google-cloud-privileged_access_manager-v1 0.a → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +12 -0
- data/AUTHENTICATION.md +122 -0
- data/README.md +144 -8
- data/lib/google/cloud/privileged_access_manager/v1/bindings_override.rb +134 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/client.rb +1895 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/credentials.rb +47 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/operations.rb +809 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/paths.rb +206 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/client.rb +1777 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/operations.rb +944 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/service_stub.rb +1109 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest.rb +73 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager.rb +75 -0
- data/lib/google/cloud/privileged_access_manager/v1/rest.rb +38 -0
- data/lib/google/cloud/privileged_access_manager/v1/version.rb +7 -2
- data/lib/google/cloud/privileged_access_manager/v1.rb +45 -0
- data/lib/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_pb.rb +108 -0
- data/lib/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_services_pb.rb +121 -0
- data/lib/google-cloud-privileged_access_manager-v1.rb +21 -0
- data/proto_docs/README.md +4 -0
- data/proto_docs/google/api/client.rb +403 -0
- data/proto_docs/google/api/field_behavior.rb +85 -0
- data/proto_docs/google/api/launch_stage.rb +71 -0
- data/proto_docs/google/api/resource.rb +227 -0
- data/proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb +966 -0
- data/proto_docs/google/longrunning/operations.rb +164 -0
- data/proto_docs/google/protobuf/any.rb +145 -0
- data/proto_docs/google/protobuf/duration.rb +98 -0
- data/proto_docs/google/protobuf/empty.rb +34 -0
- data/proto_docs/google/protobuf/field_mask.rb +229 -0
- data/proto_docs/google/protobuf/timestamp.rb +127 -0
- data/proto_docs/google/rpc/status.rb +48 -0
- metadata +125 -10
@@ -0,0 +1,966 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2024 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module PrivilegedAccessManager
|
23
|
+
module V1
|
24
|
+
# Request message for `CheckOnboardingStatus` method.
|
25
|
+
# @!attribute [rw] parent
|
26
|
+
# @return [::String]
|
27
|
+
# Required. The resource for which the onboarding status should be checked.
|
28
|
+
# Should be in one of the following formats:
|
29
|
+
#
|
30
|
+
# * `projects/{project-number|project-id}/locations/{region}`
|
31
|
+
# * `folders/{folder-number}/locations/{region}`
|
32
|
+
# * `organizations/{organization-number}/locations/{region}`
|
33
|
+
class CheckOnboardingStatusRequest
|
34
|
+
include ::Google::Protobuf::MessageExts
|
35
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
36
|
+
end
|
37
|
+
|
38
|
+
# Response message for `CheckOnboardingStatus` method.
|
39
|
+
# @!attribute [rw] service_account
|
40
|
+
# @return [::String]
|
41
|
+
# The service account that PAM uses to act on this resource.
|
42
|
+
# @!attribute [rw] findings
|
43
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse::Finding>]
|
44
|
+
# List of issues that are preventing PAM from functioning for this resource
|
45
|
+
# and need to be fixed to complete onboarding. Some issues might not be
|
46
|
+
# detected or reported.
|
47
|
+
class CheckOnboardingStatusResponse
|
48
|
+
include ::Google::Protobuf::MessageExts
|
49
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
50
|
+
|
51
|
+
# Finding represents an issue which prevents PAM from functioning properly
|
52
|
+
# for this resource.
|
53
|
+
# @!attribute [rw] iam_access_denied
|
54
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse::Finding::IAMAccessDenied]
|
55
|
+
# PAM's service account is being denied access by Cloud IAM.
|
56
|
+
class Finding
|
57
|
+
include ::Google::Protobuf::MessageExts
|
58
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
59
|
+
|
60
|
+
# PAM's service account is being denied access by Cloud IAM.
|
61
|
+
# This can be fixed by granting a role that contains the missing
|
62
|
+
# permissions to the service account or exempting it from deny policies if
|
63
|
+
# they are blocking the access.
|
64
|
+
# @!attribute [rw] missing_permissions
|
65
|
+
# @return [::Array<::String>]
|
66
|
+
# List of permissions that are being denied.
|
67
|
+
class IAMAccessDenied
|
68
|
+
include ::Google::Protobuf::MessageExts
|
69
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
# An entitlement defines the eligibility of a set of users to obtain
|
75
|
+
# predefined access for some time possibly after going through an approval
|
76
|
+
# workflow.
|
77
|
+
# @!attribute [rw] name
|
78
|
+
# @return [::String]
|
79
|
+
# Identifier. Name of the entitlement.
|
80
|
+
# Possible formats:
|
81
|
+
#
|
82
|
+
# * `organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}`
|
83
|
+
# * `folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}`
|
84
|
+
# * `projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}`
|
85
|
+
# @!attribute [r] create_time
|
86
|
+
# @return [::Google::Protobuf::Timestamp]
|
87
|
+
# Output only. Create time stamp.
|
88
|
+
# @!attribute [r] update_time
|
89
|
+
# @return [::Google::Protobuf::Timestamp]
|
90
|
+
# Output only. Update time stamp.
|
91
|
+
# @!attribute [rw] eligible_users
|
92
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::AccessControlEntry>]
|
93
|
+
# Optional. Who can create grants using this entitlement. This list should
|
94
|
+
# contain at most one entry.
|
95
|
+
# @!attribute [rw] approval_workflow
|
96
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::ApprovalWorkflow]
|
97
|
+
# Optional. The approvals needed before access are granted to a requester. No
|
98
|
+
# approvals are needed if this field is null.
|
99
|
+
# @!attribute [rw] privileged_access
|
100
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccess]
|
101
|
+
# The access granted to a requester on successful approval.
|
102
|
+
# @!attribute [rw] max_request_duration
|
103
|
+
# @return [::Google::Protobuf::Duration]
|
104
|
+
# Required. The maximum amount of time that access is granted for a request.
|
105
|
+
# A requester can ask for a duration less than this, but never more.
|
106
|
+
# @!attribute [r] state
|
107
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::State]
|
108
|
+
# Output only. Current state of this entitlement.
|
109
|
+
# @!attribute [rw] requester_justification_config
|
110
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig]
|
111
|
+
# Required. The manner in which the requester should provide a justification
|
112
|
+
# for requesting access.
|
113
|
+
# @!attribute [rw] additional_notification_targets
|
114
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::AdditionalNotificationTargets]
|
115
|
+
# Optional. Additional email addresses to be notified based on actions taken.
|
116
|
+
# @!attribute [rw] etag
|
117
|
+
# @return [::String]
|
118
|
+
# An `etag` is used for optimistic concurrency control as a way to prevent
|
119
|
+
# simultaneous updates to the same entitlement. An `etag` is returned in the
|
120
|
+
# response to `GetEntitlement` and the caller should put the `etag` in the
|
121
|
+
# request to `UpdateEntitlement` so that their change is applied on
|
122
|
+
# the same version. If this field is omitted or if there is a mismatch while
|
123
|
+
# updating an entitlement, then the server rejects the request.
|
124
|
+
class Entitlement
|
125
|
+
include ::Google::Protobuf::MessageExts
|
126
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
127
|
+
|
128
|
+
# Defines how a requester must provide a justification when requesting
|
129
|
+
# access.
|
130
|
+
# @!attribute [rw] not_mandatory
|
131
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
|
132
|
+
# This option means the requester isn't required to provide a
|
133
|
+
# justification.
|
134
|
+
# @!attribute [rw] unstructured
|
135
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
|
136
|
+
# This option means the requester must provide a string as
|
137
|
+
# justification. If this is selected, the server allows the requester
|
138
|
+
# to provide a justification but doesn't validate it.
|
139
|
+
class RequesterJustificationConfig
|
140
|
+
include ::Google::Protobuf::MessageExts
|
141
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
142
|
+
|
143
|
+
# The justification is not mandatory but can be provided in any of the
|
144
|
+
# supported formats.
|
145
|
+
class NotMandatory
|
146
|
+
include ::Google::Protobuf::MessageExts
|
147
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
148
|
+
end
|
149
|
+
|
150
|
+
# The requester has to provide a justification in the form of a string.
|
151
|
+
class Unstructured
|
152
|
+
include ::Google::Protobuf::MessageExts
|
153
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
# AdditionalNotificationTargets includes email addresses to be notified.
|
158
|
+
# @!attribute [rw] admin_email_recipients
|
159
|
+
# @return [::Array<::String>]
|
160
|
+
# Optional. Additional email addresses to be notified when a principal
|
161
|
+
# (requester) is granted access.
|
162
|
+
# @!attribute [rw] requester_email_recipients
|
163
|
+
# @return [::Array<::String>]
|
164
|
+
# Optional. Additional email address to be notified about an eligible
|
165
|
+
# entitlement.
|
166
|
+
class AdditionalNotificationTargets
|
167
|
+
include ::Google::Protobuf::MessageExts
|
168
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
169
|
+
end
|
170
|
+
|
171
|
+
# Different states an entitlement can be in.
|
172
|
+
module State
|
173
|
+
# Unspecified state. This value is never returned by the server.
|
174
|
+
STATE_UNSPECIFIED = 0
|
175
|
+
|
176
|
+
# The entitlement is being created.
|
177
|
+
CREATING = 1
|
178
|
+
|
179
|
+
# The entitlement is available for requesting access.
|
180
|
+
AVAILABLE = 2
|
181
|
+
|
182
|
+
# The entitlement is being deleted.
|
183
|
+
DELETING = 3
|
184
|
+
|
185
|
+
# The entitlement has been deleted.
|
186
|
+
DELETED = 4
|
187
|
+
|
188
|
+
# The entitlement is being updated.
|
189
|
+
UPDATING = 5
|
190
|
+
end
|
191
|
+
end
|
192
|
+
|
193
|
+
# AccessControlEntry is used to control who can do some operation.
|
194
|
+
# @!attribute [rw] principals
|
195
|
+
# @return [::Array<::String>]
|
196
|
+
# Optional. Users who are allowed for the operation. Each entry should be a
|
197
|
+
# valid v1 IAM principal identifier. The format for these is documented at:
|
198
|
+
# https://cloud.google.com/iam/docs/principal-identifiers#v1
|
199
|
+
class AccessControlEntry
|
200
|
+
include ::Google::Protobuf::MessageExts
|
201
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
202
|
+
end
|
203
|
+
|
204
|
+
# Different types of approval workflows that can be used to gate privileged
|
205
|
+
# access granting.
|
206
|
+
# @!attribute [rw] manual_approvals
|
207
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::ManualApprovals]
|
208
|
+
# An approval workflow where users designated as approvers review and act
|
209
|
+
# on the grants.
|
210
|
+
class ApprovalWorkflow
|
211
|
+
include ::Google::Protobuf::MessageExts
|
212
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
213
|
+
end
|
214
|
+
|
215
|
+
# A manual approval workflow where users who are designated as approvers
|
216
|
+
# need to call the `ApproveGrant`/`DenyGrant` APIs for a grant. The workflow
|
217
|
+
# can consist of multiple serial steps where each step defines who can act as
|
218
|
+
# approver in that step and how many of those users should approve before the
|
219
|
+
# workflow moves to the next step.
|
220
|
+
#
|
221
|
+
# This can be used to create approval workflows such as:
|
222
|
+
#
|
223
|
+
# * Require an approval from any user in a group G.
|
224
|
+
# * Require an approval from any k number of users from a Group G.
|
225
|
+
# * Require an approval from any user in a group G and then from a user U.
|
226
|
+
#
|
227
|
+
# A single user might be part of the `approvers` ACL for multiple steps in this
|
228
|
+
# workflow, but they can only approve once and that approval is only considered
|
229
|
+
# to satisfy the approval step at which it was granted.
|
230
|
+
# @!attribute [rw] require_approver_justification
|
231
|
+
# @return [::Boolean]
|
232
|
+
# Optional. Do the approvers need to provide a justification for their
|
233
|
+
# actions?
|
234
|
+
# @!attribute [rw] steps
|
235
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::ManualApprovals::Step>]
|
236
|
+
# Optional. List of approval steps in this workflow. These steps are followed
|
237
|
+
# in the specified order sequentially. Only 1 step is supported.
|
238
|
+
class ManualApprovals
|
239
|
+
include ::Google::Protobuf::MessageExts
|
240
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
241
|
+
|
242
|
+
# Step represents a logical step in a manual approval workflow.
|
243
|
+
# @!attribute [rw] approvers
|
244
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::AccessControlEntry>]
|
245
|
+
# Optional. The potential set of approvers in this step. This list must
|
246
|
+
# contain at most one entry.
|
247
|
+
# @!attribute [rw] approvals_needed
|
248
|
+
# @return [::Integer]
|
249
|
+
# Required. How many users from the above list need to approve. If there
|
250
|
+
# aren't enough distinct users in the list, then the workflow indefinitely
|
251
|
+
# blocks. Should always be greater than 0. 1 is the only supported value.
|
252
|
+
# @!attribute [rw] approver_email_recipients
|
253
|
+
# @return [::Array<::String>]
|
254
|
+
# Optional. Additional email addresses to be notified when a grant is
|
255
|
+
# pending approval.
|
256
|
+
class Step
|
257
|
+
include ::Google::Protobuf::MessageExts
|
258
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
259
|
+
end
|
260
|
+
end
|
261
|
+
|
262
|
+
# Privileged access that this service can be used to gate.
|
263
|
+
# @!attribute [rw] gcp_iam_access
|
264
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccess::GcpIamAccess]
|
265
|
+
# Access to a Google Cloud resource through IAM.
|
266
|
+
class PrivilegedAccess
|
267
|
+
include ::Google::Protobuf::MessageExts
|
268
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
269
|
+
|
270
|
+
# GcpIamAccess represents IAM based access control on a Google Cloud
|
271
|
+
# resource. Refer to https://cloud.google.com/iam/docs to understand more
|
272
|
+
# about IAM.
|
273
|
+
# @!attribute [rw] resource_type
|
274
|
+
# @return [::String]
|
275
|
+
# Required. The type of this resource.
|
276
|
+
# @!attribute [rw] resource
|
277
|
+
# @return [::String]
|
278
|
+
# Required. Name of the resource.
|
279
|
+
# @!attribute [rw] role_bindings
|
280
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccess::GcpIamAccess::RoleBinding>]
|
281
|
+
# Required. Role bindings that are created on successful grant.
|
282
|
+
class GcpIamAccess
|
283
|
+
include ::Google::Protobuf::MessageExts
|
284
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
285
|
+
|
286
|
+
# IAM Role bindings that are created after a successful grant.
|
287
|
+
# @!attribute [rw] role
|
288
|
+
# @return [::String]
|
289
|
+
# Required. IAM role to be granted.
|
290
|
+
# https://cloud.google.com/iam/docs/roles-overview.
|
291
|
+
# @!attribute [rw] condition_expression
|
292
|
+
# @return [::String]
|
293
|
+
# Optional. The expression field of the IAM condition to be associated
|
294
|
+
# with the role. If specified, a user with an active grant for this
|
295
|
+
# entitlement is able to access the resource only if this condition
|
296
|
+
# evaluates to true for their request.
|
297
|
+
#
|
298
|
+
# This field uses the same CEL format as IAM and supports all attributes
|
299
|
+
# that IAM supports, except tags.
|
300
|
+
# https://cloud.google.com/iam/docs/conditions-overview#attributes.
|
301
|
+
class RoleBinding
|
302
|
+
include ::Google::Protobuf::MessageExts
|
303
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
304
|
+
end
|
305
|
+
end
|
306
|
+
end
|
307
|
+
|
308
|
+
# Message for requesting list of entitlements.
|
309
|
+
# @!attribute [rw] parent
|
310
|
+
# @return [::String]
|
311
|
+
# Required. The parent which owns the entitlement resources.
|
312
|
+
# @!attribute [rw] page_size
|
313
|
+
# @return [::Integer]
|
314
|
+
# Optional. Requested page size. Server may return fewer items than
|
315
|
+
# requested. If unspecified, the server picks an appropriate default.
|
316
|
+
# @!attribute [rw] page_token
|
317
|
+
# @return [::String]
|
318
|
+
# Optional. A token identifying a page of results the server should return.
|
319
|
+
# @!attribute [rw] filter
|
320
|
+
# @return [::String]
|
321
|
+
# Optional. Filtering results.
|
322
|
+
# @!attribute [rw] order_by
|
323
|
+
# @return [::String]
|
324
|
+
# Optional. Hint for how to order the results.
|
325
|
+
class ListEntitlementsRequest
|
326
|
+
include ::Google::Protobuf::MessageExts
|
327
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
328
|
+
end
|
329
|
+
|
330
|
+
# Message for response to listing entitlements.
|
331
|
+
# @!attribute [rw] entitlements
|
332
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>]
|
333
|
+
# The list of entitlements.
|
334
|
+
# @!attribute [rw] next_page_token
|
335
|
+
# @return [::String]
|
336
|
+
# A token identifying a page of results the server should return.
|
337
|
+
# @!attribute [rw] unreachable
|
338
|
+
# @return [::Array<::String>]
|
339
|
+
# Locations that could not be reached.
|
340
|
+
class ListEntitlementsResponse
|
341
|
+
include ::Google::Protobuf::MessageExts
|
342
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
343
|
+
end
|
344
|
+
|
345
|
+
# Request message for `SearchEntitlements` method.
|
346
|
+
# @!attribute [rw] parent
|
347
|
+
# @return [::String]
|
348
|
+
# Required. The parent which owns the entitlement resources.
|
349
|
+
# @!attribute [rw] caller_access_type
|
350
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest::CallerAccessType]
|
351
|
+
# Required. Only entitlements where the calling user has this access are
|
352
|
+
# returned.
|
353
|
+
# @!attribute [rw] filter
|
354
|
+
# @return [::String]
|
355
|
+
# Optional. Only entitlements matching this filter are returned in the
|
356
|
+
# response.
|
357
|
+
# @!attribute [rw] page_size
|
358
|
+
# @return [::Integer]
|
359
|
+
# Optional. Requested page size. The server may return fewer items than
|
360
|
+
# requested. If unspecified, the server picks an appropriate default.
|
361
|
+
# @!attribute [rw] page_token
|
362
|
+
# @return [::String]
|
363
|
+
# Optional. A token identifying a page of results the server should return.
|
364
|
+
class SearchEntitlementsRequest
|
365
|
+
include ::Google::Protobuf::MessageExts
|
366
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
367
|
+
|
368
|
+
# Different types of access a user can have on the entitlement resource.
|
369
|
+
module CallerAccessType
|
370
|
+
# Unspecified access type.
|
371
|
+
CALLER_ACCESS_TYPE_UNSPECIFIED = 0
|
372
|
+
|
373
|
+
# The user has access to create grants using this entitlement.
|
374
|
+
GRANT_REQUESTER = 1
|
375
|
+
|
376
|
+
# The user has access to approve/deny grants created under this
|
377
|
+
# entitlement.
|
378
|
+
GRANT_APPROVER = 2
|
379
|
+
end
|
380
|
+
end
|
381
|
+
|
382
|
+
# Response message for `SearchEntitlements` method.
|
383
|
+
# @!attribute [rw] entitlements
|
384
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>]
|
385
|
+
# The list of entitlements.
|
386
|
+
# @!attribute [rw] next_page_token
|
387
|
+
# @return [::String]
|
388
|
+
# A token identifying a page of results the server should return.
|
389
|
+
class SearchEntitlementsResponse
|
390
|
+
include ::Google::Protobuf::MessageExts
|
391
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
392
|
+
end
|
393
|
+
|
394
|
+
# Message for getting an entitlement.
|
395
|
+
# @!attribute [rw] name
|
396
|
+
# @return [::String]
|
397
|
+
# Required. Name of the resource.
|
398
|
+
class GetEntitlementRequest
|
399
|
+
include ::Google::Protobuf::MessageExts
|
400
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
401
|
+
end
|
402
|
+
|
403
|
+
# Message for creating an entitlement.
|
404
|
+
# @!attribute [rw] parent
|
405
|
+
# @return [::String]
|
406
|
+
# Required. Name of the parent resource for the entitlement.
|
407
|
+
# Possible formats:
|
408
|
+
#
|
409
|
+
# * `organizations/{organization-number}/locations/{region}`
|
410
|
+
# * `folders/{folder-number}/locations/{region}`
|
411
|
+
# * `projects/{project-id|project-number}/locations/{region}`
|
412
|
+
# @!attribute [rw] entitlement_id
|
413
|
+
# @return [::String]
|
414
|
+
# Required. The ID to use for this entitlement. This becomes the last part of
|
415
|
+
# the resource name.
|
416
|
+
#
|
417
|
+
# This value should be 4-63 characters in length, and valid characters are
|
418
|
+
# "[a-z]", "[0-9]", and "-". The first character should be from [a-z].
|
419
|
+
#
|
420
|
+
# This value should be unique among all other entitlements under the
|
421
|
+
# specified `parent`.
|
422
|
+
# @!attribute [rw] entitlement
|
423
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement]
|
424
|
+
# Required. The resource being created
|
425
|
+
# @!attribute [rw] request_id
|
426
|
+
# @return [::String]
|
427
|
+
# Optional. An optional request ID to identify requests. Specify a unique
|
428
|
+
# request ID so that if you must retry your request, the server knows to
|
429
|
+
# ignore the request if it has already been completed. The server guarantees
|
430
|
+
# this for at least 60 minutes after the first request.
|
431
|
+
#
|
432
|
+
# For example, consider a situation where you make an initial request and the
|
433
|
+
# request times out. If you make the request again with the same request
|
434
|
+
# ID, the server can check if original operation with the same request ID
|
435
|
+
# was received, and if so, ignores the second request and returns the
|
436
|
+
# previous operation's response. This prevents clients from accidentally
|
437
|
+
# creating duplicate commitments.
|
438
|
+
#
|
439
|
+
# The request ID must be a valid UUID with the exception that zero UUID is
|
440
|
+
# not supported (00000000-0000-0000-0000-000000000000).
|
441
|
+
class CreateEntitlementRequest
|
442
|
+
include ::Google::Protobuf::MessageExts
|
443
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
444
|
+
end
|
445
|
+
|
446
|
+
# Message for deleting an entitlement.
|
447
|
+
# @!attribute [rw] name
|
448
|
+
# @return [::String]
|
449
|
+
# Required. Name of the resource.
|
450
|
+
# @!attribute [rw] request_id
|
451
|
+
# @return [::String]
|
452
|
+
# Optional. An optional request ID to identify requests. Specify a unique
|
453
|
+
# request ID so that if you must retry your request, the server knows to
|
454
|
+
# ignore the request if it has already been completed. The server guarantees
|
455
|
+
# this for at least 60 minutes after the first request.
|
456
|
+
#
|
457
|
+
# For example, consider a situation where you make an initial request and the
|
458
|
+
# request times out. If you make the request again with the same request
|
459
|
+
# ID, the server can check if original operation with the same request ID
|
460
|
+
# was received, and if so, ignores the second request. This prevents
|
461
|
+
# clients from accidentally creating duplicate commitments.
|
462
|
+
#
|
463
|
+
# The request ID must be a valid UUID with the exception that zero UUID is
|
464
|
+
# not supported (00000000-0000-0000-0000-000000000000).
|
465
|
+
# @!attribute [rw] force
|
466
|
+
# @return [::Boolean]
|
467
|
+
# Optional. If set to true, any child grant under this entitlement is also
|
468
|
+
# deleted. (Otherwise, the request only works if the entitlement has no child
|
469
|
+
# grant.)
|
470
|
+
class DeleteEntitlementRequest
|
471
|
+
include ::Google::Protobuf::MessageExts
|
472
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
473
|
+
end
|
474
|
+
|
475
|
+
# Message for updating an entitlement.
|
476
|
+
# @!attribute [rw] entitlement
|
477
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement]
|
478
|
+
# Required. The entitlement resource that is updated.
|
479
|
+
# @!attribute [rw] update_mask
|
480
|
+
# @return [::Google::Protobuf::FieldMask]
|
481
|
+
# Required. The list of fields to update. A field is overwritten if, and only
|
482
|
+
# if, it is in the mask. Any immutable fields set in the mask are ignored by
|
483
|
+
# the server. Repeated fields and map fields are only allowed in the last
|
484
|
+
# position of a `paths` string and overwrite the existing values. Hence an
|
485
|
+
# update to a repeated field or a map should contain the entire list of
|
486
|
+
# values. The fields specified in the update_mask are relative to the
|
487
|
+
# resource and not to the request.
|
488
|
+
# (e.g. `MaxRequestDuration`; *not* `entitlement.MaxRequestDuration`)
|
489
|
+
# A value of '*' for this field refers to full replacement of the resource.
|
490
|
+
class UpdateEntitlementRequest
|
491
|
+
include ::Google::Protobuf::MessageExts
|
492
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
493
|
+
end
|
494
|
+
|
495
|
+
# This is to ensure that the `Grants` and `ProducerGrants` proto are byte
|
496
|
+
# compatible.
|
497
|
+
# A grant represents a request from a user for obtaining the access specified
|
498
|
+
# in an entitlement they are eligible for.
|
499
|
+
# @!attribute [rw] name
|
500
|
+
# @return [::String]
|
501
|
+
# Identifier. Name of this grant.
|
502
|
+
# Possible formats:
|
503
|
+
#
|
504
|
+
# * `organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`
|
505
|
+
# * `folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`
|
506
|
+
# * `projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`
|
507
|
+
#
|
508
|
+
# The last segment of this name (`{grant-id}`) is autogenerated.
|
509
|
+
# @!attribute [r] create_time
|
510
|
+
# @return [::Google::Protobuf::Timestamp]
|
511
|
+
# Output only. Create time stamp.
|
512
|
+
# @!attribute [r] update_time
|
513
|
+
# @return [::Google::Protobuf::Timestamp]
|
514
|
+
# Output only. Update time stamp.
|
515
|
+
# @!attribute [r] requester
|
516
|
+
# @return [::String]
|
517
|
+
# Output only. Username of the user who created this grant.
|
518
|
+
# @!attribute [rw] requested_duration
|
519
|
+
# @return [::Google::Protobuf::Duration]
|
520
|
+
# Required. The amount of time access is needed for. This value should be
|
521
|
+
# less than the `max_request_duration` value of the entitlement.
|
522
|
+
# @!attribute [rw] justification
|
523
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Justification]
|
524
|
+
# Optional. Justification of why this access is needed.
|
525
|
+
# @!attribute [r] state
|
526
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::State]
|
527
|
+
# Output only. Current state of this grant.
|
528
|
+
# @!attribute [r] timeline
|
529
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline]
|
530
|
+
# Output only. Timeline of this grant.
|
531
|
+
# @!attribute [r] privileged_access
|
532
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccess]
|
533
|
+
# Output only. The access that would be granted by this grant.
|
534
|
+
# @!attribute [r] audit_trail
|
535
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::AuditTrail]
|
536
|
+
# Output only. Audit trail of access provided by this grant. If unspecified
|
537
|
+
# then access was never granted.
|
538
|
+
# @!attribute [rw] additional_email_recipients
|
539
|
+
# @return [::Array<::String>]
|
540
|
+
# Optional. Additional email addresses to notify for all the actions
|
541
|
+
# performed on the grant.
|
542
|
+
# @!attribute [r] externally_modified
|
543
|
+
# @return [::Boolean]
|
544
|
+
# Output only. Flag set by the PAM system to indicate that policy bindings
|
545
|
+
# made by this grant have been modified from outside PAM.
|
546
|
+
#
|
547
|
+
# After it is set, this flag remains set forever irrespective of the grant
|
548
|
+
# state. A `true` value here indicates that PAM no longer has any certainty
|
549
|
+
# on the access a user has because of this grant.
|
550
|
+
class Grant
|
551
|
+
include ::Google::Protobuf::MessageExts
|
552
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
553
|
+
|
554
|
+
# Timeline of a grant describing what happened to it and when.
|
555
|
+
# @!attribute [r] events
|
556
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event>]
|
557
|
+
# Output only. The events that have occurred on this grant. This list
|
558
|
+
# contains entries in the same order as they occurred. The first entry is
|
559
|
+
# always be of type `Requested` and there is always at least one entry in
|
560
|
+
# this array.
|
561
|
+
class Timeline
|
562
|
+
include ::Google::Protobuf::MessageExts
|
563
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
564
|
+
|
565
|
+
# A single operation on the grant.
|
566
|
+
# @!attribute [rw] requested
|
567
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::Requested]
|
568
|
+
# The grant was requested.
|
569
|
+
# @!attribute [rw] approved
|
570
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::Approved]
|
571
|
+
# The grant was approved.
|
572
|
+
# @!attribute [rw] denied
|
573
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::Denied]
|
574
|
+
# The grant was denied.
|
575
|
+
# @!attribute [rw] revoked
|
576
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::Revoked]
|
577
|
+
# The grant was revoked.
|
578
|
+
# @!attribute [rw] scheduled
|
579
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::Scheduled]
|
580
|
+
# The grant has been scheduled to give access.
|
581
|
+
# @!attribute [rw] activated
|
582
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::Activated]
|
583
|
+
# The grant was successfully activated to give access.
|
584
|
+
# @!attribute [rw] activation_failed
|
585
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::ActivationFailed]
|
586
|
+
# There was a non-retriable error while trying to give access.
|
587
|
+
# @!attribute [rw] expired
|
588
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::Expired]
|
589
|
+
# The approval workflow did not complete in the necessary duration,
|
590
|
+
# and so the grant is expired.
|
591
|
+
# @!attribute [rw] ended
|
592
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::Ended]
|
593
|
+
# Access given by the grant ended automatically as the approved
|
594
|
+
# duration was over.
|
595
|
+
# @!attribute [rw] externally_modified
|
596
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant::Timeline::Event::ExternallyModified]
|
597
|
+
# The policy bindings made by grant have been modified outside of PAM.
|
598
|
+
# @!attribute [r] event_time
|
599
|
+
# @return [::Google::Protobuf::Timestamp]
|
600
|
+
# Output only. The time (as recorded at server) when this event occurred.
|
601
|
+
class Event
|
602
|
+
include ::Google::Protobuf::MessageExts
|
603
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
604
|
+
|
605
|
+
# An event representing that a grant was requested.
|
606
|
+
# @!attribute [r] expire_time
|
607
|
+
# @return [::Google::Protobuf::Timestamp]
|
608
|
+
# Output only. The time at which this grant expires unless the approval
|
609
|
+
# workflow completes. If omitted, then the request never expires.
|
610
|
+
class Requested
|
611
|
+
include ::Google::Protobuf::MessageExts
|
612
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
613
|
+
end
|
614
|
+
|
615
|
+
# An event representing that the grant was approved.
|
616
|
+
# @!attribute [r] reason
|
617
|
+
# @return [::String]
|
618
|
+
# Output only. The reason provided by the approver for approving the
|
619
|
+
# grant.
|
620
|
+
# @!attribute [r] actor
|
621
|
+
# @return [::String]
|
622
|
+
# Output only. Username of the user who approved the grant.
|
623
|
+
class Approved
|
624
|
+
include ::Google::Protobuf::MessageExts
|
625
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
626
|
+
end
|
627
|
+
|
628
|
+
# An event representing that the grant was denied.
|
629
|
+
# @!attribute [r] reason
|
630
|
+
# @return [::String]
|
631
|
+
# Output only. The reason provided by the approver for denying the
|
632
|
+
# grant.
|
633
|
+
# @!attribute [r] actor
|
634
|
+
# @return [::String]
|
635
|
+
# Output only. Username of the user who denied the grant.
|
636
|
+
class Denied
|
637
|
+
include ::Google::Protobuf::MessageExts
|
638
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
639
|
+
end
|
640
|
+
|
641
|
+
# An event representing that the grant was revoked.
|
642
|
+
# @!attribute [r] reason
|
643
|
+
# @return [::String]
|
644
|
+
# Output only. The reason provided by the user for revoking the grant.
|
645
|
+
# @!attribute [r] actor
|
646
|
+
# @return [::String]
|
647
|
+
# Output only. Username of the user who revoked the grant.
|
648
|
+
class Revoked
|
649
|
+
include ::Google::Protobuf::MessageExts
|
650
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
651
|
+
end
|
652
|
+
|
653
|
+
# An event representing that the grant has been scheduled to be
|
654
|
+
# activated later.
|
655
|
+
# @!attribute [r] scheduled_activation_time
|
656
|
+
# @return [::Google::Protobuf::Timestamp]
|
657
|
+
# Output only. The time at which the access is granted.
|
658
|
+
class Scheduled
|
659
|
+
include ::Google::Protobuf::MessageExts
|
660
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
661
|
+
end
|
662
|
+
|
663
|
+
# An event representing that the grant was successfully
|
664
|
+
# activated.
|
665
|
+
class Activated
|
666
|
+
include ::Google::Protobuf::MessageExts
|
667
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
668
|
+
end
|
669
|
+
|
670
|
+
# An event representing that the grant activation failed.
|
671
|
+
# @!attribute [r] error
|
672
|
+
# @return [::Google::Rpc::Status]
|
673
|
+
# Output only. The error that occurred while activating the grant.
|
674
|
+
class ActivationFailed
|
675
|
+
include ::Google::Protobuf::MessageExts
|
676
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
677
|
+
end
|
678
|
+
|
679
|
+
# An event representing that the grant was expired.
|
680
|
+
class Expired
|
681
|
+
include ::Google::Protobuf::MessageExts
|
682
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
683
|
+
end
|
684
|
+
|
685
|
+
# An event representing that the grant has ended.
|
686
|
+
class Ended
|
687
|
+
include ::Google::Protobuf::MessageExts
|
688
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
689
|
+
end
|
690
|
+
|
691
|
+
# An event representing that the policy bindings made by this grant were
|
692
|
+
# modified externally.
|
693
|
+
class ExternallyModified
|
694
|
+
include ::Google::Protobuf::MessageExts
|
695
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
696
|
+
end
|
697
|
+
end
|
698
|
+
end
|
699
|
+
|
700
|
+
# Audit trail for the access provided by this grant.
|
701
|
+
# @!attribute [r] access_grant_time
|
702
|
+
# @return [::Google::Protobuf::Timestamp]
|
703
|
+
# Output only. The time at which access was given.
|
704
|
+
# @!attribute [r] access_remove_time
|
705
|
+
# @return [::Google::Protobuf::Timestamp]
|
706
|
+
# Output only. The time at which the system removed access. This could be
|
707
|
+
# because of an automatic expiry or because of a revocation.
|
708
|
+
#
|
709
|
+
# If unspecified, then access hasn't been removed yet.
|
710
|
+
class AuditTrail
|
711
|
+
include ::Google::Protobuf::MessageExts
|
712
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
713
|
+
end
|
714
|
+
|
715
|
+
# Different states a grant can be in.
|
716
|
+
module State
|
717
|
+
# Unspecified state. This value is never returned by the server.
|
718
|
+
STATE_UNSPECIFIED = 0
|
719
|
+
|
720
|
+
# The entitlement had an approval workflow configured and this grant is
|
721
|
+
# waiting for the workflow to complete.
|
722
|
+
APPROVAL_AWAITED = 1
|
723
|
+
|
724
|
+
# The approval workflow completed with a denied result. No access is
|
725
|
+
# granted for this grant. This is a terminal state.
|
726
|
+
DENIED = 3
|
727
|
+
|
728
|
+
# The approval workflow completed successfully with an approved result or
|
729
|
+
# none was configured. Access is provided at an appropriate time.
|
730
|
+
SCHEDULED = 4
|
731
|
+
|
732
|
+
# Access is being given.
|
733
|
+
ACTIVATING = 5
|
734
|
+
|
735
|
+
# Access was successfully given and is currently active.
|
736
|
+
ACTIVE = 6
|
737
|
+
|
738
|
+
# The system could not give access due to a non-retriable error. This is a
|
739
|
+
# terminal state.
|
740
|
+
ACTIVATION_FAILED = 7
|
741
|
+
|
742
|
+
# Expired after waiting for the approval workflow to complete. This is a
|
743
|
+
# terminal state.
|
744
|
+
EXPIRED = 8
|
745
|
+
|
746
|
+
# Access is being revoked.
|
747
|
+
REVOKING = 9
|
748
|
+
|
749
|
+
# Access was revoked by a user. This is a terminal state.
|
750
|
+
REVOKED = 10
|
751
|
+
|
752
|
+
# System took back access as the requested duration was over. This is a
|
753
|
+
# terminal state.
|
754
|
+
ENDED = 11
|
755
|
+
end
|
756
|
+
end
|
757
|
+
|
758
|
+
# Justification represents a justification for requesting access.
|
759
|
+
# @!attribute [rw] unstructured_justification
|
760
|
+
# @return [::String]
|
761
|
+
# A free form textual justification. The system only ensures that this
|
762
|
+
# is not empty. No other kind of validation is performed on the string.
|
763
|
+
class Justification
|
764
|
+
include ::Google::Protobuf::MessageExts
|
765
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
766
|
+
end
|
767
|
+
|
768
|
+
# Message for requesting list of grants.
|
769
|
+
# @!attribute [rw] parent
|
770
|
+
# @return [::String]
|
771
|
+
# Required. The parent resource which owns the grants.
|
772
|
+
# @!attribute [rw] page_size
|
773
|
+
# @return [::Integer]
|
774
|
+
# Optional. Requested page size. The server may return fewer items than
|
775
|
+
# requested. If unspecified, the server picks an appropriate default.
|
776
|
+
# @!attribute [rw] page_token
|
777
|
+
# @return [::String]
|
778
|
+
# Optional. A token identifying a page of results the server should return.
|
779
|
+
# @!attribute [rw] filter
|
780
|
+
# @return [::String]
|
781
|
+
# Optional. Filtering results.
|
782
|
+
# @!attribute [rw] order_by
|
783
|
+
# @return [::String]
|
784
|
+
# Optional. Hint for how to order the results
|
785
|
+
class ListGrantsRequest
|
786
|
+
include ::Google::Protobuf::MessageExts
|
787
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
788
|
+
end
|
789
|
+
|
790
|
+
# Message for response to listing grants.
|
791
|
+
# @!attribute [rw] grants
|
792
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::Grant>]
|
793
|
+
# The list of grants.
|
794
|
+
# @!attribute [rw] next_page_token
|
795
|
+
# @return [::String]
|
796
|
+
# A token identifying a page of results the server should return.
|
797
|
+
# @!attribute [rw] unreachable
|
798
|
+
# @return [::Array<::String>]
|
799
|
+
# Locations that could not be reached.
|
800
|
+
class ListGrantsResponse
|
801
|
+
include ::Google::Protobuf::MessageExts
|
802
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
803
|
+
end
|
804
|
+
|
805
|
+
# Request message for `SearchGrants` method.
|
806
|
+
# @!attribute [rw] parent
|
807
|
+
# @return [::String]
|
808
|
+
# Required. The parent which owns the grant resources.
|
809
|
+
# @!attribute [rw] caller_relationship
|
810
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest::CallerRelationshipType]
|
811
|
+
# Required. Only grants which the caller is related to by this relationship
|
812
|
+
# are returned in the response.
|
813
|
+
# @!attribute [rw] filter
|
814
|
+
# @return [::String]
|
815
|
+
# Optional. Only grants matching this filter are returned in the response.
|
816
|
+
# @!attribute [rw] page_size
|
817
|
+
# @return [::Integer]
|
818
|
+
# Optional. Requested page size. The server may return fewer items than
|
819
|
+
# requested. If unspecified, server picks an appropriate default.
|
820
|
+
# @!attribute [rw] page_token
|
821
|
+
# @return [::String]
|
822
|
+
# Optional. A token identifying a page of results the server should return.
|
823
|
+
class SearchGrantsRequest
|
824
|
+
include ::Google::Protobuf::MessageExts
|
825
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
826
|
+
|
827
|
+
# Different types of relationships a user can have with a grant.
|
828
|
+
module CallerRelationshipType
|
829
|
+
# Unspecified caller relationship type.
|
830
|
+
CALLER_RELATIONSHIP_TYPE_UNSPECIFIED = 0
|
831
|
+
|
832
|
+
# The user created this grant by calling `CreateGrant` earlier.
|
833
|
+
HAD_CREATED = 1
|
834
|
+
|
835
|
+
# The user is an approver for the entitlement that this grant is parented
|
836
|
+
# under and can currently approve/deny it.
|
837
|
+
CAN_APPROVE = 2
|
838
|
+
|
839
|
+
# The caller had successfully approved/denied this grant earlier.
|
840
|
+
HAD_APPROVED = 3
|
841
|
+
end
|
842
|
+
end
|
843
|
+
|
844
|
+
# Response message for `SearchGrants` method.
|
845
|
+
# @!attribute [rw] grants
|
846
|
+
# @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::Grant>]
|
847
|
+
# The list of grants.
|
848
|
+
# @!attribute [rw] next_page_token
|
849
|
+
# @return [::String]
|
850
|
+
# A token identifying a page of results the server should return.
|
851
|
+
class SearchGrantsResponse
|
852
|
+
include ::Google::Protobuf::MessageExts
|
853
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
854
|
+
end
|
855
|
+
|
856
|
+
# Message for getting a grant.
|
857
|
+
# @!attribute [rw] name
|
858
|
+
# @return [::String]
|
859
|
+
# Required. Name of the resource.
|
860
|
+
class GetGrantRequest
|
861
|
+
include ::Google::Protobuf::MessageExts
|
862
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
863
|
+
end
|
864
|
+
|
865
|
+
# Request message for `ApproveGrant` method.
|
866
|
+
# @!attribute [rw] name
|
867
|
+
# @return [::String]
|
868
|
+
# Required. Name of the grant resource which is being approved.
|
869
|
+
# @!attribute [rw] reason
|
870
|
+
# @return [::String]
|
871
|
+
# Optional. The reason for approving this grant. This is required if the
|
872
|
+
# `require_approver_justification` field of the `ManualApprovals` workflow
|
873
|
+
# used in this grant is true.
|
874
|
+
class ApproveGrantRequest
|
875
|
+
include ::Google::Protobuf::MessageExts
|
876
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
877
|
+
end
|
878
|
+
|
879
|
+
# Request message for `DenyGrant` method.
|
880
|
+
# @!attribute [rw] name
|
881
|
+
# @return [::String]
|
882
|
+
# Required. Name of the grant resource which is being denied.
|
883
|
+
# @!attribute [rw] reason
|
884
|
+
# @return [::String]
|
885
|
+
# Optional. The reason for denying this grant. This is required if
|
886
|
+
# `require_approver_justification` field of the `ManualApprovals` workflow
|
887
|
+
# used in this grant is true.
|
888
|
+
class DenyGrantRequest
|
889
|
+
include ::Google::Protobuf::MessageExts
|
890
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
891
|
+
end
|
892
|
+
|
893
|
+
# Request message for `RevokeGrant` method.
|
894
|
+
# @!attribute [rw] name
|
895
|
+
# @return [::String]
|
896
|
+
# Required. Name of the grant resource which is being revoked.
|
897
|
+
# @!attribute [rw] reason
|
898
|
+
# @return [::String]
|
899
|
+
# Optional. The reason for revoking this grant.
|
900
|
+
class RevokeGrantRequest
|
901
|
+
include ::Google::Protobuf::MessageExts
|
902
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
903
|
+
end
|
904
|
+
|
905
|
+
# Message for creating a grant
|
906
|
+
# @!attribute [rw] parent
|
907
|
+
# @return [::String]
|
908
|
+
# Required. Name of the parent entitlement for which this grant is being
|
909
|
+
# requested.
|
910
|
+
# @!attribute [rw] grant
|
911
|
+
# @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
|
912
|
+
# Required. The resource being created.
|
913
|
+
# @!attribute [rw] request_id
|
914
|
+
# @return [::String]
|
915
|
+
# Optional. An optional request ID to identify requests. Specify a unique
|
916
|
+
# request ID so that if you must retry your request, the server knows to
|
917
|
+
# ignore the request if it has already been completed. The server guarantees
|
918
|
+
# this for at least 60 minutes after the first request.
|
919
|
+
#
|
920
|
+
# For example, consider a situation where you make an initial request and the
|
921
|
+
# request times out. If you make the request again with the same request
|
922
|
+
# ID, the server can check if original operation with the same request ID
|
923
|
+
# was received, and if so, ignores the second request. This prevents
|
924
|
+
# clients from accidentally creating duplicate commitments.
|
925
|
+
#
|
926
|
+
# The request ID must be a valid UUID with the exception that zero UUID is
|
927
|
+
# not supported (00000000-0000-0000-0000-000000000000).
|
928
|
+
class CreateGrantRequest
|
929
|
+
include ::Google::Protobuf::MessageExts
|
930
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
931
|
+
end
|
932
|
+
|
933
|
+
# Represents the metadata of the long-running operation.
|
934
|
+
# @!attribute [r] create_time
|
935
|
+
# @return [::Google::Protobuf::Timestamp]
|
936
|
+
# Output only. The time the operation was created.
|
937
|
+
# @!attribute [r] end_time
|
938
|
+
# @return [::Google::Protobuf::Timestamp]
|
939
|
+
# Output only. The time the operation finished running.
|
940
|
+
# @!attribute [r] target
|
941
|
+
# @return [::String]
|
942
|
+
# Output only. Server-defined resource path for the target of the operation.
|
943
|
+
# @!attribute [r] verb
|
944
|
+
# @return [::String]
|
945
|
+
# Output only. Name of the verb executed by the operation.
|
946
|
+
# @!attribute [r] status_message
|
947
|
+
# @return [::String]
|
948
|
+
# Output only. Human-readable status of the operation, if any.
|
949
|
+
# @!attribute [r] requested_cancellation
|
950
|
+
# @return [::Boolean]
|
951
|
+
# Output only. Identifies whether the user has requested cancellation
|
952
|
+
# of the operation. Operations that have been cancelled successfully
|
953
|
+
# have [Operation.error][] value with a
|
954
|
+
# {::Google::Rpc::Status#code google.rpc.Status.code} of 1, corresponding to
|
955
|
+
# `Code.CANCELLED`.
|
956
|
+
# @!attribute [r] api_version
|
957
|
+
# @return [::String]
|
958
|
+
# Output only. API version used to start the operation.
|
959
|
+
class OperationMetadata
|
960
|
+
include ::Google::Protobuf::MessageExts
|
961
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
962
|
+
end
|
963
|
+
end
|
964
|
+
end
|
965
|
+
end
|
966
|
+
end
|