Summary of entries of Classes for google-cloud-privilegedaccessmanager.
Classes
PrivilegedAccessManagerAsyncClient
This API allows customers to manage temporary, request based privileged access to their resources.
It defines the following resource model:
A collection of
Entitlement
resources. An entitlement allows configuring (among other things):- Some kind of privileged access that users can request.
- A set of users called requesters who can request this access.
- A maximum duration for which the access can be requested.
- An optional approval workflow which must be satisfied before access is granted.
A collection of
Grant
resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.
PrivilegedAccessManagerClient
This API allows customers to manage temporary, request based privileged access to their resources.
It defines the following resource model:
A collection of
Entitlement
resources. An entitlement allows configuring (among other things):- Some kind of privileged access that users can request.
- A set of users called requesters who can request this access.
- A maximum duration for which the access can be requested.
- An optional approval workflow which must be satisfied before access is granted.
A collection of
Grant
resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.
ListEntitlementsAsyncPager
A pager for iterating through list_entitlements
requests.
This class thinly wraps an initial
ListEntitlementsResponse object, and
provides an __aiter__
method to iterate through its
entitlements
field.
If there are more pages, the __aiter__
method will make additional
ListEntitlements
requests and continue to iterate
through the entitlements
field on the
corresponding responses.
All the usual ListEntitlementsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.
ListEntitlementsPager
A pager for iterating through list_entitlements
requests.
This class thinly wraps an initial
ListEntitlementsResponse object, and
provides an __iter__
method to iterate through its
entitlements
field.
If there are more pages, the __iter__
method will make additional
ListEntitlements
requests and continue to iterate
through the entitlements
field on the
corresponding responses.
All the usual ListEntitlementsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.
ListGrantsAsyncPager
A pager for iterating through list_grants
requests.
This class thinly wraps an initial
ListGrantsResponse object, and
provides an __aiter__
method to iterate through its
grants
field.
If there are more pages, the __aiter__
method will make additional
ListGrants
requests and continue to iterate
through the grants
field on the
corresponding responses.
All the usual ListGrantsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.
ListGrantsPager
A pager for iterating through list_grants
requests.
This class thinly wraps an initial
ListGrantsResponse object, and
provides an __iter__
method to iterate through its
grants
field.
If there are more pages, the __iter__
method will make additional
ListGrants
requests and continue to iterate
through the grants
field on the
corresponding responses.
All the usual ListGrantsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.
SearchEntitlementsAsyncPager
A pager for iterating through search_entitlements
requests.
This class thinly wraps an initial
SearchEntitlementsResponse object, and
provides an __aiter__
method to iterate through its
entitlements
field.
If there are more pages, the __aiter__
method will make additional
SearchEntitlements
requests and continue to iterate
through the entitlements
field on the
corresponding responses.
All the usual SearchEntitlementsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.
SearchEntitlementsPager
A pager for iterating through search_entitlements
requests.
This class thinly wraps an initial
SearchEntitlementsResponse object, and
provides an __iter__
method to iterate through its
entitlements
field.
If there are more pages, the __iter__
method will make additional
SearchEntitlements
requests and continue to iterate
through the entitlements
field on the
corresponding responses.
All the usual SearchEntitlementsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.
SearchGrantsAsyncPager
A pager for iterating through search_grants
requests.
This class thinly wraps an initial
SearchGrantsResponse object, and
provides an __aiter__
method to iterate through its
grants
field.
If there are more pages, the __aiter__
method will make additional
SearchGrants
requests and continue to iterate
through the grants
field on the
corresponding responses.
All the usual SearchGrantsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.
SearchGrantsPager
A pager for iterating through search_grants
requests.
This class thinly wraps an initial
SearchGrantsResponse object, and
provides an __iter__
method to iterate through its
grants
field.
If there are more pages, the __iter__
method will make additional
SearchGrants
requests and continue to iterate
through the grants
field on the
corresponding responses.
All the usual SearchGrantsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.
AccessControlEntry
AccessControlEntry
is used to control who can do some operation.
ApprovalWorkflow
Different types of approval workflows that can be used to gate privileged access granting.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
ApproveGrantRequest
Request message for ApproveGrant
method.
CheckOnboardingStatusRequest
Request message for CheckOnboardingStatus
method.
CheckOnboardingStatusResponse
Response message for CheckOnboardingStatus
method.
Finding
Finding represents an issue which prevents PAM from functioning properly for this resource.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
IAMAccessDenied
PAM's service account is being denied access by Cloud IAM. This can be fixed by granting a role that contains the missing permissions to the service account or exempting it from deny policies if they are blocking the access.
CreateEntitlementRequest
Message for creating an entitlement.
CreateGrantRequest
Message for creating a grant
DeleteEntitlementRequest
Message for deleting an entitlement.
DenyGrantRequest
Request message for DenyGrant
method.
Entitlement
An entitlement defines the eligibility of a set of users to obtain predefined access for some time possibly after going through an approval workflow.
AdditionalNotificationTargets
AdditionalNotificationTargets
includes email addresses to be
notified.
RequesterJustificationConfig
Defines how a requester must provide a justification when requesting access.
This message has oneof
_ fields (mutually exclusive fields).
For each oneof, at most one member field can be set at the same time.
Setting any member of the oneof automatically clears all other
members.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
NotMandatory
The justification is not mandatory but can be provided in any of the supported formats.
Unstructured
The requester has to provide a justification in the form of a string.
State
Different states an entitlement can be in.
GetEntitlementRequest
Message for getting an entitlement.
GetGrantRequest
Message for getting a grant.
Grant
A grant represents a request from a user for obtaining the access specified in an entitlement they are eligible for.
AuditTrail
Audit trail for the access provided by this grant.
State
Different states a grant can be in.
Timeline
Timeline of a grant describing what happened to it and when.
Event
A single operation on the grant.
This message has oneof
_ fields (mutually exclusive fields).
For each oneof, at most one member field can be set at the same time.
Setting any member of the oneof automatically clears all other
members.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
Activated
An event representing that the grant was successfully activated.
ActivationFailed
An event representing that the grant activation failed.
Approved
An event representing that the grant was approved.
Denied
An event representing that the grant was denied.
Ended
An event representing that the grant has ended.
Expired
An event representing that the grant was expired.
ExternallyModified
An event representing that the policy bindings made by this grant were modified externally.
Requested
An event representing that a grant was requested.
Revoked
An event representing that the grant was revoked.
Scheduled
An event representing that the grant has been scheduled to be activated later.
Justification
Justification represents a justification for requesting access.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
ListEntitlementsRequest
Message for requesting list of entitlements.
ListEntitlementsResponse
Message for response to listing entitlements.
ListGrantsRequest
Message for requesting list of grants.
ListGrantsResponse
Message for response to listing grants.
ManualApprovals
A manual approval workflow where users who are designated as
approvers need to call the ApproveGrant
/DenyGrant
APIs for a
grant. The workflow can consist of multiple serial steps where each
step defines who can act as approver in that step and how many of
those users should approve before the workflow moves to the next
step.
This can be used to create approval workflows such as:
- Require an approval from any user in a group G.
- Require an approval from any k number of users from a Group G.
- Require an approval from any user in a group G and then from a user U.
A single user might be part of the approvers
ACL for multiple
steps in this workflow, but they can only approve once and that
approval is only considered to satisfy the approval step at which it
was granted.
Step
Step represents a logical step in a manual approval workflow.
OperationMetadata
Represents the metadata of the long-running operation.
PrivilegedAccess
Privileged access that this service can be used to gate.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
GcpIamAccess
GcpIamAccess
represents IAM based access control on a Google
Cloud resource. Refer to https://cloud.google.com/iam/docs to
understand more about IAM.
RoleBinding
IAM role bindings that are created after a successful grant.
RevokeGrantRequest
Request message for RevokeGrant
method.
SearchEntitlementsRequest
Request message for SearchEntitlements
method.
CallerAccessType
Different types of access a user can have on the entitlement resource.
SearchEntitlementsResponse
Response message for SearchEntitlements
method.
SearchGrantsRequest
Request message for SearchGrants
method.
CallerRelationshipType
Different types of relationships a user can have with a grant.
SearchGrantsResponse
Response message for SearchGrants
method.
UpdateEntitlementRequest
Message for updating an entitlement.
Modules
pagers
API documentation for privilegedaccessmanager_v1.services.privileged_access_manager.pagers
module.