google-cloud-privileged_access_manager-v1 0.a → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +12 -0
  3. data/AUTHENTICATION.md +122 -0
  4. data/README.md +144 -8
  5. data/lib/google/cloud/privileged_access_manager/v1/bindings_override.rb +134 -0
  6. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/client.rb +1895 -0
  7. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/credentials.rb +47 -0
  8. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/operations.rb +809 -0
  9. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/paths.rb +206 -0
  10. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/client.rb +1777 -0
  11. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/operations.rb +944 -0
  12. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/service_stub.rb +1109 -0
  13. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest.rb +73 -0
  14. data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager.rb +75 -0
  15. data/lib/google/cloud/privileged_access_manager/v1/rest.rb +38 -0
  16. data/lib/google/cloud/privileged_access_manager/v1/version.rb +7 -2
  17. data/lib/google/cloud/privileged_access_manager/v1.rb +45 -0
  18. data/lib/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_pb.rb +108 -0
  19. data/lib/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_services_pb.rb +121 -0
  20. data/lib/google-cloud-privileged_access_manager-v1.rb +21 -0
  21. data/proto_docs/README.md +4 -0
  22. data/proto_docs/google/api/client.rb +403 -0
  23. data/proto_docs/google/api/field_behavior.rb +85 -0
  24. data/proto_docs/google/api/launch_stage.rb +71 -0
  25. data/proto_docs/google/api/resource.rb +227 -0
  26. data/proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb +966 -0
  27. data/proto_docs/google/longrunning/operations.rb +164 -0
  28. data/proto_docs/google/protobuf/any.rb +145 -0
  29. data/proto_docs/google/protobuf/duration.rb +98 -0
  30. data/proto_docs/google/protobuf/empty.rb +34 -0
  31. data/proto_docs/google/protobuf/field_mask.rb +229 -0
  32. data/proto_docs/google/protobuf/timestamp.rb +127 -0
  33. data/proto_docs/google/rpc/status.rb +48 -0
  34. metadata +125 -10
data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/client.rb ADDED
@@ -0,0 +1,1777 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2024 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/cloud/errors"
20
+ require "google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_pb"
21
+ require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/service_stub"
22
+ require "google/cloud/location/rest"
23
+
24
+ module Google
25
+ module Cloud
26
+ module PrivilegedAccessManager
27
+ module V1
28
+ module PrivilegedAccessManager
29
+ module Rest
30
+ ##
31
+ # REST client for the PrivilegedAccessManager service.
32
+ #
33
+ # This API allows customers to manage temporary, request based privileged
34
+ # access to their resources.
35
+ #
36
+ # It defines the following resource model:
37
+ #
38
+ # * A collection of `Entitlement` resources. An entitlement allows configuring
39
+ # (among other things):
40
+ #
41
+ # * Some kind of privileged access that users can request.
42
+ # * A set of users called _requesters_ who can request this access.
43
+ # * A maximum duration for which the access can be requested.
44
+ # * An optional approval workflow which must be satisfied before access is
45
+ # granted.
46
+ #
47
+ # * A collection of `Grant` resources. A grant is a request by a requester to
48
+ # get the privileged access specified in an entitlement for some duration.
49
+ #
50
+ # After the approval workflow as specified in the entitlement is satisfied,
51
+ # the specified access is given to the requester. The access is automatically
52
+ # taken back after the requested duration is over.
53
+ #
54
+ class Client
55
+ # @private
56
+ API_VERSION = ""
57
+
58
+ # @private
59
+ DEFAULT_ENDPOINT_TEMPLATE = "privilegedaccessmanager.$UNIVERSE_DOMAIN$"
60
+
61
+ include Paths
62
+
63
+ # @private
64
+ attr_reader :privileged_access_manager_stub
65
+
66
+ ##
67
+ # Configure the PrivilegedAccessManager Client class.
68
+ #
69
+ # See {::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client::Configuration}
70
+ # for a description of the configuration fields.
71
+ #
72
+ # @example
73
+ #
74
+ # # Modify the configuration for all PrivilegedAccessManager clients
75
+ # ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.configure do |config|
76
+ # config.timeout = 10.0
77
+ # end
78
+ #
79
+ # @yield [config] Configure the Client client.
80
+ # @yieldparam config [Client::Configuration]
81
+ #
82
+ # @return [Client::Configuration]
83
+ #
84
+ def self.configure
85
+ @configure ||= begin
86
+ namespace = ["Google", "Cloud", "PrivilegedAccessManager", "V1"]
87
+ parent_config = while namespace.any?
88
+ parent_name = namespace.join "::"
89
+ parent_const = const_get parent_name
90
+ break parent_const.configure if parent_const.respond_to? :configure
91
+ namespace.pop
92
+ end
93
+ default_config = Client::Configuration.new parent_config
94
+
95
+ default_config
96
+ end
97
+ yield @configure if block_given?
98
+ @configure
99
+ end
100
+
101
+ ##
102
+ # Configure the PrivilegedAccessManager Client instance.
103
+ #
104
+ # The configuration is set to the derived mode, meaning that values can be changed,
105
+ # but structural changes (adding new fields, etc.) are not allowed. Structural changes
106
+ # should be made on {Client.configure}.
107
+ #
108
+ # See {::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client::Configuration}
109
+ # for a description of the configuration fields.
110
+ #
111
+ # @yield [config] Configure the Client client.
112
+ # @yieldparam config [Client::Configuration]
113
+ #
114
+ # @return [Client::Configuration]
115
+ #
116
+ def configure
117
+ yield @config if block_given?
118
+ @config
119
+ end
120
+
121
+ ##
122
+ # The effective universe domain
123
+ #
124
+ # @return [String]
125
+ #
126
+ def universe_domain
127
+ @privileged_access_manager_stub.universe_domain
128
+ end
129
+
130
+ ##
131
+ # Create a new PrivilegedAccessManager REST client object.
132
+ #
133
+ # @example
134
+ #
135
+ # # Create a client using the default configuration
136
+ # client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
137
+ #
138
+ # # Create a client using a custom configuration
139
+ # client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new do |config|
140
+ # config.timeout = 10.0
141
+ # end
142
+ #
143
+ # @yield [config] Configure the PrivilegedAccessManager client.
144
+ # @yieldparam config [Client::Configuration]
145
+ #
146
+ def initialize
147
+ # Create the configuration object
148
+ @config = Configuration.new Client.configure
149
+
150
+ # Yield the configuration if needed
151
+ yield @config if block_given?
152
+
153
+ # Create credentials
154
+ credentials = @config.credentials
155
+ # Use self-signed JWT if the endpoint is unchanged from default,
156
+ # but only if the default endpoint does not have a region prefix.
157
+ enable_self_signed_jwt = @config.endpoint.nil? ||
158
+ (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
159
+ !@config.endpoint.split(".").first.include?("-"))
160
+ credentials ||= Credentials.default scope: @config.scope,
161
+ enable_self_signed_jwt: enable_self_signed_jwt
162
+ if credentials.is_a?(::String) || credentials.is_a?(::Hash)
163
+ credentials = Credentials.new credentials, scope: @config.scope
164
+ end
165
+
166
+ @quota_project_id = @config.quota_project
167
+ @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
168
+
169
+ @operations_client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Operations.new do |config|
170
+ config.credentials = credentials
171
+ config.quota_project = @quota_project_id
172
+ config.endpoint = @config.endpoint
173
+ config.universe_domain = @config.universe_domain
174
+ end
175
+
176
+ @privileged_access_manager_stub = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::ServiceStub.new(
177
+ endpoint: @config.endpoint,
178
+ endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
179
+ universe_domain: @config.universe_domain,
180
+ credentials: credentials
181
+ )
182
+
183
+ @location_client = Google::Cloud::Location::Locations::Rest::Client.new do |config|
184
+ config.credentials = credentials
185
+ config.quota_project = @quota_project_id
186
+ config.endpoint = @privileged_access_manager_stub.endpoint
187
+ config.universe_domain = @privileged_access_manager_stub.universe_domain
188
+ config.bindings_override = @config.bindings_override
189
+ end
190
+ end
191
+
192
+ ##
193
+ # Get the associated client for long-running operations.
194
+ #
195
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Operations]
196
+ #
197
+ attr_reader :operations_client
198
+
199
+ ##
200
+ # Get the associated client for mix-in of the Locations.
201
+ #
202
+ # @return [Google::Cloud::Location::Locations::Rest::Client]
203
+ #
204
+ attr_reader :location_client
205
+
206
+ # Service calls
207
+
208
+ ##
209
+ # CheckOnboardingStatus reports the onboarding status for a
210
+ # project/folder/organization. Any findings reported by this API need to be
211
+ # fixed before PAM can be used on the resource.
212
+ #
213
+ # @overload check_onboarding_status(request, options = nil)
214
+ # Pass arguments to `check_onboarding_status` via a request object, either of type
215
+ # {::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest} or an equivalent Hash.
216
+ #
217
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest, ::Hash]
218
+ # A request object representing the call parameters. Required. To specify no
219
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
220
+ # @param options [::Gapic::CallOptions, ::Hash]
221
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
222
+ #
223
+ # @overload check_onboarding_status(parent: nil)
224
+ # Pass arguments to `check_onboarding_status` via keyword arguments. Note that at
225
+ # least one keyword argument is required. To specify no parameters, or to keep all
226
+ # the default parameter values, pass an empty Hash as a request object (see above).
227
+ #
228
+ # @param parent [::String]
229
+ # Required. The resource for which the onboarding status should be checked.
230
+ # Should be in one of the following formats:
231
+ #
232
+ # * `projects/{project-number|project-id}/locations/{region}`
233
+ # * `folders/{folder-number}/locations/{region}`
234
+ # * `organizations/{organization-number}/locations/{region}`
235
+ # @yield [result, operation] Access the result along with the TransportOperation object
236
+ # @yieldparam result [::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse]
237
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
238
+ #
239
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse]
240
+ #
241
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
242
+ #
243
+ # @example Basic example
244
+ # require "google/cloud/privileged_access_manager/v1"
245
+ #
246
+ # # Create a client object. The client can be reused for multiple calls.
247
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
248
+ #
249
+ # # Create a request. To set request fields, pass in keyword arguments.
250
+ # request = Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest.new
251
+ #
252
+ # # Call the check_onboarding_status method.
253
+ # result = client.check_onboarding_status request
254
+ #
255
+ # # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse.
256
+ # p result
257
+ #
258
+ def check_onboarding_status request, options = nil
259
+ raise ::ArgumentError, "request must be provided" if request.nil?
260
+
261
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest
262
+
263
+ # Converts hash and nil to an options object
264
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
265
+
266
+ # Customize the options with defaults
267
+ call_metadata = @config.rpcs.check_onboarding_status.metadata.to_h
268
+
269
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
270
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
271
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
272
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
273
+ transports_version_send: [:rest]
274
+
275
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
276
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
277
+
278
+ options.apply_defaults timeout: @config.rpcs.check_onboarding_status.timeout,
279
+ metadata: call_metadata,
280
+ retry_policy: @config.rpcs.check_onboarding_status.retry_policy
281
+
282
+ options.apply_defaults timeout: @config.timeout,
283
+ metadata: @config.metadata,
284
+ retry_policy: @config.retry_policy
285
+
286
+ @privileged_access_manager_stub.check_onboarding_status request, options do |result, operation|
287
+ yield result, operation if block_given?
288
+ return result
289
+ end
290
+ rescue ::Gapic::Rest::Error => e
291
+ raise ::Google::Cloud::Error.from_error(e)
292
+ end
293
+
294
+ ##
295
+ # Lists entitlements in a given project/folder/organization and location.
296
+ #
297
+ # @overload list_entitlements(request, options = nil)
298
+ # Pass arguments to `list_entitlements` via a request object, either of type
299
+ # {::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest} or an equivalent Hash.
300
+ #
301
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest, ::Hash]
302
+ # A request object representing the call parameters. Required. To specify no
303
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
304
+ # @param options [::Gapic::CallOptions, ::Hash]
305
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
306
+ #
307
+ # @overload list_entitlements(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil)
308
+ # Pass arguments to `list_entitlements` via keyword arguments. Note that at
309
+ # least one keyword argument is required. To specify no parameters, or to keep all
310
+ # the default parameter values, pass an empty Hash as a request object (see above).
311
+ #
312
+ # @param parent [::String]
313
+ # Required. The parent which owns the entitlement resources.
314
+ # @param page_size [::Integer]
315
+ # Optional. Requested page size. Server may return fewer items than
316
+ # requested. If unspecified, the server picks an appropriate default.
317
+ # @param page_token [::String]
318
+ # Optional. A token identifying a page of results the server should return.
319
+ # @param filter [::String]
320
+ # Optional. Filtering results.
321
+ # @param order_by [::String]
322
+ # Optional. Hint for how to order the results.
323
+ # @yield [result, operation] Access the result along with the TransportOperation object
324
+ # @yieldparam result [::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsResponse]
325
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
326
+ #
327
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsResponse]
328
+ #
329
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
330
+ #
331
+ # @example Basic example
332
+ # require "google/cloud/privileged_access_manager/v1"
333
+ #
334
+ # # Create a client object. The client can be reused for multiple calls.
335
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
336
+ #
337
+ # # Create a request. To set request fields, pass in keyword arguments.
338
+ # request = Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest.new
339
+ #
340
+ # # Call the list_entitlements method.
341
+ # result = client.list_entitlements request
342
+ #
343
+ # # The returned object is of type Gapic::PagedEnumerable. You can iterate
344
+ # # over elements, and API calls will be issued to fetch pages as needed.
345
+ # result.each do |item|
346
+ # # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement.
347
+ # p item
348
+ # end
349
+ #
350
+ def list_entitlements request, options = nil
351
+ raise ::ArgumentError, "request must be provided" if request.nil?
352
+
353
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest
354
+
355
+ # Converts hash and nil to an options object
356
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
357
+
358
+ # Customize the options with defaults
359
+ call_metadata = @config.rpcs.list_entitlements.metadata.to_h
360
+
361
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
362
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
363
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
364
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
365
+ transports_version_send: [:rest]
366
+
367
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
368
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
369
+
370
+ options.apply_defaults timeout: @config.rpcs.list_entitlements.timeout,
371
+ metadata: call_metadata,
372
+ retry_policy: @config.rpcs.list_entitlements.retry_policy
373
+
374
+ options.apply_defaults timeout: @config.timeout,
375
+ metadata: @config.metadata,
376
+ retry_policy: @config.retry_policy
377
+
378
+ @privileged_access_manager_stub.list_entitlements request, options do |result, operation|
379
+ yield result, operation if block_given?
380
+ return result
381
+ end
382
+ rescue ::Gapic::Rest::Error => e
383
+ raise ::Google::Cloud::Error.from_error(e)
384
+ end
385
+
386
+ ##
387
+ # `SearchEntitlements` returns entitlements on which the caller has the
388
+ # specified access.
389
+ #
390
+ # @overload search_entitlements(request, options = nil)
391
+ # Pass arguments to `search_entitlements` via a request object, either of type
392
+ # {::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest} or an equivalent Hash.
393
+ #
394
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest, ::Hash]
395
+ # A request object representing the call parameters. Required. To specify no
396
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
397
+ # @param options [::Gapic::CallOptions, ::Hash]
398
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
399
+ #
400
+ # @overload search_entitlements(parent: nil, caller_access_type: nil, filter: nil, page_size: nil, page_token: nil)
401
+ # Pass arguments to `search_entitlements` via keyword arguments. Note that at
402
+ # least one keyword argument is required. To specify no parameters, or to keep all
403
+ # the default parameter values, pass an empty Hash as a request object (see above).
404
+ #
405
+ # @param parent [::String]
406
+ # Required. The parent which owns the entitlement resources.
407
+ # @param caller_access_type [::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest::CallerAccessType]
408
+ # Required. Only entitlements where the calling user has this access are
409
+ # returned.
410
+ # @param filter [::String]
411
+ # Optional. Only entitlements matching this filter are returned in the
412
+ # response.
413
+ # @param page_size [::Integer]
414
+ # Optional. Requested page size. The server may return fewer items than
415
+ # requested. If unspecified, the server picks an appropriate default.
416
+ # @param page_token [::String]
417
+ # Optional. A token identifying a page of results the server should return.
418
+ # @yield [result, operation] Access the result along with the TransportOperation object
419
+ # @yieldparam result [::Gapic::Rest::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>]
420
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
421
+ #
422
+ # @return [::Gapic::Rest::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>]
423
+ #
424
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
425
+ #
426
+ # @example Basic example
427
+ # require "google/cloud/privileged_access_manager/v1"
428
+ #
429
+ # # Create a client object. The client can be reused for multiple calls.
430
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
431
+ #
432
+ # # Create a request. To set request fields, pass in keyword arguments.
433
+ # request = Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest.new
434
+ #
435
+ # # Call the search_entitlements method.
436
+ # result = client.search_entitlements request
437
+ #
438
+ # # The returned object is of type Gapic::PagedEnumerable. You can iterate
439
+ # # over elements, and API calls will be issued to fetch pages as needed.
440
+ # result.each do |item|
441
+ # # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement.
442
+ # p item
443
+ # end
444
+ #
445
+ def search_entitlements request, options = nil
446
+ raise ::ArgumentError, "request must be provided" if request.nil?
447
+
448
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest
449
+
450
+ # Converts hash and nil to an options object
451
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
452
+
453
+ # Customize the options with defaults
454
+ call_metadata = @config.rpcs.search_entitlements.metadata.to_h
455
+
456
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
457
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
458
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
459
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
460
+ transports_version_send: [:rest]
461
+
462
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
463
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
464
+
465
+ options.apply_defaults timeout: @config.rpcs.search_entitlements.timeout,
466
+ metadata: call_metadata,
467
+ retry_policy: @config.rpcs.search_entitlements.retry_policy
468
+
469
+ options.apply_defaults timeout: @config.timeout,
470
+ metadata: @config.metadata,
471
+ retry_policy: @config.retry_policy
472
+
473
+ @privileged_access_manager_stub.search_entitlements request, options do |result, operation|
474
+ result = ::Gapic::Rest::PagedEnumerable.new @privileged_access_manager_stub, :search_entitlements, "entitlements", request, result, options
475
+ yield result, operation if block_given?
476
+ return result
477
+ end
478
+ rescue ::Gapic::Rest::Error => e
479
+ raise ::Google::Cloud::Error.from_error(e)
480
+ end
481
+
482
+ ##
483
+ # Gets details of a single entitlement.
484
+ #
485
+ # @overload get_entitlement(request, options = nil)
486
+ # Pass arguments to `get_entitlement` via a request object, either of type
487
+ # {::Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest} or an equivalent Hash.
488
+ #
489
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest, ::Hash]
490
+ # A request object representing the call parameters. Required. To specify no
491
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
492
+ # @param options [::Gapic::CallOptions, ::Hash]
493
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
494
+ #
495
+ # @overload get_entitlement(name: nil)
496
+ # Pass arguments to `get_entitlement` via keyword arguments. Note that at
497
+ # least one keyword argument is required. To specify no parameters, or to keep all
498
+ # the default parameter values, pass an empty Hash as a request object (see above).
499
+ #
500
+ # @param name [::String]
501
+ # Required. Name of the resource.
502
+ # @yield [result, operation] Access the result along with the TransportOperation object
503
+ # @yieldparam result [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement]
504
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
505
+ #
506
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement]
507
+ #
508
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
509
+ #
510
+ # @example Basic example
511
+ # require "google/cloud/privileged_access_manager/v1"
512
+ #
513
+ # # Create a client object. The client can be reused for multiple calls.
514
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
515
+ #
516
+ # # Create a request. To set request fields, pass in keyword arguments.
517
+ # request = Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest.new
518
+ #
519
+ # # Call the get_entitlement method.
520
+ # result = client.get_entitlement request
521
+ #
522
+ # # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Entitlement.
523
+ # p result
524
+ #
525
+ def get_entitlement request, options = nil
526
+ raise ::ArgumentError, "request must be provided" if request.nil?
527
+
528
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest
529
+
530
+ # Converts hash and nil to an options object
531
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
532
+
533
+ # Customize the options with defaults
534
+ call_metadata = @config.rpcs.get_entitlement.metadata.to_h
535
+
536
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
537
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
538
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
539
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
540
+ transports_version_send: [:rest]
541
+
542
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
543
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
544
+
545
+ options.apply_defaults timeout: @config.rpcs.get_entitlement.timeout,
546
+ metadata: call_metadata,
547
+ retry_policy: @config.rpcs.get_entitlement.retry_policy
548
+
549
+ options.apply_defaults timeout: @config.timeout,
550
+ metadata: @config.metadata,
551
+ retry_policy: @config.retry_policy
552
+
553
+ @privileged_access_manager_stub.get_entitlement request, options do |result, operation|
554
+ yield result, operation if block_given?
555
+ return result
556
+ end
557
+ rescue ::Gapic::Rest::Error => e
558
+ raise ::Google::Cloud::Error.from_error(e)
559
+ end
560
+
561
+ ##
562
+ # Creates a new entitlement in a given project/folder/organization and
563
+ # location.
564
+ #
565
+ # @overload create_entitlement(request, options = nil)
566
+ # Pass arguments to `create_entitlement` via a request object, either of type
567
+ # {::Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest} or an equivalent Hash.
568
+ #
569
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest, ::Hash]
570
+ # A request object representing the call parameters. Required. To specify no
571
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
572
+ # @param options [::Gapic::CallOptions, ::Hash]
573
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
574
+ #
575
+ # @overload create_entitlement(parent: nil, entitlement_id: nil, entitlement: nil, request_id: nil)
576
+ # Pass arguments to `create_entitlement` via keyword arguments. Note that at
577
+ # least one keyword argument is required. To specify no parameters, or to keep all
578
+ # the default parameter values, pass an empty Hash as a request object (see above).
579
+ #
580
+ # @param parent [::String]
581
+ # Required. Name of the parent resource for the entitlement.
582
+ # Possible formats:
583
+ #
584
+ # * `organizations/{organization-number}/locations/{region}`
585
+ # * `folders/{folder-number}/locations/{region}`
586
+ # * `projects/{project-id|project-number}/locations/{region}`
587
+ # @param entitlement_id [::String]
588
+ # Required. The ID to use for this entitlement. This becomes the last part of
589
+ # the resource name.
590
+ #
591
+ # This value should be 4-63 characters in length, and valid characters are
592
+ # "[a-z]", "[0-9]", and "-". The first character should be from [a-z].
593
+ #
594
+ # This value should be unique among all other entitlements under the
595
+ # specified `parent`.
596
+ # @param entitlement [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement, ::Hash]
597
+ # Required. The resource being created
598
+ # @param request_id [::String]
599
+ # Optional. An optional request ID to identify requests. Specify a unique
600
+ # request ID so that if you must retry your request, the server knows to
601
+ # ignore the request if it has already been completed. The server guarantees
602
+ # this for at least 60 minutes after the first request.
603
+ #
604
+ # For example, consider a situation where you make an initial request and the
605
+ # request times out. If you make the request again with the same request
606
+ # ID, the server can check if original operation with the same request ID
607
+ # was received, and if so, ignores the second request and returns the
608
+ # previous operation's response. This prevents clients from accidentally
609
+ # creating duplicate commitments.
610
+ #
611
+ # The request ID must be a valid UUID with the exception that zero UUID is
612
+ # not supported (00000000-0000-0000-0000-000000000000).
613
+ # @yield [result, operation] Access the result along with the TransportOperation object
614
+ # @yieldparam result [::Gapic::Operation]
615
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
616
+ #
617
+ # @return [::Gapic::Operation]
618
+ #
619
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
620
+ #
621
+ # @example Basic example
622
+ # require "google/cloud/privileged_access_manager/v1"
623
+ #
624
+ # # Create a client object. The client can be reused for multiple calls.
625
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
626
+ #
627
+ # # Create a request. To set request fields, pass in keyword arguments.
628
+ # request = Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest.new
629
+ #
630
+ # # Call the create_entitlement method.
631
+ # result = client.create_entitlement request
632
+ #
633
+ # # The returned object is of type Gapic::Operation. You can use it to
634
+ # # check the status of an operation, cancel it, or wait for results.
635
+ # # Here is how to wait for a response.
636
+ # result.wait_until_done! timeout: 60
637
+ # if result.response?
638
+ # p result.response
639
+ # else
640
+ # puts "No response received."
641
+ # end
642
+ #
643
+ def create_entitlement request, options = nil
644
+ raise ::ArgumentError, "request must be provided" if request.nil?
645
+
646
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest
647
+
648
+ # Converts hash and nil to an options object
649
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
650
+
651
+ # Customize the options with defaults
652
+ call_metadata = @config.rpcs.create_entitlement.metadata.to_h
653
+
654
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
655
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
656
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
657
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
658
+ transports_version_send: [:rest]
659
+
660
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
661
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
662
+
663
+ options.apply_defaults timeout: @config.rpcs.create_entitlement.timeout,
664
+ metadata: call_metadata,
665
+ retry_policy: @config.rpcs.create_entitlement.retry_policy
666
+
667
+ options.apply_defaults timeout: @config.timeout,
668
+ metadata: @config.metadata,
669
+ retry_policy: @config.retry_policy
670
+
671
+ @privileged_access_manager_stub.create_entitlement request, options do |result, operation|
672
+ result = ::Gapic::Operation.new result, @operations_client, options: options
673
+ yield result, operation if block_given?
674
+ return result
675
+ end
676
+ rescue ::Gapic::Rest::Error => e
677
+ raise ::Google::Cloud::Error.from_error(e)
678
+ end
679
+
680
+ ##
681
+ # Deletes a single entitlement. This method can only be called when there
682
+ # are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the
683
+ # entitlement.
684
+ #
685
+ # @overload delete_entitlement(request, options = nil)
686
+ # Pass arguments to `delete_entitlement` via a request object, either of type
687
+ # {::Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest} or an equivalent Hash.
688
+ #
689
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest, ::Hash]
690
+ # A request object representing the call parameters. Required. To specify no
691
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
692
+ # @param options [::Gapic::CallOptions, ::Hash]
693
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
694
+ #
695
+ # @overload delete_entitlement(name: nil, request_id: nil, force: nil)
696
+ # Pass arguments to `delete_entitlement` via keyword arguments. Note that at
697
+ # least one keyword argument is required. To specify no parameters, or to keep all
698
+ # the default parameter values, pass an empty Hash as a request object (see above).
699
+ #
700
+ # @param name [::String]
701
+ # Required. Name of the resource.
702
+ # @param request_id [::String]
703
+ # Optional. An optional request ID to identify requests. Specify a unique
704
+ # request ID so that if you must retry your request, the server knows to
705
+ # ignore the request if it has already been completed. The server guarantees
706
+ # this for at least 60 minutes after the first request.
707
+ #
708
+ # For example, consider a situation where you make an initial request and the
709
+ # request times out. If you make the request again with the same request
710
+ # ID, the server can check if original operation with the same request ID
711
+ # was received, and if so, ignores the second request. This prevents
712
+ # clients from accidentally creating duplicate commitments.
713
+ #
714
+ # The request ID must be a valid UUID with the exception that zero UUID is
715
+ # not supported (00000000-0000-0000-0000-000000000000).
716
+ # @param force [::Boolean]
717
+ # Optional. If set to true, any child grant under this entitlement is also
718
+ # deleted. (Otherwise, the request only works if the entitlement has no child
719
+ # grant.)
720
+ # @yield [result, operation] Access the result along with the TransportOperation object
721
+ # @yieldparam result [::Gapic::Operation]
722
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
723
+ #
724
+ # @return [::Gapic::Operation]
725
+ #
726
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
727
+ #
728
+ # @example Basic example
729
+ # require "google/cloud/privileged_access_manager/v1"
730
+ #
731
+ # # Create a client object. The client can be reused for multiple calls.
732
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
733
+ #
734
+ # # Create a request. To set request fields, pass in keyword arguments.
735
+ # request = Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest.new
736
+ #
737
+ # # Call the delete_entitlement method.
738
+ # result = client.delete_entitlement request
739
+ #
740
+ # # The returned object is of type Gapic::Operation. You can use it to
741
+ # # check the status of an operation, cancel it, or wait for results.
742
+ # # Here is how to wait for a response.
743
+ # result.wait_until_done! timeout: 60
744
+ # if result.response?
745
+ # p result.response
746
+ # else
747
+ # puts "No response received."
748
+ # end
749
+ #
750
+ def delete_entitlement request, options = nil
751
+ raise ::ArgumentError, "request must be provided" if request.nil?
752
+
753
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest
754
+
755
+ # Converts hash and nil to an options object
756
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
757
+
758
+ # Customize the options with defaults
759
+ call_metadata = @config.rpcs.delete_entitlement.metadata.to_h
760
+
761
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
762
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
763
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
764
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
765
+ transports_version_send: [:rest]
766
+
767
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
768
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
769
+
770
+ options.apply_defaults timeout: @config.rpcs.delete_entitlement.timeout,
771
+ metadata: call_metadata,
772
+ retry_policy: @config.rpcs.delete_entitlement.retry_policy
773
+
774
+ options.apply_defaults timeout: @config.timeout,
775
+ metadata: @config.metadata,
776
+ retry_policy: @config.retry_policy
777
+
778
+ @privileged_access_manager_stub.delete_entitlement request, options do |result, operation|
779
+ result = ::Gapic::Operation.new result, @operations_client, options: options
780
+ yield result, operation if block_given?
781
+ return result
782
+ end
783
+ rescue ::Gapic::Rest::Error => e
784
+ raise ::Google::Cloud::Error.from_error(e)
785
+ end
786
+
787
+ ##
788
+ # Updates the entitlement specified in the request. Updated fields in the
789
+ # entitlement need to be specified in an update mask. The changes made to an
790
+ # entitlement are applicable only on future grants of the entitlement.
791
+ # However, if new approvers are added or existing approvers are removed from
792
+ # the approval workflow, the changes are effective on existing grants.
793
+ #
794
+ # The following fields are not supported for updates:
795
+ #
796
+ # * All immutable fields
797
+ # * Entitlement name
798
+ # * Resource name
799
+ # * Resource type
800
+ # * Adding an approval workflow in an entitlement which previously had no
801
+ # approval workflow.
802
+ # * Deleting the approval workflow from an entitlement.
803
+ # * Adding or deleting a step in the approval workflow (only one step is
804
+ # supported)
805
+ #
806
+ # Note that updates are allowed on the list of approvers in an approval
807
+ # workflow step.
808
+ #
809
+ # @overload update_entitlement(request, options = nil)
810
+ # Pass arguments to `update_entitlement` via a request object, either of type
811
+ # {::Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest} or an equivalent Hash.
812
+ #
813
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest, ::Hash]
814
+ # A request object representing the call parameters. Required. To specify no
815
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
816
+ # @param options [::Gapic::CallOptions, ::Hash]
817
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
818
+ #
819
+ # @overload update_entitlement(entitlement: nil, update_mask: nil)
820
+ # Pass arguments to `update_entitlement` via keyword arguments. Note that at
821
+ # least one keyword argument is required. To specify no parameters, or to keep all
822
+ # the default parameter values, pass an empty Hash as a request object (see above).
823
+ #
824
+ # @param entitlement [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement, ::Hash]
825
+ # Required. The entitlement resource that is updated.
826
+ # @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
827
+ # Required. The list of fields to update. A field is overwritten if, and only
828
+ # if, it is in the mask. Any immutable fields set in the mask are ignored by
829
+ # the server. Repeated fields and map fields are only allowed in the last
830
+ # position of a `paths` string and overwrite the existing values. Hence an
831
+ # update to a repeated field or a map should contain the entire list of
832
+ # values. The fields specified in the update_mask are relative to the
833
+ # resource and not to the request.
834
+ # (e.g. `MaxRequestDuration`; *not* `entitlement.MaxRequestDuration`)
835
+ # A value of '*' for this field refers to full replacement of the resource.
836
+ # @yield [result, operation] Access the result along with the TransportOperation object
837
+ # @yieldparam result [::Gapic::Operation]
838
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
839
+ #
840
+ # @return [::Gapic::Operation]
841
+ #
842
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
843
+ #
844
+ # @example Basic example
845
+ # require "google/cloud/privileged_access_manager/v1"
846
+ #
847
+ # # Create a client object. The client can be reused for multiple calls.
848
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
849
+ #
850
+ # # Create a request. To set request fields, pass in keyword arguments.
851
+ # request = Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest.new
852
+ #
853
+ # # Call the update_entitlement method.
854
+ # result = client.update_entitlement request
855
+ #
856
+ # # The returned object is of type Gapic::Operation. You can use it to
857
+ # # check the status of an operation, cancel it, or wait for results.
858
+ # # Here is how to wait for a response.
859
+ # result.wait_until_done! timeout: 60
860
+ # if result.response?
861
+ # p result.response
862
+ # else
863
+ # puts "No response received."
864
+ # end
865
+ #
866
+ def update_entitlement request, options = nil
867
+ raise ::ArgumentError, "request must be provided" if request.nil?
868
+
869
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest
870
+
871
+ # Converts hash and nil to an options object
872
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
873
+
874
+ # Customize the options with defaults
875
+ call_metadata = @config.rpcs.update_entitlement.metadata.to_h
876
+
877
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
878
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
879
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
880
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
881
+ transports_version_send: [:rest]
882
+
883
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
884
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
885
+
886
+ options.apply_defaults timeout: @config.rpcs.update_entitlement.timeout,
887
+ metadata: call_metadata,
888
+ retry_policy: @config.rpcs.update_entitlement.retry_policy
889
+
890
+ options.apply_defaults timeout: @config.timeout,
891
+ metadata: @config.metadata,
892
+ retry_policy: @config.retry_policy
893
+
894
+ @privileged_access_manager_stub.update_entitlement request, options do |result, operation|
895
+ result = ::Gapic::Operation.new result, @operations_client, options: options
896
+ yield result, operation if block_given?
897
+ return result
898
+ end
899
+ rescue ::Gapic::Rest::Error => e
900
+ raise ::Google::Cloud::Error.from_error(e)
901
+ end
902
+
903
+ ##
904
+ # Lists grants for a given entitlement.
905
+ #
906
+ # @overload list_grants(request, options = nil)
907
+ # Pass arguments to `list_grants` via a request object, either of type
908
+ # {::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest} or an equivalent Hash.
909
+ #
910
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest, ::Hash]
911
+ # A request object representing the call parameters. Required. To specify no
912
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
913
+ # @param options [::Gapic::CallOptions, ::Hash]
914
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
915
+ #
916
+ # @overload list_grants(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil)
917
+ # Pass arguments to `list_grants` via keyword arguments. Note that at
918
+ # least one keyword argument is required. To specify no parameters, or to keep all
919
+ # the default parameter values, pass an empty Hash as a request object (see above).
920
+ #
921
+ # @param parent [::String]
922
+ # Required. The parent resource which owns the grants.
923
+ # @param page_size [::Integer]
924
+ # Optional. Requested page size. The server may return fewer items than
925
+ # requested. If unspecified, the server picks an appropriate default.
926
+ # @param page_token [::String]
927
+ # Optional. A token identifying a page of results the server should return.
928
+ # @param filter [::String]
929
+ # Optional. Filtering results.
930
+ # @param order_by [::String]
931
+ # Optional. Hint for how to order the results
932
+ # @yield [result, operation] Access the result along with the TransportOperation object
933
+ # @yieldparam result [::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsResponse]
934
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
935
+ #
936
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsResponse]
937
+ #
938
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
939
+ #
940
+ # @example Basic example
941
+ # require "google/cloud/privileged_access_manager/v1"
942
+ #
943
+ # # Create a client object. The client can be reused for multiple calls.
944
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
945
+ #
946
+ # # Create a request. To set request fields, pass in keyword arguments.
947
+ # request = Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest.new
948
+ #
949
+ # # Call the list_grants method.
950
+ # result = client.list_grants request
951
+ #
952
+ # # The returned object is of type Gapic::PagedEnumerable. You can iterate
953
+ # # over elements, and API calls will be issued to fetch pages as needed.
954
+ # result.each do |item|
955
+ # # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Grant.
956
+ # p item
957
+ # end
958
+ #
959
+ def list_grants request, options = nil
960
+ raise ::ArgumentError, "request must be provided" if request.nil?
961
+
962
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest
963
+
964
+ # Converts hash and nil to an options object
965
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
966
+
967
+ # Customize the options with defaults
968
+ call_metadata = @config.rpcs.list_grants.metadata.to_h
969
+
970
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
971
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
972
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
973
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
974
+ transports_version_send: [:rest]
975
+
976
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
977
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
978
+
979
+ options.apply_defaults timeout: @config.rpcs.list_grants.timeout,
980
+ metadata: call_metadata,
981
+ retry_policy: @config.rpcs.list_grants.retry_policy
982
+
983
+ options.apply_defaults timeout: @config.timeout,
984
+ metadata: @config.metadata,
985
+ retry_policy: @config.retry_policy
986
+
987
+ @privileged_access_manager_stub.list_grants request, options do |result, operation|
988
+ yield result, operation if block_given?
989
+ return result
990
+ end
991
+ rescue ::Gapic::Rest::Error => e
992
+ raise ::Google::Cloud::Error.from_error(e)
993
+ end
994
+
995
+ ##
996
+ # `SearchGrants` returns grants that are related to the calling user in the
997
+ # specified way.
998
+ #
999
+ # @overload search_grants(request, options = nil)
1000
+ # Pass arguments to `search_grants` via a request object, either of type
1001
+ # {::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest} or an equivalent Hash.
1002
+ #
1003
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest, ::Hash]
1004
+ # A request object representing the call parameters. Required. To specify no
1005
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1006
+ # @param options [::Gapic::CallOptions, ::Hash]
1007
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
1008
+ #
1009
+ # @overload search_grants(parent: nil, caller_relationship: nil, filter: nil, page_size: nil, page_token: nil)
1010
+ # Pass arguments to `search_grants` via keyword arguments. Note that at
1011
+ # least one keyword argument is required. To specify no parameters, or to keep all
1012
+ # the default parameter values, pass an empty Hash as a request object (see above).
1013
+ #
1014
+ # @param parent [::String]
1015
+ # Required. The parent which owns the grant resources.
1016
+ # @param caller_relationship [::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest::CallerRelationshipType]
1017
+ # Required. Only grants which the caller is related to by this relationship
1018
+ # are returned in the response.
1019
+ # @param filter [::String]
1020
+ # Optional. Only grants matching this filter are returned in the response.
1021
+ # @param page_size [::Integer]
1022
+ # Optional. Requested page size. The server may return fewer items than
1023
+ # requested. If unspecified, server picks an appropriate default.
1024
+ # @param page_token [::String]
1025
+ # Optional. A token identifying a page of results the server should return.
1026
+ # @yield [result, operation] Access the result along with the TransportOperation object
1027
+ # @yieldparam result [::Gapic::Rest::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>]
1028
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
1029
+ #
1030
+ # @return [::Gapic::Rest::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>]
1031
+ #
1032
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
1033
+ #
1034
+ # @example Basic example
1035
+ # require "google/cloud/privileged_access_manager/v1"
1036
+ #
1037
+ # # Create a client object. The client can be reused for multiple calls.
1038
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
1039
+ #
1040
+ # # Create a request. To set request fields, pass in keyword arguments.
1041
+ # request = Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest.new
1042
+ #
1043
+ # # Call the search_grants method.
1044
+ # result = client.search_grants request
1045
+ #
1046
+ # # The returned object is of type Gapic::PagedEnumerable. You can iterate
1047
+ # # over elements, and API calls will be issued to fetch pages as needed.
1048
+ # result.each do |item|
1049
+ # # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Grant.
1050
+ # p item
1051
+ # end
1052
+ #
1053
+ def search_grants request, options = nil
1054
+ raise ::ArgumentError, "request must be provided" if request.nil?
1055
+
1056
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest
1057
+
1058
+ # Converts hash and nil to an options object
1059
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1060
+
1061
+ # Customize the options with defaults
1062
+ call_metadata = @config.rpcs.search_grants.metadata.to_h
1063
+
1064
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
1065
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1066
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1067
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
1068
+ transports_version_send: [:rest]
1069
+
1070
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
1071
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1072
+
1073
+ options.apply_defaults timeout: @config.rpcs.search_grants.timeout,
1074
+ metadata: call_metadata,
1075
+ retry_policy: @config.rpcs.search_grants.retry_policy
1076
+
1077
+ options.apply_defaults timeout: @config.timeout,
1078
+ metadata: @config.metadata,
1079
+ retry_policy: @config.retry_policy
1080
+
1081
+ @privileged_access_manager_stub.search_grants request, options do |result, operation|
1082
+ result = ::Gapic::Rest::PagedEnumerable.new @privileged_access_manager_stub, :search_grants, "grants", request, result, options
1083
+ yield result, operation if block_given?
1084
+ return result
1085
+ end
1086
+ rescue ::Gapic::Rest::Error => e
1087
+ raise ::Google::Cloud::Error.from_error(e)
1088
+ end
1089
+
1090
+ ##
1091
+ # Get details of a single grant.
1092
+ #
1093
+ # @overload get_grant(request, options = nil)
1094
+ # Pass arguments to `get_grant` via a request object, either of type
1095
+ # {::Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest} or an equivalent Hash.
1096
+ #
1097
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest, ::Hash]
1098
+ # A request object representing the call parameters. Required. To specify no
1099
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1100
+ # @param options [::Gapic::CallOptions, ::Hash]
1101
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
1102
+ #
1103
+ # @overload get_grant(name: nil)
1104
+ # Pass arguments to `get_grant` via keyword arguments. Note that at
1105
+ # least one keyword argument is required. To specify no parameters, or to keep all
1106
+ # the default parameter values, pass an empty Hash as a request object (see above).
1107
+ #
1108
+ # @param name [::String]
1109
+ # Required. Name of the resource.
1110
+ # @yield [result, operation] Access the result along with the TransportOperation object
1111
+ # @yieldparam result [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
1112
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
1113
+ #
1114
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
1115
+ #
1116
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
1117
+ #
1118
+ # @example Basic example
1119
+ # require "google/cloud/privileged_access_manager/v1"
1120
+ #
1121
+ # # Create a client object. The client can be reused for multiple calls.
1122
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
1123
+ #
1124
+ # # Create a request. To set request fields, pass in keyword arguments.
1125
+ # request = Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest.new
1126
+ #
1127
+ # # Call the get_grant method.
1128
+ # result = client.get_grant request
1129
+ #
1130
+ # # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant.
1131
+ # p result
1132
+ #
1133
+ def get_grant request, options = nil
1134
+ raise ::ArgumentError, "request must be provided" if request.nil?
1135
+
1136
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest
1137
+
1138
+ # Converts hash and nil to an options object
1139
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1140
+
1141
+ # Customize the options with defaults
1142
+ call_metadata = @config.rpcs.get_grant.metadata.to_h
1143
+
1144
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
1145
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1146
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1147
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
1148
+ transports_version_send: [:rest]
1149
+
1150
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
1151
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1152
+
1153
+ options.apply_defaults timeout: @config.rpcs.get_grant.timeout,
1154
+ metadata: call_metadata,
1155
+ retry_policy: @config.rpcs.get_grant.retry_policy
1156
+
1157
+ options.apply_defaults timeout: @config.timeout,
1158
+ metadata: @config.metadata,
1159
+ retry_policy: @config.retry_policy
1160
+
1161
+ @privileged_access_manager_stub.get_grant request, options do |result, operation|
1162
+ yield result, operation if block_given?
1163
+ return result
1164
+ end
1165
+ rescue ::Gapic::Rest::Error => e
1166
+ raise ::Google::Cloud::Error.from_error(e)
1167
+ end
1168
+
1169
+ ##
1170
+ # Creates a new grant in a given project and location.
1171
+ #
1172
+ # @overload create_grant(request, options = nil)
1173
+ # Pass arguments to `create_grant` via a request object, either of type
1174
+ # {::Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest} or an equivalent Hash.
1175
+ #
1176
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest, ::Hash]
1177
+ # A request object representing the call parameters. Required. To specify no
1178
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1179
+ # @param options [::Gapic::CallOptions, ::Hash]
1180
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
1181
+ #
1182
+ # @overload create_grant(parent: nil, grant: nil, request_id: nil)
1183
+ # Pass arguments to `create_grant` via keyword arguments. Note that at
1184
+ # least one keyword argument is required. To specify no parameters, or to keep all
1185
+ # the default parameter values, pass an empty Hash as a request object (see above).
1186
+ #
1187
+ # @param parent [::String]
1188
+ # Required. Name of the parent entitlement for which this grant is being
1189
+ # requested.
1190
+ # @param grant [::Google::Cloud::PrivilegedAccessManager::V1::Grant, ::Hash]
1191
+ # Required. The resource being created.
1192
+ # @param request_id [::String]
1193
+ # Optional. An optional request ID to identify requests. Specify a unique
1194
+ # request ID so that if you must retry your request, the server knows to
1195
+ # ignore the request if it has already been completed. The server guarantees
1196
+ # this for at least 60 minutes after the first request.
1197
+ #
1198
+ # For example, consider a situation where you make an initial request and the
1199
+ # request times out. If you make the request again with the same request
1200
+ # ID, the server can check if original operation with the same request ID
1201
+ # was received, and if so, ignores the second request. This prevents
1202
+ # clients from accidentally creating duplicate commitments.
1203
+ #
1204
+ # The request ID must be a valid UUID with the exception that zero UUID is
1205
+ # not supported (00000000-0000-0000-0000-000000000000).
1206
+ # @yield [result, operation] Access the result along with the TransportOperation object
1207
+ # @yieldparam result [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
1208
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
1209
+ #
1210
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
1211
+ #
1212
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
1213
+ #
1214
+ # @example Basic example
1215
+ # require "google/cloud/privileged_access_manager/v1"
1216
+ #
1217
+ # # Create a client object. The client can be reused for multiple calls.
1218
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
1219
+ #
1220
+ # # Create a request. To set request fields, pass in keyword arguments.
1221
+ # request = Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest.new
1222
+ #
1223
+ # # Call the create_grant method.
1224
+ # result = client.create_grant request
1225
+ #
1226
+ # # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant.
1227
+ # p result
1228
+ #
1229
+ def create_grant request, options = nil
1230
+ raise ::ArgumentError, "request must be provided" if request.nil?
1231
+
1232
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest
1233
+
1234
+ # Converts hash and nil to an options object
1235
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1236
+
1237
+ # Customize the options with defaults
1238
+ call_metadata = @config.rpcs.create_grant.metadata.to_h
1239
+
1240
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
1241
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1242
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1243
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
1244
+ transports_version_send: [:rest]
1245
+
1246
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
1247
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1248
+
1249
+ options.apply_defaults timeout: @config.rpcs.create_grant.timeout,
1250
+ metadata: call_metadata,
1251
+ retry_policy: @config.rpcs.create_grant.retry_policy
1252
+
1253
+ options.apply_defaults timeout: @config.timeout,
1254
+ metadata: @config.metadata,
1255
+ retry_policy: @config.retry_policy
1256
+
1257
+ @privileged_access_manager_stub.create_grant request, options do |result, operation|
1258
+ yield result, operation if block_given?
1259
+ return result
1260
+ end
1261
+ rescue ::Gapic::Rest::Error => e
1262
+ raise ::Google::Cloud::Error.from_error(e)
1263
+ end
1264
+
1265
+ ##
1266
+ # `ApproveGrant` is used to approve a grant. This method can only be called
1267
+ # on a grant when it's in the `APPROVAL_AWAITED` state. This operation can't
1268
+ # be undone.
1269
+ #
1270
+ # @overload approve_grant(request, options = nil)
1271
+ # Pass arguments to `approve_grant` via a request object, either of type
1272
+ # {::Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest} or an equivalent Hash.
1273
+ #
1274
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest, ::Hash]
1275
+ # A request object representing the call parameters. Required. To specify no
1276
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1277
+ # @param options [::Gapic::CallOptions, ::Hash]
1278
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
1279
+ #
1280
+ # @overload approve_grant(name: nil, reason: nil)
1281
+ # Pass arguments to `approve_grant` via keyword arguments. Note that at
1282
+ # least one keyword argument is required. To specify no parameters, or to keep all
1283
+ # the default parameter values, pass an empty Hash as a request object (see above).
1284
+ #
1285
+ # @param name [::String]
1286
+ # Required. Name of the grant resource which is being approved.
1287
+ # @param reason [::String]
1288
+ # Optional. The reason for approving this grant. This is required if the
1289
+ # `require_approver_justification` field of the `ManualApprovals` workflow
1290
+ # used in this grant is true.
1291
+ # @yield [result, operation] Access the result along with the TransportOperation object
1292
+ # @yieldparam result [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
1293
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
1294
+ #
1295
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
1296
+ #
1297
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
1298
+ #
1299
+ # @example Basic example
1300
+ # require "google/cloud/privileged_access_manager/v1"
1301
+ #
1302
+ # # Create a client object. The client can be reused for multiple calls.
1303
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
1304
+ #
1305
+ # # Create a request. To set request fields, pass in keyword arguments.
1306
+ # request = Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest.new
1307
+ #
1308
+ # # Call the approve_grant method.
1309
+ # result = client.approve_grant request
1310
+ #
1311
+ # # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant.
1312
+ # p result
1313
+ #
1314
+ def approve_grant request, options = nil
1315
+ raise ::ArgumentError, "request must be provided" if request.nil?
1316
+
1317
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest
1318
+
1319
+ # Converts hash and nil to an options object
1320
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1321
+
1322
+ # Customize the options with defaults
1323
+ call_metadata = @config.rpcs.approve_grant.metadata.to_h
1324
+
1325
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
1326
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1327
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1328
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
1329
+ transports_version_send: [:rest]
1330
+
1331
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
1332
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1333
+
1334
+ options.apply_defaults timeout: @config.rpcs.approve_grant.timeout,
1335
+ metadata: call_metadata,
1336
+ retry_policy: @config.rpcs.approve_grant.retry_policy
1337
+
1338
+ options.apply_defaults timeout: @config.timeout,
1339
+ metadata: @config.metadata,
1340
+ retry_policy: @config.retry_policy
1341
+
1342
+ @privileged_access_manager_stub.approve_grant request, options do |result, operation|
1343
+ yield result, operation if block_given?
1344
+ return result
1345
+ end
1346
+ rescue ::Gapic::Rest::Error => e
1347
+ raise ::Google::Cloud::Error.from_error(e)
1348
+ end
1349
+
1350
+ ##
1351
+ # `DenyGrant` is used to deny a grant. This method can only be called on a
1352
+ # grant when it's in the `APPROVAL_AWAITED` state. This operation can't be
1353
+ # undone.
1354
+ #
1355
+ # @overload deny_grant(request, options = nil)
1356
+ # Pass arguments to `deny_grant` via a request object, either of type
1357
+ # {::Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest} or an equivalent Hash.
1358
+ #
1359
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest, ::Hash]
1360
+ # A request object representing the call parameters. Required. To specify no
1361
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1362
+ # @param options [::Gapic::CallOptions, ::Hash]
1363
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
1364
+ #
1365
+ # @overload deny_grant(name: nil, reason: nil)
1366
+ # Pass arguments to `deny_grant` via keyword arguments. Note that at
1367
+ # least one keyword argument is required. To specify no parameters, or to keep all
1368
+ # the default parameter values, pass an empty Hash as a request object (see above).
1369
+ #
1370
+ # @param name [::String]
1371
+ # Required. Name of the grant resource which is being denied.
1372
+ # @param reason [::String]
1373
+ # Optional. The reason for denying this grant. This is required if
1374
+ # `require_approver_justification` field of the `ManualApprovals` workflow
1375
+ # used in this grant is true.
1376
+ # @yield [result, operation] Access the result along with the TransportOperation object
1377
+ # @yieldparam result [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
1378
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
1379
+ #
1380
+ # @return [::Google::Cloud::PrivilegedAccessManager::V1::Grant]
1381
+ #
1382
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
1383
+ #
1384
+ # @example Basic example
1385
+ # require "google/cloud/privileged_access_manager/v1"
1386
+ #
1387
+ # # Create a client object. The client can be reused for multiple calls.
1388
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
1389
+ #
1390
+ # # Create a request. To set request fields, pass in keyword arguments.
1391
+ # request = Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest.new
1392
+ #
1393
+ # # Call the deny_grant method.
1394
+ # result = client.deny_grant request
1395
+ #
1396
+ # # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant.
1397
+ # p result
1398
+ #
1399
+ def deny_grant request, options = nil
1400
+ raise ::ArgumentError, "request must be provided" if request.nil?
1401
+
1402
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest
1403
+
1404
+ # Converts hash and nil to an options object
1405
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1406
+
1407
+ # Customize the options with defaults
1408
+ call_metadata = @config.rpcs.deny_grant.metadata.to_h
1409
+
1410
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
1411
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1412
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1413
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
1414
+ transports_version_send: [:rest]
1415
+
1416
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
1417
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1418
+
1419
+ options.apply_defaults timeout: @config.rpcs.deny_grant.timeout,
1420
+ metadata: call_metadata,
1421
+ retry_policy: @config.rpcs.deny_grant.retry_policy
1422
+
1423
+ options.apply_defaults timeout: @config.timeout,
1424
+ metadata: @config.metadata,
1425
+ retry_policy: @config.retry_policy
1426
+
1427
+ @privileged_access_manager_stub.deny_grant request, options do |result, operation|
1428
+ yield result, operation if block_given?
1429
+ return result
1430
+ end
1431
+ rescue ::Gapic::Rest::Error => e
1432
+ raise ::Google::Cloud::Error.from_error(e)
1433
+ end
1434
+
1435
+ ##
1436
+ # `RevokeGrant` is used to immediately revoke access for a grant. This method
1437
+ # can be called when the grant is in a non-terminal state.
1438
+ #
1439
+ # @overload revoke_grant(request, options = nil)
1440
+ # Pass arguments to `revoke_grant` via a request object, either of type
1441
+ # {::Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest} or an equivalent Hash.
1442
+ #
1443
+ # @param request [::Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest, ::Hash]
1444
+ # A request object representing the call parameters. Required. To specify no
1445
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1446
+ # @param options [::Gapic::CallOptions, ::Hash]
1447
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
1448
+ #
1449
+ # @overload revoke_grant(name: nil, reason: nil)
1450
+ # Pass arguments to `revoke_grant` via keyword arguments. Note that at
1451
+ # least one keyword argument is required. To specify no parameters, or to keep all
1452
+ # the default parameter values, pass an empty Hash as a request object (see above).
1453
+ #
1454
+ # @param name [::String]
1455
+ # Required. Name of the grant resource which is being revoked.
1456
+ # @param reason [::String]
1457
+ # Optional. The reason for revoking this grant.
1458
+ # @yield [result, operation] Access the result along with the TransportOperation object
1459
+ # @yieldparam result [::Gapic::Operation]
1460
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
1461
+ #
1462
+ # @return [::Gapic::Operation]
1463
+ #
1464
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
1465
+ #
1466
+ # @example Basic example
1467
+ # require "google/cloud/privileged_access_manager/v1"
1468
+ #
1469
+ # # Create a client object. The client can be reused for multiple calls.
1470
+ # client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
1471
+ #
1472
+ # # Create a request. To set request fields, pass in keyword arguments.
1473
+ # request = Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest.new
1474
+ #
1475
+ # # Call the revoke_grant method.
1476
+ # result = client.revoke_grant request
1477
+ #
1478
+ # # The returned object is of type Gapic::Operation. You can use it to
1479
+ # # check the status of an operation, cancel it, or wait for results.
1480
+ # # Here is how to wait for a response.
1481
+ # result.wait_until_done! timeout: 60
1482
+ # if result.response?
1483
+ # p result.response
1484
+ # else
1485
+ # puts "No response received."
1486
+ # end
1487
+ #
1488
+ def revoke_grant request, options = nil
1489
+ raise ::ArgumentError, "request must be provided" if request.nil?
1490
+
1491
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest
1492
+
1493
+ # Converts hash and nil to an options object
1494
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1495
+
1496
+ # Customize the options with defaults
1497
+ call_metadata = @config.rpcs.revoke_grant.metadata.to_h
1498
+
1499
+ # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
1500
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1501
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1502
+ gapic_version: ::Google::Cloud::PrivilegedAccessManager::V1::VERSION,
1503
+ transports_version_send: [:rest]
1504
+
1505
+ call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
1506
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1507
+
1508
+ options.apply_defaults timeout: @config.rpcs.revoke_grant.timeout,
1509
+ metadata: call_metadata,
1510
+ retry_policy: @config.rpcs.revoke_grant.retry_policy
1511
+
1512
+ options.apply_defaults timeout: @config.timeout,
1513
+ metadata: @config.metadata,
1514
+ retry_policy: @config.retry_policy
1515
+
1516
+ @privileged_access_manager_stub.revoke_grant request, options do |result, operation|
1517
+ result = ::Gapic::Operation.new result, @operations_client, options: options
1518
+ yield result, operation if block_given?
1519
+ return result
1520
+ end
1521
+ rescue ::Gapic::Rest::Error => e
1522
+ raise ::Google::Cloud::Error.from_error(e)
1523
+ end
1524
+
1525
+ ##
1526
+ # Configuration class for the PrivilegedAccessManager REST API.
1527
+ #
1528
+ # This class represents the configuration for PrivilegedAccessManager REST,
1529
+ # providing control over timeouts, retry behavior, logging, transport
1530
+ # parameters, and other low-level controls. Certain parameters can also be
1531
+ # applied individually to specific RPCs. See
1532
+ # {::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client::Configuration::Rpcs}
1533
+ # for a list of RPCs that can be configured independently.
1534
+ #
1535
+ # Configuration can be applied globally to all clients, or to a single client
1536
+ # on construction.
1537
+ #
1538
+ # @example
1539
+ #
1540
+ # # Modify the global config, setting the timeout for
1541
+ # # check_onboarding_status to 20 seconds,
1542
+ # # and all remaining timeouts to 10 seconds.
1543
+ # ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.configure do |config|
1544
+ # config.timeout = 10.0
1545
+ # config.rpcs.check_onboarding_status.timeout = 20.0
1546
+ # end
1547
+ #
1548
+ # # Apply the above configuration only to a new client.
1549
+ # client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new do |config|
1550
+ # config.timeout = 10.0
1551
+ # config.rpcs.check_onboarding_status.timeout = 20.0
1552
+ # end
1553
+ #
1554
+ # @!attribute [rw] endpoint
1555
+ # A custom service endpoint, as a hostname or hostname:port. The default is
1556
+ # nil, indicating to use the default endpoint in the current universe domain.
1557
+ # @return [::String,nil]
1558
+ # @!attribute [rw] credentials
1559
+ # Credentials to send with calls. You may provide any of the following types:
1560
+ # * (`String`) The path to a service account key file in JSON format
1561
+ # * (`Hash`) A service account key as a Hash
1562
+ # * (`Google::Auth::Credentials`) A googleauth credentials object
1563
+ # (see the [googleauth docs](https://rubydoc.info/gems/googleauth/Google/Auth/Credentials))
1564
+ # * (`Signet::OAuth2::Client`) A signet oauth2 client object
1565
+ # (see the [signet docs](https://rubydoc.info/gems/signet/Signet/OAuth2/Client))
1566
+ # * (`nil`) indicating no credentials
1567
+ # @return [::Object]
1568
+ # @!attribute [rw] scope
1569
+ # The OAuth scopes
1570
+ # @return [::Array<::String>]
1571
+ # @!attribute [rw] lib_name
1572
+ # The library name as recorded in instrumentation and logging
1573
+ # @return [::String]
1574
+ # @!attribute [rw] lib_version
1575
+ # The library version as recorded in instrumentation and logging
1576
+ # @return [::String]
1577
+ # @!attribute [rw] timeout
1578
+ # The call timeout in seconds.
1579
+ # @return [::Numeric]
1580
+ # @!attribute [rw] metadata
1581
+ # Additional headers to be sent with the call.
1582
+ # @return [::Hash{::Symbol=>::String}]
1583
+ # @!attribute [rw] retry_policy
1584
+ # The retry policy. The value is a hash with the following keys:
1585
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
1586
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
1587
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
1588
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
1589
+ # trigger a retry.
1590
+ # @return [::Hash]
1591
+ # @!attribute [rw] quota_project
1592
+ # A separate project against which to charge quota.
1593
+ # @return [::String]
1594
+ # @!attribute [rw] universe_domain
1595
+ # The universe domain within which to make requests. This determines the
1596
+ # default endpoint URL. The default value of nil uses the environment
1597
+ # universe (usually the default "googleapis.com" universe).
1598
+ # @return [::String,nil]
1599
+ #
1600
+ class Configuration
1601
+ extend ::Gapic::Config
1602
+
1603
+ # @private
1604
+ # The endpoint specific to the default "googleapis.com" universe. Deprecated.
1605
+ DEFAULT_ENDPOINT = "privilegedaccessmanager.googleapis.com"
1606
+
1607
+ config_attr :endpoint, nil, ::String, nil
1608
+ config_attr :credentials, nil do |value|
1609
+ allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
1610
+ allowed.any? { |klass| klass === value }
1611
+ end
1612
+ config_attr :scope, nil, ::String, ::Array, nil
1613
+ config_attr :lib_name, nil, ::String, nil
1614
+ config_attr :lib_version, nil, ::String, nil
1615
+ config_attr :timeout, nil, ::Numeric, nil
1616
+ config_attr :metadata, nil, ::Hash, nil
1617
+ config_attr :retry_policy, nil, ::Hash, ::Proc, nil
1618
+ config_attr :quota_project, nil, ::String, nil
1619
+ config_attr :universe_domain, nil, ::String, nil
1620
+
1621
+ # @private
1622
+ # Overrides for http bindings for the RPCs of this service
1623
+ # are only used when this service is used as mixin, and only
1624
+ # by the host service.
1625
+ # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}]
1626
+ config_attr :bindings_override, {}, ::Hash, nil
1627
+
1628
+ # @private
1629
+ def initialize parent_config = nil
1630
+ @parent_config = parent_config unless parent_config.nil?
1631
+
1632
+ yield self if block_given?
1633
+ end
1634
+
1635
+ ##
1636
+ # Configurations for individual RPCs
1637
+ # @return [Rpcs]
1638
+ #
1639
+ def rpcs
1640
+ @rpcs ||= begin
1641
+ parent_rpcs = nil
1642
+ parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
1643
+ Rpcs.new parent_rpcs
1644
+ end
1645
+ end
1646
+
1647
+ ##
1648
+ # Configuration RPC class for the PrivilegedAccessManager API.
1649
+ #
1650
+ # Includes fields providing the configuration for each RPC in this service.
1651
+ # Each configuration object is of type `Gapic::Config::Method` and includes
1652
+ # the following configuration fields:
1653
+ #
1654
+ # * `timeout` (*type:* `Numeric`) - The call timeout in seconds
1655
+ # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional headers
1656
+ # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
1657
+ # include the following keys:
1658
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
1659
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
1660
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
1661
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
1662
+ # trigger a retry.
1663
+ #
1664
+ class Rpcs
1665
+ ##
1666
+ # RPC-specific configuration for `check_onboarding_status`
1667
+ # @return [::Gapic::Config::Method]
1668
+ #
1669
+ attr_reader :check_onboarding_status
1670
+ ##
1671
+ # RPC-specific configuration for `list_entitlements`
1672
+ # @return [::Gapic::Config::Method]
1673
+ #
1674
+ attr_reader :list_entitlements
1675
+ ##
1676
+ # RPC-specific configuration for `search_entitlements`
1677
+ # @return [::Gapic::Config::Method]
1678
+ #
1679
+ attr_reader :search_entitlements
1680
+ ##
1681
+ # RPC-specific configuration for `get_entitlement`
1682
+ # @return [::Gapic::Config::Method]
1683
+ #
1684
+ attr_reader :get_entitlement
1685
+ ##
1686
+ # RPC-specific configuration for `create_entitlement`
1687
+ # @return [::Gapic::Config::Method]
1688
+ #
1689
+ attr_reader :create_entitlement
1690
+ ##
1691
+ # RPC-specific configuration for `delete_entitlement`
1692
+ # @return [::Gapic::Config::Method]
1693
+ #
1694
+ attr_reader :delete_entitlement
1695
+ ##
1696
+ # RPC-specific configuration for `update_entitlement`
1697
+ # @return [::Gapic::Config::Method]
1698
+ #
1699
+ attr_reader :update_entitlement
1700
+ ##
1701
+ # RPC-specific configuration for `list_grants`
1702
+ # @return [::Gapic::Config::Method]
1703
+ #
1704
+ attr_reader :list_grants
1705
+ ##
1706
+ # RPC-specific configuration for `search_grants`
1707
+ # @return [::Gapic::Config::Method]
1708
+ #
1709
+ attr_reader :search_grants
1710
+ ##
1711
+ # RPC-specific configuration for `get_grant`
1712
+ # @return [::Gapic::Config::Method]
1713
+ #
1714
+ attr_reader :get_grant
1715
+ ##
1716
+ # RPC-specific configuration for `create_grant`
1717
+ # @return [::Gapic::Config::Method]
1718
+ #
1719
+ attr_reader :create_grant
1720
+ ##
1721
+ # RPC-specific configuration for `approve_grant`
1722
+ # @return [::Gapic::Config::Method]
1723
+ #
1724
+ attr_reader :approve_grant
1725
+ ##
1726
+ # RPC-specific configuration for `deny_grant`
1727
+ # @return [::Gapic::Config::Method]
1728
+ #
1729
+ attr_reader :deny_grant
1730
+ ##
1731
+ # RPC-specific configuration for `revoke_grant`
1732
+ # @return [::Gapic::Config::Method]
1733
+ #
1734
+ attr_reader :revoke_grant
1735
+
1736
+ # @private
1737
+ def initialize parent_rpcs = nil
1738
+ check_onboarding_status_config = parent_rpcs.check_onboarding_status if parent_rpcs.respond_to? :check_onboarding_status
1739
+ @check_onboarding_status = ::Gapic::Config::Method.new check_onboarding_status_config
1740
+ list_entitlements_config = parent_rpcs.list_entitlements if parent_rpcs.respond_to? :list_entitlements
1741
+ @list_entitlements = ::Gapic::Config::Method.new list_entitlements_config
1742
+ search_entitlements_config = parent_rpcs.search_entitlements if parent_rpcs.respond_to? :search_entitlements
1743
+ @search_entitlements = ::Gapic::Config::Method.new search_entitlements_config
1744
+ get_entitlement_config = parent_rpcs.get_entitlement if parent_rpcs.respond_to? :get_entitlement
1745
+ @get_entitlement = ::Gapic::Config::Method.new get_entitlement_config
1746
+ create_entitlement_config = parent_rpcs.create_entitlement if parent_rpcs.respond_to? :create_entitlement
1747
+ @create_entitlement = ::Gapic::Config::Method.new create_entitlement_config
1748
+ delete_entitlement_config = parent_rpcs.delete_entitlement if parent_rpcs.respond_to? :delete_entitlement
1749
+ @delete_entitlement = ::Gapic::Config::Method.new delete_entitlement_config
1750
+ update_entitlement_config = parent_rpcs.update_entitlement if parent_rpcs.respond_to? :update_entitlement
1751
+ @update_entitlement = ::Gapic::Config::Method.new update_entitlement_config
1752
+ list_grants_config = parent_rpcs.list_grants if parent_rpcs.respond_to? :list_grants
1753
+ @list_grants = ::Gapic::Config::Method.new list_grants_config
1754
+ search_grants_config = parent_rpcs.search_grants if parent_rpcs.respond_to? :search_grants
1755
+ @search_grants = ::Gapic::Config::Method.new search_grants_config
1756
+ get_grant_config = parent_rpcs.get_grant if parent_rpcs.respond_to? :get_grant
1757
+ @get_grant = ::Gapic::Config::Method.new get_grant_config
1758
+ create_grant_config = parent_rpcs.create_grant if parent_rpcs.respond_to? :create_grant
1759
+ @create_grant = ::Gapic::Config::Method.new create_grant_config
1760
+ approve_grant_config = parent_rpcs.approve_grant if parent_rpcs.respond_to? :approve_grant
1761
+ @approve_grant = ::Gapic::Config::Method.new approve_grant_config
1762
+ deny_grant_config = parent_rpcs.deny_grant if parent_rpcs.respond_to? :deny_grant
1763
+ @deny_grant = ::Gapic::Config::Method.new deny_grant_config
1764
+ revoke_grant_config = parent_rpcs.revoke_grant if parent_rpcs.respond_to? :revoke_grant
1765
+ @revoke_grant = ::Gapic::Config::Method.new revoke_grant_config
1766
+
1767
+ yield self if block_given?
1768
+ end
1769
+ end
1770
+ end
1771
+ end
1772
+ end
1773
+ end
1774
+ end
1775
+ end
1776
+ end
1777
+ end