Class PrivilegedAccessManagerClient (2.29.0-rc)

This API allows customers to manage temporary, request based privileged access to their resources.

It defines the following resource model:

  • A collection of Entitlement resources. An entitlement allows configuring (among other things):
    • Some kind of privileged access that users can request.
    • A set of users called requesters who can request this access.
    • A maximum duration for which the access can be requested.
    • An optional approval workflow which must be satisfied before access is granted.
  • A collection of Grant resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.

    After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.

Equality

Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection> objects compare equal. Objects that compare equal share the same underlying resources.

Performance

Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.

Thread Safety

Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.

Constructors

PrivilegedAccessManagerClient(PrivilegedAccessManagerClient const &)

Copy and move support

Parameter
Name Description
PrivilegedAccessManagerClient const &

PrivilegedAccessManagerClient(PrivilegedAccessManagerClient &&)

Copy and move support

Parameter
Name Description
PrivilegedAccessManagerClient &&

PrivilegedAccessManagerClient(std::shared_ptr< PrivilegedAccessManagerConnection >, Options)

Parameters
Name Description
connection std::shared_ptr< PrivilegedAccessManagerConnection >
opts Options

Operators

operator=(PrivilegedAccessManagerClient const &)

Copy and move support

Parameter
Name Description
PrivilegedAccessManagerClient const &
Returns
Type Description
PrivilegedAccessManagerClient &

operator=(PrivilegedAccessManagerClient &&)

Copy and move support

Parameter
Name Description
PrivilegedAccessManagerClient &&
Returns
Type Description
PrivilegedAccessManagerClient &

Functions

CheckOnboardingStatus(google::cloud::privilegedaccessmanager::v1::CheckOnboardingStatusRequest const &, Options)

CheckOnboardingStatus reports the onboarding status for a project/folder/organization.

Any findings reported by this API need to be fixed before PAM can be used on the resource.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::CheckOnboardingStatusRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::CheckOnboardingStatusResponse >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.CheckOnboardingStatusResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

ListEntitlements(std::string const &, Options)

Lists entitlements in a given project/folder/organization and location.

Parameters
Name Description
parent std::string const &

Required. The parent which owns the entitlement resources.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::privilegedaccessmanager::v1::Entitlement >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.privilegedaccessmanager.v1.Entitlement, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListEntitlements(google::cloud::privilegedaccessmanager::v1::ListEntitlementsRequest, Options)

Lists entitlements in a given project/folder/organization and location.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::ListEntitlementsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.ListEntitlementsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::privilegedaccessmanager::v1::Entitlement >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.privilegedaccessmanager.v1.Entitlement, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

SearchEntitlements(google::cloud::privilegedaccessmanager::v1::SearchEntitlementsRequest, Options)

SearchEntitlements returns entitlements on which the caller has the specified access.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::SearchEntitlementsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.SearchEntitlementsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::privilegedaccessmanager::v1::Entitlement >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.privilegedaccessmanager.v1.Entitlement, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

GetEntitlement(std::string const &, Options)

Gets details of a single entitlement.

Parameters
Name Description
name std::string const &

Required. Name of the resource.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.Entitlement) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetEntitlement(google::cloud::privilegedaccessmanager::v1::GetEntitlementRequest const &, Options)

Gets details of a single entitlement.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::GetEntitlementRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.GetEntitlementRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.Entitlement) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateEntitlement(std::string const &, google::cloud::privilegedaccessmanager::v1::Entitlement const &, std::string const &, Options)

Creates a new entitlement in a given project/folder/organization and location.

Parameters
Name Description
parent std::string const &

Required. Name of the parent resource for the entitlement. Possible formats:

  • organizations/{organization-number}/locations/{region}
  • folders/{folder-number}/locations/{region}
  • projects/{project-id|project-number}/locations/{region}
entitlement google::cloud::privilegedaccessmanager::v1::Entitlement const &

Required. The resource being created

entitlement_id std::string const &

Required. The ID to use for this entitlement. This becomes the last part of the resource name.
This value should be 4-63 characters in length, and valid characters are "[a-z]", "[0-9]", and "-". The first character should be from [a-z].
This value should be unique among all other entitlements under the specified parent.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.privilegedaccessmanager.v1.Entitlement proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

CreateEntitlement(NoAwaitTag, std::string const &, google::cloud::privilegedaccessmanager::v1::Entitlement const &, std::string const &, Options)

Creates a new entitlement in a given project/folder/organization and location.

Specifying the NoAwaitTag immediately returns the [google::longrunning::Operation] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.

Parameters
Name Description
NoAwaitTag
parent std::string const &
entitlement google::cloud::privilegedaccessmanager::v1::Entitlement const &
entitlement_id std::string const &
opts Options
Returns
Type Description
StatusOr< google::longrunning::Operation >

CreateEntitlement(google::cloud::privilegedaccessmanager::v1::CreateEntitlementRequest const &, Options)

Creates a new entitlement in a given project/folder/organization and location.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::CreateEntitlementRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.CreateEntitlementRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.privilegedaccessmanager.v1.Entitlement proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

CreateEntitlement(NoAwaitTag, google::cloud::privilegedaccessmanager::v1::CreateEntitlementRequest const &, Options)

Creates a new entitlement in a given project/folder/organization and location.

Specifying the NoAwaitTag immediately returns the [google::longrunning::Operation] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.

Parameters
Name Description
NoAwaitTag
request google::cloud::privilegedaccessmanager::v1::CreateEntitlementRequest const &
opts Options
Returns
Type Description
StatusOr< google::longrunning::Operation >

CreateEntitlement(google::longrunning::Operation const &, Options)

Creates a new entitlement in a given project/folder/organization and location.

This method accepts a google::longrunning::Operation that corresponds to a previously started Long Running Operation (LRO) and polls the status of the LRO in the background.

Parameters
Name Description
operation google::longrunning::Operation const &
opts Options
Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

DeleteEntitlement(std::string const &, Options)

Deletes a single entitlement.

This method can only be called when there are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the entitlement.

Parameters
Name Description
name std::string const &

Required. Name of the resource.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.privilegedaccessmanager.v1.Entitlement proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

DeleteEntitlement(NoAwaitTag, std::string const &, Options)

Deletes a single entitlement.

Specifying the NoAwaitTag immediately returns the [google::longrunning::Operation] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.

Parameters
Name Description
NoAwaitTag
name std::string const &
opts Options
Returns
Type Description
StatusOr< google::longrunning::Operation >

DeleteEntitlement(google::cloud::privilegedaccessmanager::v1::DeleteEntitlementRequest const &, Options)

Deletes a single entitlement.

This method can only be called when there are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the entitlement.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::DeleteEntitlementRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.DeleteEntitlementRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.privilegedaccessmanager.v1.Entitlement proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

DeleteEntitlement(NoAwaitTag, google::cloud::privilegedaccessmanager::v1::DeleteEntitlementRequest const &, Options)

Deletes a single entitlement.

Specifying the NoAwaitTag immediately returns the [google::longrunning::Operation] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.

Parameters
Name Description
NoAwaitTag
request google::cloud::privilegedaccessmanager::v1::DeleteEntitlementRequest const &
opts Options
Returns
Type Description
StatusOr< google::longrunning::Operation >

DeleteEntitlement(google::longrunning::Operation const &, Options)

Deletes a single entitlement.

This method accepts a google::longrunning::Operation that corresponds to a previously started Long Running Operation (LRO) and polls the status of the LRO in the background.

Parameters
Name Description
operation google::longrunning::Operation const &
opts Options
Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

UpdateEntitlement(google::cloud::privilegedaccessmanager::v1::Entitlement const &, google::protobuf::FieldMask const &, Options)

Updates the entitlement specified in the request.

Updated fields in the entitlement need to be specified in an update mask. The changes made to an entitlement are applicable only on future grants of the entitlement. However, if new approvers are added or existing approvers are removed from the approval workflow, the changes are effective on existing grants.

The following fields are not supported for updates:

  • All immutable fields
  • Entitlement name
  • Resource name
  • Resource type
  • Adding an approval workflow in an entitlement which previously had no approval workflow.
  • Deleting the approval workflow from an entitlement.
  • Adding or deleting a step in the approval workflow (only one step is supported)

Note that updates are allowed on the list of approvers in an approval workflow step.

Parameters
Name Description
entitlement google::cloud::privilegedaccessmanager::v1::Entitlement const &

Required. The entitlement resource that is updated.

update_mask google::protobuf::FieldMask const &

Required. The list of fields to update. A field is overwritten if, and only if, it is in the mask. Any immutable fields set in the mask are ignored by the server. Repeated fields and map fields are only allowed in the last position of a paths string and overwrite the existing values. Hence an update to a repeated field or a map should contain the entire list of values. The fields specified in the update_mask are relative to the resource and not to the request. (e.g. MaxRequestDuration; notentitlement.MaxRequestDuration) A value of '*' for this field refers to full replacement of the resource.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.privilegedaccessmanager.v1.Entitlement proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

UpdateEntitlement(NoAwaitTag, google::cloud::privilegedaccessmanager::v1::Entitlement const &, google::protobuf::FieldMask const &, Options)

Updates the entitlement specified in the request.

Specifying the NoAwaitTag immediately returns the [google::longrunning::Operation] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.

Parameters
Name Description
NoAwaitTag
entitlement google::cloud::privilegedaccessmanager::v1::Entitlement const &
update_mask google::protobuf::FieldMask const &
opts Options
Returns
Type Description
StatusOr< google::longrunning::Operation >

UpdateEntitlement(google::cloud::privilegedaccessmanager::v1::UpdateEntitlementRequest const &, Options)

Updates the entitlement specified in the request.

Updated fields in the entitlement need to be specified in an update mask. The changes made to an entitlement are applicable only on future grants of the entitlement. However, if new approvers are added or existing approvers are removed from the approval workflow, the changes are effective on existing grants.

The following fields are not supported for updates:

  • All immutable fields
  • Entitlement name
  • Resource name
  • Resource type
  • Adding an approval workflow in an entitlement which previously had no approval workflow.
  • Deleting the approval workflow from an entitlement.
  • Adding or deleting a step in the approval workflow (only one step is supported)

Note that updates are allowed on the list of approvers in an approval workflow step.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::UpdateEntitlementRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.UpdateEntitlementRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.privilegedaccessmanager.v1.Entitlement proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

UpdateEntitlement(NoAwaitTag, google::cloud::privilegedaccessmanager::v1::UpdateEntitlementRequest const &, Options)

Updates the entitlement specified in the request.

Specifying the NoAwaitTag immediately returns the [google::longrunning::Operation] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.

Parameters
Name Description
NoAwaitTag
request google::cloud::privilegedaccessmanager::v1::UpdateEntitlementRequest const &
opts Options
Returns
Type Description
StatusOr< google::longrunning::Operation >

UpdateEntitlement(google::longrunning::Operation const &, Options)

Updates the entitlement specified in the request.

This method accepts a google::longrunning::Operation that corresponds to a previously started Long Running Operation (LRO) and polls the status of the LRO in the background.

Parameters
Name Description
operation google::longrunning::Operation const &
opts Options
Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Entitlement > >

ListGrants(std::string const &, Options)

Lists grants for a given entitlement.

Parameters
Name Description
parent std::string const &

Required. The parent resource which owns the grants.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::privilegedaccessmanager::v1::Grant >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.privilegedaccessmanager.v1.Grant, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListGrants(google::cloud::privilegedaccessmanager::v1::ListGrantsRequest, Options)

Lists grants for a given entitlement.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::ListGrantsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.ListGrantsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::privilegedaccessmanager::v1::Grant >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.privilegedaccessmanager.v1.Grant, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

SearchGrants(google::cloud::privilegedaccessmanager::v1::SearchGrantsRequest, Options)

SearchGrants returns grants that are related to the calling user in the specified way.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::SearchGrantsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.SearchGrantsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::privilegedaccessmanager::v1::Grant >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.privilegedaccessmanager.v1.Grant, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

GetGrant(std::string const &, Options)

Get details of a single grant.

Parameters
Name Description
name std::string const &

Required. Name of the resource.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::Grant >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.Grant) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetGrant(google::cloud::privilegedaccessmanager::v1::GetGrantRequest const &, Options)

Get details of a single grant.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::GetGrantRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.GetGrantRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::Grant >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.Grant) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateGrant(std::string const &, google::cloud::privilegedaccessmanager::v1::Grant const &, Options)

Creates a new grant in a given project and location.

Parameters
Name Description
parent std::string const &

Required. Name of the parent entitlement for which this grant is being requested.

grant google::cloud::privilegedaccessmanager::v1::Grant const &

Required. The resource being created.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::Grant >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.Grant) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateGrant(google::cloud::privilegedaccessmanager::v1::CreateGrantRequest const &, Options)

Creates a new grant in a given project and location.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::CreateGrantRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.CreateGrantRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::Grant >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.Grant) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

ApproveGrant(google::cloud::privilegedaccessmanager::v1::ApproveGrantRequest const &, Options)

ApproveGrant is used to approve a grant.

This method can only be called on a grant when it's in the APPROVAL_AWAITED state. This operation can't be undone.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::ApproveGrantRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.ApproveGrantRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::Grant >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.Grant) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

DenyGrant(google::cloud::privilegedaccessmanager::v1::DenyGrantRequest const &, Options)

DenyGrant is used to deny a grant.

This method can only be called on a grant when it's in the APPROVAL_AWAITED state. This operation can't be undone.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::DenyGrantRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.DenyGrantRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::privilegedaccessmanager::v1::Grant >

the result of the RPC. The response message type (google.cloud.privilegedaccessmanager.v1.Grant) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

RevokeGrant(google::cloud::privilegedaccessmanager::v1::RevokeGrantRequest const &, Options)

RevokeGrant is used to immediately revoke access for a grant.

This method can be called when the grant is in a non-terminal state.

Parameters
Name Description
request google::cloud::privilegedaccessmanager::v1::RevokeGrantRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.privilegedaccessmanager.v1.RevokeGrantRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Grant > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.privilegedaccessmanager.v1.Grant proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

RevokeGrant(NoAwaitTag, google::cloud::privilegedaccessmanager::v1::RevokeGrantRequest const &, Options)

RevokeGrant is used to immediately revoke access for a grant.

Specifying the NoAwaitTag immediately returns the [google::longrunning::Operation] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.

Parameters
Name Description
NoAwaitTag
request google::cloud::privilegedaccessmanager::v1::RevokeGrantRequest const &
opts Options
Returns
Type Description
StatusOr< google::longrunning::Operation >

RevokeGrant(google::longrunning::Operation const &, Options)

RevokeGrant is used to immediately revoke access for a grant.

This method accepts a google::longrunning::Operation that corresponds to a previously started Long Running Operation (LRO) and polls the status of the LRO in the background.

Parameters
Name Description
operation google::longrunning::Operation const &
opts Options
Returns
Type Description
future< StatusOr< google::cloud::privilegedaccessmanager::v1::Grant > >