Add protos for Identity Activity Center

api/proto/teleport/clusterconfig/v1/access_graph.proto

@@ -16,6 +16,8 @@ syntax = "proto3";
 
 package teleport.clusterconfig.v1;
 
+import "google/protobuf/timestamp.proto";
+
 option go_package = "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1;clusterconfigv1";
 
 // AccessGraphConfig holds the information about the configured Access Graph service.
@@ -32,10 +34,20 @@ message AccessGraphConfig {
   bool insecure = 4;
   // secrets_scan_config is used to configure the parameters for the secrets scanning functionality.
   AccessGraphSecretsScanConfiguration secrets_scan_config = 5;
+  // audit_log_config sets up audit log event exporting.
+  AuditLogConfig audit_log_config = 6;
 }
 
 // AccessGraphSecretsScanConfiguration controls the secrets scanning service parameters.
 message AccessGraphSecretsScanConfiguration {
   // ssh_scan_enabled indicates if the SSH scan feature is enabled for the cluster.
   bool ssh_scan_enabled = 1;
 }
+
+// AuditLogConfig specifies the audit log event export setup.
+message AuditLogConfig {
+  // enbled indicates if Audit Log event exporting is enabled.
+  bool enabled = 1;
+  // start_date is the start date for exporting audit logs. It defaults to 90 days ago on the first export.
+  google.protobuf.Timestamp start_date = 2;
+}

api/proto/teleport/legacy/types/types.proto

@@ -6748,6 +6748,8 @@ message PluginSpecV1 {
     PluginMSTeamsSettings msteams = 18;
     // Settings for the OpenTex NetIQ plugin.
     PluginNetIQSettings net_iq = 19;
+    // Settings for the GitHub plugin.
+    PluginGithubSettings github = 20;
   }
 
   // generation contains a unique ID that should:
@@ -6758,6 +6760,32 @@ message PluginSpecV1 {
   string generation = 11;
 }
 
+// PluginGithubSettings defines the configuration parameters required for a plugin
+// to connect to and interact with a specific GitHub organization's API.
+message PluginGithubSettings {
+  option (gogoproto.equal) = true;
+
+  // Base URL for the GitHub API endpoint.
+  // For GitHub Enterprise, set to your instance URL (ex.: "https://github.mycompany.com/api/v3/").
+  // If empty, defaults to the public GitHub API ("https://api.github.com/").
+  string api_endpoint = 1;
+
+  // The Client ID of the OAuth application registered with GitHub, used for API authentication.
+  // ex.: "Iv1.123abc456def7890".
+  string client_id = 2;
+
+  // The name of the GitHub organization that this plugin configuration targets.
+  // ex.: "octo-org".
+  string organization_name = 3;
+
+  // The date from which the plugin should start fetching data (ex.: audit logs, events)
+  // from GitHub for the specified organization. This field is effectively required.
+  google.protobuf.Timestamp start_date = 4 [
+    (gogoproto.stdtime) = true,
+    (gogoproto.nullable) = false
+  ];
+}
+
 message PluginSlackAccessSettings {
   option (gogoproto.equal) = true;
 
@@ -6876,6 +6904,9 @@ message PluginOktaSettings {
 
   // CredentialsInfo contains information about the Okta credentials.
   PluginOktaCredentialsInfo credentials_info = 5;
+
+  // EnableSiemIntegration enables SIEM (Security Information and Event Management).
+  bool enable_system_log_export = 6;
 }
 
 // PluginOktaCredentialsInfo contains information about the Okta credentials.
@@ -7643,6 +7674,7 @@ message PluginStaticCredentialsSpecV1 {
     PluginStaticCredentialsBasicAuth BasicAuth = 2;
     PluginStaticCredentialsOAuthClientSecret OAuthClientSecret = 3;
     PluginStaticCredentialsSSHCertAuthorities SSHCertAuthorities = 4;
+    bytes private_key = 5;
   }
 }
 
@@ -8481,6 +8513,16 @@ message AccessGraphSync {
   repeated AccessGraphAzureSync Azure = 3 [(gogoproto.jsontag) = "azure,omitempty"];
 }
 
+// AccessGraphAWSSyncCloudTrailLogs defines settings for ingesting AWS CloudTrail logs
+// by polling an SQS queue that receives notifications about new log files.
+message AccessGraphAWSSyncCloudTrailLogs {
+  // The AWS region of the SQS queue for CloudTrail notifications, ex.: "us-east-2".
+  string Region = 1 [(gogoproto.jsontag) = "region,omitempty"];
+
+  // The name or URL for CloudTrail log events, ex.: "demo-cloudtrail-queue".
+  string SQSQueue = 2 [(gogoproto.jsontag) = "sqs_queue,omitempty"];
+}
+
 // AccessGraphAWSSync is a configuration for AWS Access Graph service poll service.
 message AccessGraphAWSSync {
   // Regions are AWS regions to import resources from.
@@ -8489,6 +8531,8 @@ message AccessGraphAWSSync {
   AssumeRole AssumeRole = 3 [(gogoproto.jsontag) = "assume_role,omitempty"];
   // Integration is the integration name used to generate credentials to interact with AWS APIs.
   string Integration = 4 [(gogoproto.jsontag) = "integration,omitempty"];
+  // Configuration settings for collecting AWS CloudTrail logs via an SQS queue.
+  AccessGraphAWSSyncCloudTrailLogs cloud_trail_logs = 5 [(gogoproto.jsontag) = "cloud_trail_logs,omitempty"];
 }
 
 // AccessGraphAzureSync is a configuration for Azure Access Graph service poll service.

api/proto/teleport/okta/v1/okta_service.proto

@@ -134,6 +134,8 @@ message CreateIntegrationRequest {
   // in turn will disable JIT Access Requests. Makes sense only when apps and groups sync is
   // enabled.
   bool enable_bidirectional_sync = 10;
+  // Enable Okta system log export.
+  bool enable_system_log_export = 11;
 }
 
 // UpdateIntegrationRequest is the request message for updating an existing Okta integration.