google-cloud-privileged_access_manager-v1 0.a → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +12 -0
- data/AUTHENTICATION.md +122 -0
- data/README.md +144 -8
- data/lib/google/cloud/privileged_access_manager/v1/bindings_override.rb +134 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/client.rb +1895 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/credentials.rb +47 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/operations.rb +809 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/paths.rb +206 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/client.rb +1777 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/operations.rb +944 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/service_stub.rb +1109 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest.rb +73 -0
- data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager.rb +75 -0
- data/lib/google/cloud/privileged_access_manager/v1/rest.rb +38 -0
- data/lib/google/cloud/privileged_access_manager/v1/version.rb +7 -2
- data/lib/google/cloud/privileged_access_manager/v1.rb +45 -0
- data/lib/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_pb.rb +108 -0
- data/lib/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_services_pb.rb +121 -0
- data/lib/google-cloud-privileged_access_manager-v1.rb +21 -0
- data/proto_docs/README.md +4 -0
- data/proto_docs/google/api/client.rb +403 -0
- data/proto_docs/google/api/field_behavior.rb +85 -0
- data/proto_docs/google/api/launch_stage.rb +71 -0
- data/proto_docs/google/api/resource.rb +227 -0
- data/proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb +966 -0
- data/proto_docs/google/longrunning/operations.rb +164 -0
- data/proto_docs/google/protobuf/any.rb +145 -0
- data/proto_docs/google/protobuf/duration.rb +98 -0
- data/proto_docs/google/protobuf/empty.rb +34 -0
- data/proto_docs/google/protobuf/field_mask.rb +229 -0
- data/proto_docs/google/protobuf/timestamp.rb +127 -0
- data/proto_docs/google/rpc/status.rb +48 -0
- metadata +125 -10
@@ -0,0 +1,73 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2024 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
require "gapic/rest"
|
20
|
+
require "gapic/config"
|
21
|
+
require "gapic/config/method"
|
22
|
+
|
23
|
+
require "google/cloud/privileged_access_manager/v1/version"
|
24
|
+
require "google/cloud/privileged_access_manager/v1/bindings_override"
|
25
|
+
|
26
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/credentials"
|
27
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/paths"
|
28
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/operations"
|
29
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/client"
|
30
|
+
|
31
|
+
module Google
|
32
|
+
module Cloud
|
33
|
+
module PrivilegedAccessManager
|
34
|
+
module V1
|
35
|
+
##
|
36
|
+
# This API allows customers to manage temporary, request based privileged
|
37
|
+
# access to their resources.
|
38
|
+
#
|
39
|
+
# It defines the following resource model:
|
40
|
+
#
|
41
|
+
# * A collection of `Entitlement` resources. An entitlement allows configuring
|
42
|
+
# (among other things):
|
43
|
+
#
|
44
|
+
# * Some kind of privileged access that users can request.
|
45
|
+
# * A set of users called _requesters_ who can request this access.
|
46
|
+
# * A maximum duration for which the access can be requested.
|
47
|
+
# * An optional approval workflow which must be satisfied before access is
|
48
|
+
# granted.
|
49
|
+
#
|
50
|
+
# * A collection of `Grant` resources. A grant is a request by a requester to
|
51
|
+
# get the privileged access specified in an entitlement for some duration.
|
52
|
+
#
|
53
|
+
# After the approval workflow as specified in the entitlement is satisfied,
|
54
|
+
# the specified access is given to the requester. The access is automatically
|
55
|
+
# taken back after the requested duration is over.
|
56
|
+
#
|
57
|
+
# To load this service and instantiate a REST client:
|
58
|
+
#
|
59
|
+
# require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest"
|
60
|
+
# client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
|
61
|
+
#
|
62
|
+
module PrivilegedAccessManager
|
63
|
+
# Client for the REST transport
|
64
|
+
module Rest
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
helper_path = ::File.join __dir__, "rest", "helpers.rb"
|
73
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/helpers" if ::File.file? helper_path
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2024 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
require "gapic/common"
|
20
|
+
require "gapic/config"
|
21
|
+
require "gapic/config/method"
|
22
|
+
|
23
|
+
require "google/cloud/privileged_access_manager/v1/version"
|
24
|
+
|
25
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/credentials"
|
26
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/paths"
|
27
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/operations"
|
28
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/client"
|
29
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest"
|
30
|
+
|
31
|
+
module Google
|
32
|
+
module Cloud
|
33
|
+
module PrivilegedAccessManager
|
34
|
+
module V1
|
35
|
+
##
|
36
|
+
# This API allows customers to manage temporary, request based privileged
|
37
|
+
# access to their resources.
|
38
|
+
#
|
39
|
+
# It defines the following resource model:
|
40
|
+
#
|
41
|
+
# * A collection of `Entitlement` resources. An entitlement allows configuring
|
42
|
+
# (among other things):
|
43
|
+
#
|
44
|
+
# * Some kind of privileged access that users can request.
|
45
|
+
# * A set of users called _requesters_ who can request this access.
|
46
|
+
# * A maximum duration for which the access can be requested.
|
47
|
+
# * An optional approval workflow which must be satisfied before access is
|
48
|
+
# granted.
|
49
|
+
#
|
50
|
+
# * A collection of `Grant` resources. A grant is a request by a requester to
|
51
|
+
# get the privileged access specified in an entitlement for some duration.
|
52
|
+
#
|
53
|
+
# After the approval workflow as specified in the entitlement is satisfied,
|
54
|
+
# the specified access is given to the requester. The access is automatically
|
55
|
+
# taken back after the requested duration is over.
|
56
|
+
#
|
57
|
+
# @example Load this service and instantiate a gRPC client
|
58
|
+
#
|
59
|
+
# require "google/cloud/privileged_access_manager/v1/privileged_access_manager"
|
60
|
+
# client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new
|
61
|
+
#
|
62
|
+
# @example Load this service and instantiate a REST client
|
63
|
+
#
|
64
|
+
# require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest"
|
65
|
+
# client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
|
66
|
+
#
|
67
|
+
module PrivilegedAccessManager
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
helper_path = ::File.join __dir__, "privileged_access_manager", "helpers.rb"
|
75
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/helpers" if ::File.file? helper_path
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2024 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest"
|
20
|
+
require "google/cloud/privileged_access_manager/v1/bindings_override"
|
21
|
+
require "google/cloud/privileged_access_manager/v1/version"
|
22
|
+
|
23
|
+
module Google
|
24
|
+
module Cloud
|
25
|
+
module PrivilegedAccessManager
|
26
|
+
##
|
27
|
+
# To load just the REST part of this package, including all its services, and instantiate a REST client:
|
28
|
+
#
|
29
|
+
# @example
|
30
|
+
#
|
31
|
+
# require "google/cloud/privileged_access_manager/v1/rest"
|
32
|
+
# client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
|
33
|
+
#
|
34
|
+
module V1
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# Copyright 2024 Google LLC
|
2
4
|
#
|
3
5
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
6
|
# you may not use this file except in compliance with the License.
|
5
7
|
# You may obtain a copy of the License at
|
6
8
|
#
|
7
|
-
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
8
10
|
#
|
9
11
|
# Unless required by applicable law or agreed to in writing, software
|
10
12
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
@@ -12,11 +14,14 @@
|
|
12
14
|
# See the License for the specific language governing permissions and
|
13
15
|
# limitations under the License.
|
14
16
|
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
15
20
|
module Google
|
16
21
|
module Cloud
|
17
22
|
module PrivilegedAccessManager
|
18
23
|
module V1
|
19
|
-
VERSION = "0.
|
24
|
+
VERSION = "0.1.0"
|
20
25
|
end
|
21
26
|
end
|
22
27
|
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2024 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
require "google/cloud/privileged_access_manager/v1/privileged_access_manager"
|
20
|
+
require "google/cloud/privileged_access_manager/v1/version"
|
21
|
+
|
22
|
+
module Google
|
23
|
+
module Cloud
|
24
|
+
module PrivilegedAccessManager
|
25
|
+
##
|
26
|
+
# API client module.
|
27
|
+
#
|
28
|
+
# @example Load this package, including all its services, and instantiate a gRPC client
|
29
|
+
#
|
30
|
+
# require "google/cloud/privileged_access_manager/v1"
|
31
|
+
# client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new
|
32
|
+
#
|
33
|
+
# @example Load this package, including all its services, and instantiate a REST client
|
34
|
+
#
|
35
|
+
# require "google/cloud/privileged_access_manager/v1"
|
36
|
+
# client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
|
37
|
+
#
|
38
|
+
module V1
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
helper_path = ::File.join __dir__, "v1", "_helpers.rb"
|
45
|
+
require "google/cloud/privileged_access_manager/v1/_helpers" if ::File.file? helper_path
|
@@ -0,0 +1,108 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
3
|
+
# source: google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.proto
|
4
|
+
|
5
|
+
require 'google/protobuf'
|
6
|
+
|
7
|
+
require 'google/api/annotations_pb'
|
8
|
+
require 'google/api/client_pb'
|
9
|
+
require 'google/api/field_behavior_pb'
|
10
|
+
require 'google/api/resource_pb'
|
11
|
+
require 'google/longrunning/operations_pb'
|
12
|
+
require 'google/protobuf/duration_pb'
|
13
|
+
require 'google/protobuf/field_mask_pb'
|
14
|
+
require 'google/protobuf/timestamp_pb'
|
15
|
+
require 'google/rpc/status_pb'
|
16
|
+
|
17
|
+
|
18
|
+
descriptor_data = "\nEgoogle/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.proto\x12\'google.cloud.privilegedaccessmanager.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a#google/longrunning/operations.proto\x1a\x1egoogle/protobuf/duration.proto\x1a google/protobuf/field_mask.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"j\n\x1c\x43heckOnboardingStatusRequest\x12J\n\x06parent\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32privilegedaccessmanager.googleapis.com/Entitlement\"\xe3\x02\n\x1d\x43heckOnboardingStatusResponse\x12\x17\n\x0fservice_account\x18\x01 \x01(\t\x12`\n\x08\x66indings\x18\x02 \x03(\x0b\x32N.google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse.Finding\x1a\xc6\x01\n\x07\x46inding\x12{\n\x11iam_access_denied\x18\x01 \x01(\x0b\x32^.google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse.Finding.IAMAccessDeniedH\x00\x1a.\n\x0fIAMAccessDenied\x12\x1b\n\x13missing_permissions\x18\x01 \x03(\tB\x0e\n\x0c\x66inding_type\"\xfd\x0c\n\x0b\x45ntitlement\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x08\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0bupdate_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12X\n\x0e\x65ligible_users\x18\x05 \x03(\x0b\x32;.google.cloud.privilegedaccessmanager.v1.AccessControlEntryB\x03\xe0\x41\x01\x12Y\n\x11\x61pproval_workflow\x18\x06 \x01(\x0b\x32\x39.google.cloud.privilegedaccessmanager.v1.ApprovalWorkflowB\x03\xe0\x41\x01\x12T\n\x11privileged_access\x18\x07 \x01(\x0b\x32\x39.google.cloud.privilegedaccessmanager.v1.PrivilegedAccess\x12<\n\x14max_request_duration\x18\x08 \x01(\x0b\x32\x19.google.protobuf.DurationB\x03\xe0\x41\x02\x12N\n\x05state\x18\t \x01(\x0e\x32:.google.cloud.privilegedaccessmanager.v1.Entitlement.StateB\x03\xe0\x41\x03\x12~\n\x1erequester_justification_config\x18\n \x01(\x0b\x32Q.google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfigB\x03\xe0\x41\x02\x12\x80\x01\n\x1f\x61\x64\x64itional_notification_targets\x18\x0b \x01(\x0b\x32R.google.cloud.privilegedaccessmanager.v1.Entitlement.AdditionalNotificationTargetsB\x03\xe0\x41\x01\x12\x0c\n\x04\x65tag\x18\x0c \x01(\t\x1a\xc5\x02\n\x1cRequesterJustificationConfig\x12w\n\rnot_mandatory\x18\x01 \x01(\x0b\x32^.google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig.NotMandatoryH\x00\x12v\n\x0cunstructured\x18\x02 \x01(\x0b\x32^.google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig.UnstructuredH\x00\x1a\x0e\n\x0cNotMandatory\x1a\x0e\n\x0cUnstructuredB\x14\n\x12justification_type\x1am\n\x1d\x41\x64\x64itionalNotificationTargets\x12#\n\x16\x61\x64min_email_recipients\x18\x01 \x03(\tB\x03\xe0\x41\x01\x12\'\n\x1arequester_email_recipients\x18\x02 \x03(\tB\x03\xe0\x41\x01\"d\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x0c\n\x08\x43REATING\x10\x01\x12\r\n\tAVAILABLE\x10\x02\x12\x0c\n\x08\x44\x45LETING\x10\x03\x12\x0b\n\x07\x44\x45LETED\x10\x04\x12\x0c\n\x08UPDATING\x10\x05:\xa7\x02\xea\x41\xa3\x02\n2privilegedaccessmanager.googleapis.com/Entitlement\x12\x42projects/{project}/locations/{location}/entitlements/{entitlement}\x12@folders/{folder}/locations/{location}/entitlements/{entitlement}\x12Lorganizations/{organization}/locations/{location}/entitlements/{entitlement}*\x0c\x65ntitlements2\x0b\x65ntitlement\"-\n\x12\x41\x63\x63\x65ssControlEntry\x12\x17\n\nprincipals\x18\x01 \x03(\tB\x03\xe0\x41\x01\"}\n\x10\x41pprovalWorkflow\x12T\n\x10manual_approvals\x18\x01 \x01(\x0b\x32\x38.google.cloud.privilegedaccessmanager.v1.ManualApprovalsH\x00\x42\x13\n\x11\x61pproval_workflow\"\xb6\x02\n\x0fManualApprovals\x12+\n\x1erequire_approver_justification\x18\x01 \x01(\x08\x42\x03\xe0\x41\x01\x12Q\n\x05steps\x18\x02 \x03(\x0b\x32=.google.cloud.privilegedaccessmanager.v1.ManualApprovals.StepB\x03\xe0\x41\x01\x1a\xa2\x01\n\x04Step\x12S\n\tapprovers\x18\x01 \x03(\x0b\x32;.google.cloud.privilegedaccessmanager.v1.AccessControlEntryB\x03\xe0\x41\x01\x12\x1d\n\x10\x61pprovals_needed\x18\x02 \x01(\x05\x42\x03\xe0\x41\x02\x12&\n\x19\x61pprover_email_recipients\x18\x03 \x03(\tB\x03\xe0\x41\x01\"\xfc\x02\n\x10PrivilegedAccess\x12`\n\x0egcp_iam_access\x18\x01 \x01(\x0b\x32\x46.google.cloud.privilegedaccessmanager.v1.PrivilegedAccess.GcpIamAccessH\x00\x1a\xf6\x01\n\x0cGcpIamAccess\x12\x1a\n\rresource_type\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x15\n\x08resource\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12n\n\rrole_bindings\x18\x04 \x03(\x0b\x32R.google.cloud.privilegedaccessmanager.v1.PrivilegedAccess.GcpIamAccess.RoleBindingB\x03\xe0\x41\x02\x1a\x43\n\x0bRoleBinding\x12\x11\n\x04role\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12!\n\x14\x63ondition_expression\x18\x02 \x01(\tB\x03\xe0\x41\x01\x42\r\n\x0b\x61\x63\x63\x65ss_type\"\xc2\x01\n\x17ListEntitlementsRequest\x12J\n\x06parent\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32privilegedaccessmanager.googleapis.com/Entitlement\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x13\n\x06\x66ilter\x18\x04 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x05 \x01(\tB\x03\xe0\x41\x01\"\x94\x01\n\x18ListEntitlementsResponse\x12J\n\x0c\x65ntitlements\x18\x01 \x03(\x0b\x32\x34.google.cloud.privilegedaccessmanager.v1.Entitlement\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x13\n\x0bunreachable\x18\x03 \x03(\t\"\x84\x03\n\x19SearchEntitlementsRequest\x12J\n\x06parent\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32privilegedaccessmanager.googleapis.com/Entitlement\x12t\n\x12\x63\x61ller_access_type\x18\x02 \x01(\x0e\x32S.google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest.CallerAccessTypeB\x03\xe0\x41\x02\x12\x13\n\x06\x66ilter\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x16\n\tpage_size\x18\x04 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x05 \x01(\tB\x03\xe0\x41\x01\"_\n\x10\x43\x61llerAccessType\x12\"\n\x1e\x43\x41LLER_ACCESS_TYPE_UNSPECIFIED\x10\x00\x12\x13\n\x0fGRANT_REQUESTER\x10\x01\x12\x12\n\x0eGRANT_APPROVER\x10\x02\"\x81\x01\n\x1aSearchEntitlementsResponse\x12J\n\x0c\x65ntitlements\x18\x01 \x03(\x0b\x32\x34.google.cloud.privilegedaccessmanager.v1.Entitlement\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"a\n\x15GetEntitlementRequest\x12H\n\x04name\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\n2privilegedaccessmanager.googleapis.com/Entitlement\"\xec\x01\n\x18\x43reateEntitlementRequest\x12J\n\x06parent\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32privilegedaccessmanager.googleapis.com/Entitlement\x12\x1b\n\x0e\x65ntitlement_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12N\n\x0b\x65ntitlement\x18\x03 \x01(\x0b\x32\x34.google.cloud.privilegedaccessmanager.v1.EntitlementB\x03\xe0\x41\x02\x12\x17\n\nrequest_id\x18\x04 \x01(\tB\x03\xe0\x41\x01\"\x91\x01\n\x18\x44\x65leteEntitlementRequest\x12H\n\x04name\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\n2privilegedaccessmanager.googleapis.com/Entitlement\x12\x17\n\nrequest_id\x18\x02 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05\x66orce\x18\x03 \x01(\x08\x42\x03\xe0\x41\x01\"\xa0\x01\n\x18UpdateEntitlementRequest\x12N\n\x0b\x65ntitlement\x18\x01 \x01(\x0b\x32\x34.google.cloud.privilegedaccessmanager.v1.EntitlementB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02\"\xcb\x16\n\x05Grant\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x08\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0bupdate_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x16\n\trequester\x18\x04 \x01(\tB\x03\xe0\x41\x03\x12:\n\x12requested_duration\x18\x05 \x01(\x0b\x32\x19.google.protobuf.DurationB\x03\xe0\x41\x02\x12R\n\rjustification\x18\x06 \x01(\x0b\x32\x36.google.cloud.privilegedaccessmanager.v1.JustificationB\x03\xe0\x41\x01\x12H\n\x05state\x18\x07 \x01(\x0e\x32\x34.google.cloud.privilegedaccessmanager.v1.Grant.StateB\x03\xe0\x41\x03\x12N\n\x08timeline\x18\x08 \x01(\x0b\x32\x37.google.cloud.privilegedaccessmanager.v1.Grant.TimelineB\x03\xe0\x41\x03\x12Y\n\x11privileged_access\x18\t \x01(\x0b\x32\x39.google.cloud.privilegedaccessmanager.v1.PrivilegedAccessB\x03\xe0\x41\x03\x12S\n\x0b\x61udit_trail\x18\n \x01(\x0b\x32\x39.google.cloud.privilegedaccessmanager.v1.Grant.AuditTrailB\x03\xe0\x41\x03\x12(\n\x1b\x61\x64\x64itional_email_recipients\x18\x0b \x03(\tB\x03\xe0\x41\x01\x12 \n\x13\x65xternally_modified\x18\x0c \x01(\x08\x42\x03\xe0\x41\x03\x1a\xff\x0b\n\x08Timeline\x12R\n\x06\x65vents\x18\x01 \x03(\x0b\x32=.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.EventB\x03\xe0\x41\x03\x1a\x9e\x0b\n\x05\x45vent\x12\\\n\trequested\x18\x02 \x01(\x0b\x32G.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.RequestedH\x00\x12Z\n\x08\x61pproved\x18\x03 \x01(\x0b\x32\x46.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ApprovedH\x00\x12V\n\x06\x64\x65nied\x18\x04 \x01(\x0b\x32\x44.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.DeniedH\x00\x12X\n\x07revoked\x18\x05 \x01(\x0b\x32\x45.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.RevokedH\x00\x12\\\n\tscheduled\x18\x06 \x01(\x0b\x32G.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ScheduledH\x00\x12\\\n\tactivated\x18\x07 \x01(\x0b\x32G.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ActivatedH\x00\x12k\n\x11\x61\x63tivation_failed\x18\x08 \x01(\x0b\x32N.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ActivationFailedH\x00\x12X\n\x07\x65xpired\x18\n \x01(\x0b\x32\x45.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ExpiredH\x00\x12T\n\x05\x65nded\x18\x0b \x01(\x0b\x32\x43.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.EndedH\x00\x12o\n\x13\x65xternally_modified\x18\x0c \x01(\x0b\x32P.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ExternallyModifiedH\x00\x12\x33\n\nevent_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a\x41\n\tRequested\x12\x34\n\x0b\x65xpire_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a\x33\n\x08\x41pproved\x12\x13\n\x06reason\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x12\n\x05\x61\x63tor\x18\x02 \x01(\tB\x03\xe0\x41\x03\x1a\x31\n\x06\x44\x65nied\x12\x13\n\x06reason\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x12\n\x05\x61\x63tor\x18\x02 \x01(\tB\x03\xe0\x41\x03\x1a\x32\n\x07Revoked\x12\x13\n\x06reason\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x12\n\x05\x61\x63tor\x18\x02 \x01(\tB\x03\xe0\x41\x03\x1aO\n\tScheduled\x12\x42\n\x19scheduled_activation_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a\x0b\n\tActivated\x1a:\n\x10\x41\x63tivationFailed\x12&\n\x05\x65rror\x18\x01 \x01(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\x1a\t\n\x07\x45xpired\x1a\x07\n\x05\x45nded\x1a\x14\n\x12\x45xternallyModifiedB\x07\n\x05\x65vent\x1a\x85\x01\n\nAuditTrail\x12:\n\x11\x61\x63\x63\x65ss_grant_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12;\n\x12\x61\x63\x63\x65ss_remove_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\"\xb5\x01\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x14\n\x10\x41PPROVAL_AWAITED\x10\x01\x12\n\n\x06\x44\x45NIED\x10\x03\x12\r\n\tSCHEDULED\x10\x04\x12\x0e\n\nACTIVATING\x10\x05\x12\n\n\x06\x41\x43TIVE\x10\x06\x12\x15\n\x11\x41\x43TIVATION_FAILED\x10\x07\x12\x0b\n\x07\x45XPIRED\x10\x08\x12\x0c\n\x08REVOKING\x10\t\x12\x0b\n\x07REVOKED\x10\n\x12\t\n\x05\x45NDED\x10\x0b:\xc2\x02\xea\x41\xbe\x02\n,privilegedaccessmanager.googleapis.com/Grant\x12Qprojects/{project}/locations/{location}/entitlements/{entitlement}/grants/{grant}\x12Ofolders/{folder}/locations/{location}/entitlements/{entitlement}/grants/{grant}\x12[organizations/{organization}/locations/{location}/entitlements/{entitlement}/grants/{grant}*\x06grants2\x05grant\"F\n\rJustification\x12$\n\x1aunstructured_justification\x18\x01 \x01(\tH\x00\x42\x0f\n\rjustification\"\xb6\x01\n\x11ListGrantsRequest\x12\x44\n\x06parent\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\x12,privilegedaccessmanager.googleapis.com/Grant\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x13\n\x06\x66ilter\x18\x04 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x05 \x01(\tB\x03\xe0\x41\x01\"\x82\x01\n\x12ListGrantsResponse\x12>\n\x06grants\x18\x01 \x03(\x0b\x32..google.cloud.privilegedaccessmanager.v1.Grant\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x13\n\x0bunreachable\x18\x03 \x03(\t\"\x90\x03\n\x13SearchGrantsRequest\x12\x44\n\x06parent\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\x12,privilegedaccessmanager.googleapis.com/Grant\x12u\n\x13\x63\x61ller_relationship\x18\x02 \x01(\x0e\x32S.google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest.CallerRelationshipTypeB\x03\xe0\x41\x02\x12\x13\n\x06\x66ilter\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x16\n\tpage_size\x18\x04 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x05 \x01(\tB\x03\xe0\x41\x01\"v\n\x16\x43\x61llerRelationshipType\x12(\n$CALLER_RELATIONSHIP_TYPE_UNSPECIFIED\x10\x00\x12\x0f\n\x0bHAD_CREATED\x10\x01\x12\x0f\n\x0b\x43\x41N_APPROVE\x10\x02\x12\x10\n\x0cHAD_APPROVED\x10\x03\"o\n\x14SearchGrantsResponse\x12>\n\x06grants\x18\x01 \x03(\x0b\x32..google.cloud.privilegedaccessmanager.v1.Grant\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"U\n\x0fGetGrantRequest\x12\x42\n\x04name\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\n,privilegedaccessmanager.googleapis.com/Grant\"n\n\x13\x41pproveGrantRequest\x12\x42\n\x04name\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\n,privilegedaccessmanager.googleapis.com/Grant\x12\x13\n\x06reason\x18\x02 \x01(\tB\x03\xe0\x41\x01\"k\n\x10\x44\x65nyGrantRequest\x12\x42\n\x04name\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\n,privilegedaccessmanager.googleapis.com/Grant\x12\x13\n\x06reason\x18\x02 \x01(\tB\x03\xe0\x41\x01\"m\n\x12RevokeGrantRequest\x12\x42\n\x04name\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\n,privilegedaccessmanager.googleapis.com/Grant\x12\x13\n\x06reason\x18\x02 \x01(\tB\x03\xe0\x41\x01\"\xb7\x01\n\x12\x43reateGrantRequest\x12\x44\n\x06parent\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\x12,privilegedaccessmanager.googleapis.com/Grant\x12\x42\n\x05grant\x18\x02 \x01(\x0b\x32..google.cloud.privilegedaccessmanager.v1.GrantB\x03\xe0\x41\x02\x12\x17\n\nrequest_id\x18\x03 \x01(\tB\x03\xe0\x41\x01\"\x80\x02\n\x11OperationMetadata\x12\x34\n\x0b\x63reate_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x31\n\x08\x65nd_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x13\n\x06target\x18\x03 \x01(\tB\x03\xe0\x41\x03\x12\x11\n\x04verb\x18\x04 \x01(\tB\x03\xe0\x41\x03\x12\x1b\n\x0estatus_message\x18\x05 \x01(\tB\x03\xe0\x41\x03\x12#\n\x16requested_cancellation\x18\x06 \x01(\x08\x42\x03\xe0\x41\x03\x12\x18\n\x0b\x61pi_version\x18\x07 \x01(\tB\x03\xe0\x41\x03\x32\xc1\'\n\x17PrivilegedAccessManager\x12\xe9\x02\n\x15\x43heckOnboardingStatus\x12\x45.google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusRequest\x1a\x46.google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse\"\xc0\x01\x82\xd3\xe4\x93\x02\xb9\x01\x12\x39/v1/{parent=projects/*/locations/*}:checkOnboardingStatusZ@\x12>/v1/{parent=organizations/*/locations/*}:checkOnboardingStatusZ:\x12\x38/v1/{parent=folders/*/locations/*}:checkOnboardingStatus\x12\xc8\x02\n\x10ListEntitlements\x12@.google.cloud.privilegedaccessmanager.v1.ListEntitlementsRequest\x1a\x41.google.cloud.privilegedaccessmanager.v1.ListEntitlementsResponse\"\xae\x01\xda\x41\x06parent\x82\xd3\xe4\x93\x02\x9e\x01\x12\x30/v1/{parent=projects/*/locations/*}/entitlementsZ7\x12\x35/v1/{parent=organizations/*/locations/*}/entitlementsZ1\x12//v1/{parent=folders/*/locations/*}/entitlements\x12\xda\x02\n\x12SearchEntitlements\x12\x42.google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest\x1a\x43.google.cloud.privilegedaccessmanager.v1.SearchEntitlementsResponse\"\xba\x01\x82\xd3\xe4\x93\x02\xb3\x01\x12\x37/v1/{parent=projects/*/locations/*}/entitlements:searchZ>\x12</v1/{parent=organizations/*/locations/*}/entitlements:searchZ8\x12\x36/v1/{parent=folders/*/locations/*}/entitlements:search\x12\xb5\x02\n\x0eGetEntitlement\x12>.google.cloud.privilegedaccessmanager.v1.GetEntitlementRequest\x1a\x34.google.cloud.privilegedaccessmanager.v1.Entitlement\"\xac\x01\xda\x41\x04name\x82\xd3\xe4\x93\x02\x9e\x01\x12\x30/v1/{name=projects/*/locations/*/entitlements/*}Z7\x12\x35/v1/{name=organizations/*/locations/*/entitlements/*}Z1\x12//v1/{name=folders/*/locations/*/entitlements/*}\x12\x8b\x03\n\x11\x43reateEntitlement\x12\x41.google.cloud.privilegedaccessmanager.v1.CreateEntitlementRequest\x1a\x1d.google.longrunning.Operation\"\x93\x02\xca\x41 \n\x0b\x45ntitlement\x12\x11OperationMetadata\xda\x41!parent,entitlement,entitlement_id\x82\xd3\xe4\x93\x02\xc5\x01\"0/v1/{parent=projects/*/locations/*}/entitlements:\x0b\x65ntitlementZD\"5/v1/{parent=organizations/*/locations/*}/entitlements:\x0b\x65ntitlementZ>\"//v1/{parent=folders/*/locations/*}/entitlements:\x0b\x65ntitlement\x12\xc7\x02\n\x11\x44\x65leteEntitlement\x12\x41.google.cloud.privilegedaccessmanager.v1.DeleteEntitlementRequest\x1a\x1d.google.longrunning.Operation\"\xcf\x01\xca\x41 \n\x0b\x45ntitlement\x12\x11OperationMetadata\xda\x41\x04name\x82\xd3\xe4\x93\x02\x9e\x01*0/v1/{name=projects/*/locations/*/entitlements/*}Z7*5/v1/{name=organizations/*/locations/*/entitlements/*}Z1*//v1/{name=folders/*/locations/*/entitlements/*}\x12\xa5\x03\n\x11UpdateEntitlement\x12\x41.google.cloud.privilegedaccessmanager.v1.UpdateEntitlementRequest\x1a\x1d.google.longrunning.Operation\"\xad\x02\xca\x41 \n\x0b\x45ntitlement\x12\x11OperationMetadata\xda\x41\x17\x65ntitlement,update_mask\x82\xd3\xe4\x93\x02\xe9\x01\x32</v1/{entitlement.name=projects/*/locations/*/entitlements/*}:\x0b\x65ntitlementZP2A/v1/{entitlement.name=organizations/*/locations/*/entitlements/*}:\x0b\x65ntitlementZJ2;/v1/{entitlement.name=folders/*/locations/*/entitlements/*}:\x0b\x65ntitlement\x12\xd1\x02\n\nListGrants\x12:.google.cloud.privilegedaccessmanager.v1.ListGrantsRequest\x1a;.google.cloud.privilegedaccessmanager.v1.ListGrantsResponse\"\xc9\x01\xda\x41\x06parent\x82\xd3\xe4\x93\x02\xb9\x01\x12\x39/v1/{parent=projects/*/locations/*/entitlements/*}/grantsZ@\x12>/v1/{parent=organizations/*/locations/*/entitlements/*}/grantsZ:\x12\x38/v1/{parent=folders/*/locations/*/entitlements/*}/grants\x12\xe3\x02\n\x0cSearchGrants\x12<.google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest\x1a=.google.cloud.privilegedaccessmanager.v1.SearchGrantsResponse\"\xd5\x01\x82\xd3\xe4\x93\x02\xce\x01\x12@/v1/{parent=projects/*/locations/*/entitlements/*}/grants:searchZG\x12\x45/v1/{parent=organizations/*/locations/*/entitlements/*}/grants:searchZA\x12?/v1/{parent=folders/*/locations/*/entitlements/*}/grants:search\x12\xbe\x02\n\x08GetGrant\x12\x38.google.cloud.privilegedaccessmanager.v1.GetGrantRequest\x1a..google.cloud.privilegedaccessmanager.v1.Grant\"\xc7\x01\xda\x41\x04name\x82\xd3\xe4\x93\x02\xb9\x01\x12\x39/v1/{name=projects/*/locations/*/entitlements/*/grants/*}Z@\x12>/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}Z:\x12\x38/v1/{name=folders/*/locations/*/entitlements/*/grants/*}\x12\xe1\x02\n\x0b\x43reateGrant\x12;.google.cloud.privilegedaccessmanager.v1.CreateGrantRequest\x1a..google.cloud.privilegedaccessmanager.v1.Grant\"\xe4\x01\xda\x41\x0cparent,grant\x82\xd3\xe4\x93\x02\xce\x01\"9/v1/{parent=projects/*/locations/*/entitlements/*}/grants:\x05grantZG\">/v1/{parent=organizations/*/locations/*/entitlements/*}/grants:\x05grantZA\"8/v1/{parent=folders/*/locations/*/entitlements/*}/grants:\x05grant\x12\xe0\x02\n\x0c\x41pproveGrant\x12<.google.cloud.privilegedaccessmanager.v1.ApproveGrantRequest\x1a..google.cloud.privilegedaccessmanager.v1.Grant\"\xe1\x01\x82\xd3\xe4\x93\x02\xda\x01\"A/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:approve:\x01*ZK\"F/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:approve:\x01*ZE\"@/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:approve:\x01*\x12\xd1\x02\n\tDenyGrant\x12\x39.google.cloud.privilegedaccessmanager.v1.DenyGrantRequest\x1a..google.cloud.privilegedaccessmanager.v1.Grant\"\xd8\x01\x82\xd3\xe4\x93\x02\xd1\x01\">/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:deny:\x01*ZH\"C/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:deny:\x01*ZB\"=/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:deny:\x01*\x12\xe7\x02\n\x0bRevokeGrant\x12;.google.cloud.privilegedaccessmanager.v1.RevokeGrantRequest\x1a\x1d.google.longrunning.Operation\"\xfb\x01\xca\x41\x1a\n\x05Grant\x12\x11OperationMetadata\x82\xd3\xe4\x93\x02\xd7\x01\"@/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:revoke:\x01*ZJ\"E/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:revoke:\x01*ZD\"?/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:revoke:\x01*\x1aZ\xca\x41&privilegedaccessmanager.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x89\x04\n+com.google.cloud.privilegedaccessmanager.v1B\x1cPrivilegedAccessManagerProtoP\x01Zecloud.google.com/go/privilegedaccessmanager/apiv1/privilegedaccessmanagerpb;privilegedaccessmanagerpb\xaa\x02\'Google.Cloud.PrivilegedAccessManager.V1\xca\x02\'Google\\Cloud\\PrivilegedAccessManager\\V1\xea\x02*Google::Cloud::PrivilegedAccessManager::V1\xea\x41p\n;privilegedaccessmanager.googleapis.com/OrganizationLocation\x12\x31organizations/{organization}/locations/{location}\xea\x41^\n5privilegedaccessmanager.googleapis.com/FolderLocation\x12%folders/{folder}/locations/{location}b\x06proto3"
|
19
|
+
|
20
|
+
pool = Google::Protobuf::DescriptorPool.generated_pool
|
21
|
+
|
22
|
+
begin
|
23
|
+
pool.add_serialized_file(descriptor_data)
|
24
|
+
rescue TypeError
|
25
|
+
# Compatibility code: will be removed in the next major version.
|
26
|
+
require 'google/protobuf/descriptor_pb'
|
27
|
+
parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
|
28
|
+
parsed.clear_dependency
|
29
|
+
serialized = parsed.class.encode(parsed)
|
30
|
+
file = pool.add_serialized_file(serialized)
|
31
|
+
warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
|
32
|
+
imports = [
|
33
|
+
["google.protobuf.Timestamp", "google/protobuf/timestamp.proto"],
|
34
|
+
["google.protobuf.Duration", "google/protobuf/duration.proto"],
|
35
|
+
["google.protobuf.FieldMask", "google/protobuf/field_mask.proto"],
|
36
|
+
["google.rpc.Status", "google/rpc/status.proto"],
|
37
|
+
]
|
38
|
+
imports.each do |type_name, expected_filename|
|
39
|
+
import_file = pool.lookup(type_name).file_descriptor
|
40
|
+
if import_file.name != expected_filename
|
41
|
+
warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
warn "Each proto file must use a consistent fully-qualified name."
|
45
|
+
warn "This will become an error in the next major version."
|
46
|
+
end
|
47
|
+
|
48
|
+
module Google
|
49
|
+
module Cloud
|
50
|
+
module PrivilegedAccessManager
|
51
|
+
module V1
|
52
|
+
CheckOnboardingStatusRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusRequest").msgclass
|
53
|
+
CheckOnboardingStatusResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse").msgclass
|
54
|
+
CheckOnboardingStatusResponse::Finding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse.Finding").msgclass
|
55
|
+
CheckOnboardingStatusResponse::Finding::IAMAccessDenied = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse.Finding.IAMAccessDenied").msgclass
|
56
|
+
Entitlement = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement").msgclass
|
57
|
+
Entitlement::RequesterJustificationConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig").msgclass
|
58
|
+
Entitlement::RequesterJustificationConfig::NotMandatory = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig.NotMandatory").msgclass
|
59
|
+
Entitlement::RequesterJustificationConfig::Unstructured = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig.Unstructured").msgclass
|
60
|
+
Entitlement::AdditionalNotificationTargets = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.AdditionalNotificationTargets").msgclass
|
61
|
+
Entitlement::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.State").enummodule
|
62
|
+
AccessControlEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.AccessControlEntry").msgclass
|
63
|
+
ApprovalWorkflow = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ApprovalWorkflow").msgclass
|
64
|
+
ManualApprovals = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ManualApprovals").msgclass
|
65
|
+
ManualApprovals::Step = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ManualApprovals.Step").msgclass
|
66
|
+
PrivilegedAccess = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.PrivilegedAccess").msgclass
|
67
|
+
PrivilegedAccess::GcpIamAccess = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.PrivilegedAccess.GcpIamAccess").msgclass
|
68
|
+
PrivilegedAccess::GcpIamAccess::RoleBinding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.PrivilegedAccess.GcpIamAccess.RoleBinding").msgclass
|
69
|
+
ListEntitlementsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ListEntitlementsRequest").msgclass
|
70
|
+
ListEntitlementsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ListEntitlementsResponse").msgclass
|
71
|
+
SearchEntitlementsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest").msgclass
|
72
|
+
SearchEntitlementsRequest::CallerAccessType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest.CallerAccessType").enummodule
|
73
|
+
SearchEntitlementsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchEntitlementsResponse").msgclass
|
74
|
+
GetEntitlementRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.GetEntitlementRequest").msgclass
|
75
|
+
CreateEntitlementRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CreateEntitlementRequest").msgclass
|
76
|
+
DeleteEntitlementRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.DeleteEntitlementRequest").msgclass
|
77
|
+
UpdateEntitlementRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.UpdateEntitlementRequest").msgclass
|
78
|
+
Grant = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant").msgclass
|
79
|
+
Grant::Timeline = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline").msgclass
|
80
|
+
Grant::Timeline::Event = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event").msgclass
|
81
|
+
Grant::Timeline::Event::Requested = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Requested").msgclass
|
82
|
+
Grant::Timeline::Event::Approved = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Approved").msgclass
|
83
|
+
Grant::Timeline::Event::Denied = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Denied").msgclass
|
84
|
+
Grant::Timeline::Event::Revoked = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Revoked").msgclass
|
85
|
+
Grant::Timeline::Event::Scheduled = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Scheduled").msgclass
|
86
|
+
Grant::Timeline::Event::Activated = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Activated").msgclass
|
87
|
+
Grant::Timeline::Event::ActivationFailed = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ActivationFailed").msgclass
|
88
|
+
Grant::Timeline::Event::Expired = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Expired").msgclass
|
89
|
+
Grant::Timeline::Event::Ended = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Ended").msgclass
|
90
|
+
Grant::Timeline::Event::ExternallyModified = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ExternallyModified").msgclass
|
91
|
+
Grant::AuditTrail = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.AuditTrail").msgclass
|
92
|
+
Grant::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.State").enummodule
|
93
|
+
Justification = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Justification").msgclass
|
94
|
+
ListGrantsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ListGrantsRequest").msgclass
|
95
|
+
ListGrantsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ListGrantsResponse").msgclass
|
96
|
+
SearchGrantsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest").msgclass
|
97
|
+
SearchGrantsRequest::CallerRelationshipType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest.CallerRelationshipType").enummodule
|
98
|
+
SearchGrantsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchGrantsResponse").msgclass
|
99
|
+
GetGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.GetGrantRequest").msgclass
|
100
|
+
ApproveGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ApproveGrantRequest").msgclass
|
101
|
+
DenyGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.DenyGrantRequest").msgclass
|
102
|
+
RevokeGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.RevokeGrantRequest").msgclass
|
103
|
+
CreateGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CreateGrantRequest").msgclass
|
104
|
+
OperationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.OperationMetadata").msgclass
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
@@ -0,0 +1,121 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.proto for package 'Google.Cloud.PrivilegedAccessManager.V1'
|
3
|
+
# Original file comments:
|
4
|
+
# Copyright 2024 Google LLC
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'grpc'
|
20
|
+
require 'google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_pb'
|
21
|
+
|
22
|
+
module Google
|
23
|
+
module Cloud
|
24
|
+
module PrivilegedAccessManager
|
25
|
+
module V1
|
26
|
+
module PrivilegedAccessManager
|
27
|
+
# This API allows customers to manage temporary, request based privileged
|
28
|
+
# access to their resources.
|
29
|
+
#
|
30
|
+
# It defines the following resource model:
|
31
|
+
#
|
32
|
+
# * A collection of `Entitlement` resources. An entitlement allows configuring
|
33
|
+
# (among other things):
|
34
|
+
#
|
35
|
+
# * Some kind of privileged access that users can request.
|
36
|
+
# * A set of users called _requesters_ who can request this access.
|
37
|
+
# * A maximum duration for which the access can be requested.
|
38
|
+
# * An optional approval workflow which must be satisfied before access is
|
39
|
+
# granted.
|
40
|
+
#
|
41
|
+
# * A collection of `Grant` resources. A grant is a request by a requester to
|
42
|
+
# get the privileged access specified in an entitlement for some duration.
|
43
|
+
#
|
44
|
+
# After the approval workflow as specified in the entitlement is satisfied,
|
45
|
+
# the specified access is given to the requester. The access is automatically
|
46
|
+
# taken back after the requested duration is over.
|
47
|
+
class Service
|
48
|
+
|
49
|
+
include ::GRPC::GenericService
|
50
|
+
|
51
|
+
self.marshal_class_method = :encode
|
52
|
+
self.unmarshal_class_method = :decode
|
53
|
+
self.service_name = 'google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager'
|
54
|
+
|
55
|
+
# CheckOnboardingStatus reports the onboarding status for a
|
56
|
+
# project/folder/organization. Any findings reported by this API need to be
|
57
|
+
# fixed before PAM can be used on the resource.
|
58
|
+
rpc :CheckOnboardingStatus, ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest, ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
|
59
|
+
# Lists entitlements in a given project/folder/organization and location.
|
60
|
+
rpc :ListEntitlements, ::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest, ::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsResponse
|
61
|
+
# `SearchEntitlements` returns entitlements on which the caller has the
|
62
|
+
# specified access.
|
63
|
+
rpc :SearchEntitlements, ::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest, ::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsResponse
|
64
|
+
# Gets details of a single entitlement.
|
65
|
+
rpc :GetEntitlement, ::Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
|
66
|
+
# Creates a new entitlement in a given project/folder/organization and
|
67
|
+
# location.
|
68
|
+
rpc :CreateEntitlement, ::Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest, ::Google::Longrunning::Operation
|
69
|
+
# Deletes a single entitlement. This method can only be called when there
|
70
|
+
# are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the
|
71
|
+
# entitlement.
|
72
|
+
rpc :DeleteEntitlement, ::Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest, ::Google::Longrunning::Operation
|
73
|
+
# Updates the entitlement specified in the request. Updated fields in the
|
74
|
+
# entitlement need to be specified in an update mask. The changes made to an
|
75
|
+
# entitlement are applicable only on future grants of the entitlement.
|
76
|
+
# However, if new approvers are added or existing approvers are removed from
|
77
|
+
# the approval workflow, the changes are effective on existing grants.
|
78
|
+
#
|
79
|
+
# The following fields are not supported for updates:
|
80
|
+
#
|
81
|
+
# * All immutable fields
|
82
|
+
# * Entitlement name
|
83
|
+
# * Resource name
|
84
|
+
# * Resource type
|
85
|
+
# * Adding an approval workflow in an entitlement which previously had no
|
86
|
+
# approval workflow.
|
87
|
+
# * Deleting the approval workflow from an entitlement.
|
88
|
+
# * Adding or deleting a step in the approval workflow (only one step is
|
89
|
+
# supported)
|
90
|
+
#
|
91
|
+
# Note that updates are allowed on the list of approvers in an approval
|
92
|
+
# workflow step.
|
93
|
+
rpc :UpdateEntitlement, ::Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest, ::Google::Longrunning::Operation
|
94
|
+
# Lists grants for a given entitlement.
|
95
|
+
rpc :ListGrants, ::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest, ::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsResponse
|
96
|
+
# `SearchGrants` returns grants that are related to the calling user in the
|
97
|
+
# specified way.
|
98
|
+
rpc :SearchGrants, ::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest, ::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsResponse
|
99
|
+
# Get details of a single grant.
|
100
|
+
rpc :GetGrant, ::Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Grant
|
101
|
+
# Creates a new grant in a given project and location.
|
102
|
+
rpc :CreateGrant, ::Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Grant
|
103
|
+
# `ApproveGrant` is used to approve a grant. This method can only be called
|
104
|
+
# on a grant when it's in the `APPROVAL_AWAITED` state. This operation can't
|
105
|
+
# be undone.
|
106
|
+
rpc :ApproveGrant, ::Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Grant
|
107
|
+
# `DenyGrant` is used to deny a grant. This method can only be called on a
|
108
|
+
# grant when it's in the `APPROVAL_AWAITED` state. This operation can't be
|
109
|
+
# undone.
|
110
|
+
rpc :DenyGrant, ::Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Grant
|
111
|
+
# `RevokeGrant` is used to immediately revoke access for a grant. This method
|
112
|
+
# can be called when the grant is in a non-terminal state.
|
113
|
+
rpc :RevokeGrant, ::Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest, ::Google::Longrunning::Operation
|
114
|
+
end
|
115
|
+
|
116
|
+
Stub = Service.rpc_stub_class
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2024 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
# This gem does not autoload during Bundler.require. To load this gem,
|
20
|
+
# issue explicit require statements for the packages desired, e.g.:
|
21
|
+
# require "google/cloud/privileged_access_manager/v1"
|