Privileged Access Manager V1 API - Class Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client (v0.1.0)

Reference documentation and code samples for the Privileged Access Manager V1 API class Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.

Client for the PrivilegedAccessManager service.

This API allows customers to manage temporary, request based privileged access to their resources.

It defines the following resource model:

  • A collection of Entitlement resources. An entitlement allows configuring (among other things):

    • Some kind of privileged access that users can request.
    • A set of users called requesters who can request this access.
    • A maximum duration for which the access can be requested.
    • An optional approval workflow which must be satisfied before access is granted.
  • A collection of Grant resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.

After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.

Inherits

  • Object

Methods

.configure

def self.configure() { |config| ... } -> Client::Configuration

Configure the PrivilegedAccessManager Client class.

See Configuration for a description of the configuration fields.

Yields
  • (config) — Configure the Client client.
Yield Parameter
Example
# Modify the configuration for all PrivilegedAccessManager clients
::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.configure do |config|
  config.timeout = 10.0
end

#approve_grant

def approve_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
def approve_grant(name: nil, reason: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant

ApproveGrant is used to approve a grant. This method can only be called on a grant when it's in the APPROVAL_AWAITED state. This operation can't be undone.

Overloads
def approve_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Pass arguments to approve_grant via a request object, either of type ApproveGrantRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def approve_grant(name: nil, reason: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Pass arguments to approve_grant via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • name (::String) — Required. Name of the grant resource which is being approved.
  • reason (::String) — Optional. The reason for approving this grant. This is required if the require_approver_justification field of the ManualApprovals workflow used in this grant is true.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest.new

# Call the approve_grant method.
result = client.approve_grant request

# The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant.
p result

#check_onboarding_status

def check_onboarding_status(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
def check_onboarding_status(parent: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse

CheckOnboardingStatus reports the onboarding status for a project/folder/organization. Any findings reported by this API need to be fixed before PAM can be used on the resource.

Overloads
def check_onboarding_status(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
Pass arguments to check_onboarding_status via a request object, either of type CheckOnboardingStatusRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def check_onboarding_status(parent: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
Pass arguments to check_onboarding_status via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameter
  • parent (::String) —

    Required. The resource for which the onboarding status should be checked. Should be in one of the following formats:

    • projects/{project-number|project-id}/locations/{region}
    • folders/{folder-number}/locations/{region}
    • organizations/{organization-number}/locations/{region}
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest.new

# Call the check_onboarding_status method.
result = client.check_onboarding_status request

# The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse.
p result

#configure

def configure() { |config| ... } -> Client::Configuration

Configure the PrivilegedAccessManager Client instance.

The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on Client.configure.

See Configuration for a description of the configuration fields.

Yields
  • (config) — Configure the Client client.
Yield Parameter

#create_entitlement

def create_entitlement(request, options = nil) -> ::Gapic::Operation
def create_entitlement(parent: nil, entitlement_id: nil, entitlement: nil, request_id: nil) -> ::Gapic::Operation

Creates a new entitlement in a given project/folder/organization and location.

Overloads
def create_entitlement(request, options = nil) -> ::Gapic::Operation
Pass arguments to create_entitlement via a request object, either of type CreateEntitlementRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def create_entitlement(parent: nil, entitlement_id: nil, entitlement: nil, request_id: nil) -> ::Gapic::Operation
Pass arguments to create_entitlement via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • parent (::String) —

    Required. Name of the parent resource for the entitlement. Possible formats:

    • organizations/{organization-number}/locations/{region}
    • folders/{folder-number}/locations/{region}
    • projects/{project-id|project-number}/locations/{region}
  • entitlement_id (::String) — Required. The ID to use for this entitlement. This becomes the last part of the resource name.

    This value should be 4-63 characters in length, and valid characters are "[a-z]", "[0-9]", and "-". The first character should be from [a-z].

    This value should be unique among all other entitlements under the specified parent.

  • entitlement (::Google::Cloud::PrivilegedAccessManager::V1::Entitlement, ::Hash) — Required. The resource being created
  • request_id (::String) — Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server knows to ignore the request if it has already been completed. The server guarantees this for at least 60 minutes after the first request.

    For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, ignores the second request and returns the previous operation's response. This prevents clients from accidentally creating duplicate commitments.

    The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
  • response (::Gapic::Operation)
  • operation (::GRPC::ActiveCall::Operation)
Returns
  • (::Gapic::Operation)
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest.new

# Call the create_entitlement method.
result = client.create_entitlement request

# The returned object is of type Gapic::Operation. You can use it to
# check the status of an operation, cancel it, or wait for results.
# Here is how to wait for a response.
result.wait_until_done! timeout: 60
if result.response?
  p result.response
else
  puts "No response received."
end

#create_grant

def create_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
def create_grant(parent: nil, grant: nil, request_id: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant

Creates a new grant in a given project and location.

Overloads
def create_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Pass arguments to create_grant via a request object, either of type CreateGrantRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def create_grant(parent: nil, grant: nil, request_id: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Pass arguments to create_grant via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • parent (::String) — Required. Name of the parent entitlement for which this grant is being requested.
  • grant (::Google::Cloud::PrivilegedAccessManager::V1::Grant, ::Hash) — Required. The resource being created.
  • request_id (::String) — Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server knows to ignore the request if it has already been completed. The server guarantees this for at least 60 minutes after the first request.

    For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, ignores the second request. This prevents clients from accidentally creating duplicate commitments.

    The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest.new

# Call the create_grant method.
result = client.create_grant request

# The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant.
p result

#delete_entitlement

def delete_entitlement(request, options = nil) -> ::Gapic::Operation
def delete_entitlement(name: nil, request_id: nil, force: nil) -> ::Gapic::Operation

Deletes a single entitlement. This method can only be called when there are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the entitlement.

Overloads
def delete_entitlement(request, options = nil) -> ::Gapic::Operation
Pass arguments to delete_entitlement via a request object, either of type DeleteEntitlementRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def delete_entitlement(name: nil, request_id: nil, force: nil) -> ::Gapic::Operation
Pass arguments to delete_entitlement via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • name (::String) — Required. Name of the resource.
  • request_id (::String) — Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server knows to ignore the request if it has already been completed. The server guarantees this for at least 60 minutes after the first request.

    For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, ignores the second request. This prevents clients from accidentally creating duplicate commitments.

    The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

  • force (::Boolean) — Optional. If set to true, any child grant under this entitlement is also deleted. (Otherwise, the request only works if the entitlement has no child grant.)
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
  • response (::Gapic::Operation)
  • operation (::GRPC::ActiveCall::Operation)
Returns
  • (::Gapic::Operation)
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest.new

# Call the delete_entitlement method.
result = client.delete_entitlement request

# The returned object is of type Gapic::Operation. You can use it to
# check the status of an operation, cancel it, or wait for results.
# Here is how to wait for a response.
result.wait_until_done! timeout: 60
if result.response?
  p result.response
else
  puts "No response received."
end

#deny_grant

def deny_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
def deny_grant(name: nil, reason: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant

DenyGrant is used to deny a grant. This method can only be called on a grant when it's in the APPROVAL_AWAITED state. This operation can't be undone.

Overloads
def deny_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Pass arguments to deny_grant via a request object, either of type DenyGrantRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def deny_grant(name: nil, reason: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Pass arguments to deny_grant via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • name (::String) — Required. Name of the grant resource which is being denied.
  • reason (::String) — Optional. The reason for denying this grant. This is required if require_approver_justification field of the ManualApprovals workflow used in this grant is true.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest.new

# Call the deny_grant method.
result = client.deny_grant request

# The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant.
p result

#get_entitlement

def get_entitlement(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
def get_entitlement(name: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement

Gets details of a single entitlement.

Overloads
def get_entitlement(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
Pass arguments to get_entitlement via a request object, either of type GetEntitlementRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def get_entitlement(name: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
Pass arguments to get_entitlement via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameter
  • name (::String) — Required. Name of the resource.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest.new

# Call the get_entitlement method.
result = client.get_entitlement request

# The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Entitlement.
p result

#get_grant

def get_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
def get_grant(name: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant

Get details of a single grant.

Overloads
def get_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Pass arguments to get_grant via a request object, either of type GetGrantRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def get_grant(name: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Pass arguments to get_grant via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameter
  • name (::String) — Required. Name of the resource.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest.new

# Call the get_grant method.
result = client.get_grant request

# The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant.
p result

#initialize

def initialize() { |config| ... } -> Client

Create a new PrivilegedAccessManager client object.

Yields
  • (config) — Configure the PrivilegedAccessManager client.
Yield Parameter
Returns
  • (Client) — a new instance of Client
Example
# Create a client using the default configuration
client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a client using a custom configuration
client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new do |config|
  config.timeout = 10.0
end

#list_entitlements

def list_entitlements(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
def list_entitlements(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>

Lists entitlements in a given project/folder/organization and location.

Overloads
def list_entitlements(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
Pass arguments to list_entitlements via a request object, either of type ListEntitlementsRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def list_entitlements(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
Pass arguments to list_entitlements via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • parent (::String) — Required. The parent which owns the entitlement resources.
  • page_size (::Integer) — Optional. Requested page size. Server may return fewer items than requested. If unspecified, the server picks an appropriate default.
  • page_token (::String) — Optional. A token identifying a page of results the server should return.
  • filter (::String) — Optional. Filtering results.
  • order_by (::String) — Optional. Hint for how to order the results.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Returns
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest.new

# Call the list_entitlements method.
result = client.list_entitlements request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement.
  p item
end

#list_grants

def list_grants(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
def list_grants(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>

Lists grants for a given entitlement.

Overloads
def list_grants(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
Pass arguments to list_grants via a request object, either of type ListGrantsRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def list_grants(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
Pass arguments to list_grants via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • parent (::String) — Required. The parent resource which owns the grants.
  • page_size (::Integer) — Optional. Requested page size. The server may return fewer items than requested. If unspecified, the server picks an appropriate default.
  • page_token (::String) — Optional. A token identifying a page of results the server should return.
  • filter (::String) — Optional. Filtering results.
  • order_by (::String) — Optional. Hint for how to order the results
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Returns
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest.new

# Call the list_grants method.
result = client.list_grants request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Grant.
  p item
end

#location_client

def location_client() -> Google::Cloud::Location::Locations::Client

Get the associated client for mix-in of the Locations.

Returns
  • (Google::Cloud::Location::Locations::Client)

#operations_client

def operations_client() -> ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Operations

Get the associated client for long-running operations.

#revoke_grant

def revoke_grant(request, options = nil) -> ::Gapic::Operation
def revoke_grant(name: nil, reason: nil) -> ::Gapic::Operation

RevokeGrant is used to immediately revoke access for a grant. This method can be called when the grant is in a non-terminal state.

Overloads
def revoke_grant(request, options = nil) -> ::Gapic::Operation
Pass arguments to revoke_grant via a request object, either of type RevokeGrantRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def revoke_grant(name: nil, reason: nil) -> ::Gapic::Operation
Pass arguments to revoke_grant via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • name (::String) — Required. Name of the grant resource which is being revoked.
  • reason (::String) — Optional. The reason for revoking this grant.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
  • response (::Gapic::Operation)
  • operation (::GRPC::ActiveCall::Operation)
Returns
  • (::Gapic::Operation)
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest.new

# Call the revoke_grant method.
result = client.revoke_grant request

# The returned object is of type Gapic::Operation. You can use it to
# check the status of an operation, cancel it, or wait for results.
# Here is how to wait for a response.
result.wait_until_done! timeout: 60
if result.response?
  p result.response
else
  puts "No response received."
end

#search_entitlements

def search_entitlements(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
def search_entitlements(parent: nil, caller_access_type: nil, filter: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>

SearchEntitlements returns entitlements on which the caller has the specified access.

Overloads
def search_entitlements(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
Pass arguments to search_entitlements via a request object, either of type SearchEntitlementsRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def search_entitlements(parent: nil, caller_access_type: nil, filter: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
Pass arguments to search_entitlements via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • parent (::String) — Required. The parent which owns the entitlement resources.
  • caller_access_type (::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest::CallerAccessType) — Required. Only entitlements where the calling user has this access are returned.
  • filter (::String) — Optional. Only entitlements matching this filter are returned in the response.
  • page_size (::Integer) — Optional. Requested page size. The server may return fewer items than requested. If unspecified, the server picks an appropriate default.
  • page_token (::String) — Optional. A token identifying a page of results the server should return.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Returns
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest.new

# Call the search_entitlements method.
result = client.search_entitlements request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement.
  p item
end

#search_grants

def search_grants(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
def search_grants(parent: nil, caller_relationship: nil, filter: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>

SearchGrants returns grants that are related to the calling user in the specified way.

Overloads
def search_grants(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
Pass arguments to search_grants via a request object, either of type SearchGrantsRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def search_grants(parent: nil, caller_relationship: nil, filter: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
Pass arguments to search_grants via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • parent (::String) — Required. The parent which owns the grant resources.
  • caller_relationship (::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest::CallerRelationshipType) — Required. Only grants which the caller is related to by this relationship are returned in the response.
  • filter (::String) — Optional. Only grants matching this filter are returned in the response.
  • page_size (::Integer) — Optional. Requested page size. The server may return fewer items than requested. If unspecified, server picks an appropriate default.
  • page_token (::String) — Optional. A token identifying a page of results the server should return.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Returns
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest.new

# Call the search_grants method.
result = client.search_grants request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Grant.
  p item
end

#universe_domain

def universe_domain() -> String

The effective universe domain

Returns
  • (String)

#update_entitlement

def update_entitlement(request, options = nil) -> ::Gapic::Operation
def update_entitlement(entitlement: nil, update_mask: nil) -> ::Gapic::Operation

Updates the entitlement specified in the request. Updated fields in the entitlement need to be specified in an update mask. The changes made to an entitlement are applicable only on future grants of the entitlement. However, if new approvers are added or existing approvers are removed from the approval workflow, the changes are effective on existing grants.

The following fields are not supported for updates:

  • All immutable fields
  • Entitlement name
  • Resource name
  • Resource type
  • Adding an approval workflow in an entitlement which previously had no approval workflow.
  • Deleting the approval workflow from an entitlement.
  • Adding or deleting a step in the approval workflow (only one step is supported)

Note that updates are allowed on the list of approvers in an approval workflow step.

Overloads
def update_entitlement(request, options = nil) -> ::Gapic::Operation
Pass arguments to update_entitlement via a request object, either of type UpdateEntitlementRequest or an equivalent Hash.
Parameters
  • request (::Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def update_entitlement(entitlement: nil, update_mask: nil) -> ::Gapic::Operation
Pass arguments to update_entitlement via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • entitlement (::Google::Cloud::PrivilegedAccessManager::V1::Entitlement, ::Hash) — Required. The entitlement resource that is updated.
  • update_mask (::Google::Protobuf::FieldMask, ::Hash) — Required. The list of fields to update. A field is overwritten if, and only if, it is in the mask. Any immutable fields set in the mask are ignored by the server. Repeated fields and map fields are only allowed in the last position of a paths string and overwrite the existing values. Hence an update to a repeated field or a map should contain the entire list of values. The fields specified in the update_mask are relative to the resource and not to the request. (e.g. MaxRequestDuration; not entitlement.MaxRequestDuration) A value of '*' for this field refers to full replacement of the resource.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
  • response (::Gapic::Operation)
  • operation (::GRPC::ActiveCall::Operation)
Returns
  • (::Gapic::Operation)
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/cloud/privileged_access_manager/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest.new

# Call the update_entitlement method.
result = client.update_entitlement request

# The returned object is of type Gapic::Operation. You can use it to
# check the status of an operation, cancel it, or wait for results.
# Here is how to wait for a response.
result.wait_until_done! timeout: 60
if result.response?
  p result.response
else
  puts "No response received."
end