Access Approval API v1 - Package cloud.google.com/go/accessapproval/apiv1 (v1.7.6)

Package accessapproval is an auto-generated package for the Access Approval API.

An API for controlling access to data by Google personnel.

General documentation

For information that is relevant for all client libraries please reference https://pkg.go.dev/cloud.google.com/go#pkg-overview. Some information on this page includes:

Example usage

To get started with this package, create a client.

ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := accessapproval.NewClient(ctx)
if err != nil {
    // TODO: Handle error.
}
defer c.Close()

The client will use your default application credentials. Clients should be reused instead of created as needed. The methods of Client are safe for concurrent use by multiple goroutines. The returned client must be Closed when it is done being used.

Using the Client

The following is an example of making an API call with the newly created client.

ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := accessapproval.NewClient(ctx)
if err != nil {
    // TODO: Handle error.
}
defer c.Close()

req := &accessapprovalpb.ApproveApprovalRequestMessage{
    // TODO: Fill request struct fields.
    // See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#ApproveApprovalRequestMessage.
}
resp, err := c.ApproveApprovalRequest(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

Use of Context

The ctx passed to NewClient is used for authentication requests and for creating the underlying connection, but is not used for subsequent calls. Individual methods on the client use the ctx given to them.

To close the open connection, use the Close() method.

Functions

func DefaultAuthScopes

func DefaultAuthScopes() []string

DefaultAuthScopes reports the default set of authentication scopes to use with this package.

ApprovalRequestIterator

type ApprovalRequestIterator struct {

	// Response is the raw response for the current page.
	// It must be cast to the RPC response type.
	// Calling Next() or InternalFetch() updates this value.
	Response interface{}

	// InternalFetch is for use by the Google Cloud Libraries only.
	// It is not part of the stable interface of this package.
	//
	// InternalFetch returns results from a single call to the underlying RPC.
	// The number of results is no greater than pageSize.
	// If there are no more results, nextPageToken is empty and err is nil.
	InternalFetch func(pageSize int, pageToken string) (results []*accessapprovalpb.ApprovalRequest, nextPageToken string, err error)
	// contains filtered or unexported fields
}

ApprovalRequestIterator manages a stream of *accessapprovalpb.ApprovalRequest.

func (*ApprovalRequestIterator) Next

Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

func (*ApprovalRequestIterator) PageInfo

func (it *ApprovalRequestIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See the google.golang.org/api/iterator package for details.

CallOptions

type CallOptions struct {
	ListApprovalRequests            []gax.CallOption
	GetApprovalRequest              []gax.CallOption
	ApproveApprovalRequest          []gax.CallOption
	DismissApprovalRequest          []gax.CallOption
	InvalidateApprovalRequest       []gax.CallOption
	GetAccessApprovalSettings       []gax.CallOption
	UpdateAccessApprovalSettings    []gax.CallOption
	DeleteAccessApprovalSettings    []gax.CallOption
	GetAccessApprovalServiceAccount []gax.CallOption
}

CallOptions contains the retry settings for each method of Client.

Client

type Client struct {

	// The call options for this service.
	CallOptions *CallOptions
	// contains filtered or unexported fields
}

Client is a client for interacting with Access Approval API. Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

This API allows a customer to manage accesses to cloud resources by Google personnel. It defines the following resource model:

The API has a collection of
ApprovalRequest
resources, named approvalRequests/{approval_request}

The API has top-level settings per Project/Folder/Organization, named
accessApprovalSettings

The service also periodically emails a list of recipients, defined at the Project/Folder/Organization level in the accessApprovalSettings, when there is a pending ApprovalRequest for them to act on. The ApprovalRequests can also optionally be published to a Pub/Sub topic owned by the customer (contact support if you would like to enable Pub/Sub notifications).

ApprovalRequests can be approved or dismissed. Google personnel can only access the indicated resource or resources if the request is approved (subject to some exclusions: https://cloud.google.com/access-approval/docs/overview#exclusions (at https://cloud.google.com/access-approval/docs/overview#exclusions)).

Note: Using Access Approval functionality will mean that Google may not be able to meet the SLAs for your chosen products, as any support response times may be dramatically increased. As such the SLAs do not apply to any service disruption to the extent impacted by Customer’s use of Access Approval. Do not enable Access Approval for projects where you may require high service availability and rapid response by Google Cloud Support.

After a request is approved or dismissed, no further action may be taken on it. Requests with the requested_expiration in the past or with no activity for 14 days are considered dismissed. When an approval expires, the request is considered dismissed.

If a request is not approved or dismissed, we call it pending.

func NewClient

func NewClient(ctx context.Context, opts ...option.ClientOption) (*Client, error)

NewClient creates a new access approval client based on gRPC. The returned client must be Closed when it is done being used to clean up its underlying connections.

This API allows a customer to manage accesses to cloud resources by Google personnel. It defines the following resource model:

The API has a collection of
ApprovalRequest
resources, named approvalRequests/{approval_request}

The API has top-level settings per Project/Folder/Organization, named
accessApprovalSettings

The service also periodically emails a list of recipients, defined at the Project/Folder/Organization level in the accessApprovalSettings, when there is a pending ApprovalRequest for them to act on. The ApprovalRequests can also optionally be published to a Pub/Sub topic owned by the customer (contact support if you would like to enable Pub/Sub notifications).

ApprovalRequests can be approved or dismissed. Google personnel can only access the indicated resource or resources if the request is approved (subject to some exclusions: https://cloud.google.com/access-approval/docs/overview#exclusions (at https://cloud.google.com/access-approval/docs/overview#exclusions)).

Note: Using Access Approval functionality will mean that Google may not be able to meet the SLAs for your chosen products, as any support response times may be dramatically increased. As such the SLAs do not apply to any service disruption to the extent impacted by Customer’s use of Access Approval. Do not enable Access Approval for projects where you may require high service availability and rapid response by Google Cloud Support.

After a request is approved or dismissed, no further action may be taken on it. Requests with the requested_expiration in the past or with no activity for 14 days are considered dismissed. When an approval expires, the request is considered dismissed.

If a request is not approved or dismissed, we call it pending.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	// TODO: Use client.
	_ = c
}

func NewRESTClient

func NewRESTClient(ctx context.Context, opts ...option.ClientOption) (*Client, error)

NewRESTClient creates a new access approval rest client.

This API allows a customer to manage accesses to cloud resources by Google personnel. It defines the following resource model:

The API has a collection of
ApprovalRequest
resources, named approvalRequests/{approval_request}

The API has top-level settings per Project/Folder/Organization, named
accessApprovalSettings

The service also periodically emails a list of recipients, defined at the Project/Folder/Organization level in the accessApprovalSettings, when there is a pending ApprovalRequest for them to act on. The ApprovalRequests can also optionally be published to a Pub/Sub topic owned by the customer (contact support if you would like to enable Pub/Sub notifications).

ApprovalRequests can be approved or dismissed. Google personnel can only access the indicated resource or resources if the request is approved (subject to some exclusions: https://cloud.google.com/access-approval/docs/overview#exclusions (at https://cloud.google.com/access-approval/docs/overview#exclusions)).

Note: Using Access Approval functionality will mean that Google may not be able to meet the SLAs for your chosen products, as any support response times may be dramatically increased. As such the SLAs do not apply to any service disruption to the extent impacted by Customer’s use of Access Approval. Do not enable Access Approval for projects where you may require high service availability and rapid response by Google Cloud Support.

After a request is approved or dismissed, no further action may be taken on it. Requests with the requested_expiration in the past or with no activity for 14 days are considered dismissed. When an approval expires, the request is considered dismissed.

If a request is not approved or dismissed, we call it pending.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewRESTClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	// TODO: Use client.
	_ = c
}

func (*Client) ApproveApprovalRequest

ApproveApprovalRequest approves a request and returns the updated ApprovalRequest.

Returns NOT_FOUND if the request does not exist. Returns FAILED_PRECONDITION if the request exists but is not in a pending state.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.ApproveApprovalRequestMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#ApproveApprovalRequestMessage.
	}
	resp, err := c.ApproveApprovalRequest(ctx, req)
	if err != nil {
		// TODO: Handle error.
	}
	// TODO: Use resp.
	_ = resp
}

func (*Client) Close

func (c *Client) Close() error

Close closes the connection to the API service. The user should invoke this when the client is no longer required.

func (*Client) Connection (deprecated)

func (c *Client) Connection() *grpc.ClientConn

Connection returns a connection to the API service.

Deprecated: Connections are now pooled so this method does not always return the same resource.

func (*Client) DeleteAccessApprovalSettings

func (c *Client) DeleteAccessApprovalSettings(ctx context.Context, req *accessapprovalpb.DeleteAccessApprovalSettingsMessage, opts ...gax.CallOption) error

DeleteAccessApprovalSettings deletes the settings associated with a project, folder, or organization. This will have the effect of disabling Access Approval for the project, folder, or organization, but only if all ancestors also have Access Approval disabled. If Access Approval is enabled at a higher level of the hierarchy, then Access Approval will still be enabled at this level as the settings are inherited.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.DeleteAccessApprovalSettingsMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#DeleteAccessApprovalSettingsMessage.
	}
	err = c.DeleteAccessApprovalSettings(ctx, req)
	if err != nil {
		// TODO: Handle error.
	}
}

func (*Client) DismissApprovalRequest

DismissApprovalRequest dismisses a request. Returns the updated ApprovalRequest.

NOTE: This does not deny access to the resource if another request has been made and approved. It is equivalent in effect to ignoring the request altogether.

Returns NOT_FOUND if the request does not exist.

Returns FAILED_PRECONDITION if the request exists but is not in a pending state.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.DismissApprovalRequestMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#DismissApprovalRequestMessage.
	}
	resp, err := c.DismissApprovalRequest(ctx, req)
	if err != nil {
		// TODO: Handle error.
	}
	// TODO: Use resp.
	_ = resp
}

func (*Client) GetAccessApprovalServiceAccount

GetAccessApprovalServiceAccount retrieves the service account that is used by Access Approval to access KMS keys for signing approved approval requests.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.GetAccessApprovalServiceAccountMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#GetAccessApprovalServiceAccountMessage.
	}
	resp, err := c.GetAccessApprovalServiceAccount(ctx, req)
	if err != nil {
		// TODO: Handle error.
	}
	// TODO: Use resp.
	_ = resp
}

func (*Client) GetAccessApprovalSettings

GetAccessApprovalSettings gets the settings associated with a project, folder, or organization.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.GetAccessApprovalSettingsMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#GetAccessApprovalSettingsMessage.
	}
	resp, err := c.GetAccessApprovalSettings(ctx, req)
	if err != nil {
		// TODO: Handle error.
	}
	// TODO: Use resp.
	_ = resp
}

func (*Client) GetApprovalRequest

GetApprovalRequest gets an approval request. Returns NOT_FOUND if the request does not exist.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.GetApprovalRequestMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#GetApprovalRequestMessage.
	}
	resp, err := c.GetApprovalRequest(ctx, req)
	if err != nil {
		// TODO: Handle error.
	}
	// TODO: Use resp.
	_ = resp
}

func (*Client) InvalidateApprovalRequest

InvalidateApprovalRequest invalidates an existing ApprovalRequest. Returns the updated ApprovalRequest.

NOTE: This does not deny access to the resource if another request has been made and approved. It only invalidates a single approval.

Returns FAILED_PRECONDITION if the request exists but is not in an approved state.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.InvalidateApprovalRequestMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#InvalidateApprovalRequestMessage.
	}
	resp, err := c.InvalidateApprovalRequest(ctx, req)
	if err != nil {
		// TODO: Handle error.
	}
	// TODO: Use resp.
	_ = resp
}

func (*Client) ListApprovalRequests

ListApprovalRequests lists approval requests associated with a project, folder, or organization. Approval requests can be filtered by state (pending, active, dismissed). The order is reverse chronological.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
	"google.golang.org/api/iterator"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.ListApprovalRequestsMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#ListApprovalRequestsMessage.
	}
	it := c.ListApprovalRequests(ctx, req)
	for {
		resp, err := it.Next()
		if err == iterator.Done {
			break
		}
		if err != nil {
			// TODO: Handle error.
		}
		// TODO: Use resp.
		_ = resp
	}
}

func (*Client) UpdateAccessApprovalSettings

UpdateAccessApprovalSettings updates the settings associated with a project, folder, or organization. Settings to update are determined by the value of field_mask.

Example

package main

import (
	"context"

	accessapproval "cloud.google.com/go/accessapproval/apiv1"
	accessapprovalpb "cloud.google.com/go/accessapproval/apiv1/accessapprovalpb"
)

func main() {
	ctx := context.Background()
	// This snippet has been automatically generated and should be regarded as a code template only.
	// It will require modifications to work:
	// - It may require correct/in-range values for request initialization.
	// - It may require specifying regional endpoints when creating the service client as shown in:
	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
	c, err := accessapproval.NewClient(ctx)
	if err != nil {
		// TODO: Handle error.
	}
	defer c.Close()

	req := &accessapprovalpb.UpdateAccessApprovalSettingsMessage{
		// TODO: Fill request struct fields.
		// See https://pkg.go.dev/cloud.google.com/go/accessapproval/apiv1/accessapprovalpb#UpdateAccessApprovalSettingsMessage.
	}
	resp, err := c.UpdateAccessApprovalSettings(ctx, req)
	if err != nil {
		// TODO: Handle error.
	}
	// TODO: Use resp.
	_ = resp
}