AccessApprovalClient(
transport=None,
channel=None,
credentials=None,
client_config=None,
client_info=None,
client_options=None,
)
This API allows a customer to manage accesses to cloud resources by Google personnel. It defines the following resource model:
- The API has a collection of
ApprovalRequest
resources, namedapprovalRequests/{approval_request_id}
- The API has top-level settings per Project/Folder/Organization, named
accessApprovalSettings
The service also periodically emails a list of recipients, defined at the Project/Folder/Organization level in the accessApprovalSettings, when there is a pending ApprovalRequest for them to act on. The ApprovalRequests can also optionally be published to a Cloud Pub/Sub topic owned by the customer (for Beta, the Pub/Sub setup is managed manually).
ApprovalRequests can be approved or dismissed. Google personel can only access the indicated resource or resources if the request is approved (subject to some exclusions: https://cloud.google.com/access-approval/docs/overview#exclusions).
Note: Using Access Approval functionality will mean that Google may not be able to meet the SLAs for your chosen products, as any support response times may be dramatically increased. As such the SLAs do not apply to any service disruption to the extent impacted by Customer's use of Access Approval. Do not enable Access Approval for projects where you may require high service availability and rapid response by Google Cloud Support.
After a request is approved or dismissed, no further action may be taken on it. Requests with the requested_expiration in the past or with no activity for 14 days are considered dismissed. When an approval expires, the request is considered dismissed.
If a request is not approved or dismissed, we call it pending.
Methods
AccessApprovalClient
AccessApprovalClient(
transport=None,
channel=None,
credentials=None,
client_config=None,
client_info=None,
client_options=None,
)
Constructor.
Name | Description |
channel |
grpc.Channel
DEPRECATED. A |
credentials |
google.auth.credentials.Credentials
The authorization credentials to attach to requests. These credentials identify this application to the service. If none are specified, the client will attempt to ascertain the credentials from the environment. This argument is mutually exclusive with providing a transport instance to |
client_config |
dict
DEPRECATED. A dictionary of call options for each method. If not specified, the default configuration is used. |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
client_options |
Union[dict, google.api_core.client_options.ClientOptions]
Client options used to set user options on the client. API Endpoint should be set through client_options. |
approve_approval_request
approve_approval_request(name=None, expire_time=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Approves a request and returns the updated ApprovalRequest.
Returns NOT_FOUND if the request does not exist. Returns FAILED_PRECONDITION if the request exists but is not in a pending state.
.. rubric:: Example
from google.cloud import accessapproval_v1
client = accessapproval_v1.AccessApprovalClient()
response = client.approve_approval_request()
Name | Description |
name |
str
Name of the approval request to approve. |
expire_time |
Union[dict, Timestamp]
The expiration time of this approval. If a dict is provided, it must be of the same form as the protobuf message Timestamp |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
delete_access_approval_settings
delete_access_approval_settings(name=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Deletes the settings associated with a project, folder, or organization. This will have the effect of disabling Access Approval for the project, folder, or organization, but only if all ancestors also have Access Approval disabled. If Access Approval is enabled at a higher level of the hierarchy, then Access Approval will still be enabled at this level as the settings are inherited.
.. rubric:: Example
from google.cloud import accessapproval_v1
client = accessapproval_v1.AccessApprovalClient()
client.delete_access_approval_settings()
Name | Description |
name |
str
Name of the AccessApprovalSettings to delete. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
dismiss_approval_request
dismiss_approval_request(name=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Dismisses a request. Returns the updated ApprovalRequest.
NOTE: This does not deny access to the resource if another request has been made and approved. It is equivalent in effect to ignoring the request altogether.
Returns NOT_FOUND if the request does not exist.
Returns FAILED_PRECONDITION if the request exists but is not in a pending state.
.. rubric:: Example
from google.cloud import accessapproval_v1
client = accessapproval_v1.AccessApprovalClient()
response = client.dismiss_approval_request()
Name | Description |
name |
str
Name of the ApprovalRequest to dismiss. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
from_service_account_file
from_service_account_file(filename, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
AccessApprovalClient | The constructed client. |
from_service_account_json
from_service_account_json(filename, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
AccessApprovalClient | The constructed client. |
get_access_approval_settings
get_access_approval_settings(name=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Gets the settings associated with a project, folder, or organization.
.. rubric:: Example
from google.cloud import accessapproval_v1
client = accessapproval_v1.AccessApprovalClient()
response = client.get_access_approval_settings()
Name | Description |
name |
str
Name of the AccessApprovalSettings to retrieve. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
get_approval_request
get_approval_request(name=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Gets an approval request. Returns NOT_FOUND if the request does not exist.
.. rubric:: Example
from google.cloud import accessapproval_v1
client = accessapproval_v1.AccessApprovalClient()
response = client.get_approval_request()
Name | Description |
name |
str
Name of the approval request to retrieve. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
list_approval_requests
list_approval_requests(parent=None, filter_=None, page_size=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Lists approval requests associated with a project, folder, or organization. Approval requests can be filtered by state (pending, active, dismissed). The order is reverse chronological.
.. rubric:: Example
from google.cloud import accessapproval_v1
client = accessapproval_v1.AccessApprovalClient()
Iterate over all results
for element in client.list_approval_requests(): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_approval_requests().pages: ... for element in page: ... # process element ... pass
Name | Description |
parent |
str
The parent resource. This may be "projects/{project_id}", "folders/{folder_id}", or "organizations/{organization_id}". |
filter_ |
str
A filter on the type of approval requests to retrieve. Must be one of the following values: .. raw:: html
|
page_size |
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
update_access_approval_settings
update_access_approval_settings(settings=None, update_mask=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Updates the settings associated with a project, folder, or organization. Settings to update are determined by the value of field_mask.
.. rubric:: Example
from google.cloud import accessapproval_v1
client = accessapproval_v1.AccessApprovalClient()
response = client.update_access_approval_settings()
Name | Description |
settings |
Union[dict, AccessApprovalSettings]
The new AccessApprovalSettings. If a dict is provided, it must be of the same form as the protobuf message AccessApprovalSettings |
update_mask |
Union[dict, FieldMask]
The update mask applies to the settings. Only the top level fields of AccessApprovalSettings (notification_emails & enrolled_services) are supported. For each field, if it is included, the currently stored value will be entirely overwritten with the value of the field passed in this request. For the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |