ ROLE_LIST = "role:list"
289
+ ROLE_CREATE = "role:create"
290
+ ROLE_DELETE = "role:delete"
291
+ ROLE_UPDATE = "role:update"
292
+ ORG_VIEW_SETTINGS = "organization:view_settings"
293
+ ORG_EDIT_SETTINGS = "organization:edit_settings"
294
+ ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor"
295
+ ORG_LIST_CHILDREN = "organization:list_children"
296
+ ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization"
297
+ ORG_AUDIT_USERS = "audit:users"
298
+ ORG_AUDIT_ROLES = "audit:roles"
299
+ ORG_AUDIT_DATASOURCES = "audit:datasources"
300
+ ORG_AUDIT_NODES = "audit:nodes"
301
+ ORG_AUDIT_PERMISSIONS = "audit:permissions"
302
+ ORG_AUDIT_QUERIES = "audit:queries"
303
+ ORG_AUDIT_ACTIVITIES = "audit:activities"
304
+ ORG_AUDIT_SSH = "audit:ssh"
305
+ ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants"
306
+ ORG_AUDIT_ORG = "audit:organization"
307
+ ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities"
308
+ ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups"
309
+ ORG_AUDIT_SECRET_STORES = "audit:secretstores"
310
+ WORKFLOW_LIST = "workflow:list"
311
+ WORKFLOW_EDIT = "workflow:edit"
312
+ ACCESS_REQUEST_EDIT = "accessrequest:edit"
313
+ ACCESS_REQUEST_LIST = "accessrequest:list"
314
+ ACCESS_REQUEST_REQUESTER = "accessrequest:requester"
315
+ GLOBAL_RDP_RENDER = "rdp:render"
316
+ GLOBAL_QUERY_BUCKET_TRACKER = "query:bucket_tracker"
317
+ GLOBAL_ASSETS_GET_LATEST_VERSION_COMMIT_HASH = "assets:get_latest_version_commit_hash"
318
+ GLOBAL_SDMOS_SERVICE = "sdmos:service"
319
+ GLOBAL_SDMOS_DEPLOYMENT = "sdmos:deployment"
320
+ GLOBAL_SDMOS_RELEASE = "sdmos:release"
321
+ GLOBAL_DEMO_PROVISIONER = "demo:provision"
322
+ INSTALLATION_BLESS = "installation:bless"
323
+ INSTALLATION_CREATE = "installation:create"
324
+ INSTALLATION_REVOKE = "installation:revoke"
325
+ TESTING_ORG_CREATE = "testing:organization:create"
326
+ TESTING_ORG_DELETE = "testing:organization:delete"
327
+ TESTING_NO_PERMISSIONS = "testing:noperms"
328
+ TESTING_FETCH_QUERIES = "testing:queries:get"
329
+ GRANT_READ = "grant:read"
330
+ GRANT_WRITE = "grant:write"
331
+ REPORT_READ = "report:read"
332
+ end
333
+
334
+ # Query Categories, all the categories of resource against which queries are logged.
335
+ module QueryCategory
336
+ KUBERNETES = "k8s"
337
+ DATASOURCES = "queries"
338
+ RDP = "rdp"
339
+ SSH = "ssh"
340
+ WEB = "web"
341
+ CLOUD = "cloud"
342
+ ALL = "all"
343
+ end
344
+
345
+ # LogRemoteEncoder defines the encryption encoder for the queries are stored in the API.
346
+ module LogRemoteEncoder
347
+ STRONG_DM = "strongdm"
348
+ PUB_KEY = "pubkey"
349
+ HASH = "hash"
350
+ end
351
+
352
+ # LogLocalStorage defines how queries are stored locally.
353
+ module LogLocalStorage
354
+ STDOUT = "stdout"
355
+ FILE = "file"
356
+ TCP = "tcp"
357
+ SOCKET = "socket"
358
+ SYSLOG = "syslog"
359
+ NONE = "none"
360
+ end
361
+
362
+ # LogLocalEncoder defines the encryption encoder for queries are stored locally in the relay.
363
+ module LogLocalEncoder
364
+ PLAINTEXT = "plaintext"
365
+ PUB_KEY = "pubkey"
366
+ end
367
+
368
+ # LogLocalFormat defines the format the queries are stored locally in the relay.
369
+ module LogLocalFormat
370
+ CSV = "csv"
371
+ JSON = "json"
372
+ end
373
+
374
+ # OrgKind defines the types of organizations that may exist.
375
+ module OrgKind
376
+ SOLO = "solo"
377
+ ROOT = "root"
378
+ CHILD = "child"
379
+ end
69
380
  end
@@ -0,0 +1,48 @@
1
+ # Copyright 2020 StrongDM Inc
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+ #
15
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
16
+ # source: account_attachments_history.proto
17
+
18
+ require "google/protobuf"
19
+
20
+ require "google/protobuf/timestamp_pb"
21
+ require "account_attachments_pb"
22
+ require "options_pb"
23
+ require "spec_pb"
24
+ Google::Protobuf::DescriptorPool.generated_pool.build do
25
+ add_file("account_attachments_history.proto", :syntax => :proto3) do
26
+ add_message "v1.AccountAttachmentHistoryListRequest" do
27
+ optional :meta, :message, 1, "v1.ListRequestMetadata"
28
+ optional :filter, :string, 2
29
+ end
30
+ add_message "v1.AccountAttachmentHistoryListResponse" do
31
+ optional :meta, :message, 1, "v1.ListResponseMetadata"
32
+ repeated :history, :message, 2, "v1.AccountAttachmentHistory"
33
+ optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
34
+ end
35
+ add_message "v1.AccountAttachmentHistory" do
36
+ optional :activity_id, :string, 1
37
+ optional :timestamp, :message, 2, "google.protobuf.Timestamp"
38
+ optional :account_attachment, :message, 3, "v1.AccountAttachment"
39
+ optional :deleted_at, :message, 4, "google.protobuf.Timestamp"
40
+ end
41
+ end
42
+ end
43
+
44
+ module V1
45
+ AccountAttachmentHistoryListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentHistoryListRequest").msgclass
46
+ AccountAttachmentHistoryListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentHistoryListResponse").msgclass
47
+ AccountAttachmentHistory = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentHistory").msgclass
48
+ end
@@ -0,0 +1,37 @@
1
+ # Copyright 2020 StrongDM Inc
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+ #
15
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
16
+ # Source: account_attachments_history.proto for package 'v1'
17
+
18
+ require "grpc"
19
+ require "account_attachments_history_pb"
20
+
21
+ module V1
22
+ module AccountAttachmentsHistory
23
+ # AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
24
+ class Service
25
+ include GRPC::GenericService
26
+
27
+ self.marshal_class_method = :encode
28
+ self.unmarshal_class_method = :decode
29
+ self.service_name = "v1.AccountAttachmentsHistory"
30
+
31
+ # List gets a list of AccountAttachmentHistory records matching a given set of criteria.
32
+ rpc :List, V1::AccountAttachmentHistoryListRequest, V1::AccountAttachmentHistoryListResponse
33
+ end
34
+
35
+ Stub = Service.rpc_stub_class
36
+ end
37
+ end
@@ -0,0 +1,48 @@
1
+ # Copyright 2020 StrongDM Inc
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+ #
15
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
16
+ # source: account_grants_history.proto
17
+
18
+ require "google/protobuf"
19
+
20
+ require "google/protobuf/timestamp_pb"
21
+ require "account_grants_pb"
22
+ require "options_pb"
23
+ require "spec_pb"
24
+ Google::Protobuf::DescriptorPool.generated_pool.build do
25
+ add_file("account_grants_history.proto", :syntax => :proto3) do
26
+ add_message "v1.AccountGrantHistoryListRequest" do
27
+ optional :meta, :message, 1, "v1.ListRequestMetadata"
28
+ optional :filter, :string, 2
29
+ end
30
+ add_message "v1.AccountGrantHistoryListResponse" do
31
+ optional :meta, :message, 1, "v1.ListResponseMetadata"
32
+ repeated :history, :message, 2, "v1.AccountGrantHistory"
33
+ optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
34
+ end
35
+ add_message "v1.AccountGrantHistory" do
36
+ optional :activity_id, :string, 1
37
+ optional :timestamp, :message, 2, "google.protobuf.Timestamp"
38
+ optional :account_grant, :message, 3, "v1.AccountGrant"
39
+ optional :deleted_at, :message, 4, "google.protobuf.Timestamp"
40
+ end
41
+ end
42
+ end
43
+
44
+ module V1
45
+ AccountGrantHistoryListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountGrantHistoryListRequest").msgclass
46
+ AccountGrantHistoryListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountGrantHistoryListResponse").msgclass
47
+ AccountGrantHistory = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountGrantHistory").msgclass
48
+ end
@@ -0,0 +1,37 @@
1
+ # Copyright 2020 StrongDM Inc
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+ #
15
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
16
+ # Source: account_grants_history.proto for package 'v1'
17
+
18
+ require "grpc"
19
+ require "account_grants_history_pb"
20
+
21
+ module V1
22
+ module AccountGrantsHistory
23
+ # AccountGrantsHistory records all changes to the state of an AccountGrant.
24
+ class Service
25
+ include GRPC::GenericService
26
+
27
+ self.marshal_class_method = :encode
28
+ self.unmarshal_class_method = :decode
29
+ self.service_name = "v1.AccountGrantsHistory"
30
+
31
+ # List gets a list of AccountGrantHistory records matching a given set of criteria.
32
+ rpc :List, V1::AccountGrantHistoryListRequest, V1::AccountGrantHistoryListResponse
33
+ end
34
+
35
+ Stub = Service.rpc_stub_class
36
+ end
37
+ end
@@ -0,0 +1,48 @@
1
+ # Copyright 2020 StrongDM Inc
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+ #
15
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
16
+ # source: account_permissions.proto
17
+
18
+ require "google/protobuf"
19
+
20
+ require "google/protobuf/timestamp_pb"
21
+ require "options_pb"
22
+ require "spec_pb"
23
+ Google::Protobuf::DescriptorPool.generated_pool.build do
24
+ add_file("account_permissions.proto", :syntax => :proto3) do
25
+ add_message "v1.AccountPermissionListRequest" do
26
+ optional :meta, :message, 1, "v1.ListRequestMetadata"
27
+ optional :filter, :string, 2
28
+ end
29
+ add_message "v1.AccountPermissionListResponse" do
30
+ optional :meta, :message, 1, "v1.ListResponseMetadata"
31
+ repeated :permissions, :message, 2, "v1.AccountPermission"
32
+ optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
33
+ end
34
+ add_message "v1.AccountPermission" do
35
+ optional :account_id, :string, 1
36
+ optional :granted_at, :message, 2, "google.protobuf.Timestamp"
37
+ optional :permission, :string, 3
38
+ optional :scope, :string, 4
39
+ optional :scoped_id, :string, 5
40
+ end
41
+ end
42
+ end
43
+
44
+ module V1
45
+ AccountPermissionListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountPermissionListRequest").msgclass
46
+ AccountPermissionListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountPermissionListResponse").msgclass
47
+ AccountPermission = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountPermission").msgclass
48
+ end
@@ -0,0 +1,38 @@
1
+ # Copyright 2020 StrongDM Inc
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+ #
15
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
16
+ # Source: account_permissions.proto for package 'v1'
17
+
18
+ require "grpc"
19
+ require "account_permissions_pb"
20
+
21
+ module V1
22
+ module AccountPermissions
23
+ # AccountPermissions records the granular permissions accounts have, allowing them to execute
24
+ # relevant commands via StrongDM's APIs.
25
+ class Service
26
+ include GRPC::GenericService
27
+
28
+ self.marshal_class_method = :encode
29
+ self.unmarshal_class_method = :decode
30
+ self.service_name = "v1.AccountPermissions"
31
+
32
+ # List gets a list of Permission records matching a given set of criteria.
33
+ rpc :List, V1::AccountPermissionListRequest, V1::AccountPermissionListResponse
34
+ end
35
+
36
+ Stub = Service.rpc_stub_class
37
+ end
38
+ end