strongdm 16.12.0 → 16.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a038a94fd529ae0e51b5d2002ae521d9123ea6d6be81a8d5cb2ed3c6bf81814e
-  data.tar.gz: a2fb9acfc697669b6e29b3afe3414f53245ee76e7d5940d435606fe5a7b58c81
+  metadata.gz: d705798c4508a762c17a56e3f92caa9114a3674efea97d1da41fd63a81e51000
+  data.tar.gz: 2344fc01fb80f9a3ad4cdecaa52d484e61ddfd4f5fedaa05dfba6f408e7134f6
 SHA512:
-  metadata.gz: 7348d3f9a154ab9775a0ba3b02c492ee6bcf3b6acded7ff4e5243292ea98d0c30b944b94a50718137b6e72aa766d8fcf36abbc2590b1a5e8951d24aff13a52fc
-  data.tar.gz: fc5db62193d77350e30a1558b8f6f1d730155d8a2af837c0c7cb73a0ba5df009d3a293e880aae6b7f7238969d4c416f6ddbbd394e1057b05357e0e0592b96e28
+  metadata.gz: cfab5b194548d7c3c1aeef888b177d62e14c9a21419ee6ba2f1ac1859672bdebb86d9942f14e76e494c08e3b8c773937ff54c72d9b1391ec6215fa17c60957d5
+  data.tar.gz: b50fd5249504677fbe99144e6dad53a29111f8af057a3933165e2d06f79a381b05686235559bec67fd2c188accb0de3b8f8043b7535ab4a157962886269608ec

data/.git/ORIG_HEAD

@@ -1 +1 @@
-99fbe594d2068aedeaf1616d5dc24cdaa5674d55
+2e067a01b90cfd6cce4b1bde6395a2f0019ef29e

data/.git/logs/HEAD

@@ -1,3 +1,3 @@
-0000000000000000000000000000000000000000 99fbe594d2068aedeaf1616d5dc24cdaa5674d55 root <root@016f1c2e4b47.(none)> 1772064384 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-99fbe594d2068aedeaf1616d5dc24cdaa5674d55 99fbe594d2068aedeaf1616d5dc24cdaa5674d55 root <root@016f1c2e4b47.(none)> 1772064384 +0000	checkout: moving from master to master
-99fbe594d2068aedeaf1616d5dc24cdaa5674d55 2e067a01b90cfd6cce4b1bde6395a2f0019ef29e root <root@016f1c2e4b47.(none)> 1772064384 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 2e067a01b90cfd6cce4b1bde6395a2f0019ef29e root <root@f05442c61c76.(none)> 1772133656 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+2e067a01b90cfd6cce4b1bde6395a2f0019ef29e 2e067a01b90cfd6cce4b1bde6395a2f0019ef29e root <root@f05442c61c76.(none)> 1772133656 +0000	checkout: moving from master to master
+2e067a01b90cfd6cce4b1bde6395a2f0019ef29e 2021ebc52e6f975f3eedbd795c3a0a9dadc2caa3 root <root@f05442c61c76.(none)> 1772133656 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/heads/master

@@ -1,2 +1,2 @@
-0000000000000000000000000000000000000000 99fbe594d2068aedeaf1616d5dc24cdaa5674d55 root <root@016f1c2e4b47.(none)> 1772064384 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
-99fbe594d2068aedeaf1616d5dc24cdaa5674d55 2e067a01b90cfd6cce4b1bde6395a2f0019ef29e root <root@016f1c2e4b47.(none)> 1772064384 +0000	merge origin/development: Fast-forward
+0000000000000000000000000000000000000000 2e067a01b90cfd6cce4b1bde6395a2f0019ef29e root <root@f05442c61c76.(none)> 1772133656 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+2e067a01b90cfd6cce4b1bde6395a2f0019ef29e 2021ebc52e6f975f3eedbd795c3a0a9dadc2caa3 root <root@f05442c61c76.(none)> 1772133656 +0000	merge origin/development: Fast-forward

data/.git/logs/refs/remotes/origin/HEAD

@@ -1 +1 @@
-0000000000000000000000000000000000000000 99fbe594d2068aedeaf1616d5dc24cdaa5674d55 root <root@016f1c2e4b47.(none)> 1772064384 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git
+0000000000000000000000000000000000000000 2e067a01b90cfd6cce4b1bde6395a2f0019ef29e root <root@f05442c61c76.(none)> 1772133656 +0000	clone: from github.com:strongdm/strongdm-sdk-ruby.git

data/.git/packed-refs

@@ -1,6 +1,6 @@
 # pack-refs with: peeled fully-peeled sorted 
-2e067a01b90cfd6cce4b1bde6395a2f0019ef29e refs/remotes/origin/development
-99fbe594d2068aedeaf1616d5dc24cdaa5674d55 refs/remotes/origin/master
+2021ebc52e6f975f3eedbd795c3a0a9dadc2caa3 refs/remotes/origin/development
+2e067a01b90cfd6cce4b1bde6395a2f0019ef29e refs/remotes/origin/master
 2e4fe8087177ddea9b3991ca499f758384839c89 refs/tags/untagged-84fd83a4484c785cce63
 04f604866214fab4d5663b5171a3e596331577bd refs/tags/v0.9.4
 6f9a7b75b345c65fb554884907b7060680c807b7 refs/tags/v0.9.5
@@ -141,6 +141,7 @@ c3b0eeef356ddf0cf408d1305fd766791121803f refs/tags/v15.46.0
 68c6bf260ea0ac7c4c151e0de221aac18fabcd3c refs/tags/v16.0.0
 38de225069b8053585aeb22f569abdd9d1ffe5dd refs/tags/v16.1.0
 99fbe594d2068aedeaf1616d5dc24cdaa5674d55 refs/tags/v16.11.0
+2e067a01b90cfd6cce4b1bde6395a2f0019ef29e refs/tags/v16.12.0
 3f2a99e1a4296cf5b4937d57b901051b9381c209 refs/tags/v16.3.0
 eb2c5388eb894fce71666148224e02d977c87baa refs/tags/v16.4.0
 6450bdc10119fb8a00123c4262d6f245a70ed06a refs/tags/v16.5.0

data/.git/refs/heads/master

@@ -1 +1 @@
-2e067a01b90cfd6cce4b1bde6395a2f0019ef29e
+2021ebc52e6f975f3eedbd795c3a0a9dadc2caa3

data/lib/constants.rb

@@ -385,6 +385,7 @@ module SDM
     DEPRECATED_DATASOURCE_GRANT = "datasource:grant"
     DISCOVERY_CONNECTOR_READ = "discoveryconnector:read"
     DISCOVERY_CONNECTOR_WRITE = "discoveryconnector:write"
+    ENTITLEMENTS_READ = "entitlements:read"
     GRANT_READ = "grant:read"
     GRANT_WRITE = "grant:write"
     GROUP_READ = "group:read"

data/lib/grpc/granted_account_entitlements_pb.rb

@@ -0,0 +1,58 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: granted_account_entitlements.proto
+
+require "google/protobuf"
+
+require "google/protobuf/timestamp_pb"
+require "options_pb"
+require "spec_pb"
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("granted_account_entitlements.proto", :syntax => :proto3) do
+    add_message "v1.GrantedAccountEntitlementListRequest" do
+      optional :meta, :message, 1, "v1.ListRequestMetadata"
+      optional :account_id, :string, 2
+      optional :filter, :string, 3
+    end
+    add_message "v1.GrantedAccountEntitlementListResponse" do
+      optional :meta, :message, 1, "v1.ListResponseMetadata"
+      repeated :granted_account_entitlements, :message, 2, "v1.GrantedAccountEntitlement"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.GrantedAccountEntitlement" do
+      optional :resource_id, :string, 1
+      optional :origin_id, :string, 2
+      optional :last_accessed, :message, 3, "google.protobuf.Timestamp"
+      optional :mapped_identities, :message, 4, "v1.MappedIdentities"
+      optional :group_id, :string, 5
+    end
+    add_message "v1.MappedIdentities" do
+      optional :kubernetes, :message, 1, "v1.GrantedEntitlementKubernetesPrivileges"
+    end
+    add_message "v1.GrantedEntitlementKubernetesPrivileges" do
+      repeated :groups, :string, 1
+    end
+  end
+end
+
+module V1
+  GrantedAccountEntitlementListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedAccountEntitlementListRequest").msgclass
+  GrantedAccountEntitlementListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedAccountEntitlementListResponse").msgclass
+  GrantedAccountEntitlement = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedAccountEntitlement").msgclass
+  MappedIdentities = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.MappedIdentities").msgclass
+  GrantedEntitlementKubernetesPrivileges = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedEntitlementKubernetesPrivileges").msgclass
+end

data/lib/grpc/granted_account_entitlements_services_pb.rb

@@ -0,0 +1,38 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: granted_account_entitlements.proto for package 'v1'
+
+require "grpc"
+require "granted_account_entitlements_pb"
+
+module V1
+  module GrantedAccountEntitlements
+    # GrantedAccountEntitlements enumerates the resources to which an account has been granted access.
+    # The GrantedAccountEntitlements service is read-only.
+    class Service
+      include ::GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.GrantedAccountEntitlements"
+
+      # List gets a list of GrantedAccountEntitlement records matching a given set of criteria.
+      rpc :List, ::V1::GrantedAccountEntitlementListRequest, ::V1::GrantedAccountEntitlementListResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/grpc/granted_resource_entitlements_pb.rb

@@ -0,0 +1,51 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: granted_resource_entitlements.proto
+
+require "google/protobuf"
+
+require "google/protobuf/timestamp_pb"
+require "options_pb"
+require "spec_pb"
+require "granted_account_entitlements_pb"
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("granted_resource_entitlements.proto", :syntax => :proto3) do
+    add_message "v1.GrantedResourceEntitlementListRequest" do
+      optional :meta, :message, 1, "v1.ListRequestMetadata"
+      optional :resource_id, :string, 2
+      optional :filter, :string, 3
+    end
+    add_message "v1.GrantedResourceEntitlementListResponse" do
+      optional :meta, :message, 1, "v1.ListResponseMetadata"
+      repeated :granted_resource_entitlements, :message, 2, "v1.GrantedResourceEntitlement"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.GrantedResourceEntitlement" do
+      optional :account_id, :string, 1
+      optional :origin_id, :string, 2
+      optional :last_accessed, :message, 3, "google.protobuf.Timestamp"
+      optional :mapped_identities, :message, 4, "v1.MappedIdentities"
+      optional :group_id, :string, 5
+    end
+  end
+end
+
+module V1
+  GrantedResourceEntitlementListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedResourceEntitlementListRequest").msgclass
+  GrantedResourceEntitlementListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedResourceEntitlementListResponse").msgclass
+  GrantedResourceEntitlement = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedResourceEntitlement").msgclass
+end

data/lib/grpc/granted_resource_entitlements_services_pb.rb

@@ -0,0 +1,38 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: granted_resource_entitlements.proto for package 'v1'
+
+require "grpc"
+require "granted_resource_entitlements_pb"
+
+module V1
+  module GrantedResourceEntitlements
+    # GrantedResourceEntitlements enumerates the accounts that have been granted access to a given resource.
+    # The GrantedResourceEntitlements service is read-only.
+    class Service
+      include ::GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.GrantedResourceEntitlements"
+
+      # List gets a list of GrantedResourceEntitlement records matching a given set of criteria.
+      rpc :List, ::V1::GrantedResourceEntitlementListRequest, ::V1::GrantedResourceEntitlementListResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/grpc/granted_role_entitlements_pb.rb

@@ -0,0 +1,50 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: granted_role_entitlements.proto
+
+require "google/protobuf"
+
+require "google/protobuf/timestamp_pb"
+require "options_pb"
+require "spec_pb"
+require "granted_account_entitlements_pb"
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("granted_role_entitlements.proto", :syntax => :proto3) do
+    add_message "v1.GrantedRoleEntitlementListRequest" do
+      optional :meta, :message, 1, "v1.ListRequestMetadata"
+      optional :role_id, :string, 2
+      optional :filter, :string, 3
+    end
+    add_message "v1.GrantedRoleEntitlementListResponse" do
+      optional :meta, :message, 1, "v1.ListResponseMetadata"
+      repeated :granted_role_entitlements, :message, 2, "v1.GrantedRoleEntitlement"
+      optional :rate_limit, :message, 3, "v1.RateLimitMetadata"
+    end
+    add_message "v1.GrantedRoleEntitlement" do
+      optional :resource_id, :string, 1
+      optional :last_accessed, :message, 2, "google.protobuf.Timestamp"
+      optional :mapped_identities, :message, 3, "v1.MappedIdentities"
+      optional :group_id, :string, 4
+    end
+  end
+end
+
+module V1
+  GrantedRoleEntitlementListRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedRoleEntitlementListRequest").msgclass
+  GrantedRoleEntitlementListResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedRoleEntitlementListResponse").msgclass
+  GrantedRoleEntitlement = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.GrantedRoleEntitlement").msgclass
+end

data/lib/grpc/granted_role_entitlements_services_pb.rb

@@ -0,0 +1,38 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: granted_role_entitlements.proto for package 'v1'
+
+require "grpc"
+require "granted_role_entitlements_pb"
+
+module V1
+  module GrantedRoleEntitlements
+    # GrantedRoleEntitlements enumerates the resources to which a role grants access.
+    # The GrantedRoleEntitlements service is read-only.
+    class Service
+      include ::GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = "v1.GrantedRoleEntitlements"
+
+      # List gets a list of GrantedRoleEntitlement records matching a given set of criteria.
+      rpc :List, ::V1::GrantedRoleEntitlementListRequest, ::V1::GrantedRoleEntitlementListResponse
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/grpc/plumbing.rb

@@ -47,6 +47,9 @@ require_relative "./approval_workflows_history_pb"
 require_relative "./authorization_policies_pb"
 require_relative "./control_panel_pb"
 require_relative "./discovery_connectors_pb"
+require_relative "./granted_account_entitlements_pb"
+require_relative "./granted_resource_entitlements_pb"
+require_relative "./granted_role_entitlements_pb"
 require_relative "./roles_pb"
 require_relative "./groups_pb"
 require_relative "./groups_history_pb"
@@ -8473,6 +8476,164 @@ module SDM
       end
       items
     end
+    def self.convert_granted_account_entitlement_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = GrantedAccountEntitlement.new()
+      porcelain.group_id = (plumbing.group_id)
+      porcelain.last_accessed = convert_timestamp_to_porcelain(plumbing.last_accessed)
+      porcelain.mapped_identities = convert_mapped_identities_to_porcelain(plumbing.mapped_identities)
+      porcelain.origin_id = (plumbing.origin_id)
+      porcelain.resource_id = (plumbing.resource_id)
+      porcelain
+    end
+
+    def self.convert_granted_account_entitlement_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::GrantedAccountEntitlement.new()
+      plumbing.group_id = (porcelain.group_id)
+      plumbing.last_accessed = convert_timestamp_to_plumbing(porcelain.last_accessed)
+      plumbing.mapped_identities = convert_mapped_identities_to_plumbing(porcelain.mapped_identities)
+      plumbing.origin_id = (porcelain.origin_id)
+      plumbing.resource_id = (porcelain.resource_id)
+      plumbing
+    end
+    def self.convert_repeated_granted_account_entitlement_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_granted_account_entitlement_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_granted_account_entitlement_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_granted_account_entitlement_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
+    def self.convert_granted_entitlement_kubernetes_privileges_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = GrantedEntitlementKubernetesPrivileges.new()
+      porcelain.groups = (plumbing.groups)
+      porcelain
+    end
+
+    def self.convert_granted_entitlement_kubernetes_privileges_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::GrantedEntitlementKubernetesPrivileges.new()
+      plumbing.groups += (porcelain.groups)
+      plumbing
+    end
+    def self.convert_repeated_granted_entitlement_kubernetes_privileges_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_granted_entitlement_kubernetes_privileges_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_granted_entitlement_kubernetes_privileges_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_granted_entitlement_kubernetes_privileges_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
+    def self.convert_granted_resource_entitlement_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = GrantedResourceEntitlement.new()
+      porcelain.account_id = (plumbing.account_id)
+      porcelain.group_id = (plumbing.group_id)
+      porcelain.last_accessed = convert_timestamp_to_porcelain(plumbing.last_accessed)
+      porcelain.mapped_identities = convert_mapped_identities_to_porcelain(plumbing.mapped_identities)
+      porcelain.origin_id = (plumbing.origin_id)
+      porcelain
+    end
+
+    def self.convert_granted_resource_entitlement_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::GrantedResourceEntitlement.new()
+      plumbing.account_id = (porcelain.account_id)
+      plumbing.group_id = (porcelain.group_id)
+      plumbing.last_accessed = convert_timestamp_to_plumbing(porcelain.last_accessed)
+      plumbing.mapped_identities = convert_mapped_identities_to_plumbing(porcelain.mapped_identities)
+      plumbing.origin_id = (porcelain.origin_id)
+      plumbing
+    end
+    def self.convert_repeated_granted_resource_entitlement_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_granted_resource_entitlement_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_granted_resource_entitlement_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_granted_resource_entitlement_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
+    def self.convert_granted_role_entitlement_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = GrantedRoleEntitlement.new()
+      porcelain.group_id = (plumbing.group_id)
+      porcelain.last_accessed = convert_timestamp_to_porcelain(plumbing.last_accessed)
+      porcelain.mapped_identities = convert_mapped_identities_to_porcelain(plumbing.mapped_identities)
+      porcelain.resource_id = (plumbing.resource_id)
+      porcelain
+    end
+
+    def self.convert_granted_role_entitlement_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::GrantedRoleEntitlement.new()
+      plumbing.group_id = (porcelain.group_id)
+      plumbing.last_accessed = convert_timestamp_to_plumbing(porcelain.last_accessed)
+      plumbing.mapped_identities = convert_mapped_identities_to_plumbing(porcelain.mapped_identities)
+      plumbing.resource_id = (porcelain.resource_id)
+      plumbing
+    end
+    def self.convert_repeated_granted_role_entitlement_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_granted_role_entitlement_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_granted_role_entitlement_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_granted_role_entitlement_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
     def self.convert_greenplum_to_porcelain(plumbing)
       if plumbing == nil
         return nil
@@ -12041,6 +12202,40 @@ module SDM
       end
       items
     end
+    def self.convert_mapped_identities_to_porcelain(plumbing)
+      if plumbing == nil
+        return nil
+      end
+      porcelain = MappedIdentities.new()
+      porcelain.kubernetes = convert_granted_entitlement_kubernetes_privileges_to_porcelain(plumbing.kubernetes)
+      porcelain
+    end
+
+    def self.convert_mapped_identities_to_plumbing(porcelain)
+      if porcelain == nil
+        return nil
+      end
+      plumbing = V1::MappedIdentities.new()
+      plumbing.kubernetes = convert_granted_entitlement_kubernetes_privileges_to_plumbing(porcelain.kubernetes)
+      plumbing
+    end
+    def self.convert_repeated_mapped_identities_to_plumbing(porcelains)
+      items = Array.new
+      porcelains.each do |porcelain|
+        plumbing = convert_mapped_identities_to_plumbing(porcelain)
+        items.append(plumbing)
+      end
+      items
+    end
+
+    def self.convert_repeated_mapped_identities_to_porcelain(plumbings)
+      items = Array.new
+      plumbings.each do |plumbing|
+        porcelain = convert_mapped_identities_to_porcelain(plumbing)
+        items.append(porcelain)
+      end
+      items
+    end
     def self.convert_maria_to_porcelain(plumbing)
       if plumbing == nil
         return nil

data/lib/models/porcelain.rb

@@ -8013,6 +8013,132 @@ module SDM
     end
   end
 
+  # GrantedAccountEntitlement represents an individual entitlement of an Account to a Resource that has been granted.
+  class GrantedAccountEntitlement
+    # The unique identifier of the group associated with this entitlement, if any.
+    attr_accessor :group_id
+    # The most recent time at which the account accessed this resource. Empty if the resource has never been accessed.
+    attr_accessor :last_accessed
+    # The mapped identity privileges for this entitlement, such as Kubernetes group memberships.
+    attr_accessor :mapped_identities
+    # The unique identifier of the origin of this entitlement (e.g., a Role or AccountGrant ID).
+    attr_accessor :origin_id
+    # The unique identifier of the Resource to which access is granted.
+    attr_accessor :resource_id
+
+    def initialize(
+      group_id: nil,
+      last_accessed: nil,
+      mapped_identities: nil,
+      origin_id: nil,
+      resource_id: nil
+    )
+      @group_id = group_id == nil ? "" : group_id
+      @last_accessed = last_accessed == nil ? nil : last_accessed
+      @mapped_identities = mapped_identities == nil ? nil : mapped_identities
+      @origin_id = origin_id == nil ? "" : origin_id
+      @resource_id = resource_id == nil ? "" : resource_id
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # GrantedEntitlementKubernetesPrivileges holds Kubernetes group memberships for a granted entitlement.
+  class GrantedEntitlementKubernetesPrivileges
+    # The Kubernetes groups granted to this principal for this resource.
+    attr_accessor :groups
+
+    def initialize(
+      groups: nil
+    )
+      @groups = groups == nil ? [] : groups
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # GrantedResourceEntitlement represents an individual entitlement of an Account to a Resource,
+  # viewed from the resource's perspective.
+  class GrantedResourceEntitlement
+    # The unique identifier of the Account that has access to this resource.
+    attr_accessor :account_id
+    # The unique identifier of the group associated with this entitlement, if any.
+    attr_accessor :group_id
+    # The most recent time at which the account accessed this resource. Empty if the resource has never been accessed.
+    attr_accessor :last_accessed
+    # The mapped identity privileges for this entitlement, such as Kubernetes group memberships.
+    attr_accessor :mapped_identities
+    # The unique identifier of the origin of this entitlement (e.g., a Role or AccountGrant ID).
+    attr_accessor :origin_id
+
+    def initialize(
+      account_id: nil,
+      group_id: nil,
+      last_accessed: nil,
+      mapped_identities: nil,
+      origin_id: nil
+    )
+      @account_id = account_id == nil ? "" : account_id
+      @group_id = group_id == nil ? "" : group_id
+      @last_accessed = last_accessed == nil ? nil : last_accessed
+      @mapped_identities = mapped_identities == nil ? nil : mapped_identities
+      @origin_id = origin_id == nil ? "" : origin_id
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
+  # GrantedRoleEntitlement represents an individual resource entitlement granted through a Role.
+  class GrantedRoleEntitlement
+    # The unique identifier of the group associated with this entitlement, if any.
+    attr_accessor :group_id
+    # The most recent time at which any account in the organization accessed this resource.
+    # Empty if the resource has never been accessed.
+    attr_accessor :last_accessed
+    # The mapped identity privileges for this entitlement, such as Kubernetes group memberships.
+    attr_accessor :mapped_identities
+    # The unique identifier of the Resource to which the role grants access.
+    attr_accessor :resource_id
+
+    def initialize(
+      group_id: nil,
+      last_accessed: nil,
+      mapped_identities: nil,
+      resource_id: nil
+    )
+      @group_id = group_id == nil ? "" : group_id
+      @last_accessed = last_accessed == nil ? nil : last_accessed
+      @mapped_identities = mapped_identities == nil ? nil : mapped_identities
+      @resource_id = resource_id == nil ? "" : resource_id
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class Greenplum
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
     attr_accessor :bind_interface
@@ -11142,6 +11268,26 @@ module SDM
     end
   end
 
+  # MappedIdentities represents the mapped identity privileges granted alongside an entitlement.
+  class MappedIdentities
+    # Kubernetes group memberships.
+    attr_accessor :kubernetes
+
+    def initialize(
+      kubernetes: nil
+    )
+      @kubernetes = kubernetes == nil ? nil : kubernetes
+    end
+
+    def to_json(options = {})
+      hash = {}
+      self.instance_variables.each do |var|
+        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
+      end
+      hash.to_json
+    end
+  end
+
   class Maria
     # The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
     attr_accessor :bind_interface

data/lib/strongdm.rb

@@ -31,7 +31,7 @@ module SDM #:nodoc:
     DEFAULT_RETRY_FACTOR = 1.6
     DEFAULT_RETRY_JITTER = 0.2
     API_VERSION = "2025-04-14"
-    USER_AGENT = "strongdm-sdk-ruby/16.12.0"
+    USER_AGENT = "strongdm-sdk-ruby/16.13.0"
     private_constant :DEFAULT_BASE_RETRY_DELAY, :DEFAULT_MAX_RETRY_DELAY, :DEFAULT_RETRY_FACTOR, :DEFAULT_RETRY_JITTER, :API_VERSION, :USER_AGENT
 
     # Creates a new strongDM API client.
@@ -85,6 +85,9 @@ module SDM #:nodoc:
       @approval_workflows_history = ApprovalWorkflowsHistory.new(@channel, self)
       @control_panel = ControlPanel.new(@channel, self)
       @discovery_connectors = DiscoveryConnectors.new(@channel, self)
+      @granted_account_entitlements = GrantedAccountEntitlements.new(@channel, self)
+      @granted_resource_entitlements = GrantedResourceEntitlements.new(@channel, self)
+      @granted_role_entitlements = GrantedRoleEntitlements.new(@channel, self)
       @roles = Roles.new(@channel, self)
       @groups = Groups.new(@channel, self)
       @groups_history = GroupsHistory.new(@channel, self)
@@ -342,6 +345,21 @@ module SDM #:nodoc:
     #
     # See {DiscoveryConnectors}.
     attr_reader :discovery_connectors
+    # GrantedAccountEntitlements enumerates the resources to which an account has been granted access.
+    # The GrantedAccountEntitlements service is read-only.
+    #
+    # See {GrantedAccountEntitlements}.
+    attr_reader :granted_account_entitlements
+    # GrantedResourceEntitlements enumerates the accounts that have been granted access to a given resource.
+    # The GrantedResourceEntitlements service is read-only.
+    #
+    # See {GrantedResourceEntitlements}.
+    attr_reader :granted_resource_entitlements
+    # GrantedRoleEntitlements enumerates the resources to which a role grants access.
+    # The GrantedRoleEntitlements service is read-only.
+    #
+    # See {GrantedRoleEntitlements}.
+    attr_reader :granted_role_entitlements
     # A Role has a list of access rules which determine which Resources the members
     # of the Role have access to. An Account can be a member of multiple Roles via
     # AccountAttachments.
@@ -564,6 +582,9 @@ module SDM #:nodoc:
       @approval_workflows_history = ApprovalWorkflowsHistory.new(@channel, self)
       @control_panel = ControlPanel.new(@channel, self)
       @discovery_connectors = DiscoveryConnectors.new(@channel, self)
+      @granted_account_entitlements = GrantedAccountEntitlements.new(@channel, self)
+      @granted_resource_entitlements = GrantedResourceEntitlements.new(@channel, self)
+      @granted_role_entitlements = GrantedRoleEntitlements.new(@channel, self)
       @roles = Roles.new(@channel, self)
       @groups = Groups.new(@channel, self)
       @groups_history = GroupsHistory.new(@channel, self)
@@ -623,6 +644,9 @@ module SDM #:nodoc:
       @approval_workflow_steps = SnapshotApprovalWorkflowSteps.new(client.approval_workflow_steps)
       @approval_workflows = SnapshotApprovalWorkflows.new(client.approval_workflows)
       @discovery_connectors = SnapshotDiscoveryConnectors.new(client.discovery_connectors)
+      @granted_account_entitlements = SnapshotGrantedAccountEntitlements.new(client.granted_account_entitlements)
+      @granted_resource_entitlements = SnapshotGrantedResourceEntitlements.new(client.granted_resource_entitlements)
+      @granted_role_entitlements = SnapshotGrantedRoleEntitlements.new(client.granted_role_entitlements)
       @roles = SnapshotRoles.new(client.roles)
       @groups = SnapshotGroups.new(client.groups)
       @groups_roles = SnapshotGroupsRoles.new(client.groups_roles)
@@ -692,6 +716,21 @@ module SDM #:nodoc:
     #
     # See {SnapshotDiscoveryConnectors}.
     attr_reader :discovery_connectors
+    # GrantedAccountEntitlements enumerates the resources to which an account has been granted access.
+    # The GrantedAccountEntitlements service is read-only.
+    #
+    # See {SnapshotGrantedAccountEntitlements}.
+    attr_reader :granted_account_entitlements
+    # GrantedResourceEntitlements enumerates the accounts that have been granted access to a given resource.
+    # The GrantedResourceEntitlements service is read-only.
+    #
+    # See {SnapshotGrantedResourceEntitlements}.
+    attr_reader :granted_resource_entitlements
+    # GrantedRoleEntitlements enumerates the resources to which a role grants access.
+    # The GrantedRoleEntitlements service is read-only.
+    #
+    # See {SnapshotGrantedRoleEntitlements}.
+    attr_reader :granted_role_entitlements
     # A Role has a list of access rules which determine which Resources the members
     # of the Role have access to. An Account can be a member of multiple Roles via
     # AccountAttachments.

data/lib/svc.rb

@@ -2750,6 +2750,255 @@ module SDM #:nodoc:
     end
   end
 
+  # GrantedAccountEntitlements enumerates the resources to which an account has been granted access.
+  # The GrantedAccountEntitlements service is read-only.
+  #
+  # See {GrantedAccountEntitlement}.
+  class GrantedAccountEntitlements
+    extend Gem::Deprecate
+
+    def initialize(channel, parent)
+      begin
+        @stub = V1::GrantedAccountEntitlements::Stub.new(nil, nil, channel_override: channel)
+      rescue => exception
+        raise Plumbing::convert_error_to_porcelain(exception)
+      end
+      @parent = parent
+    end
+
+    # List gets a list of GrantedAccountEntitlement records matching a given set of criteria.
+    def list(
+      account_id,
+      filter,
+      *args,
+      deadline: nil
+    )
+      req = V1::GrantedAccountEntitlementListRequest.new()
+      req.meta = V1::ListRequestMetadata.new()
+      if not @parent.page_limit.nil?
+        req.meta.limit = @parent.page_limit
+      end
+      if not @parent.snapshot_time.nil?
+        req.meta.snapshot_at = @parent.snapshot_time
+      end
+
+      req.account_id = (account_id)
+      req.filter = Plumbing::quote_filter_args(filter, *args)
+      resp = Enumerator::Generator.new { |g|
+        tries = 0
+        loop do
+          begin
+            plumbing_response = @stub.list(req, metadata: @parent.get_metadata("GrantedAccountEntitlements.List", req), deadline: deadline)
+          rescue => exception
+            if (@parent.shouldRetry(tries, exception, deadline))
+              tries + +sleep(@parent.exponentialBackoff(tries, deadline))
+              next
+            end
+            raise Plumbing::convert_error_to_porcelain(exception)
+          end
+          tries = 0
+          plumbing_response.granted_account_entitlements.each do |plumbing_item|
+            g.yield Plumbing::convert_granted_account_entitlement_to_porcelain(plumbing_item)
+          end
+          break if plumbing_response.meta.next_cursor == ""
+          req.meta.cursor = plumbing_response.meta.next_cursor
+        end
+      }
+      resp
+    end
+  end
+
+  # SnapshotGrantedAccountEntitlements exposes the read only methods of the GrantedAccountEntitlements
+  # service for historical queries.
+  class SnapshotGrantedAccountEntitlements
+    extend Gem::Deprecate
+
+    def initialize(granted_account_entitlements)
+      @granted_account_entitlements = granted_account_entitlements
+    end
+
+    # List gets a list of GrantedAccountEntitlement records matching a given set of criteria.
+    def list(
+      account_id,
+      filter,
+      *args,
+      deadline: nil
+    )
+      return @granted_account_entitlements.list(
+               account_id,
+               filter,
+                            *args,
+                            deadline: deadline,
+             )
+    end
+  end
+
+  # GrantedResourceEntitlements enumerates the accounts that have been granted access to a given resource.
+  # The GrantedResourceEntitlements service is read-only.
+  #
+  # See {GrantedResourceEntitlement}.
+  class GrantedResourceEntitlements
+    extend Gem::Deprecate
+
+    def initialize(channel, parent)
+      begin
+        @stub = V1::GrantedResourceEntitlements::Stub.new(nil, nil, channel_override: channel)
+      rescue => exception
+        raise Plumbing::convert_error_to_porcelain(exception)
+      end
+      @parent = parent
+    end
+
+    # List gets a list of GrantedResourceEntitlement records matching a given set of criteria.
+    def list(
+      resource_id,
+      filter,
+      *args,
+      deadline: nil
+    )
+      req = V1::GrantedResourceEntitlementListRequest.new()
+      req.meta = V1::ListRequestMetadata.new()
+      if not @parent.page_limit.nil?
+        req.meta.limit = @parent.page_limit
+      end
+      if not @parent.snapshot_time.nil?
+        req.meta.snapshot_at = @parent.snapshot_time
+      end
+
+      req.resource_id = (resource_id)
+      req.filter = Plumbing::quote_filter_args(filter, *args)
+      resp = Enumerator::Generator.new { |g|
+        tries = 0
+        loop do
+          begin
+            plumbing_response = @stub.list(req, metadata: @parent.get_metadata("GrantedResourceEntitlements.List", req), deadline: deadline)
+          rescue => exception
+            if (@parent.shouldRetry(tries, exception, deadline))
+              tries + +sleep(@parent.exponentialBackoff(tries, deadline))
+              next
+            end
+            raise Plumbing::convert_error_to_porcelain(exception)
+          end
+          tries = 0
+          plumbing_response.granted_resource_entitlements.each do |plumbing_item|
+            g.yield Plumbing::convert_granted_resource_entitlement_to_porcelain(plumbing_item)
+          end
+          break if plumbing_response.meta.next_cursor == ""
+          req.meta.cursor = plumbing_response.meta.next_cursor
+        end
+      }
+      resp
+    end
+  end
+
+  # SnapshotGrantedResourceEntitlements exposes the read only methods of the GrantedResourceEntitlements
+  # service for historical queries.
+  class SnapshotGrantedResourceEntitlements
+    extend Gem::Deprecate
+
+    def initialize(granted_resource_entitlements)
+      @granted_resource_entitlements = granted_resource_entitlements
+    end
+
+    # List gets a list of GrantedResourceEntitlement records matching a given set of criteria.
+    def list(
+      resource_id,
+      filter,
+      *args,
+      deadline: nil
+    )
+      return @granted_resource_entitlements.list(
+               resource_id,
+               filter,
+                            *args,
+                            deadline: deadline,
+             )
+    end
+  end
+
+  # GrantedRoleEntitlements enumerates the resources to which a role grants access.
+  # The GrantedRoleEntitlements service is read-only.
+  #
+  # See {GrantedRoleEntitlement}.
+  class GrantedRoleEntitlements
+    extend Gem::Deprecate
+
+    def initialize(channel, parent)
+      begin
+        @stub = V1::GrantedRoleEntitlements::Stub.new(nil, nil, channel_override: channel)
+      rescue => exception
+        raise Plumbing::convert_error_to_porcelain(exception)
+      end
+      @parent = parent
+    end
+
+    # List gets a list of GrantedRoleEntitlement records matching a given set of criteria.
+    def list(
+      role_id,
+      filter,
+      *args,
+      deadline: nil
+    )
+      req = V1::GrantedRoleEntitlementListRequest.new()
+      req.meta = V1::ListRequestMetadata.new()
+      if not @parent.page_limit.nil?
+        req.meta.limit = @parent.page_limit
+      end
+      if not @parent.snapshot_time.nil?
+        req.meta.snapshot_at = @parent.snapshot_time
+      end
+
+      req.role_id = (role_id)
+      req.filter = Plumbing::quote_filter_args(filter, *args)
+      resp = Enumerator::Generator.new { |g|
+        tries = 0
+        loop do
+          begin
+            plumbing_response = @stub.list(req, metadata: @parent.get_metadata("GrantedRoleEntitlements.List", req), deadline: deadline)
+          rescue => exception
+            if (@parent.shouldRetry(tries, exception, deadline))
+              tries + +sleep(@parent.exponentialBackoff(tries, deadline))
+              next
+            end
+            raise Plumbing::convert_error_to_porcelain(exception)
+          end
+          tries = 0
+          plumbing_response.granted_role_entitlements.each do |plumbing_item|
+            g.yield Plumbing::convert_granted_role_entitlement_to_porcelain(plumbing_item)
+          end
+          break if plumbing_response.meta.next_cursor == ""
+          req.meta.cursor = plumbing_response.meta.next_cursor
+        end
+      }
+      resp
+    end
+  end
+
+  # SnapshotGrantedRoleEntitlements exposes the read only methods of the GrantedRoleEntitlements
+  # service for historical queries.
+  class SnapshotGrantedRoleEntitlements
+    extend Gem::Deprecate
+
+    def initialize(granted_role_entitlements)
+      @granted_role_entitlements = granted_role_entitlements
+    end
+
+    # List gets a list of GrantedRoleEntitlement records matching a given set of criteria.
+    def list(
+      role_id,
+      filter,
+      *args,
+      deadline: nil
+    )
+      return @granted_role_entitlements.list(
+               role_id,
+               filter,
+                            *args,
+                            deadline: deadline,
+             )
+    end
+  end
+
   # A Role has a list of access rules which determine which Resources the members
   # of the Role have access to. An Account can be a member of multiple Roles via
   # AccountAttachments.

data/lib/version

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "16.12.0"
+  VERSION = "16.13.0"
 end

data/lib/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "16.12.0"
+  VERSION = "16.13.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: strongdm
 version: !ruby/object:Gem::Version
-  version: 16.12.0
+  version: 16.13.0
 platform: ruby
 authors:
 - strongDM Team
@@ -81,8 +81,8 @@ files:
 - "./.git/logs/HEAD"
 - "./.git/logs/refs/heads/master"
 - "./.git/logs/refs/remotes/origin/HEAD"
-- "./.git/objects/pack/pack-cf73833c619336fb8fb8650f501c5aae54cb27dd.idx"
-- "./.git/objects/pack/pack-cf73833c619336fb8fb8650f501c5aae54cb27dd.pack"
+- "./.git/objects/pack/pack-e86c3c4c6f4358738486ecba9b8a87ac3fb4410a.idx"
+- "./.git/objects/pack/pack-e86c3c4c6f4358738486ecba9b8a87ac3fb4410a.pack"
 - "./.git/packed-refs"
 - "./.git/refs/heads/master"
 - "./.git/refs/remotes/origin/HEAD"
@@ -141,6 +141,12 @@ files:
 - "./lib/grpc/discovery_connectors_pb.rb"
 - "./lib/grpc/discovery_connectors_services_pb.rb"
 - "./lib/grpc/drivers_pb.rb"
+- "./lib/grpc/granted_account_entitlements_pb.rb"
+- "./lib/grpc/granted_account_entitlements_services_pb.rb"
+- "./lib/grpc/granted_resource_entitlements_pb.rb"
+- "./lib/grpc/granted_resource_entitlements_services_pb.rb"
+- "./lib/grpc/granted_role_entitlements_pb.rb"
+- "./lib/grpc/granted_role_entitlements_services_pb.rb"
 - "./lib/grpc/groups_history_pb.rb"
 - "./lib/grpc/groups_history_services_pb.rb"
 - "./lib/grpc/groups_pb.rb"