google-cloud-privileged_access_manager-v1 0.a → 0.1.0

data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "gapic/rest"
+require "gapic/config"
+require "gapic/config/method"
+
+require "google/cloud/privileged_access_manager/v1/version"
+require "google/cloud/privileged_access_manager/v1/bindings_override"
+
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/credentials"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/paths"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/operations"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/client"
+
+module Google
+  module Cloud
+    module PrivilegedAccessManager
+      module V1
+        ##
+        # This API allows customers to manage temporary, request based privileged
+        # access to their resources.
+        #
+        # It defines the following resource model:
+        #
+        # * A collection of `Entitlement` resources. An entitlement allows configuring
+        #   (among other things):
+        #
+        #   * Some kind of privileged access that users can request.
+        #   * A set of users called _requesters_ who can request this access.
+        #   * A maximum duration for which the access can be requested.
+        #   * An optional approval workflow which must be satisfied before access is
+        #     granted.
+        #
+        # * A collection of `Grant` resources. A grant is a request by a requester to
+        #   get the privileged access specified in an entitlement for some duration.
+        #
+        #   After the approval workflow as specified in the entitlement is satisfied,
+        #   the specified access is given to the requester. The access is automatically
+        #   taken back after the requested duration is over.
+        #
+        # To load this service and instantiate a REST client:
+        #
+        #     require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest"
+        #     client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
+        #
+        module PrivilegedAccessManager
+          # Client for the REST transport
+          module Rest
+          end
+        end
+      end
+    end
+  end
+end
+
+helper_path = ::File.join __dir__, "rest", "helpers.rb"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/helpers" if ::File.file? helper_path

data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "gapic/common"
+require "gapic/config"
+require "gapic/config/method"
+
+require "google/cloud/privileged_access_manager/v1/version"
+
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/credentials"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/paths"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/operations"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/client"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest"
+
+module Google
+  module Cloud
+    module PrivilegedAccessManager
+      module V1
+        ##
+        # This API allows customers to manage temporary, request based privileged
+        # access to their resources.
+        #
+        # It defines the following resource model:
+        #
+        # * A collection of `Entitlement` resources. An entitlement allows configuring
+        #   (among other things):
+        #
+        #   * Some kind of privileged access that users can request.
+        #   * A set of users called _requesters_ who can request this access.
+        #   * A maximum duration for which the access can be requested.
+        #   * An optional approval workflow which must be satisfied before access is
+        #     granted.
+        #
+        # * A collection of `Grant` resources. A grant is a request by a requester to
+        #   get the privileged access specified in an entitlement for some duration.
+        #
+        #   After the approval workflow as specified in the entitlement is satisfied,
+        #   the specified access is given to the requester. The access is automatically
+        #   taken back after the requested duration is over.
+        #
+        # @example Load this service and instantiate a gRPC client
+        #
+        #     require "google/cloud/privileged_access_manager/v1/privileged_access_manager"
+        #     client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new
+        #
+        # @example Load this service and instantiate a REST client
+        #
+        #     require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest"
+        #     client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
+        #
+        module PrivilegedAccessManager
+        end
+      end
+    end
+  end
+end
+
+helper_path = ::File.join __dir__, "privileged_access_manager", "helpers.rb"
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/helpers" if ::File.file? helper_path

data/lib/google/cloud/privileged_access_manager/v1/rest.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager/rest"
+require "google/cloud/privileged_access_manager/v1/bindings_override"
+require "google/cloud/privileged_access_manager/v1/version"
+
+module Google
+  module Cloud
+    module PrivilegedAccessManager
+      ##
+      # To load just the REST part of this package, including all its services, and instantiate a REST client:
+      #
+      # @example
+      #
+      #     require "google/cloud/privileged_access_manager/v1/rest"
+      #     client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
+      #
+      module V1
+      end
+    end
+  end
+end

data/lib/google/cloud/privileged_access_manager/v1/version.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 # Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,11 +14,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
 module Google
   module Cloud
     module PrivilegedAccessManager
       module V1
-        VERSION = "0.a"
+        VERSION = "0.1.0"
       end
     end
   end

data/lib/google/cloud/privileged_access_manager/v1.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "google/cloud/privileged_access_manager/v1/privileged_access_manager"
+require "google/cloud/privileged_access_manager/v1/version"
+
+module Google
+  module Cloud
+    module PrivilegedAccessManager
+      ##
+      # API client module.
+      #
+      # @example Load this package, including all its services, and instantiate a gRPC client
+      #
+      #     require "google/cloud/privileged_access_manager/v1"
+      #     client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new
+      #
+      # @example Load this package, including all its services, and instantiate a REST client
+      #
+      #     require "google/cloud/privileged_access_manager/v1"
+      #     client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Rest::Client.new
+      #
+      module V1
+      end
+    end
+  end
+end
+
+helper_path = ::File.join __dir__, "v1", "_helpers.rb"
+require "google/cloud/privileged_access_manager/v1/_helpers" if ::File.file? helper_path

data/lib/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_pb.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'google/api/client_pb'
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
+require 'google/longrunning/operations_pb'
+require 'google/protobuf/duration_pb'
+require 'google/protobuf/field_mask_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/rpc/status_pb'
+
+
+descriptor_data = "\nEgoogle/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.proto\x12\'google.cloud.privilegedaccessmanager.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a#google/longrunning/operations.proto\x1a\x1egoogle/protobuf/duration.proto\x1a google/protobuf/field_mask.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"j\n\x1c\x43heckOnboardingStatusRequest\x12J\n\x06parent\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32privilegedaccessmanager.googleapis.com/Entitlement\"\xe3\x02\n\x1d\x43heckOnboardingStatusResponse\x12\x17\n\x0fservice_account\x18\x01 \x01(\t\x12`\n\x08\x66indings\x18\x02 \x03(\x0b\x32N.google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse.Finding\x1a\xc6\x01\n\x07\x46inding\x12{\n\x11iam_access_denied\x18\x01 \x01(\x0b\x32^.google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse.Finding.IAMAccessDeniedH\x00\x1a.\n\x0fIAMAccessDenied\x12\x1b\n\x13missing_permissions\x18\x01 \x03(\tB\x0e\n\x0c\x66inding_type\"\xfd\x0c\n\x0b\x45ntitlement\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x08\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0bupdate_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12X\n\x0e\x65ligible_users\x18\x05 \x03(\x0b\x32;.google.cloud.privilegedaccessmanager.v1.AccessControlEntryB\x03\xe0\x41\x01\x12Y\n\x11\x61pproval_workflow\x18\x06 \x01(\x0b\x32\x39.google.cloud.privilegedaccessmanager.v1.ApprovalWorkflowB\x03\xe0\x41\x01\x12T\n\x11privileged_access\x18\x07 \x01(\x0b\x32\x39.google.cloud.privilegedaccessmanager.v1.PrivilegedAccess\x12<\n\x14max_request_duration\x18\x08 \x01(\x0b\x32\x19.google.protobuf.DurationB\x03\xe0\x41\x02\x12N\n\x05state\x18\t \x01(\x0e\x32:.google.cloud.privilegedaccessmanager.v1.Entitlement.StateB\x03\xe0\x41\x03\x12~\n\x1erequester_justification_config\x18\n \x01(\x0b\x32Q.google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfigB\x03\xe0\x41\x02\x12\x80\x01\n\x1f\x61\x64\x64itional_notification_targets\x18\x0b \x01(\x0b\x32R.google.cloud.privilegedaccessmanager.v1.Entitlement.AdditionalNotificationTargetsB\x03\xe0\x41\x01\x12\x0c\n\x04\x65tag\x18\x0c \x01(\t\x1a\xc5\x02\n\x1cRequesterJustificationConfig\x12w\n\rnot_mandatory\x18\x01 \x01(\x0b\x32^.google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig.NotMandatoryH\x00\x12v\n\x0cunstructured\x18\x02 \x01(\x0b\x32^.google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig.UnstructuredH\x00\x1a\x0e\n\x0cNotMandatory\x1a\x0e\n\x0cUnstructuredB\x14\n\x12justification_type\x1am\n\x1d\x41\x64\x64itionalNotificationTargets\x12#\n\x16\x61\x64min_email_recipients\x18\x01 \x03(\tB\x03\xe0\x41\x01\x12\'\n\x1arequester_email_recipients\x18\x02 \x03(\tB\x03\xe0\x41\x01\"d\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x0c\n\x08\x43REATING\x10\x01\x12\r\n\tAVAILABLE\x10\x02\x12\x0c\n\x08\x44\x45LETING\x10\x03\x12\x0b\n\x07\x44\x45LETED\x10\x04\x12\x0c\n\x08UPDATING\x10\x05:\xa7\x02\xea\x41\xa3\x02\n2privilegedaccessmanager.googleapis.com/Entitlement\x12\x42projects/{project}/locations/{location}/entitlements/{entitlement}\x12@folders/{folder}/locations/{location}/entitlements/{entitlement}\x12Lorganizations/{organization}/locations/{location}/entitlements/{entitlement}*\x0c\x65ntitlements2\x0b\x65ntitlement\"-\n\x12\x41\x63\x63\x65ssControlEntry\x12\x17\n\nprincipals\x18\x01 \x03(\tB\x03\xe0\x41\x01\"}\n\x10\x41pprovalWorkflow\x12T\n\x10manual_approvals\x18\x01 \x01(\x0b\x32\x38.google.cloud.privilegedaccessmanager.v1.ManualApprovalsH\x00\x42\x13\n\x11\x61pproval_workflow\"\xb6\x02\n\x0fManualApprovals\x12+\n\x1erequire_approver_justification\x18\x01 \x01(\x08\x42\x03\xe0\x41\x01\x12Q\n\x05steps\x18\x02 \x03(\x0b\x32=.google.cloud.privilegedaccessmanager.v1.ManualApprovals.StepB\x03\xe0\x41\x01\x1a\xa2\x01\n\x04Step\x12S\n\tapprovers\x18\x01 \x03(\x0b\x32;.google.cloud.privilegedaccessmanager.v1.AccessControlEntryB\x03\xe0\x41\x01\x12\x1d\n\x10\x61pprovals_needed\x18\x02 \x01(\x05\x42\x03\xe0\x41\x02\x12&\n\x19\x61pprover_email_recipients\x18\x03 \x03(\tB\x03\xe0\x41\x01\"\xfc\x02\n\x10PrivilegedAccess\x12`\n\x0egcp_iam_access\x18\x01 \x01(\x0b\x32\x46.google.cloud.privilegedaccessmanager.v1.PrivilegedAccess.GcpIamAccessH\x00\x1a\xf6\x01\n\x0cGcpIamAccess\x12\x1a\n\rresource_type\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x15\n\x08resource\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12n\n\rrole_bindings\x18\x04 \x03(\x0b\x32R.google.cloud.privilegedaccessmanager.v1.PrivilegedAccess.GcpIamAccess.RoleBindingB\x03\xe0\x41\x02\x1a\x43\n\x0bRoleBinding\x12\x11\n\x04role\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12!\n\x14\x63ondition_expression\x18\x02 \x01(\tB\x03\xe0\x41\x01\x42\r\n\x0b\x61\x63\x63\x65ss_type\"\xc2\x01\n\x17ListEntitlementsRequest\x12J\n\x06parent\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32privilegedaccessmanager.googleapis.com/Entitlement\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x13\n\x06\x66ilter\x18\x04 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x05 \x01(\tB\x03\xe0\x41\x01\"\x94\x01\n\x18ListEntitlementsResponse\x12J\n\x0c\x65ntitlements\x18\x01 \x03(\x0b\x32\x34.google.cloud.privilegedaccessmanager.v1.Entitlement\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x13\n\x0bunreachable\x18\x03 \x03(\t\"\x84\x03\n\x19SearchEntitlementsRequest\x12J\n\x06parent\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32privilegedaccessmanager.googleapis.com/Entitlement\x12t\n\x12\x63\x61ller_access_type\x18\x02 \x01(\x0e\x32S.google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest.CallerAccessTypeB\x03\xe0\x41\x02\x12\x13\n\x06\x66ilter\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x16\n\tpage_size\x18\x04 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x05 \x01(\tB\x03\xe0\x41\x01\"_\n\x10\x43\x61llerAccessType\x12\"\n\x1e\x43\x41LLER_ACCESS_TYPE_UNSPECIFIED\x10\x00\x12\x13\n\x0fGRANT_REQUESTER\x10\x01\x12\x12\n\x0eGRANT_APPROVER\x10\x02\"\x81\x01\n\x1aSearchEntitlementsResponse\x12J\n\x0c\x65ntitlements\x18\x01 \x03(\x0b\x32\x34.google.cloud.privilegedaccessmanager.v1.Entitlement\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"a\n\x15GetEntitlementRequest\x12H\n\x04name\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\n2privilegedaccessmanager.googleapis.com/Entitlement\"\xec\x01\n\x18\x43reateEntitlementRequest\x12J\n\x06parent\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32privilegedaccessmanager.googleapis.com/Entitlement\x12\x1b\n\x0e\x65ntitlement_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12N\n\x0b\x65ntitlement\x18\x03 \x01(\x0b\x32\x34.google.cloud.privilegedaccessmanager.v1.EntitlementB\x03\xe0\x41\x02\x12\x17\n\nrequest_id\x18\x04 \x01(\tB\x03\xe0\x41\x01\"\x91\x01\n\x18\x44\x65leteEntitlementRequest\x12H\n\x04name\x18\x01 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\n2privilegedaccessmanager.googleapis.com/Entitlement\x12\x17\n\nrequest_id\x18\x02 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05\x66orce\x18\x03 \x01(\x08\x42\x03\xe0\x41\x01\"\xa0\x01\n\x18UpdateEntitlementRequest\x12N\n\x0b\x65ntitlement\x18\x01 \x01(\x0b\x32\x34.google.cloud.privilegedaccessmanager.v1.EntitlementB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02\"\xcb\x16\n\x05Grant\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x08\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0bupdate_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x16\n\trequester\x18\x04 \x01(\tB\x03\xe0\x41\x03\x12:\n\x12requested_duration\x18\x05 \x01(\x0b\x32\x19.google.protobuf.DurationB\x03\xe0\x41\x02\x12R\n\rjustification\x18\x06 \x01(\x0b\x32\x36.google.cloud.privilegedaccessmanager.v1.JustificationB\x03\xe0\x41\x01\x12H\n\x05state\x18\x07 \x01(\x0e\x32\x34.google.cloud.privilegedaccessmanager.v1.Grant.StateB\x03\xe0\x41\x03\x12N\n\x08timeline\x18\x08 \x01(\x0b\x32\x37.google.cloud.privilegedaccessmanager.v1.Grant.TimelineB\x03\xe0\x41\x03\x12Y\n\x11privileged_access\x18\t \x01(\x0b\x32\x39.google.cloud.privilegedaccessmanager.v1.PrivilegedAccessB\x03\xe0\x41\x03\x12S\n\x0b\x61udit_trail\x18\n \x01(\x0b\x32\x39.google.cloud.privilegedaccessmanager.v1.Grant.AuditTrailB\x03\xe0\x41\x03\x12(\n\x1b\x61\x64\x64itional_email_recipients\x18\x0b \x03(\tB\x03\xe0\x41\x01\x12 \n\x13\x65xternally_modified\x18\x0c \x01(\x08\x42\x03\xe0\x41\x03\x1a\xff\x0b\n\x08Timeline\x12R\n\x06\x65vents\x18\x01 \x03(\x0b\x32=.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.EventB\x03\xe0\x41\x03\x1a\x9e\x0b\n\x05\x45vent\x12\\\n\trequested\x18\x02 \x01(\x0b\x32G.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.RequestedH\x00\x12Z\n\x08\x61pproved\x18\x03 \x01(\x0b\x32\x46.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ApprovedH\x00\x12V\n\x06\x64\x65nied\x18\x04 \x01(\x0b\x32\x44.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.DeniedH\x00\x12X\n\x07revoked\x18\x05 \x01(\x0b\x32\x45.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.RevokedH\x00\x12\\\n\tscheduled\x18\x06 \x01(\x0b\x32G.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ScheduledH\x00\x12\\\n\tactivated\x18\x07 \x01(\x0b\x32G.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ActivatedH\x00\x12k\n\x11\x61\x63tivation_failed\x18\x08 \x01(\x0b\x32N.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ActivationFailedH\x00\x12X\n\x07\x65xpired\x18\n \x01(\x0b\x32\x45.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ExpiredH\x00\x12T\n\x05\x65nded\x18\x0b \x01(\x0b\x32\x43.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.EndedH\x00\x12o\n\x13\x65xternally_modified\x18\x0c \x01(\x0b\x32P.google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ExternallyModifiedH\x00\x12\x33\n\nevent_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a\x41\n\tRequested\x12\x34\n\x0b\x65xpire_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a\x33\n\x08\x41pproved\x12\x13\n\x06reason\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x12\n\x05\x61\x63tor\x18\x02 \x01(\tB\x03\xe0\x41\x03\x1a\x31\n\x06\x44\x65nied\x12\x13\n\x06reason\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x12\n\x05\x61\x63tor\x18\x02 \x01(\tB\x03\xe0\x41\x03\x1a\x32\n\x07Revoked\x12\x13\n\x06reason\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x12\n\x05\x61\x63tor\x18\x02 \x01(\tB\x03\xe0\x41\x03\x1aO\n\tScheduled\x12\x42\n\x19scheduled_activation_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a\x0b\n\tActivated\x1a:\n\x10\x41\x63tivationFailed\x12&\n\x05\x65rror\x18\x01 \x01(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\x1a\t\n\x07\x45xpired\x1a\x07\n\x05\x45nded\x1a\x14\n\x12\x45xternallyModifiedB\x07\n\x05\x65vent\x1a\x85\x01\n\nAuditTrail\x12:\n\x11\x61\x63\x63\x65ss_grant_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12;\n\x12\x61\x63\x63\x65ss_remove_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\"\xb5\x01\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x14\n\x10\x41PPROVAL_AWAITED\x10\x01\x12\n\n\x06\x44\x45NIED\x10\x03\x12\r\n\tSCHEDULED\x10\x04\x12\x0e\n\nACTIVATING\x10\x05\x12\n\n\x06\x41\x43TIVE\x10\x06\x12\x15\n\x11\x41\x43TIVATION_FAILED\x10\x07\x12\x0b\n\x07\x45XPIRED\x10\x08\x12\x0c\n\x08REVOKING\x10\t\x12\x0b\n\x07REVOKED\x10\n\x12\t\n\x05\x45NDED\x10\x0b:\xc2\x02\xea\x41\xbe\x02\n,privilegedaccessmanager.googleapis.com/Grant\x12Qprojects/{project}/locations/{location}/entitlements/{entitlement}/grants/{grant}\x12Ofolders/{folder}/locations/{location}/entitlements/{entitlement}/grants/{grant}\x12[organizations/{organization}/locations/{location}/entitlements/{entitlement}/grants/{grant}*\x06grants2\x05grant\"F\n\rJustification\x12$\n\x1aunstructured_justification\x18\x01 \x01(\tH\x00\x42\x0f\n\rjustification\"\xb6\x01\n\x11ListGrantsRequest\x12\x44\n\x06parent\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\x12,privilegedaccessmanager.googleapis.com/Grant\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x13\n\x06\x66ilter\x18\x04 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x05 \x01(\tB\x03\xe0\x41\x01\"\x82\x01\n\x12ListGrantsResponse\x12>\n\x06grants\x18\x01 \x03(\x0b\x32..google.cloud.privilegedaccessmanager.v1.Grant\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x13\n\x0bunreachable\x18\x03 \x03(\t\"\x90\x03\n\x13SearchGrantsRequest\x12\x44\n\x06parent\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\x12,privilegedaccessmanager.googleapis.com/Grant\x12u\n\x13\x63\x61ller_relationship\x18\x02 \x01(\x0e\x32S.google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest.CallerRelationshipTypeB\x03\xe0\x41\x02\x12\x13\n\x06\x66ilter\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x16\n\tpage_size\x18\x04 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x05 \x01(\tB\x03\xe0\x41\x01\"v\n\x16\x43\x61llerRelationshipType\x12(\n$CALLER_RELATIONSHIP_TYPE_UNSPECIFIED\x10\x00\x12\x0f\n\x0bHAD_CREATED\x10\x01\x12\x0f\n\x0b\x43\x41N_APPROVE\x10\x02\x12\x10\n\x0cHAD_APPROVED\x10\x03\"o\n\x14SearchGrantsResponse\x12>\n\x06grants\x18\x01 \x03(\x0b\x32..google.cloud.privilegedaccessmanager.v1.Grant\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"U\n\x0fGetGrantRequest\x12\x42\n\x04name\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\n,privilegedaccessmanager.googleapis.com/Grant\"n\n\x13\x41pproveGrantRequest\x12\x42\n\x04name\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\n,privilegedaccessmanager.googleapis.com/Grant\x12\x13\n\x06reason\x18\x02 \x01(\tB\x03\xe0\x41\x01\"k\n\x10\x44\x65nyGrantRequest\x12\x42\n\x04name\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\n,privilegedaccessmanager.googleapis.com/Grant\x12\x13\n\x06reason\x18\x02 \x01(\tB\x03\xe0\x41\x01\"m\n\x12RevokeGrantRequest\x12\x42\n\x04name\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\n,privilegedaccessmanager.googleapis.com/Grant\x12\x13\n\x06reason\x18\x02 \x01(\tB\x03\xe0\x41\x01\"\xb7\x01\n\x12\x43reateGrantRequest\x12\x44\n\x06parent\x18\x01 \x01(\tB4\xe0\x41\x02\xfa\x41.\x12,privilegedaccessmanager.googleapis.com/Grant\x12\x42\n\x05grant\x18\x02 \x01(\x0b\x32..google.cloud.privilegedaccessmanager.v1.GrantB\x03\xe0\x41\x02\x12\x17\n\nrequest_id\x18\x03 \x01(\tB\x03\xe0\x41\x01\"\x80\x02\n\x11OperationMetadata\x12\x34\n\x0b\x63reate_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x31\n\x08\x65nd_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x13\n\x06target\x18\x03 \x01(\tB\x03\xe0\x41\x03\x12\x11\n\x04verb\x18\x04 \x01(\tB\x03\xe0\x41\x03\x12\x1b\n\x0estatus_message\x18\x05 \x01(\tB\x03\xe0\x41\x03\x12#\n\x16requested_cancellation\x18\x06 \x01(\x08\x42\x03\xe0\x41\x03\x12\x18\n\x0b\x61pi_version\x18\x07 \x01(\tB\x03\xe0\x41\x03\x32\xc1\'\n\x17PrivilegedAccessManager\x12\xe9\x02\n\x15\x43heckOnboardingStatus\x12\x45.google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusRequest\x1a\x46.google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse\"\xc0\x01\x82\xd3\xe4\x93\x02\xb9\x01\x12\x39/v1/{parent=projects/*/locations/*}:checkOnboardingStatusZ@\x12>/v1/{parent=organizations/*/locations/*}:checkOnboardingStatusZ:\x12\x38/v1/{parent=folders/*/locations/*}:checkOnboardingStatus\x12\xc8\x02\n\x10ListEntitlements\x12@.google.cloud.privilegedaccessmanager.v1.ListEntitlementsRequest\x1a\x41.google.cloud.privilegedaccessmanager.v1.ListEntitlementsResponse\"\xae\x01\xda\x41\x06parent\x82\xd3\xe4\x93\x02\x9e\x01\x12\x30/v1/{parent=projects/*/locations/*}/entitlementsZ7\x12\x35/v1/{parent=organizations/*/locations/*}/entitlementsZ1\x12//v1/{parent=folders/*/locations/*}/entitlements\x12\xda\x02\n\x12SearchEntitlements\x12\x42.google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest\x1a\x43.google.cloud.privilegedaccessmanager.v1.SearchEntitlementsResponse\"\xba\x01\x82\xd3\xe4\x93\x02\xb3\x01\x12\x37/v1/{parent=projects/*/locations/*}/entitlements:searchZ>\x12</v1/{parent=organizations/*/locations/*}/entitlements:searchZ8\x12\x36/v1/{parent=folders/*/locations/*}/entitlements:search\x12\xb5\x02\n\x0eGetEntitlement\x12>.google.cloud.privilegedaccessmanager.v1.GetEntitlementRequest\x1a\x34.google.cloud.privilegedaccessmanager.v1.Entitlement\"\xac\x01\xda\x41\x04name\x82\xd3\xe4\x93\x02\x9e\x01\x12\x30/v1/{name=projects/*/locations/*/entitlements/*}Z7\x12\x35/v1/{name=organizations/*/locations/*/entitlements/*}Z1\x12//v1/{name=folders/*/locations/*/entitlements/*}\x12\x8b\x03\n\x11\x43reateEntitlement\x12\x41.google.cloud.privilegedaccessmanager.v1.CreateEntitlementRequest\x1a\x1d.google.longrunning.Operation\"\x93\x02\xca\x41 \n\x0b\x45ntitlement\x12\x11OperationMetadata\xda\x41!parent,entitlement,entitlement_id\x82\xd3\xe4\x93\x02\xc5\x01\"0/v1/{parent=projects/*/locations/*}/entitlements:\x0b\x65ntitlementZD\"5/v1/{parent=organizations/*/locations/*}/entitlements:\x0b\x65ntitlementZ>\"//v1/{parent=folders/*/locations/*}/entitlements:\x0b\x65ntitlement\x12\xc7\x02\n\x11\x44\x65leteEntitlement\x12\x41.google.cloud.privilegedaccessmanager.v1.DeleteEntitlementRequest\x1a\x1d.google.longrunning.Operation\"\xcf\x01\xca\x41 \n\x0b\x45ntitlement\x12\x11OperationMetadata\xda\x41\x04name\x82\xd3\xe4\x93\x02\x9e\x01*0/v1/{name=projects/*/locations/*/entitlements/*}Z7*5/v1/{name=organizations/*/locations/*/entitlements/*}Z1*//v1/{name=folders/*/locations/*/entitlements/*}\x12\xa5\x03\n\x11UpdateEntitlement\x12\x41.google.cloud.privilegedaccessmanager.v1.UpdateEntitlementRequest\x1a\x1d.google.longrunning.Operation\"\xad\x02\xca\x41 \n\x0b\x45ntitlement\x12\x11OperationMetadata\xda\x41\x17\x65ntitlement,update_mask\x82\xd3\xe4\x93\x02\xe9\x01\x32</v1/{entitlement.name=projects/*/locations/*/entitlements/*}:\x0b\x65ntitlementZP2A/v1/{entitlement.name=organizations/*/locations/*/entitlements/*}:\x0b\x65ntitlementZJ2;/v1/{entitlement.name=folders/*/locations/*/entitlements/*}:\x0b\x65ntitlement\x12\xd1\x02\n\nListGrants\x12:.google.cloud.privilegedaccessmanager.v1.ListGrantsRequest\x1a;.google.cloud.privilegedaccessmanager.v1.ListGrantsResponse\"\xc9\x01\xda\x41\x06parent\x82\xd3\xe4\x93\x02\xb9\x01\x12\x39/v1/{parent=projects/*/locations/*/entitlements/*}/grantsZ@\x12>/v1/{parent=organizations/*/locations/*/entitlements/*}/grantsZ:\x12\x38/v1/{parent=folders/*/locations/*/entitlements/*}/grants\x12\xe3\x02\n\x0cSearchGrants\x12<.google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest\x1a=.google.cloud.privilegedaccessmanager.v1.SearchGrantsResponse\"\xd5\x01\x82\xd3\xe4\x93\x02\xce\x01\x12@/v1/{parent=projects/*/locations/*/entitlements/*}/grants:searchZG\x12\x45/v1/{parent=organizations/*/locations/*/entitlements/*}/grants:searchZA\x12?/v1/{parent=folders/*/locations/*/entitlements/*}/grants:search\x12\xbe\x02\n\x08GetGrant\x12\x38.google.cloud.privilegedaccessmanager.v1.GetGrantRequest\x1a..google.cloud.privilegedaccessmanager.v1.Grant\"\xc7\x01\xda\x41\x04name\x82\xd3\xe4\x93\x02\xb9\x01\x12\x39/v1/{name=projects/*/locations/*/entitlements/*/grants/*}Z@\x12>/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}Z:\x12\x38/v1/{name=folders/*/locations/*/entitlements/*/grants/*}\x12\xe1\x02\n\x0b\x43reateGrant\x12;.google.cloud.privilegedaccessmanager.v1.CreateGrantRequest\x1a..google.cloud.privilegedaccessmanager.v1.Grant\"\xe4\x01\xda\x41\x0cparent,grant\x82\xd3\xe4\x93\x02\xce\x01\"9/v1/{parent=projects/*/locations/*/entitlements/*}/grants:\x05grantZG\">/v1/{parent=organizations/*/locations/*/entitlements/*}/grants:\x05grantZA\"8/v1/{parent=folders/*/locations/*/entitlements/*}/grants:\x05grant\x12\xe0\x02\n\x0c\x41pproveGrant\x12<.google.cloud.privilegedaccessmanager.v1.ApproveGrantRequest\x1a..google.cloud.privilegedaccessmanager.v1.Grant\"\xe1\x01\x82\xd3\xe4\x93\x02\xda\x01\"A/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:approve:\x01*ZK\"F/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:approve:\x01*ZE\"@/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:approve:\x01*\x12\xd1\x02\n\tDenyGrant\x12\x39.google.cloud.privilegedaccessmanager.v1.DenyGrantRequest\x1a..google.cloud.privilegedaccessmanager.v1.Grant\"\xd8\x01\x82\xd3\xe4\x93\x02\xd1\x01\">/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:deny:\x01*ZH\"C/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:deny:\x01*ZB\"=/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:deny:\x01*\x12\xe7\x02\n\x0bRevokeGrant\x12;.google.cloud.privilegedaccessmanager.v1.RevokeGrantRequest\x1a\x1d.google.longrunning.Operation\"\xfb\x01\xca\x41\x1a\n\x05Grant\x12\x11OperationMetadata\x82\xd3\xe4\x93\x02\xd7\x01\"@/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:revoke:\x01*ZJ\"E/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:revoke:\x01*ZD\"?/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:revoke:\x01*\x1aZ\xca\x41&privilegedaccessmanager.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x89\x04\n+com.google.cloud.privilegedaccessmanager.v1B\x1cPrivilegedAccessManagerProtoP\x01Zecloud.google.com/go/privilegedaccessmanager/apiv1/privilegedaccessmanagerpb;privilegedaccessmanagerpb\xaa\x02\'Google.Cloud.PrivilegedAccessManager.V1\xca\x02\'Google\\Cloud\\PrivilegedAccessManager\\V1\xea\x02*Google::Cloud::PrivilegedAccessManager::V1\xea\x41p\n;privilegedaccessmanager.googleapis.com/OrganizationLocation\x12\x31organizations/{organization}/locations/{location}\xea\x41^\n5privilegedaccessmanager.googleapis.com/FolderLocation\x12%folders/{folder}/locations/{location}b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["google.protobuf.Timestamp", "google/protobuf/timestamp.proto"],
+    ["google.protobuf.Duration", "google/protobuf/duration.proto"],
+    ["google.protobuf.FieldMask", "google/protobuf/field_mask.proto"],
+    ["google.rpc.Status", "google/rpc/status.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
+    end
+  end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
+end
+
+module Google
+  module Cloud
+    module PrivilegedAccessManager
+      module V1
+        CheckOnboardingStatusRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusRequest").msgclass
+        CheckOnboardingStatusResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse").msgclass
+        CheckOnboardingStatusResponse::Finding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse.Finding").msgclass
+        CheckOnboardingStatusResponse::Finding::IAMAccessDenied = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse.Finding.IAMAccessDenied").msgclass
+        Entitlement = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement").msgclass
+        Entitlement::RequesterJustificationConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig").msgclass
+        Entitlement::RequesterJustificationConfig::NotMandatory = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig.NotMandatory").msgclass
+        Entitlement::RequesterJustificationConfig::Unstructured = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.RequesterJustificationConfig.Unstructured").msgclass
+        Entitlement::AdditionalNotificationTargets = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.AdditionalNotificationTargets").msgclass
+        Entitlement::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Entitlement.State").enummodule
+        AccessControlEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.AccessControlEntry").msgclass
+        ApprovalWorkflow = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ApprovalWorkflow").msgclass
+        ManualApprovals = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ManualApprovals").msgclass
+        ManualApprovals::Step = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ManualApprovals.Step").msgclass
+        PrivilegedAccess = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.PrivilegedAccess").msgclass
+        PrivilegedAccess::GcpIamAccess = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.PrivilegedAccess.GcpIamAccess").msgclass
+        PrivilegedAccess::GcpIamAccess::RoleBinding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.PrivilegedAccess.GcpIamAccess.RoleBinding").msgclass
+        ListEntitlementsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ListEntitlementsRequest").msgclass
+        ListEntitlementsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ListEntitlementsResponse").msgclass
+        SearchEntitlementsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest").msgclass
+        SearchEntitlementsRequest::CallerAccessType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest.CallerAccessType").enummodule
+        SearchEntitlementsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchEntitlementsResponse").msgclass
+        GetEntitlementRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.GetEntitlementRequest").msgclass
+        CreateEntitlementRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CreateEntitlementRequest").msgclass
+        DeleteEntitlementRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.DeleteEntitlementRequest").msgclass
+        UpdateEntitlementRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.UpdateEntitlementRequest").msgclass
+        Grant = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant").msgclass
+        Grant::Timeline = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline").msgclass
+        Grant::Timeline::Event = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event").msgclass
+        Grant::Timeline::Event::Requested = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Requested").msgclass
+        Grant::Timeline::Event::Approved = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Approved").msgclass
+        Grant::Timeline::Event::Denied = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Denied").msgclass
+        Grant::Timeline::Event::Revoked = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Revoked").msgclass
+        Grant::Timeline::Event::Scheduled = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Scheduled").msgclass
+        Grant::Timeline::Event::Activated = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Activated").msgclass
+        Grant::Timeline::Event::ActivationFailed = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ActivationFailed").msgclass
+        Grant::Timeline::Event::Expired = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Expired").msgclass
+        Grant::Timeline::Event::Ended = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.Ended").msgclass
+        Grant::Timeline::Event::ExternallyModified = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.Timeline.Event.ExternallyModified").msgclass
+        Grant::AuditTrail = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.AuditTrail").msgclass
+        Grant::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Grant.State").enummodule
+        Justification = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.Justification").msgclass
+        ListGrantsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ListGrantsRequest").msgclass
+        ListGrantsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ListGrantsResponse").msgclass
+        SearchGrantsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest").msgclass
+        SearchGrantsRequest::CallerRelationshipType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest.CallerRelationshipType").enummodule
+        SearchGrantsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.SearchGrantsResponse").msgclass
+        GetGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.GetGrantRequest").msgclass
+        ApproveGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.ApproveGrantRequest").msgclass
+        DenyGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.DenyGrantRequest").msgclass
+        RevokeGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.RevokeGrantRequest").msgclass
+        CreateGrantRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.CreateGrantRequest").msgclass
+        OperationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.privilegedaccessmanager.v1.OperationMetadata").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_services_pb.rb

@@ -0,0 +1,121 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.proto for package 'Google.Cloud.PrivilegedAccessManager.V1'
+# Original file comments:
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'grpc'
+require 'google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager_pb'
+
+module Google
+  module Cloud
+    module PrivilegedAccessManager
+      module V1
+        module PrivilegedAccessManager
+          # This API allows customers to manage temporary, request based privileged
+          # access to their resources.
+          #
+          # It defines the following resource model:
+          #
+          # * A collection of `Entitlement` resources. An entitlement allows configuring
+          #   (among other things):
+          #
+          #   * Some kind of privileged access that users can request.
+          #   * A set of users called _requesters_ who can request this access.
+          #   * A maximum duration for which the access can be requested.
+          #   * An optional approval workflow which must be satisfied before access is
+          #     granted.
+          #
+          # * A collection of `Grant` resources. A grant is a request by a requester to
+          #   get the privileged access specified in an entitlement for some duration.
+          #
+          #   After the approval workflow as specified in the entitlement is satisfied,
+          #   the specified access is given to the requester. The access is automatically
+          #   taken back after the requested duration is over.
+          class Service
+
+            include ::GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager'
+
+            # CheckOnboardingStatus reports the onboarding status for a
+            # project/folder/organization. Any findings reported by this API need to be
+            # fixed before PAM can be used on the resource.
+            rpc :CheckOnboardingStatus, ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest, ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
+            # Lists entitlements in a given project/folder/organization and location.
+            rpc :ListEntitlements, ::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest, ::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsResponse
+            # `SearchEntitlements` returns entitlements on which the caller has the
+            # specified access.
+            rpc :SearchEntitlements, ::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest, ::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsResponse
+            # Gets details of a single entitlement.
+            rpc :GetEntitlement, ::Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
+            # Creates a new entitlement in a given project/folder/organization and
+            # location.
+            rpc :CreateEntitlement, ::Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest, ::Google::Longrunning::Operation
+            # Deletes a single entitlement. This method can only be called when there
+            # are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the
+            # entitlement.
+            rpc :DeleteEntitlement, ::Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest, ::Google::Longrunning::Operation
+            # Updates the entitlement specified in the request. Updated fields in the
+            # entitlement need to be specified in an update mask. The changes made to an
+            # entitlement are applicable only on future grants of the entitlement.
+            # However, if new approvers are added or existing approvers are removed from
+            # the approval workflow, the changes are effective on existing grants.
+            #
+            # The following fields are not supported for updates:
+            #
+            #  * All immutable fields
+            #  * Entitlement name
+            #  * Resource name
+            #  * Resource type
+            #  * Adding an approval workflow in an entitlement which previously had no
+            #    approval workflow.
+            #  * Deleting the approval workflow from an entitlement.
+            #  * Adding or deleting a step in the approval workflow (only one step is
+            #    supported)
+            #
+            # Note that updates are allowed on the list of approvers in an approval
+            # workflow step.
+            rpc :UpdateEntitlement, ::Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest, ::Google::Longrunning::Operation
+            # Lists grants for a given entitlement.
+            rpc :ListGrants, ::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest, ::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsResponse
+            # `SearchGrants` returns grants that are related to the calling user in the
+            # specified way.
+            rpc :SearchGrants, ::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest, ::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsResponse
+            # Get details of a single grant.
+            rpc :GetGrant, ::Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Grant
+            # Creates a new grant in a given project and location.
+            rpc :CreateGrant, ::Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Grant
+            # `ApproveGrant` is used to approve a grant. This method can only be called
+            # on a grant when it's in the `APPROVAL_AWAITED` state. This operation can't
+            # be undone.
+            rpc :ApproveGrant, ::Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Grant
+            # `DenyGrant` is used to deny a grant. This method can only be called on a
+            # grant when it's in the `APPROVAL_AWAITED` state. This operation can't be
+            # undone.
+            rpc :DenyGrant, ::Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest, ::Google::Cloud::PrivilegedAccessManager::V1::Grant
+            # `RevokeGrant` is used to immediately revoke access for a grant. This method
+            # can be called when the grant is in a non-terminal state.
+            rpc :RevokeGrant, ::Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest, ::Google::Longrunning::Operation
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+      end
+    end
+  end
+end

data/lib/google-cloud-privileged_access_manager-v1.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+# This gem does not autoload during Bundler.require. To load this gem,
+# issue explicit require statements for the packages desired, e.g.:
+# require "google/cloud/privileged_access_manager/v1"

data/proto_docs/README.md

@@ -0,0 +1,4 @@
+# Privileged Access Manager V1 Protocol Buffer Documentation
+
+These files are for the YARD documentation of the generated protobuf files.
+They are not intended to be required or loaded at runtime.