google-cloud-privileged_access_manager 0.a → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4472dc380f1dc0945818c0c813bedee4e4d8abe94195d094f5b211229fc47795
4
- data.tar.gz: 51dcc149baabd5784d8ff2cecf1ff901d59ad0f11759164ede2cbc97e0f55d25
3
+ metadata.gz: 6c5414a23e8310f2f2379de4b37969d3bb2294440ce1049b1cd5a82813ffb124
4
+ data.tar.gz: da26a13fb5d759d1fd9811ba28581ea474dfb1d838a7246f9f807c7ca06116c9
5
5
  SHA512:
6
- metadata.gz: 14f62954b4aa39c2c82334c70fa9dc0784a064e18bbe3cf0e536e9a7375b5aad296f0fabef41c30e0d3a76eb708e6e6e85d324e072559db9066d19f39b95eb21
7
- data.tar.gz: 92155f417a1fe8ef166244d54eb62608a25b3421bdc67279186a12c6bdfd7f065e4c18b29681bf4e863aa3f981068306ed3c8fc69b7222488f4ece10ae2a182b
6
+ metadata.gz: c09252e3f0fe829eb3f874078f4d18a5b6826448d09331251177684b55b442439ba580e5eb35a101c629845e8c74c49d0a497f7a370f91ef5ba771ec3d8cdd99
7
+ data.tar.gz: 3cad6a3c8d2b05fb450841d670c71181b61ba00820ec50440bdf9cdace51b90f584293dbf293e962f0aca2a3c550a3576185aff400e7de343aab88f20f914771
data/.yardopts ADDED
@@ -0,0 +1,11 @@
1
+ --no-private
2
+ --title="Privileged Access Manager API"
3
+ --exclude _pb\.rb$
4
+ --markup markdown
5
+ --markup-provider redcarpet
6
+
7
+ ./lib/**/*.rb
8
+ -
9
+ README.md
10
+ AUTHENTICATION.md
11
+ LICENSE.md
data/AUTHENTICATION.md ADDED
@@ -0,0 +1,122 @@
1
+ # Authentication
2
+
3
+ The recommended way to authenticate to the google-cloud-privileged_access_manager library is to use
4
+ [Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
5
+ To review all of your authentication options, see [Credentials lookup](#credential-lookup).
6
+
7
+ ## Quickstart
8
+
9
+ The following example shows how to set up authentication for a local development
10
+ environment with your user credentials.
11
+
12
+ **NOTE:** This method is _not_ recommended for running in production. User credentials
13
+ should be used only during development.
14
+
15
+ 1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
16
+ 2. Set up a local ADC file with your user credentials:
17
+
18
+ ```sh
19
+ gcloud auth application-default login
20
+ ```
21
+
22
+ 3. Write code as if already authenticated.
23
+
24
+ For more information about setting up authentication for a local development environment, see
25
+ [Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
26
+
27
+ ## Credential Lookup
28
+
29
+ The google-cloud-privileged_access_manager library provides several mechanisms to configure your system.
30
+ Generally, using Application Default Credentials to facilitate automatic
31
+ credentials discovery is the easist method. But if you need to explicitly specify
32
+ credentials, there are several methods available to you.
33
+
34
+ Credentials are accepted in the following ways, in the following order or precedence:
35
+
36
+ 1. Credentials specified in method arguments
37
+ 2. Credentials specified in configuration
38
+ 3. Credentials pointed to or included in environment variables
39
+ 4. Credentials found in local ADC file
40
+ 5. Credentials returned by the metadata server for the attached service account (GCP)
41
+
42
+ ### Configuration
43
+
44
+ You can configure a path to a JSON credentials file, either for an individual client object or
45
+ globally, for all client objects. The JSON file can contain credentials created for
46
+ [workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
47
+ [workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
48
+ [service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
49
+
50
+ Note: Service account keys are a security risk if not managed correctly. You should
51
+ [choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
52
+ whenever possible.
53
+
54
+ To configure a credentials file for an individual client initialization:
55
+
56
+ ```ruby
57
+ require "google/cloud/privileged_access_manager"
58
+
59
+ client = Google::Cloud::PrivilegedAccessManager.privileged_access_manager do |config|
60
+ config.credentials = "path/to/credentialfile.json"
61
+ end
62
+ ```
63
+
64
+ To configure a credentials file globally for all clients:
65
+
66
+ ```ruby
67
+ require "google/cloud/privileged_access_manager"
68
+
69
+ Google::Cloud::PrivilegedAccessManager.configure do |config|
70
+ config.credentials = "path/to/credentialfile.json"
71
+ end
72
+
73
+ client = Google::Cloud::PrivilegedAccessManager.privileged_access_manager
74
+ ```
75
+
76
+ ### Environment Variables
77
+
78
+ You can also use an environment variable to provide a JSON credentials file.
79
+ The environment variable can contain a path to the credentials file or, for
80
+ environments such as Docker containers where writing files is not encouraged,
81
+ you can include the credentials file itself.
82
+
83
+ The JSON file can contain credentials created for
84
+ [workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
85
+ [workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
86
+ [service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
87
+
88
+ Note: Service account keys are a security risk if not managed correctly. You should
89
+ [choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
90
+ whenever possible.
91
+
92
+ The environment variables that google-cloud-privileged_access_manager
93
+ checks for credentials are:
94
+
95
+ * `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
96
+ * `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
97
+
98
+ ```ruby
99
+ require "google/cloud/privileged_access_manager"
100
+
101
+ ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
102
+
103
+ client = Google::Cloud::PrivilegedAccessManager.privileged_access_manager
104
+ ```
105
+
106
+ ### Local ADC file
107
+
108
+ You can set up a local ADC file with your user credentials for authentication during
109
+ development. If credentials are not provided in code or in environment variables,
110
+ then the local ADC credentials are discovered.
111
+
112
+ Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
113
+
114
+ ### Google Cloud Platform environments
115
+
116
+ When running on Google Cloud Platform (GCP), including Google Compute Engine
117
+ (GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
118
+ Functions (GCF) and Cloud Run, credentials are retrieved from the attached
119
+ service account automatically. Code should be written as if already authenticated.
120
+
121
+ For more information, see
122
+ [Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).
data/README.md CHANGED
@@ -1,8 +1,151 @@
1
- # Placeholder for Ruby gem google-cloud-privileged_access_manager
2
-
3
- This is a placeholder for the future Google-authored gem google-cloud-privileged_access_manager.
4
- This placeholder is being released on 2024-07-09 in order to reserve the name.
5
- The final gem should be available shortly after that date. If it has not been
6
- released in a timely manner, or if this placeholder interferes with your work,
7
- you can contact the Google Ruby team by opening an issue in the GitHub
8
- repository https://github.com/googleapis/google-cloud-ruby.
1
+ # Ruby Client for the Privileged Access Manager API
2
+
3
+ Privileged Access Manager (PAM) helps you on your journey towards least privilege and helps mitigate risks tied to privileged access misuse or abuse. PAM allows you to shift from always-on standing privileges towards on-demand access with just-in-time, time-bound, and approval-based access elevations. PAM allows IAM administrators to create entitlements that can grant just-in-time, temporary access to any resource scope. Requesters can explore eligible entitlements and request the access needed for their task. Approvers are notified when approvals await their decision. Streamlined workflows facilitated by using PAM can support various use cases, including emergency access for incident responders, time-boxed access for developers for critical deployment or maintenance, temporary access for operators for data ingestion and audits, JIT access to service accounts for automated tasks, and more.
4
+
5
+ ## Overview
6
+
7
+ Privileged Access Manager (PAM) is a Google Cloud native, managed solution
8
+ to secure, manage and audit privileged access while ensuring operational
9
+ velocity and developer productivity.
10
+
11
+ PAM enables just-in-time, time-bound, approval-based access elevations,
12
+ and auditing of privileged access elevations and activity. PAM lets you
13
+ define the rules of who can request access, what they can request access
14
+ to, and if they should be granted access with or without approvals based
15
+ on the sensitivity of the access and emergency of the situation.
16
+
17
+ ## Concepts
18
+
19
+ ### Entitlement
20
+
21
+ An entitlement is an eligibility or license that allows specified users
22
+ (requesters) to request and obtain access to specified resources subject
23
+ to a set of conditions such as duration, etc. entitlements can be granted
24
+ to both human and non-human principals.
25
+
26
+ ### Grant
27
+
28
+ A grant is an instance of active usage against the entitlement. A user can
29
+ place a request for a grant against an entitlement. The request may be
30
+ forwarded to an approver for their decision. Once approved, the grant is
31
+ activated, ultimately giving the user access (roles/permissions) on a
32
+ resource per the criteria specified in entitlement.
33
+
34
+ ### How does PAM work
35
+
36
+ PAM creates and uses a service agent (Google-managed service account) to
37
+ perform the required IAM policy changes for granting access at a
38
+ specific
39
+ resource/access scope. The service agent requires getIAMPolicy and
40
+ setIAMPolicy permissions at the appropriate (or higher) access scope
41
+ -
42
+ Organization/Folder/Project to make policy changes on the resources listed
43
+ in PAM entitlements.
44
+
45
+ When enabling PAM for a resource scope, the user/ principal performing
46
+ that action should have the appropriate permissions at that resource
47
+ scope
48
+ (resourcemanager.\\{projects|folders|organizations}.setIamPolicy,
49
+ resourcemanager.\\{projects|folders|organizations}.getIamPolicy, and
50
+ resourcemanager.\\{projects|folders|organizations}.get) to list and grant
51
+ the service agent/account the required access to perform IAM policy
52
+ changes.
53
+
54
+ Actual client classes for the various versions of this API are defined in
55
+ _versioned_ client gems, with names of the form `google-cloud-privileged_access_manager-v*`.
56
+ The gem `google-cloud-privileged_access_manager` is the main client library that brings the
57
+ verisoned gems in as dependencies, and provides high-level methods for
58
+ constructing clients. More information on versioned clients can be found below
59
+ in the section titled *Which client should I use?*.
60
+
61
+ View the [Client Library Documentation](https://cloud.google.com/ruby/docs/reference/google-cloud-privileged_access_manager/latest)
62
+ for this library, google-cloud-privileged_access_manager, to see the convenience methods for
63
+ constructing client objects. Reference documentation for the client objects
64
+ themselves can be found in the client library documentation for the versioned
65
+ client gems:
66
+ [google-cloud-privileged_access_manager-v1](https://cloud.google.com/ruby/docs/reference/google-cloud-privileged_access_manager-v1/latest).
67
+
68
+ See also the [Product Documentation](https://cloud.google.com/iam/docs/pam-overview)
69
+ for more usage information.
70
+
71
+ ## Quick Start
72
+
73
+ ```
74
+ $ gem install google-cloud-privileged_access_manager
75
+ ```
76
+
77
+ In order to use this library, you first need to go through the following steps:
78
+
79
+ 1. [Select or create a Cloud Platform project.](https://console.cloud.google.com/project)
80
+ 1. [Enable billing for your project.](https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project)
81
+ 1. [Enable the API.](https://console.cloud.google.com/apis/library/privilegedaccessmanager.googleapis.com)
82
+ 1. {file:AUTHENTICATION.md Set up authentication.}
83
+
84
+ ## Supported Ruby Versions
85
+
86
+ This library is supported on Ruby 2.7+.
87
+
88
+ Google provides official support for Ruby versions that are actively supported
89
+ by Ruby Core—that is, Ruby versions that are either in normal maintenance or
90
+ in security maintenance, and not end of life. Older versions of Ruby _may_
91
+ still work, but are unsupported and not recommended. See
92
+ https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby
93
+ support schedule.
94
+
95
+ ## Which client should I use?
96
+
97
+ Most modern Ruby client libraries for Google APIs come in two flavors: the main
98
+ client library with a name such as `google-cloud-privileged_access_manager`,
99
+ and lower-level _versioned_ client libraries with names such as
100
+ `google-cloud-privileged_access_manager-v1`.
101
+ _In most cases, you should install the main client._
102
+
103
+ ### What's the difference between the main client and a versioned client?
104
+
105
+ A _versioned client_ provides a basic set of data types and client classes for
106
+ a _single version_ of a specific service. (That is, for a service with multiple
107
+ versions, there might be a separate versioned client for each service version.)
108
+ Most versioned clients are written and maintained by a code generator.
109
+
110
+ The _main client_ is designed to provide you with the _recommended_ client
111
+ interfaces for the service. There will be only one main client for any given
112
+ service, even a service with multiple versions. The main client includes
113
+ factory methods for constructing the client objects we recommend for most
114
+ users. In some cases, those will be classes provided by an underlying versioned
115
+ client; in other cases, they will be handwritten higher-level client objects
116
+ with additional capabilities, convenience methods, or best practices built in.
117
+ Generally, the main client will default to a recommended service version,
118
+ although in some cases you can override this if you need to talk to a specific
119
+ service version.
120
+
121
+ ### Why would I want to use the main client?
122
+
123
+ We recommend that most users install the main client gem for a service. You can
124
+ identify this gem as the one _without_ a version in its name, e.g.
125
+ `google-cloud-privileged_access_manager`.
126
+ The main client is recommended because it will embody the best practices for
127
+ accessing the service, and may also provide more convenient interfaces or
128
+ tighter integration into frameworks and third-party libraries. In addition, the
129
+ documentation and samples published by Google will generally demonstrate use of
130
+ the main client.
131
+
132
+ ### Why would I want to use a versioned client?
133
+
134
+ You can use a versioned client if you are content with a possibly lower-level
135
+ class interface, you explicitly want to avoid features provided by the main
136
+ client, or you want to access a specific service version not be covered by the
137
+ main client. You can identify versioned client gems because the service version
138
+ is part of the name, e.g. `google-cloud-privileged_access_manager-v1`.
139
+
140
+ ### What about the google-apis-<name> clients?
141
+
142
+ Client library gems with names that begin with `google-apis-` are based on an
143
+ older code generation technology. They talk to a REST/JSON backend (whereas
144
+ most modern clients talk to a [gRPC](https://grpc.io/) backend) and they may
145
+ not offer the same performance, features, and ease of use provided by more
146
+ modern clients.
147
+
148
+ The `google-apis-` clients have wide coverage across Google services, so you
149
+ might need to use one if there is no modern client available for the service.
150
+ However, if a modern client is available, we generally recommend it over the
151
+ older `google-apis-` clients.
@@ -1,10 +1,12 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # Copyright 2024 Google LLC
2
4
  #
3
5
  # Licensed under the Apache License, Version 2.0 (the "License");
4
6
  # you may not use this file except in compliance with the License.
5
7
  # You may obtain a copy of the License at
6
8
  #
7
- # http://www.apache.org/licenses/LICENSE-2.0
9
+ # https://www.apache.org/licenses/LICENSE-2.0
8
10
  #
9
11
  # Unless required by applicable law or agreed to in writing, software
10
12
  # distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,10 +14,13 @@
12
14
  # See the License for the specific language governing permissions and
13
15
  # limitations under the License.
14
16
 
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
15
20
  module Google
16
21
  module Cloud
17
22
  module PrivilegedAccessManager
18
- VERSION = "0.a"
23
+ VERSION = "0.1.1"
19
24
  end
20
25
  end
21
26
  end
@@ -0,0 +1,139 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2024 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ # Require this file early so that the version constant gets defined before
20
+ # requiring "google/cloud". This is because google-cloud-core will load the
21
+ # entrypoint (gem name) file, which in turn re-requires this file (hence
22
+ # causing a require cycle) unless the version constant is already defined.
23
+ require "google/cloud/privileged_access_manager/version"
24
+
25
+ require "googleauth"
26
+ gem "google-cloud-core"
27
+ require "google/cloud" unless defined? ::Google::Cloud.new
28
+ require "google/cloud/config"
29
+
30
+ # Set the default configuration
31
+ ::Google::Cloud.configure.add_config! :privileged_access_manager do |config|
32
+ config.add_field! :endpoint, nil, match: ::String
33
+ config.add_field! :credentials, nil, match: [::String, ::Hash, ::Google::Auth::Credentials]
34
+ config.add_field! :scope, nil, match: [::Array, ::String]
35
+ config.add_field! :lib_name, nil, match: ::String
36
+ config.add_field! :lib_version, nil, match: ::String
37
+ config.add_field! :interceptors, nil, match: ::Array
38
+ config.add_field! :timeout, nil, match: ::Numeric
39
+ config.add_field! :metadata, nil, match: ::Hash
40
+ config.add_field! :retry_policy, nil, match: [::Hash, ::Proc]
41
+ config.add_field! :quota_project, nil, match: ::String
42
+ config.add_field! :universe_domain, nil, match: ::String
43
+ end
44
+
45
+ module Google
46
+ module Cloud
47
+ module PrivilegedAccessManager
48
+ ##
49
+ # Create a new client object for PrivilegedAccessManager.
50
+ #
51
+ # By default, this returns an instance of
52
+ # [Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client](https://cloud.google.com/ruby/docs/reference/google-cloud-privileged_access_manager-v1/latest/Google-Cloud-PrivilegedAccessManager-V1-PrivilegedAccessManager-Client)
53
+ # for a gRPC client for version V1 of the API.
54
+ # However, you can specify a different API version by passing it in the
55
+ # `version` parameter. If the PrivilegedAccessManager service is
56
+ # supported by that API version, and the corresponding gem is available, the
57
+ # appropriate versioned client will be returned.
58
+ # You can also specify a different transport by passing `:rest` or `:grpc` in
59
+ # the `transport` parameter.
60
+ #
61
+ # ## About PrivilegedAccessManager
62
+ #
63
+ # This API allows customers to manage temporary, request based privileged
64
+ # access to their resources.
65
+ #
66
+ # It defines the following resource model:
67
+ #
68
+ # * A collection of `Entitlement` resources. An entitlement allows configuring
69
+ # (among other things):
70
+ #
71
+ # * Some kind of privileged access that users can request.
72
+ # * A set of users called _requesters_ who can request this access.
73
+ # * A maximum duration for which the access can be requested.
74
+ # * An optional approval workflow which must be satisfied before access is
75
+ # granted.
76
+ #
77
+ # * A collection of `Grant` resources. A grant is a request by a requester to
78
+ # get the privileged access specified in an entitlement for some duration.
79
+ #
80
+ # After the approval workflow as specified in the entitlement is satisfied,
81
+ # the specified access is given to the requester. The access is automatically
82
+ # taken back after the requested duration is over.
83
+ #
84
+ # @param version [::String, ::Symbol] The API version to connect to. Optional.
85
+ # Defaults to `:v1`.
86
+ # @param transport [:grpc, :rest] The transport to use. Defaults to `:grpc`.
87
+ # @return [::Object] A client object for the specified version.
88
+ #
89
+ def self.privileged_access_manager version: :v1, transport: :grpc, &block
90
+ require "google/cloud/privileged_access_manager/#{version.to_s.downcase}"
91
+
92
+ package_name = Google::Cloud::PrivilegedAccessManager
93
+ .constants
94
+ .select { |sym| sym.to_s.downcase == version.to_s.downcase.tr("_", "") }
95
+ .first
96
+ service_module = Google::Cloud::PrivilegedAccessManager.const_get(package_name).const_get(:PrivilegedAccessManager)
97
+ service_module = service_module.const_get(:Rest) if transport == :rest
98
+ service_module.const_get(:Client).new(&block)
99
+ end
100
+
101
+ ##
102
+ # Configure the google-cloud-privileged_access_manager library.
103
+ #
104
+ # The following configuration parameters are supported:
105
+ #
106
+ # * `credentials` (*type:* `String, Hash, Google::Auth::Credentials`) -
107
+ # The path to the keyfile as a String, the contents of the keyfile as a
108
+ # Hash, or a Google::Auth::Credentials object.
109
+ # * `lib_name` (*type:* `String`) -
110
+ # The library name as recorded in instrumentation and logging.
111
+ # * `lib_version` (*type:* `String`) -
112
+ # The library version as recorded in instrumentation and logging.
113
+ # * `interceptors` (*type:* `Array<GRPC::ClientInterceptor>`) -
114
+ # An array of interceptors that are run before calls are executed.
115
+ # * `timeout` (*type:* `Numeric`) -
116
+ # Default timeout in seconds.
117
+ # * `metadata` (*type:* `Hash{Symbol=>String}`) -
118
+ # Additional headers to be sent with the call.
119
+ # * `retry_policy` (*type:* `Hash`) -
120
+ # The retry policy. The value is a hash with the following keys:
121
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
122
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
123
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
124
+ # * `:retry_codes` (*type:* `Array<String>`) -
125
+ # The error codes that should trigger a retry.
126
+ #
127
+ # @return [::Google::Cloud::Config] The default configuration used by this library
128
+ #
129
+ def self.configure
130
+ yield ::Google::Cloud.configure.privileged_access_manager if block_given?
131
+
132
+ ::Google::Cloud.configure.privileged_access_manager
133
+ end
134
+ end
135
+ end
136
+ end
137
+
138
+ helper_path = ::File.join __dir__, "privileged_access_manager", "helpers.rb"
139
+ require "google/cloud/privileged_access_manager/helpers" if ::File.file? helper_path
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2024 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/cloud/privileged_access_manager" unless defined? Google::Cloud::PrivilegedAccessManager::VERSION
metadata CHANGED
@@ -1,27 +1,84 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-privileged_access_manager
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.a
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-09 00:00:00.000000000 Z
12
- dependencies: []
13
- description: Placeholder for the future Google-authored gem google-cloud-privileged_access_manager.
14
- This placeholder is being released on 2024-07-09 in order to reserve the name. The
15
- final gem should be available shortly after that date. If it has not been released
16
- in a timely manner, or if this placeholder interferes with your work, you can contact
17
- the Google Ruby team by opening an issue in the GitHub repository https://github.com/googleapis/google-cloud-ruby.
11
+ date: 2024-08-09 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: google-cloud-core
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.6'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.6'
27
+ - !ruby/object:Gem::Dependency
28
+ name: google-cloud-privileged_access_manager-v1
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0.0'
34
+ - - "<"
35
+ - !ruby/object:Gem::Version
36
+ version: 2.a
37
+ type: :runtime
38
+ prerelease: false
39
+ version_requirements: !ruby/object:Gem::Requirement
40
+ requirements:
41
+ - - ">="
42
+ - !ruby/object:Gem::Version
43
+ version: '0.0'
44
+ - - "<"
45
+ - !ruby/object:Gem::Version
46
+ version: 2.a
47
+ description: "## Overview Privileged Access Manager (PAM) is a Google Cloud native,
48
+ managed solution to secure, manage and audit privileged access while ensuring operational
49
+ velocity and developer productivity. PAM enables just-in-time, time-bound, approval-based
50
+ access elevations, and auditing of privileged access elevations and activity. PAM
51
+ lets you define the rules of who can request access, what they can request access
52
+ to, and if they should be granted access with or without approvals based on the
53
+ sensitivity of the access and emergency of the situation. ## Concepts ### Entitlement
54
+ An entitlement is an eligibility or license that allows specified users (requesters)
55
+ to request and obtain access to specified resources subject to a set of conditions
56
+ such as duration, etc. entitlements can be granted to both human and non-human principals.
57
+ ### Grant A grant is an instance of active usage against the entitlement. A user
58
+ can place a request for a grant against an entitlement. The request may be forwarded
59
+ to an approver for their decision. Once approved, the grant is activated, ultimately
60
+ giving the user access (roles/permissions) on a resource per the criteria specified
61
+ in entitlement. ### How does PAM work PAM creates and uses a service agent (Google-managed
62
+ service account) to perform the required IAM policy changes for granting access
63
+ at a specific resource/access scope. The service agent requires getIAMPolicy and
64
+ setIAMPolicy permissions at the appropriate (or higher) access scope - Organization/Folder/Project
65
+ to make policy changes on the resources listed in PAM entitlements. When enabling
66
+ PAM for a resource scope, the user/ principal performing that action should have
67
+ the appropriate permissions at that resource scope (resourcemanager.{projects|folders|organizations}.setIamPolicy,
68
+ resourcemanager.{projects|folders|organizations}.getIamPolicy, and resourcemanager.{projects|folders|organizations}.get)
69
+ to list and grant the service agent/account the required access to perform IAM policy
70
+ changes."
18
71
  email: googleapis-packages@google.com
19
72
  executables: []
20
73
  extensions: []
21
74
  extra_rdoc_files: []
22
75
  files:
76
+ - ".yardopts"
77
+ - AUTHENTICATION.md
23
78
  - LICENSE.md
24
79
  - README.md
80
+ - lib/google-cloud-privileged_access_manager.rb
81
+ - lib/google/cloud/privileged_access_manager.rb
25
82
  - lib/google/cloud/privileged_access_manager/version.rb
26
83
  homepage: https://github.com/googleapis/google-cloud-ruby
27
84
  licenses:
@@ -35,7 +92,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
35
92
  requirements:
36
93
  - - ">="
37
94
  - !ruby/object:Gem::Version
38
- version: '3.0'
95
+ version: '2.7'
39
96
  required_rubygems_version: !ruby/object:Gem::Requirement
40
97
  requirements:
41
98
  - - ">="
@@ -45,5 +102,15 @@ requirements: []
45
102
  rubygems_version: 3.5.6
46
103
  signing_key:
47
104
  specification_version: 4
48
- summary: Placeholder for the future Google-authored gem google-cloud-privileged_access_manager
105
+ summary: Privileged Access Manager (PAM) helps you on your journey towards least privilege
106
+ and helps mitigate risks tied to privileged access misuse or abuse. PAM allows you
107
+ to shift from always-on standing privileges towards on-demand access with just-in-time,
108
+ time-bound, and approval-based access elevations. PAM allows IAM administrators
109
+ to create entitlements that can grant just-in-time, temporary access to any resource
110
+ scope. Requesters can explore eligible entitlements and request the access needed
111
+ for their task. Approvers are notified when approvals await their decision. Streamlined
112
+ workflows facilitated by using PAM can support various use cases, including emergency
113
+ access for incident responders, time-boxed access for developers for critical deployment
114
+ or maintenance, temporary access for operators for data ingestion and audits, JIT
115
+ access to service accounts for automated tasks, and more.
49
116
  test_files: []