strongdm 3.6.1 → 3.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0422edba8bf3e651e34ee80a04636820bf84c3091cf6ce57ea33ad4e0d554720
-  data.tar.gz: 803d2fece2c378b009e06da5676969a07fdf34ef8187dd0ebe65cc0412c102f7
+  metadata.gz: 2b47464f812ab12599f6425152cfa1ae66a1aafcf822e940ab277e8ab38f5b39
+  data.tar.gz: 184c8bf8a2ad0da5931613ba6b2ebc86a045307ba05dd2bef9ee80b99f08f1da
 SHA512:
-  metadata.gz: 134fdc741aa68a757e732a3d51719fb4ad441593b52e4f39d3d015569f5f478d5bb44151602ff62c74f0c98bad99291ebc21fa7ca8c363cc068d6155360af82c
-  data.tar.gz: 9230544165b6e5a015170105f6edc97d323e8011421b828ea9007e52b60bb6d999b2c2546235a28bafc7f80aff4ec07a03dca5718734716396a8470bd22c3053
+  metadata.gz: a0084e4f9686c2d2d02cbba9dfea5bc603af43a89271c1cca621dabad4198ad5e201c3d92ed841c6851a125511aad5dc627a8f19437a184038fc936c3b742c9d
+  data.tar.gz: 2bc3903a73929c1b93edb63164c71cbf1e0750eb8d627302e317672720d02779ebd810bedb1609a3a420885177a9cc11972434e5d0a7b9a7797511c396c3b120

data/.git/ORIG_HEAD

@@ -1 +1 @@
-7f688fbda6c715ebd7f057720b4e16216ff54064
+10a9195bd9e91e5d6047500b92d08df567d60f78

data/.git/logs/HEAD

@@ -1,3 +1,3 @@
-0000000000000000000000000000000000000000 7f688fbda6c715ebd7f057720b4e16216ff54064 root <root@a1a787bc334e.(none)> 1676573766 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-7f688fbda6c715ebd7f057720b4e16216ff54064 7f688fbda6c715ebd7f057720b4e16216ff54064 root <root@a1a787bc334e.(none)> 1676573766 +0000	checkout: moving from master to master
-7f688fbda6c715ebd7f057720b4e16216ff54064 ffd4706f2b64466550868d42ee2a5a4b88b3a372 root <root@a1a787bc334e.(none)> 1676573766 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 10a9195bd9e91e5d6047500b92d08df567d60f78 root <root@138ee2ba9aa1.(none)> 1679435550 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+10a9195bd9e91e5d6047500b92d08df567d60f78 10a9195bd9e91e5d6047500b92d08df567d60f78 root <root@138ee2ba9aa1.(none)> 1679435551 +0000	checkout: moving from master to master
+10a9195bd9e91e5d6047500b92d08df567d60f78 07687e72efc8785eb9de64ef2d27056c6f9e3413 root <root@138ee2ba9aa1.(none)> 1679435551 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/heads/master

@@ -1,2 +1,2 @@
-0000000000000000000000000000000000000000 7f688fbda6c715ebd7f057720b4e16216ff54064 root <root@a1a787bc334e.(none)> 1676573766 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-7f688fbda6c715ebd7f057720b4e16216ff54064 ffd4706f2b64466550868d42ee2a5a4b88b3a372 root <root@a1a787bc334e.(none)> 1676573766 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 10a9195bd9e91e5d6047500b92d08df567d60f78 root <root@138ee2ba9aa1.(none)> 1679435550 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+10a9195bd9e91e5d6047500b92d08df567d60f78 07687e72efc8785eb9de64ef2d27056c6f9e3413 root <root@138ee2ba9aa1.(none)> 1679435551 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/remotes/origin/HEAD

@@ -1 +1 @@
-0000000000000000000000000000000000000000 7f688fbda6c715ebd7f057720b4e16216ff54064 root <root@a1a787bc334e.(none)> 1676573766 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+0000000000000000000000000000000000000000 10a9195bd9e91e5d6047500b92d08df567d60f78 root <root@138ee2ba9aa1.(none)> 1679435550 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git

data/.git/packed-refs

@@ -1,6 +1,6 @@
 # pack-refs with: peeled fully-peeled sorted 
-ffd4706f2b64466550868d42ee2a5a4b88b3a372 refs/remotes/origin/development
-7f688fbda6c715ebd7f057720b4e16216ff54064 refs/remotes/origin/master
+07687e72efc8785eb9de64ef2d27056c6f9e3413 refs/remotes/origin/development
+10a9195bd9e91e5d6047500b92d08df567d60f78 refs/remotes/origin/master
 2e4fe8087177ddea9b3991ca499f758384839c89 refs/tags/untagged-84fd83a4484c785cce63
 04f604866214fab4d5663b5171a3e596331577bd refs/tags/v0.9.4
 6f9a7b75b345c65fb554884907b7060680c807b7 refs/tags/v0.9.5
@@ -55,3 +55,5 @@ bfb8a3cdb41c617913f0295b25ac7ecc7398d2c2 refs/tags/v3.5.0
 67d9309e77842e64a4b43d8c3fa2c52ece706a3d refs/tags/v3.5.4
 ed61eaceb77e62a0c1a0bb8d36fc0bda7b242af4 refs/tags/v3.5.5
 7f688fbda6c715ebd7f057720b4e16216ff54064 refs/tags/v3.6.0
+ffd4706f2b64466550868d42ee2a5a4b88b3a372 refs/tags/v3.6.1
+10a9195bd9e91e5d6047500b92d08df567d60f78 refs/tags/v3.7.0

data/.git/refs/heads/master

@@ -1 +1 @@
-ffd4706f2b64466550868d42ee2a5a4b88b3a372
+07687e72efc8785eb9de64ef2d27056c6f9e3413

data/lib/constants.rb

@@ -66,4 +66,315 @@ module SDM
     ONE_LOGIN = "onelogin"
     GOOGLE = "google"
   end
+
+  # Providers responsible for SSO authentication.
+  module AuthProvider
+    AZURE = "azure"
+    BITIUM = "bitium"
+    GOOGLE = "google"
+    OKTA = "okta"
+    STRONG_DM = "strongdm"
+    ACTIVE_DIRECTORY = "active directory"
+    GENERIC_OIDC = "generic oidc"
+    ONE_LOGIN_OIDC = "oneloginv2"
+    KEYCLOAK = "keycloak"
+    SHIBBOLETH = "shibboleth"
+    AUTH_0 = "auth0"
+    WORKSPACE_ONE = "workspace one"
+    ONE_LOGIN_SAML = "onelogin-saml"
+    GENERIC_SAML = "generic-saml"
+    PING_IDSAML = "ping-identity-saml"
+  end
+
+  # Providers responsible for multi-factor authentication
+  module MFAProvider
+    NONE = ""
+    DUO = "duo"
+  end
+
+  # Activity Entities, all entity types that can be part of an activity.
+  module ActivityEntityType
+    USER = "user"
+    ROLE = "role"
+    LEGACY_COMPOSITE_ROLE = "composite_role"
+    DATASOURCE = "datasource"
+    ORGANIZATION = "organization"
+    INSTALLATION = "installation"
+    SECRET_STORE = "secretstore"
+    REMOTE_IDENTITY_GROUP = "remote_identity_group"
+    REMOTE_IDENTITY = "remote_identity"
+    ACCESS_REQUEST = "access_request"
+    WORKFLOW = "workflow"
+  end
+
+  # Activity Verbs, describe which kind of activity has taken place.
+  module ActivityVerb
+    USER_ADDED = "user added"
+    USER_DELETED = "user deleted"
+    USER_UPDATED = "user updated"
+    USER_SIGNUP = "user signup"
+    USER_TYPE_CHANGED = "user type changed"
+    USER_TEMPORARY_ACCESS_GRANTED = "user temporary access granted"
+    USER_TEMPORARY_ACCESS_REVOKED = "user temporary access revoked"
+    USER_TEMPORARY_ACCESS_EXPIRED = "user temporary access expired"
+    USER_ADDED_TO_ROLE = "user added to role"
+    USER_DELETED_FROM_ROLE = "user deleted from role"
+    USER_SUSPENDED = "user suspended"
+    USER_REINSTATED = "user reinstated"
+    USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI"
+    PARENT_ADMIN_LOGGED_INTO_CHILD_ORG = "parent admin logged into the child org"
+    USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client"
+    SERVICE_ACCOUNT_CREATED = "service account created"
+    SERVICE_ACCOUNT_EXPIRED = "service account expired"
+    ADMIN_TOKEN_ADDED = "admin token created"
+    ADMIN_TOKEN_DELETED = "admin token deleted"
+    ADMIN_TOKEN_EXPIRED = "admin token expired"
+    ADMIN_TOKEN_REKEYED = "admin token rekeyed"
+    ADMIN_TOKEN_CLONED = "admin token cloned"
+    ADMIN_TOKEN_SUSPENDED = "admin token suspended"
+    ADMIN_TOKEN_REINSTATED = "admin token reinstated"
+    SSO_USER_LOGGED_INTO_THE_UI = "user logged into the Admin UI using SSO"
+    SSO_USER_LOGGED_INTO_THE_CLIENT = "user logged into the local client using SSO"
+    USER_LOGGED_OUT_FROM_THE_CLIENT = "user logged out from the local client"
+    USER_LOGGED_OUT_FROM_THE_UI = "user logged out from the Admin UI"
+    FAILED_LOGIN_FROM_THE_UI = "failed login attempt from the Admin UI"
+    FAILED_LOGIN_FROM_THE_CLIENT = "failed login attempt from the local client"
+    MFA_DENIED_FROM_THE_UI = "MFA denied access for the Admin UI"
+    MFA_DENIED_FROM_THE_CLIENT = "MFA denied access for the local client"
+    TOO_MANY_ATTEMPTS_LOCKOUT = "user account locked due to failed login attempts"
+    ATTEMPT_COUNTER_RESET = "failed login attempt counter reset"
+    SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended user from the local client"
+    SUSPENDED_USER_LOGIN_ATTEMPT_FROM_THE_UI = "attempt to login by a suspended user from the Admin UI"
+    SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a service account from the Admin UI"
+    SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_UI = "attempted to login by a suspended service account from the Admin UI"
+    SUSPENDED_SERVICE_ACCOUNT_LOGIN_ATTEMPT_FROM_THE_CLIENT = "attempt to login by a suspended service account from the local client"
+    USER_SET_A_PASSWORD = "user set a password"
+    USER_RESET_A_PASSWORD = "user reset their password"
+    USER_CHANGED_PASSWORD = "user changed their password"
+    USER_INVITED = "user invited"
+    USER_CLICKED_INVITATION = "user clicked on their invitation"
+    USER_CLICKED_PASSWORD_RESET = "user clicked on their password reset"
+    USER_ALLOW_PASSWORD_LOGIN = "user allowed to login via password"
+    USER_REQUIRE_SSO_LOGIN = "user required to login via SSO"
+    USER_PROVISIONING_ENABLED = "user provisioning enabled"
+    USER_PROVISIONING_DISABLED = "user provisioning disabled"
+    ADMIN_INITIATED_PASSWORD_RESET = "admin initiated password reset"
+    ROLE_ADDED = "role added"
+    ROLE_DELETED = "role deleted"
+    ROLE_UPDATED = "role updated"
+    ROLE_ACCESS_RULES_UPDATED = "access rules updated"
+    ROLE_ACCESS_RULES_CREATED = "access rules created"
+    ROLE_ACCESS_RULES_DELETED = "access rules deleted"
+    ROLE_PROVISIONING_ENABLED = "role provisioning enabled"
+    ROLE_PROVISIONING_DISABLED = "role provisioning disabled"
+    DATASOURCE_ADDED = "datasource added"
+    DATASOURCE_CLONED = "datasource cloned"
+    DATASOURCE_DELETED = "datasource deleted"
+    DATASOURCE_UPDATED = "datasource updated"
+    DATASOURCE_PORT_OVERRIDE = "datasource connection port overriden"
+    MULTIPLE_DATASOURCE_PORT_OVERRIDE = "multiple datasource ports overriden"
+    SERVER_ADDED = "server added"
+    SERVER_CLONED = "server cloned"
+    SERVER_DELETED = "server deleted"
+    SERVER_UPDATED = "server updated"
+    SERVER_PORT_OVERRIDE = "server connection port overriden"
+    MULTIPLE_SERVER_PORT_OVERRIDE = "multiple server ports overriden"
+    CLUSTER_ADDED = "cluster added"
+    CLUSTER_CLONED = "cluster cloned"
+    CLUSTER_DELETED = "cluster deleted"
+    CLUSTER_UPDATED = "cluster updated"
+    CLUSTER_PORT_OVERRIDE = "cluster connection port overriden"
+    MULTIPLE_CLUSTER_PORT_OVERRIDE = "multiple cluster ports overriden"
+    CLOUD_ADDED = "cloud added"
+    CLOUD_CLONED = "cloud cloned"
+    CLOUD_DELETED = "cloud deleted"
+    CLOUD_UPDATED = "cloud updated"
+    WEBSITE_ADDED = "website added"
+    WEBSITE_CLONED = "website cloned"
+    WEBSITE_DELETED = "website deleted"
+    WEBSITE_UPDATED = "website updated"
+    INSTALLATION_CREATED = "installation created"
+    RELAY_INSTALLATION_CREATED = "installation created for relay"
+    INSTALLATION_APPROVED = "installation approved"
+    INSTALLATION_REVOKED = "installation revoked"
+    RELAY_CREATED = "relay created"
+    RELAY_UPDATED_NAME = "relay name updated"
+    RELAY_DELETED = "relay deleted"
+    ORG_PUBLIC_KEY_UPDATED = "public key updated"
+    ORG_ENFORCE_PORT_OVERRIDES_UPDATED = "port override enforcement updated"
+    ORG_SERVICE_AUTO_CONNECT_UPDATED = "service account auto-connect updated"
+    ORG_SELF_REGISTRATION_ACTIVATED = "self-registration activated"
+    ORG_SELF_REGISTRATION_DEACTIVATED = "self-registration deactivated"
+    ORG_NAME_UPDATED = "organization name updated"
+    ORG_SETTING_UPDATED = "organization setting updated"
+    ORG_CREATED = "organization created"
+    ORG_SCIM_PROVISIONING_UPDATED = "SCIM provider set"
+    ORG_SCIM_PROVISIONING_DELETED = "SCIM provider deleted"
+    ORG_CUSTOM_PROVISIONING_UPDATED = "Provisioning provider set"
+    ORG_CUSTOM_PROVISIONING_DELETED = "Provisioning provider deleted"
+    CHILD_ORG_ADMIN_INVITED = "child organization admin invited"
+    SERVICE_ACCOUNT_REKEYED = "service account rekeyed"
+    SCIM_TOKEN_ADDED = "SCIM token created"
+    SCIM_TOKEN_DELETED = "SCIM token deleted"
+    SCIM_TOKEN_REKEYED = "SCIM token rekeyed"
+    API_KEY_DELETED = "API key deleted"
+    ORG_SSH_CERTIFICATE_AUTHORITY_ROTATED = "organization SSH certificate authority rotated"
+    ORG_SSH_ALLOW_PORT_FORWARDING = "allowed SSH port forwarding"
+    ORG_SSH_DISALLOW_PORT_FORWARDING = "disallowed SSH port forwarding"
+    ORG_ADD_CHILD = "add child organization"
+    ORG_REMOVE_CHILD = "remove child organization"
+    ORG_EXTEND_TRIAL = "trial extended"
+    SECRET_STORE_ADDED = "secret store added"
+    SECRET_STORE_UPDATED = "secret store updated"
+    SECRET_STORE_DELETED = "secret store deleted"
+    REMOTE_IDENTITY_GROUP_CREATED = "remote identity group created"
+    REMOTE_IDENTITY_GROUP_UPDATED = "remote identity group updated"
+    REMOTE_IDENTITY_GROUP_DELETED = "remote identity group deleted"
+    REMOTE_IDENTITY_CREATED = "remote identity created"
+    REMOTE_IDENTITY_UPDATED = "remote identity updated"
+    REMOTE_IDENTITY_DELETED = "remote identity deleted"
+    ACCESS_REQUESTED_TO_RESOURCE = "access requested to resource"
+    ACCESS_REQUEST_TO_RESOURCE_APPROVED = "access request to resource approved"
+    ACCESS_REQUEST_TO_RESOURCE_CANCELED = "access request to resource canceled"
+    ACCESS_REQUEST_TO_RESOURCE_DENIED = "access request to resource denied"
+    ACCESS_REQUEST_TO_RESOURCE_TIMED_OUT = "access request to resource timed out"
+    WORKFLOW_RESOURCE_ASSIGNED = "resource assigned to workflow"
+    WORKFLOW_RESOURCE_UNASSIGNED = "resource unassigned from workflow"
+    WORKFLOW_RESOURCE_MULTIPLE_ASSIGNED = "multiple resources assigned to workflow"
+    WORKFLOW_RESOURCE_MULTIPLE_UNASSIGNED = "multiple resources unassigned from workflow"
+    WORKFLOW_NOTIFICATION_OPTION_ADDED = "workflow notification type added"
+    WORKFLOW_NOTIFICATION_OPTION_REMOVED = "workflow notification type removed"
+    WORKFLOW_NOTIFICATION_OPTIONS_UPDATED = "workflow notification settings updated"
+    ORG_VNM_SUBNET_UPDATED = "organization VNM subnet updated"
+    DEPRECATED_ORG_ACTIVATE_DEVICE_APPROVAL = "activate device approval"
+    DEPRECATED_ORG_DEACTIVATE_DEVICE_APPROVAL = "deactivate device approval"
+    EMULATION_MIGRATION_COMPLETED = "emulation migration completed"
+    ACCESS_OVERHAUL_MIGRATION_COMPLETED = "access overhaul migration completed"
+    ACTIVATED_SSH_PORT_FORWARDING_ALL_SERVER = "enabled SSH port forwarding on all servers"
+  end
+
+  # Permissions, all permissions that may be granted to an account.
+  module Permission
+    RELAY_LIST = "relay:list"
+    RELAY_CREATE = "relay:create"
+    DATASOURCE_LIST = "datasource:list"
+    DATASOURCE_CREATE = "datasource:create"
+    DATASOURCE_HEALTHCHECK = "datasource:healthcheck"
+    DEPRECATED_DATASOURCE_GRANT = "datasource:grant"
+    DATASOURCE_DELETE = "datasource:delete"
+    DATASOURCE_UPDATE = "datasource:update"
+    SECRET_STORE_CREATE = "secretstore:create"
+    SECRET_STORE_LIST = "secretstore:list"
+    SECRET_STORE_DELETE = "secretstore:delete"
+    SECRET_STORE_UPDATE = "secretstore:update"
+    SECRET_STORE_STATUS = "secretstore:status"
+    REMOTE_IDENTITY_GROUP_WRITE = "remoteidentitygroup:write"
+    REMOTE_IDENTITY_GROUP_READ = "remoteidentitygroup:read"
+    REMOTE_IDENTITY_WRITE = "remoteidentity:write"
+    REMOTE_IDENTITY_READ = "remoteidentity:read"
+    USER_CREATE = "user:create"
+    USER_LIST = "user:list"
+    USER_UPDATE_ADMIN = "user:update_admin"
+    USER_CREATE_ADMIN_TOKEN = "user:create_admin_token"
+    USER_CREATE_SERVICE_ACCOUNT = "user:create_service_account"
+    USER_SET_PERMISSION_LEVEL = "user:set_strong_role"
+    USER_UPDATE = "user:update"
+    USER_INITIATE_PASSWORD_RESET = "user:initiate_password_reset"
+    USER_DELETE = "user:delete"
+    USER_ASSIGN = "user:assign"
+    USER_SUSPEND = "user:suspend"
+    DEMO_PROVISIONING_REQUEST_CREATE = "demoprovisioningrequest:create"
+    DEMO_PROVISIONING_REQUEST_LIST = "demoprovisioningrequest:list"
+    ROLE_LIST = "role:list"
+    ROLE_CREATE = "role:create"
+    ROLE_DELETE = "role:delete"
+    ROLE_UPDATE = "role:update"
+    ORG_VIEW_SETTINGS = "organization:view_settings"
+    ORG_EDIT_SETTINGS = "organization:edit_settings"
+    ORG_DEPLOYMENT_DOCTOR = "organization:deployment_doctor"
+    ORG_LIST_CHILDREN = "organization:list_children"
+    ORG_CREATE_CHILD_ORGANIZATION = "organization:create_child_organization"
+    ORG_AUDIT_USERS = "audit:users"
+    ORG_AUDIT_ROLES = "audit:roles"
+    ORG_AUDIT_DATASOURCES = "audit:datasources"
+    ORG_AUDIT_NODES = "audit:nodes"
+    ORG_AUDIT_PERMISSIONS = "audit:permissions"
+    ORG_AUDIT_QUERIES = "audit:queries"
+    ORG_AUDIT_ACTIVITIES = "audit:activities"
+    ORG_AUDIT_SSH = "audit:ssh"
+    ORG_AUDIT_ACCOUNT_GRANTS = "audit:accountgrants"
+    ORG_AUDIT_ORG = "audit:organization"
+    ORG_AUDIT_REMOTE_IDENTITIES = "audit:remoteidentities"
+    ORG_AUDIT_REMOTE_IDENTITY_GROUPS = "audit:remoteidentitygroups"
+    ORG_AUDIT_SECRET_STORES = "audit:secretstores"
+    WORKFLOW_LIST = "workflow:list"
+    WORKFLOW_EDIT = "workflow:edit"
+    ACCESS_REQUEST_EDIT = "accessrequest:edit"
+    ACCESS_REQUEST_LIST = "accessrequest:list"
+    ACCESS_REQUEST_REQUESTER = "accessrequest:requester"
+    GLOBAL_RDP_RENDER = "rdp:render"
+    GLOBAL_QUERY_BUCKET_TRACKER = "query:bucket_tracker"
+    GLOBAL_ASSETS_GET_LATEST_VERSION_COMMIT_HASH = "assets:get_latest_version_commit_hash"
+    GLOBAL_SDMOS_SERVICE = "sdmos:service"
+    GLOBAL_SDMOS_DEPLOYMENT = "sdmos:deployment"
+    GLOBAL_SDMOS_RELEASE = "sdmos:release"
+    GLOBAL_DEMO_PROVISIONER = "demo:provision"
+    INSTALLATION_BLESS = "installation:bless"
+    INSTALLATION_CREATE = "installation:create"
+    INSTALLATION_REVOKE = "installation:revoke"
+    TESTING_ORG_CREATE = "testing:organization:create"
+    TESTING_ORG_DELETE = "testing:organization:delete"
+    TESTING_NO_PERMISSIONS = "testing:noperms"
+    TESTING_FETCH_QUERIES = "testing:queries:get"
+    GRANT_READ = "grant:read"
+    GRANT_WRITE = "grant:write"
+    REPORT_READ = "report:read"
+  end
+
+  # Query Categories, all the categories of resource against which queries are logged.
+  module QueryCategory
+    KUBERNETES = "k8s"
+    DATASOURCES = "queries"
+    RDP = "rdp"
+    SSH = "ssh"
+    WEB = "web"
+    CLOUD = "cloud"
+    ALL = "all"
+  end
+
+  # LogRemoteEncoder defines the encryption encoder for the queries are stored in the API.
+  module LogRemoteEncoder
+    STRONG_DM = "strongdm"
+    PUB_KEY = "pubkey"
+    HASH = "hash"
+  end
+
+  # LogLocalStorage defines how queries are stored locally.
+  module LogLocalStorage
+    STDOUT = "stdout"
+    FILE = "file"
+    TCP = "tcp"
+    SOCKET = "socket"
+    SYSLOG = "syslog"
+    NONE = "none"
+  end
+
+  # LogLocalEncoder defines the encryption encoder for queries are stored locally in the relay.
+  module LogLocalEncoder
+    PLAINTEXT = "plaintext"
+    PUB_KEY = "pubkey"
+  end
+
+  # LogLocalFormat defines the format the queries are stored locally in the relay.
+  module LogLocalFormat
+    CSV = "csv"
+    JSON = "json"
+  end
+
+  # OrgKind defines the types of organizations that may exist.
+  module OrgKind
+    SOLO = "solo"
+    ROOT = "root"
+    CHILD = "child"
+  end
 end

data/lib/errors/errors.rb

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-# @internal This file was generated by protogen. DO NOT EDIT.
+# @internal Code generated by protogen. DO NOT EDIT.
 
 module SDM
 

data/lib/grpc/account_attachments_history_pb.rb

@@ -0,0 +1,48 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: account_attachments_history.proto
+
+require "google/protobuf"
+
+require "google/protobuf/timestamp_pb"
+require "account_attachments_pb"
+require "options_pb"
+require "spec_pb"
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("account_attachments_history.proto", :syntax => :proto3) do
+    add_message "v1.AccountAttachmentHistoryListRequest" do
+      optional :meta, :message, 1, "v1.ListRequestMetadata"
+      optional :filter, :string, 2
+    end
+    add_message "v1.AccountAttachmentHistoryListResponse" do
+      optional :meta, :message, 1, "v1.ListResponseMetadata"
+      repeated :history, :message, 2, "v1.AccountAttachmentHistory"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.AccountAttachmentHistory" do
+      optional :activity_id, :string, 1
+      optional :timestamp, :message, 2, "google.protobuf.Timestamp"
+      optional :account_attachment, :message, 3, "v1.AccountAttachment"
+      optional :deleted_at, :message, 4, "google.protobuf.Timestamp"
+    end
+  end
+end
+
+module V1
+  AccountAttachmentHistoryListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentHistoryListRequest").msgclass
+  AccountAttachmentHistoryListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentHistoryListResponse").msgclass
+  AccountAttachmentHistory = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentHistory").msgclass
+end

data/lib/grpc/account_attachments_history_services_pb.rb

@@ -0,0 +1,37 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: account_attachments_history.proto for package 'v1'
+
+require "grpc"
+require "account_attachments_history_pb"
+
+module V1
+  module AccountAttachmentsHistory
+    # AccountAttachmentsHistory records all changes to the state of an AccountAttachment.
+    class Service
+      include GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.AccountAttachmentsHistory"
+
+      # List gets a list of AccountAttachmentHistory records matching a given set of criteria.
+      rpc :List, V1::AccountAttachmentHistoryListRequest, V1::AccountAttachmentHistoryListResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/grpc/account_grants_history_pb.rb

@@ -0,0 +1,48 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: account_grants_history.proto
+
+require "google/protobuf"
+
+require "google/protobuf/timestamp_pb"
+require "account_grants_pb"
+require "options_pb"
+require "spec_pb"
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("account_grants_history.proto", :syntax => :proto3) do
+    add_message "v1.AccountGrantHistoryListRequest" do
+      optional :meta, :message, 1, "v1.ListRequestMetadata"
+      optional :filter, :string, 2
+    end
+    add_message "v1.AccountGrantHistoryListResponse" do
+      optional :meta, :message, 1, "v1.ListResponseMetadata"
+      repeated :history, :message, 2, "v1.AccountGrantHistory"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.AccountGrantHistory" do
+      optional :activity_id, :string, 1
+      optional :timestamp, :message, 2, "google.protobuf.Timestamp"
+      optional :account_grant, :message, 3, "v1.AccountGrant"
+      optional :deleted_at, :message, 4, "google.protobuf.Timestamp"
+    end
+  end
+end
+
+module V1
+  AccountGrantHistoryListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountGrantHistoryListRequest").msgclass
+  AccountGrantHistoryListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountGrantHistoryListResponse").msgclass
+  AccountGrantHistory = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountGrantHistory").msgclass
+end

data/lib/grpc/account_grants_history_services_pb.rb

@@ -0,0 +1,37 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: account_grants_history.proto for package 'v1'
+
+require "grpc"
+require "account_grants_history_pb"
+
+module V1
+  module AccountGrantsHistory
+    # AccountGrantsHistory records all changes to the state of an AccountGrant.
+    class Service
+      include GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.AccountGrantsHistory"
+
+      # List gets a list of AccountGrantHistory records matching a given set of criteria.
+      rpc :List, V1::AccountGrantHistoryListRequest, V1::AccountGrantHistoryListResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/grpc/account_permissions_pb.rb

@@ -0,0 +1,48 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: account_permissions.proto
+
+require "google/protobuf"
+
+require "google/protobuf/timestamp_pb"
+require "options_pb"
+require "spec_pb"
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("account_permissions.proto", :syntax => :proto3) do
+    add_message "v1.AccountPermissionListRequest" do
+      optional :meta, :message, 1, "v1.ListRequestMetadata"
+      optional :filter, :string, 2
+    end
+    add_message "v1.AccountPermissionListResponse" do
+      optional :meta, :message, 1, "v1.ListResponseMetadata"
+      repeated :permissions, :message, 2, "v1.AccountPermission"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.AccountPermission" do
+      optional :account_id, :string, 1
+      optional :granted_at, :message, 2, "google.protobuf.Timestamp"
+      optional :permission, :string, 3
+      optional :scope, :string, 4
+      optional :scoped_id, :string, 5
+    end
+  end
+end
+
+module V1
+  AccountPermissionListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountPermissionListRequest").msgclass
+  AccountPermissionListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountPermissionListResponse").msgclass
+  AccountPermission = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountPermission").msgclass
+end

data/lib/grpc/account_permissions_services_pb.rb

@@ -0,0 +1,38 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: account_permissions.proto for package 'v1'
+
+require "grpc"
+require "account_permissions_pb"
+
+module V1
+  module AccountPermissions
+    # AccountPermissions records the granular permissions accounts have, allowing them to execute
+    # relevant commands via StrongDM's APIs.
+    class Service
+      include GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.AccountPermissions"
+
+      # List gets a list of Permission records matching a given set of criteria.
+      rpc :List, V1::AccountPermissionListRequest, V1::AccountPermissionListResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end