Package Classes (1.14.0)

Summary of entries of Classes for accessapproval.

Classes

AccessApprovalAsyncClient

This API allows a customer to manage accesses to cloud resources by Google personnel. It defines the following resource model:

  • The API has a collection of ApprovalRequest resources, named approvalRequests/{approval_request}
  • The API has top-level settings per Project/Folder/Organization, named accessApprovalSettings

The service also periodically emails a list of recipients, defined at the Project/Folder/Organization level in the accessApprovalSettings, when there is a pending ApprovalRequest for them to act on. The ApprovalRequests can also optionally be published to a Pub/Sub topic owned by the customer (contact support if you would like to enable Pub/Sub notifications).

ApprovalRequests can be approved or dismissed. Google personnel can only access the indicated resource or resources if the request is approved (subject to some exclusions: https://cloud.google.com/access-approval/docs/overview#exclusions).

Note: Using Access Approval functionality will mean that Google may not be able to meet the SLAs for your chosen products, as any support response times may be dramatically increased. As such the SLAs do not apply to any service disruption to the extent impacted by Customer's use of Access Approval. Do not enable Access Approval for projects where you may require high service availability and rapid response by Google Cloud Support.

After a request is approved or dismissed, no further action may be taken on it. Requests with the requested_expiration in the past or with no activity for 14 days are considered dismissed. When an approval expires, the request is considered dismissed.

If a request is not approved or dismissed, we call it pending.

AccessApprovalClient

This API allows a customer to manage accesses to cloud resources by Google personnel. It defines the following resource model:

  • The API has a collection of ApprovalRequest resources, named approvalRequests/{approval_request}
  • The API has top-level settings per Project/Folder/Organization, named accessApprovalSettings

The service also periodically emails a list of recipients, defined at the Project/Folder/Organization level in the accessApprovalSettings, when there is a pending ApprovalRequest for them to act on. The ApprovalRequests can also optionally be published to a Pub/Sub topic owned by the customer (contact support if you would like to enable Pub/Sub notifications).

ApprovalRequests can be approved or dismissed. Google personnel can only access the indicated resource or resources if the request is approved (subject to some exclusions: https://cloud.google.com/access-approval/docs/overview#exclusions).

Note: Using Access Approval functionality will mean that Google may not be able to meet the SLAs for your chosen products, as any support response times may be dramatically increased. As such the SLAs do not apply to any service disruption to the extent impacted by Customer's use of Access Approval. Do not enable Access Approval for projects where you may require high service availability and rapid response by Google Cloud Support.

After a request is approved or dismissed, no further action may be taken on it. Requests with the requested_expiration in the past or with no activity for 14 days are considered dismissed. When an approval expires, the request is considered dismissed.

If a request is not approved or dismissed, we call it pending.

ListApprovalRequestsAsyncPager

A pager for iterating through list_approval_requests requests.

This class thinly wraps an initial ListApprovalRequestsResponse object, and provides an __aiter__ method to iterate through its approval_requests field.

If there are more pages, the __aiter__ method will make additional ListApprovalRequests requests and continue to iterate through the approval_requests field on the corresponding responses.

All the usual ListApprovalRequestsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListApprovalRequestsPager

A pager for iterating through list_approval_requests requests.

This class thinly wraps an initial ListApprovalRequestsResponse object, and provides an __iter__ method to iterate through its approval_requests field.

If there are more pages, the __iter__ method will make additional ListApprovalRequests requests and continue to iterate through the approval_requests field on the corresponding responses.

All the usual ListApprovalRequestsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

AccessApprovalServiceAccount

Access Approval service account related to a project/folder/organization.

AccessApprovalSettings

Settings on a Project/Folder/Organization related to Access Approval.

AccessLocations

Home office and physical location of the principal.

AccessReason

Type

Type of access justification.

    -  "Feedback Report: #####"
    -  "Case Number: #####"
    -  "Case ID: #####"
    -  "E-PIN Reference: #####"
    -  "Google-#####"
    -  "T-#####".
GOOGLE_INITIATED_SERVICE (2):
    The principal accessed customer data in order
    to diagnose or resolve a suspected issue in
    services. Often this access is used to confirm
    that customers are not affected by a suspected
    service issue or to remediate a reversible
    system issue.
GOOGLE_INITIATED_REVIEW (3):
    Google initiated service for security, fraud,
    abuse, or compliance purposes.
THIRD_PARTY_DATA_REQUEST (4):
    The principal was compelled to access
    customer data in order to respond to a legal
    third party data request or process, including
    legal processes from customers themselves.
GOOGLE_RESPONSE_TO_PRODUCTION_ALERT (5):
    The principal accessed customer data in order
    to diagnose or resolve a suspected issue in
    services or a known outage.

ApprovalRequest

A request for the customer to approve access to a resource.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

ApproveApprovalRequestMessage

Request to approve an ApprovalRequest.

ApproveDecision

A decision that has been made to approve access to a resource.

DeleteAccessApprovalSettingsMessage

Request to delete access approval settings.

DismissApprovalRequestMessage

Request to dismiss an approval request.

DismissDecision

A decision that has been made to dismiss an approval request.

EnrolledService

Represents the enrollment of a cloud resource into a specific service.

EnrollmentLevel

Represents the type of enrollment for a given service to Access Approval.

GetAccessApprovalServiceAccountMessage

Request to get an Access Approval service account.

GetAccessApprovalSettingsMessage

Request to get access approval settings.

GetApprovalRequestMessage

Request to get an approval request.

InvalidateApprovalRequestMessage

Request to invalidate an existing approval.

ListApprovalRequestsMessage

Request to list approval requests.

ListApprovalRequestsResponse

Response to listing of ApprovalRequest objects.

ResourceProperties

The properties associated with the resource of the request.

SignatureInfo

Information about the digital signature of the resource.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

UpdateAccessApprovalSettingsMessage

Request to update access approval settings.

Modules

pagers

API documentation for accessapproval_v1.services.access_approval.pagers module.