Privileged Access Manager API C++ Client Library

An idiomatic C++ client library for the Privileged Access Manager API.

Privileged Access Manager (PAM) helps you on your journey towards least privilege and helps mitigate risks tied to privileged access misuse or abuse. PAM allows you to shift from always-on standing privileges towards on-demand access with just-in-time, time-bound, and approval-based access elevations. PAM allows IAM administrators to create entitlements that can grant just-in-time, temporary access to any resource scope. Requesters can explore eligible entitlements and request the access needed for their task. Approvers are notified when approvals await their decision. Streamlined workflows facilitated by using PAM can support various use cases, including emergency access for incident responders, time-boxed access for developers for critical deployment or maintenance, temporary access for operators for data ingestion and audits, JIT access to service accounts for automated tasks, and more.

While this library is GA, please note that the Google Cloud C++ client libraries do not follow Semantic Versioning.

Quickstart

The following shows the code that you'll run in the google/cloud/privilegedaccessmanager/quickstart/ directory, which should give you a taste of the Privileged Access Manager API C++ client library API.

#include "google/cloud/privilegedaccessmanager/v1/privileged_access_manager_client.h"
#include "google/cloud/location.h"
#include <iostream>

int main(int argc, char* argv[]) try {
  if (argc != 2) {
    std::cerr << "Usage: " << argv[0] << " project-id\n";
    return 1;
  }

  auto const location = google::cloud::Location(argv[1], "global");

  namespace pam = ::google::cloud::privilegedaccessmanager_v1;
  auto client = pam::PrivilegedAccessManagerClient(
      pam::MakePrivilegedAccessManagerConnection());

  for (auto r : client.ListEntitlements(location.FullName())) {
    if (!r) throw std::move(r).status();
    std::cout << r->DebugString() << "\n";
  }

  return 0;
} catch (google::cloud::Status const& status) {
  std::cerr << "google::cloud::Status thrown: " << status << "\n";
  return 1;
}

Main classes

The main class in this library is privilegedaccessmanager_v1::PrivilegedAccessManagerClient. All RPCs are exposed as member functions of this class. Other classes provide helpers, configuration parameters, and infrastructure to mock privilegedaccessmanager_v1::PrivilegedAccessManagerClient when testing your application.

More Information

• Error Handling - describes how the library reports errors.
• How to Override the Default Endpoint - describes how to override the default endpoint.
• How to Override the Authentication Credentials - describes how to change the authentication credentials used by the library.
• Override Retry, Backoff, and Idempotency Policies - describes how to change the default retry policies.
• Environment Variables - describes environment variables that can configure the behavior of the library.