google-cloud-privileged_access_manager-v1 0.1.0 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f9a7b93cb9358e100e9d6dc0050caa27bb441bfc809d31523ee0167c429fb13a
4
- data.tar.gz: 127152267b8f67e412a59455180c72bf6be85d790a1f4361e3fbecb9c193b93d
3
+ metadata.gz: 5af72b67ce278f858409b499027af9be8eeee753196db1cdc218acfdf4aa5a6f
4
+ data.tar.gz: d6f449b023b816f464687d9b03d26b9e7ce5cb0de7ac8830af7d8bfdd8bb91e2
5
5
  SHA512:
6
- metadata.gz: 578414c4bf0dd366d702736d4dddea910d0b6b3a6391383a50d1644451748ca7963f937ac61b1e17626118eb7fe53478b169dd2500b58ba6f7bf3afdd514cf19
7
- data.tar.gz: 382ff4c508894d1f85c276a4a5dd59ad328d5dbb99c284ce3c2bf53c5888a59c07009e1388bdbee88f6b2dc58dd14cda03ba68e071640e7568922f54b036aa8a
6
+ metadata.gz: 7e8c911e5f22d342557815414f878295bd4b65ba7e4e662063531bdc2052a5a63b5cb4a6bddff6907f0ede96e05cee79a597fffd09231a96a559060d3e1e40f5
7
+ data.tar.gz: 24eef800756105ae0c93d91a5154650824ae7501b9d986adcd87ce16c0a1fe7791bf3d0eea71330bdf8b11d3cf29ac6718d8314e8ce986c4aabff276733d3888
data/README.md CHANGED
@@ -2,7 +2,54 @@
2
2
 
3
3
  Privileged Access Manager (PAM) helps you on your journey towards least privilege and helps mitigate risks tied to privileged access misuse or abuse. PAM allows you to shift from always-on standing privileges towards on-demand access with just-in-time, time-bound, and approval-based access elevations. PAM allows IAM administrators to create entitlements that can grant just-in-time, temporary access to any resource scope. Requesters can explore eligible entitlements and request the access needed for their task. Approvers are notified when approvals await their decision. Streamlined workflows facilitated by using PAM can support various use cases, including emergency access for incident responders, time-boxed access for developers for critical deployment or maintenance, temporary access for operators for data ingestion and audits, JIT access to service accounts for automated tasks, and more.
4
4
 
5
- ## Overview Privileged Access Manager (PAM) is a Google Cloud native, managed solution to secure, manage and audit privileged access while ensuring operational velocity and developer productivity. PAM enables just-in-time, time-bound, approval-based access elevations, and auditing of privileged access elevations and activity. PAM lets you define the rules of who can request access, what they can request access to, and if they should be granted access with or without approvals based on the sensitivity of the access and emergency of the situation. ## Concepts ### Entitlement An entitlement is an eligibility or license that allows specified users (requesters) to request and obtain access to specified resources subject to a set of conditions such as duration, etc. entitlements can be granted to both human and non-human principals. ### Grant A grant is an instance of active usage against the entitlement. A user can place a request for a grant against an entitlement. The request may be forwarded to an approver for their decision. Once approved, the grant is activated, ultimately giving the user access (roles/permissions) on a resource per the criteria specified in entitlement. ### How does PAM work PAM creates and uses a service agent (Google-managed service account) to perform the required IAM policy changes for granting access at a specific resource/access scope. The service agent requires getIAMPolicy and setIAMPolicy permissions at the appropriate (or higher) access scope - Organization/Folder/Project to make policy changes on the resources listed in PAM entitlements. When enabling PAM for a resource scope, the user/ principal performing that action should have the appropriate permissions at that resource scope (`resourcemanager.{projects|folders|organizations}.setIamPolicy`, `resourcemanager.{projects|folders|organizations}.getIamPolicy`, and `resourcemanager.{projects|folders|organizations}.get`) to list and grant the service agent/account the required access to perform IAM policy changes.
5
+ ## Overview
6
+
7
+ Privileged Access Manager (PAM) is a Google Cloud native, managed solution
8
+ to secure, manage and audit privileged access while ensuring operational
9
+ velocity and developer productivity.
10
+
11
+ PAM enables just-in-time, time-bound, approval-based access elevations,
12
+ and auditing of privileged access elevations and activity. PAM lets you
13
+ define the rules of who can request access, what they can request access
14
+ to, and if they should be granted access with or without approvals based
15
+ on the sensitivity of the access and emergency of the situation.
16
+
17
+ ## Concepts
18
+
19
+ ### Entitlement
20
+
21
+ An entitlement is an eligibility or license that allows specified users
22
+ (requesters) to request and obtain access to specified resources subject
23
+ to a set of conditions such as duration, etc. entitlements can be granted
24
+ to both human and non-human principals.
25
+
26
+ ### Grant
27
+
28
+ A grant is an instance of active usage against the entitlement. A user can
29
+ place a request for a grant against an entitlement. The request may be
30
+ forwarded to an approver for their decision. Once approved, the grant is
31
+ activated, ultimately giving the user access (roles/permissions) on a
32
+ resource per the criteria specified in entitlement.
33
+
34
+ ### How does PAM work
35
+
36
+ PAM creates and uses a service agent (Google-managed service account) to
37
+ perform the required IAM policy changes for granting access at a
38
+ specific
39
+ resource/access scope. The service agent requires getIAMPolicy and
40
+ setIAMPolicy permissions at the appropriate (or higher) access scope
41
+ -
42
+ Organization/Folder/Project to make policy changes on the resources listed
43
+ in PAM entitlements.
44
+
45
+ When enabling PAM for a resource scope, the user/ principal performing
46
+ that action should have the appropriate permissions at that resource
47
+ scope
48
+ (resourcemanager.\\{projects|folders|organizations}.setIamPolicy,
49
+ resourcemanager.\\{projects|folders|organizations}.getIamPolicy, and
50
+ resourcemanager.\\{projects|folders|organizations}.get) to list and grant
51
+ the service agent/account the required access to perform IAM policy
52
+ changes.
6
53
 
7
54
  https://github.com/googleapis/google-cloud-ruby
8
55
 
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module PrivilegedAccessManager
23
23
  module V1
24
- VERSION = "0.1.0"
24
+ VERSION = "0.1.2"
25
25
  end
26
26
  end
27
27
  end
@@ -196,9 +196,26 @@ module Google
196
196
  # @!attribute [rw] common
197
197
  # @return [::Google::Api::CommonLanguageSettings]
198
198
  # Some settings.
199
+ # @!attribute [rw] experimental_features
200
+ # @return [::Google::Api::PythonSettings::ExperimentalFeatures]
201
+ # Experimental features to be included during client library generation.
199
202
  class PythonSettings
200
203
  include ::Google::Protobuf::MessageExts
201
204
  extend ::Google::Protobuf::MessageExts::ClassMethods
205
+
206
+ # Experimental features to be included during client library generation.
207
+ # These fields will be deprecated once the feature graduates and is enabled
208
+ # by default.
209
+ # @!attribute [rw] rest_async_io_enabled
210
+ # @return [::Boolean]
211
+ # Enables generation of asynchronous REST clients if `rest` transport is
212
+ # enabled. By default, asynchronous REST clients will not be generated.
213
+ # This feature will be enabled by default 1 month after launching the
214
+ # feature in preview packages.
215
+ class ExperimentalFeatures
216
+ include ::Google::Protobuf::MessageExts
217
+ extend ::Google::Protobuf::MessageExts::ClassMethods
218
+ end
202
219
  end
203
220
 
204
221
  # Settings for Node client libraries.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-privileged_access_manager-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-24 00:00:00.000000000 Z
11
+ date: 2024-08-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common