Variables
Entitlement_State_name, Entitlement_State_value
var (
Entitlement_State_name = map[int32]string{
0: "STATE_UNSPECIFIED",
1: "CREATING",
2: "AVAILABLE",
3: "DELETING",
4: "DELETED",
5: "UPDATING",
}
Entitlement_State_value = map[string]int32{
"STATE_UNSPECIFIED": 0,
"CREATING": 1,
"AVAILABLE": 2,
"DELETING": 3,
"DELETED": 4,
"UPDATING": 5,
}
)
Enum value maps for Entitlement_State.
SearchEntitlementsRequest_CallerAccessType_name, SearchEntitlementsRequest_CallerAccessType_value
var (
SearchEntitlementsRequest_CallerAccessType_name = map[int32]string{
0: "CALLER_ACCESS_TYPE_UNSPECIFIED",
1: "GRANT_REQUESTER",
2: "GRANT_APPROVER",
}
SearchEntitlementsRequest_CallerAccessType_value = map[string]int32{
"CALLER_ACCESS_TYPE_UNSPECIFIED": 0,
"GRANT_REQUESTER": 1,
"GRANT_APPROVER": 2,
}
)
Enum value maps for SearchEntitlementsRequest_CallerAccessType.
Grant_State_name, Grant_State_value
var (
Grant_State_name = map[int32]string{
0: "STATE_UNSPECIFIED",
1: "APPROVAL_AWAITED",
3: "DENIED",
4: "SCHEDULED",
5: "ACTIVATING",
6: "ACTIVE",
7: "ACTIVATION_FAILED",
8: "EXPIRED",
9: "REVOKING",
10: "REVOKED",
11: "ENDED",
}
Grant_State_value = map[string]int32{
"STATE_UNSPECIFIED": 0,
"APPROVAL_AWAITED": 1,
"DENIED": 3,
"SCHEDULED": 4,
"ACTIVATING": 5,
"ACTIVE": 6,
"ACTIVATION_FAILED": 7,
"EXPIRED": 8,
"REVOKING": 9,
"REVOKED": 10,
"ENDED": 11,
}
)
Enum value maps for Grant_State.
SearchGrantsRequest_CallerRelationshipType_name, SearchGrantsRequest_CallerRelationshipType_value
var (
SearchGrantsRequest_CallerRelationshipType_name = map[int32]string{
0: "CALLER_RELATIONSHIP_TYPE_UNSPECIFIED",
1: "HAD_CREATED",
2: "CAN_APPROVE",
3: "HAD_APPROVED",
}
SearchGrantsRequest_CallerRelationshipType_value = map[string]int32{
"CALLER_RELATIONSHIP_TYPE_UNSPECIFIED": 0,
"HAD_CREATED": 1,
"CAN_APPROVE": 2,
"HAD_APPROVED": 3,
}
)
Enum value maps for SearchGrantsRequest_CallerRelationshipType.
File_google_cloud_privilegedaccessmanager_v1_privilegedaccessmanager_proto
var File_google_cloud_privilegedaccessmanager_v1_privilegedaccessmanager_proto protoreflect.FileDescriptor
Functions
func RegisterPrivilegedAccessManagerServer
func RegisterPrivilegedAccessManagerServer(s *grpc.Server, srv PrivilegedAccessManagerServer)
AccessControlEntry
type AccessControlEntry struct {
// Optional. Users who are allowed for the operation. Each entry should be a
// valid v1 IAM principal identifier. The format for these is documented at:
// https://cloud.google.com/iam/docs/principal-identifiers#v1
Principals []string `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"`
// contains filtered or unexported fields
}
AccessControlEntry
is used to control who can do some operation.
func (*AccessControlEntry) Descriptor
func (*AccessControlEntry) Descriptor() ([]byte, []int)
Deprecated: Use AccessControlEntry.ProtoReflect.Descriptor instead.
func (*AccessControlEntry) GetPrincipals
func (x *AccessControlEntry) GetPrincipals() []string
func (*AccessControlEntry) ProtoMessage
func (*AccessControlEntry) ProtoMessage()
func (*AccessControlEntry) ProtoReflect
func (x *AccessControlEntry) ProtoReflect() protoreflect.Message
func (*AccessControlEntry) Reset
func (x *AccessControlEntry) Reset()
func (*AccessControlEntry) String
func (x *AccessControlEntry) String() string
ApprovalWorkflow
type ApprovalWorkflow struct {
// Types that are assignable to ApprovalWorkflow:
//
// *ApprovalWorkflow_ManualApprovals
ApprovalWorkflow isApprovalWorkflow_ApprovalWorkflow `protobuf_oneof:"approval_workflow"`
// contains filtered or unexported fields
}
Different types of approval workflows that can be used to gate privileged access granting.
func (*ApprovalWorkflow) Descriptor
func (*ApprovalWorkflow) Descriptor() ([]byte, []int)
Deprecated: Use ApprovalWorkflow.ProtoReflect.Descriptor instead.
func (*ApprovalWorkflow) GetApprovalWorkflow
func (m *ApprovalWorkflow) GetApprovalWorkflow() isApprovalWorkflow_ApprovalWorkflow
func (*ApprovalWorkflow) GetManualApprovals
func (x *ApprovalWorkflow) GetManualApprovals() *ManualApprovals
func (*ApprovalWorkflow) ProtoMessage
func (*ApprovalWorkflow) ProtoMessage()
func (*ApprovalWorkflow) ProtoReflect
func (x *ApprovalWorkflow) ProtoReflect() protoreflect.Message
func (*ApprovalWorkflow) Reset
func (x *ApprovalWorkflow) Reset()
func (*ApprovalWorkflow) String
func (x *ApprovalWorkflow) String() string
ApprovalWorkflow_ManualApprovals
type ApprovalWorkflow_ManualApprovals struct {
// An approval workflow where users designated as approvers review and act
// on the grants.
ManualApprovals *ManualApprovals `protobuf:"bytes,1,opt,name=manual_approvals,json=manualApprovals,proto3,oneof"`
}
ApproveGrantRequest
type ApproveGrantRequest struct {
// Required. Name of the grant resource which is being approved.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The reason for approving this grant. This is required if the
// `require_approver_justification` field of the `ManualApprovals` workflow
// used in this grant is true.
Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"`
// contains filtered or unexported fields
}
Request message for ApproveGrant
method.
func (*ApproveGrantRequest) Descriptor
func (*ApproveGrantRequest) Descriptor() ([]byte, []int)
Deprecated: Use ApproveGrantRequest.ProtoReflect.Descriptor instead.
func (*ApproveGrantRequest) GetName
func (x *ApproveGrantRequest) GetName() string
func (*ApproveGrantRequest) GetReason
func (x *ApproveGrantRequest) GetReason() string
func (*ApproveGrantRequest) ProtoMessage
func (*ApproveGrantRequest) ProtoMessage()
func (*ApproveGrantRequest) ProtoReflect
func (x *ApproveGrantRequest) ProtoReflect() protoreflect.Message
func (*ApproveGrantRequest) Reset
func (x *ApproveGrantRequest) Reset()
func (*ApproveGrantRequest) String
func (x *ApproveGrantRequest) String() string
CheckOnboardingStatusRequest
type CheckOnboardingStatusRequest struct {
// Required. The resource for which the onboarding status should be checked.
// Should be in one of the following formats:
//
// * `projects/{project-number|project-id}/locations/{region}`
// * `folders/{folder-number}/locations/{region}`
// * `organizations/{organization-number}/locations/{region}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// contains filtered or unexported fields
}
Request message for CheckOnboardingStatus
method.
func (*CheckOnboardingStatusRequest) Descriptor
func (*CheckOnboardingStatusRequest) Descriptor() ([]byte, []int)
Deprecated: Use CheckOnboardingStatusRequest.ProtoReflect.Descriptor instead.
func (*CheckOnboardingStatusRequest) GetParent
func (x *CheckOnboardingStatusRequest) GetParent() string
func (*CheckOnboardingStatusRequest) ProtoMessage
func (*CheckOnboardingStatusRequest) ProtoMessage()
func (*CheckOnboardingStatusRequest) ProtoReflect
func (x *CheckOnboardingStatusRequest) ProtoReflect() protoreflect.Message
func (*CheckOnboardingStatusRequest) Reset
func (x *CheckOnboardingStatusRequest) Reset()
func (*CheckOnboardingStatusRequest) String
func (x *CheckOnboardingStatusRequest) String() string
CheckOnboardingStatusResponse
type CheckOnboardingStatusResponse struct {
// The service account that PAM uses to act on this resource.
ServiceAccount string `protobuf:"bytes,1,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
// List of issues that are preventing PAM from functioning for this resource
// and need to be fixed to complete onboarding. Some issues might not be
// detected or reported.
Findings []*CheckOnboardingStatusResponse_Finding `protobuf:"bytes,2,rep,name=findings,proto3" json:"findings,omitempty"`
// contains filtered or unexported fields
}
Response message for CheckOnboardingStatus
method.
func (*CheckOnboardingStatusResponse) Descriptor
func (*CheckOnboardingStatusResponse) Descriptor() ([]byte, []int)
Deprecated: Use CheckOnboardingStatusResponse.ProtoReflect.Descriptor instead.
func (*CheckOnboardingStatusResponse) GetFindings
func (x *CheckOnboardingStatusResponse) GetFindings() []*CheckOnboardingStatusResponse_Finding
func (*CheckOnboardingStatusResponse) GetServiceAccount
func (x *CheckOnboardingStatusResponse) GetServiceAccount() string
func (*CheckOnboardingStatusResponse) ProtoMessage
func (*CheckOnboardingStatusResponse) ProtoMessage()
func (*CheckOnboardingStatusResponse) ProtoReflect
func (x *CheckOnboardingStatusResponse) ProtoReflect() protoreflect.Message
func (*CheckOnboardingStatusResponse) Reset
func (x *CheckOnboardingStatusResponse) Reset()
func (*CheckOnboardingStatusResponse) String
func (x *CheckOnboardingStatusResponse) String() string
CheckOnboardingStatusResponse_Finding
type CheckOnboardingStatusResponse_Finding struct {
// Types that are assignable to FindingType:
//
// *CheckOnboardingStatusResponse_Finding_IamAccessDenied
FindingType isCheckOnboardingStatusResponse_Finding_FindingType `protobuf_oneof:"finding_type"`
// contains filtered or unexported fields
}
Finding represents an issue which prevents PAM from functioning properly for this resource.
func (*CheckOnboardingStatusResponse_Finding) Descriptor
func (*CheckOnboardingStatusResponse_Finding) Descriptor() ([]byte, []int)
Deprecated: Use CheckOnboardingStatusResponse_Finding.ProtoReflect.Descriptor instead.
func (*CheckOnboardingStatusResponse_Finding) GetFindingType
func (m *CheckOnboardingStatusResponse_Finding) GetFindingType() isCheckOnboardingStatusResponse_Finding_FindingType
func (*CheckOnboardingStatusResponse_Finding) GetIamAccessDenied
func (x *CheckOnboardingStatusResponse_Finding) GetIamAccessDenied() *CheckOnboardingStatusResponse_Finding_IAMAccessDenied
func (*CheckOnboardingStatusResponse_Finding) ProtoMessage
func (*CheckOnboardingStatusResponse_Finding) ProtoMessage()
func (*CheckOnboardingStatusResponse_Finding) ProtoReflect
func (x *CheckOnboardingStatusResponse_Finding) ProtoReflect() protoreflect.Message
func (*CheckOnboardingStatusResponse_Finding) Reset
func (x *CheckOnboardingStatusResponse_Finding) Reset()
func (*CheckOnboardingStatusResponse_Finding) String
func (x *CheckOnboardingStatusResponse_Finding) String() string
CheckOnboardingStatusResponse_Finding_IAMAccessDenied
type CheckOnboardingStatusResponse_Finding_IAMAccessDenied struct {
// List of permissions that are being denied.
MissingPermissions []string `protobuf:"bytes,1,rep,name=missing_permissions,json=missingPermissions,proto3" json:"missing_permissions,omitempty"`
// contains filtered or unexported fields
}
PAM's service account is being denied access by Cloud IAM. This can be fixed by granting a role that contains the missing permissions to the service account or exempting it from deny policies if they are blocking the access.
func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) Descriptor
func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) Descriptor() ([]byte, []int)
Deprecated: Use CheckOnboardingStatusResponse_Finding_IAMAccessDenied.ProtoReflect.Descriptor instead.
func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) GetMissingPermissions
func (x *CheckOnboardingStatusResponse_Finding_IAMAccessDenied) GetMissingPermissions() []string
func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) ProtoMessage
func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) ProtoMessage()
func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) ProtoReflect
func (x *CheckOnboardingStatusResponse_Finding_IAMAccessDenied) ProtoReflect() protoreflect.Message
func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) Reset
func (x *CheckOnboardingStatusResponse_Finding_IAMAccessDenied) Reset()
func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) String
func (x *CheckOnboardingStatusResponse_Finding_IAMAccessDenied) String() string
CheckOnboardingStatusResponse_Finding_IamAccessDenied
type CheckOnboardingStatusResponse_Finding_IamAccessDenied struct {
// PAM's service account is being denied access by Cloud IAM.
IamAccessDenied *CheckOnboardingStatusResponse_Finding_IAMAccessDenied `protobuf:"bytes,1,opt,name=iam_access_denied,json=iamAccessDenied,proto3,oneof"`
}
CreateEntitlementRequest
type CreateEntitlementRequest struct {
// Required. Name of the parent resource for the entitlement.
// Possible formats:
//
// * `organizations/{organization-number}/locations/{region}`
// * `folders/{folder-number}/locations/{region}`
// * `projects/{project-id|project-number}/locations/{region}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The ID to use for this entitlement. This becomes the last part of
// the resource name.
//
// This value should be 4-63 characters in length, and valid characters are
// "[a-z]", "[0-9]", and "-". The first character should be from [a-z].
//
// This value should be unique among all other entitlements under the
// specified `parent`.
EntitlementId string `protobuf:"bytes,2,opt,name=entitlement_id,json=entitlementId,proto3" json:"entitlement_id,omitempty"`
// Required. The resource being created
Entitlement *Entitlement `protobuf:"bytes,3,opt,name=entitlement,proto3" json:"entitlement,omitempty"`
// Optional. An optional request ID to identify requests. Specify a unique
// request ID so that if you must retry your request, the server knows to
// ignore the request if it has already been completed. The server guarantees
// this for at least 60 minutes after the first request.
//
// For example, consider a situation where you make an initial request and the
// request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, ignores the second request and returns the
// previous operation's response. This prevents clients from accidentally
// creating duplicate entitlements.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}
Message for creating an entitlement.
func (*CreateEntitlementRequest) Descriptor
func (*CreateEntitlementRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateEntitlementRequest.ProtoReflect.Descriptor instead.
func (*CreateEntitlementRequest) GetEntitlement
func (x *CreateEntitlementRequest) GetEntitlement() *Entitlement
func (*CreateEntitlementRequest) GetEntitlementId
func (x *CreateEntitlementRequest) GetEntitlementId() string
func (*CreateEntitlementRequest) GetParent
func (x *CreateEntitlementRequest) GetParent() string
func (*CreateEntitlementRequest) GetRequestId
func (x *CreateEntitlementRequest) GetRequestId() string
func (*CreateEntitlementRequest) ProtoMessage
func (*CreateEntitlementRequest) ProtoMessage()
func (*CreateEntitlementRequest) ProtoReflect
func (x *CreateEntitlementRequest) ProtoReflect() protoreflect.Message
func (*CreateEntitlementRequest) Reset
func (x *CreateEntitlementRequest) Reset()
func (*CreateEntitlementRequest) String
func (x *CreateEntitlementRequest) String() string
CreateGrantRequest
type CreateGrantRequest struct {
// Required. Name of the parent entitlement for which this grant is being
// requested.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The resource being created.
Grant *Grant `protobuf:"bytes,2,opt,name=grant,proto3" json:"grant,omitempty"`
// Optional. An optional request ID to identify requests. Specify a unique
// request ID so that if you must retry your request, the server knows to
// ignore the request if it has already been completed. The server guarantees
// this for at least 60 minutes after the first request.
//
// For example, consider a situation where you make an initial request and the
// request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, ignores the second request. This prevents
// clients from accidentally creating duplicate grants.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// contains filtered or unexported fields
}
Message for creating a grant
func (*CreateGrantRequest) Descriptor
func (*CreateGrantRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateGrantRequest.ProtoReflect.Descriptor instead.
func (*CreateGrantRequest) GetGrant
func (x *CreateGrantRequest) GetGrant() *Grant
func (*CreateGrantRequest) GetParent
func (x *CreateGrantRequest) GetParent() string
func (*CreateGrantRequest) GetRequestId
func (x *CreateGrantRequest) GetRequestId() string
func (*CreateGrantRequest) ProtoMessage
func (*CreateGrantRequest) ProtoMessage()
func (*CreateGrantRequest) ProtoReflect
func (x *CreateGrantRequest) ProtoReflect() protoreflect.Message
func (*CreateGrantRequest) Reset
func (x *CreateGrantRequest) Reset()
func (*CreateGrantRequest) String
func (x *CreateGrantRequest) String() string
DeleteEntitlementRequest
type DeleteEntitlementRequest struct {
// Required. Name of the resource.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. An optional request ID to identify requests. Specify a unique
// request ID so that if you must retry your request, the server knows to
// ignore the request if it has already been completed. The server guarantees
// this for at least 60 minutes after the first request.
//
// For example, consider a situation where you make an initial request and the
// request times out. If you make the request again with the same request
// ID, the server can check if original operation with the same request ID
// was received, and if so, ignores the second request.
//
// The request ID must be a valid UUID with the exception that zero UUID is
// not supported (00000000-0000-0000-0000-000000000000).
RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// Optional. If set to true, any child grant under this entitlement is also
// deleted. (Otherwise, the request only works if the entitlement has no child
// grant.)
Force bool `protobuf:"varint,3,opt,name=force,proto3" json:"force,omitempty"`
// contains filtered or unexported fields
}
Message for deleting an entitlement.
func (*DeleteEntitlementRequest) Descriptor
func (*DeleteEntitlementRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeleteEntitlementRequest.ProtoReflect.Descriptor instead.
func (*DeleteEntitlementRequest) GetForce
func (x *DeleteEntitlementRequest) GetForce() bool
func (*DeleteEntitlementRequest) GetName
func (x *DeleteEntitlementRequest) GetName() string
func (*DeleteEntitlementRequest) GetRequestId
func (x *DeleteEntitlementRequest) GetRequestId() string
func (*DeleteEntitlementRequest) ProtoMessage
func (*DeleteEntitlementRequest) ProtoMessage()
func (*DeleteEntitlementRequest) ProtoReflect
func (x *DeleteEntitlementRequest) ProtoReflect() protoreflect.Message
func (*DeleteEntitlementRequest) Reset
func (x *DeleteEntitlementRequest) Reset()
func (*DeleteEntitlementRequest) String
func (x *DeleteEntitlementRequest) String() string
DenyGrantRequest
type DenyGrantRequest struct {
// Required. Name of the grant resource which is being denied.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The reason for denying this grant. This is required if
// `require_approver_justification` field of the `ManualApprovals` workflow
// used in this grant is true.
Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"`
// contains filtered or unexported fields
}
Request message for DenyGrant
method.
func (*DenyGrantRequest) Descriptor
func (*DenyGrantRequest) Descriptor() ([]byte, []int)
Deprecated: Use DenyGrantRequest.ProtoReflect.Descriptor instead.
func (*DenyGrantRequest) GetName
func (x *DenyGrantRequest) GetName() string
func (*DenyGrantRequest) GetReason
func (x *DenyGrantRequest) GetReason() string
func (*DenyGrantRequest) ProtoMessage
func (*DenyGrantRequest) ProtoMessage()
func (*DenyGrantRequest) ProtoReflect
func (x *DenyGrantRequest) ProtoReflect() protoreflect.Message
func (*DenyGrantRequest) Reset
func (x *DenyGrantRequest) Reset()
func (*DenyGrantRequest) String
func (x *DenyGrantRequest) String() string
Entitlement
type Entitlement struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
EligibleUsers []*AccessControlEntry `protobuf:"bytes,5,rep,name=eligible_users,json=eligibleUsers,proto3" json:"eligible_users,omitempty"`
ApprovalWorkflow *ApprovalWorkflow `protobuf:"bytes,6,opt,name=approval_workflow,json=approvalWorkflow,proto3" json:"approval_workflow,omitempty"`
PrivilegedAccess *PrivilegedAccess `protobuf:"bytes,7,opt,name=privileged_access,json=privilegedAccess,proto3" json:"privileged_access,omitempty"`
MaxRequestDuration *durationpb.Duration `protobuf:"bytes,8,opt,name=max_request_duration,json=maxRequestDuration,proto3" json:"max_request_duration,omitempty"`
State Entitlement_State "" /* 127 byte string literal not displayed */
RequesterJustificationConfig *Entitlement_RequesterJustificationConfig "" /* 148 byte string literal not displayed */
AdditionalNotificationTargets *Entitlement_AdditionalNotificationTargets "" /* 151 byte string literal not displayed */
Etag string `protobuf:"bytes,12,opt,name=etag,proto3" json:"etag,omitempty"`
}
An entitlement defines the eligibility of a set of users to obtain predefined access for some time possibly after going through an approval workflow.
func (*Entitlement) Descriptor
func (*Entitlement) Descriptor() ([]byte, []int)
Deprecated: Use Entitlement.ProtoReflect.Descriptor instead.
func (*Entitlement) GetAdditionalNotificationTargets
func (x *Entitlement) GetAdditionalNotificationTargets() *Entitlement_AdditionalNotificationTargets
func (*Entitlement) GetApprovalWorkflow
func (x *Entitlement) GetApprovalWorkflow() *ApprovalWorkflow
func (*Entitlement) GetCreateTime
func (x *Entitlement) GetCreateTime() *timestamppb.Timestamp
func (*Entitlement) GetEligibleUsers
func (x *Entitlement) GetEligibleUsers() []*AccessControlEntry
func (*Entitlement) GetEtag
func (x *Entitlement) GetEtag() string
func (*Entitlement) GetMaxRequestDuration
func (x *Entitlement) GetMaxRequestDuration() *durationpb.Duration
func (*Entitlement) GetName
func (x *Entitlement) GetName() string
func (*Entitlement) GetPrivilegedAccess
func (x *Entitlement) GetPrivilegedAccess() *PrivilegedAccess
func (*Entitlement) GetRequesterJustificationConfig
func (x *Entitlement) GetRequesterJustificationConfig() *Entitlement_RequesterJustificationConfig
func (*Entitlement) GetState
func (x *Entitlement) GetState() Entitlement_State
func (*Entitlement) GetUpdateTime
func (x *Entitlement) GetUpdateTime() *timestamppb.Timestamp
func (*Entitlement) ProtoMessage
func (*Entitlement) ProtoMessage()
func (*Entitlement) ProtoReflect
func (x *Entitlement) ProtoReflect() protoreflect.Message
func (*Entitlement) Reset
func (x *Entitlement) Reset()
func (*Entitlement) String
func (x *Entitlement) String() string
Entitlement_AdditionalNotificationTargets
type Entitlement_AdditionalNotificationTargets struct {
AdminEmailRecipients []string `protobuf:"bytes,1,rep,name=admin_email_recipients,json=adminEmailRecipients,proto3" json:"admin_email_recipients,omitempty"`
RequesterEmailRecipients []string "" /* 135 byte string literal not displayed */
}
AdditionalNotificationTargets
includes email addresses to be notified.
func (*Entitlement_AdditionalNotificationTargets) Descriptor
func (*Entitlement_AdditionalNotificationTargets) Descriptor() ([]byte, []int)
Deprecated: Use Entitlement_AdditionalNotificationTargets.ProtoReflect.Descriptor instead.
func (*Entitlement_AdditionalNotificationTargets) GetAdminEmailRecipients
func (x *Entitlement_AdditionalNotificationTargets) GetAdminEmailRecipients() []string
func (*Entitlement_AdditionalNotificationTargets) GetRequesterEmailRecipients
func (x *Entitlement_AdditionalNotificationTargets) GetRequesterEmailRecipients() []string
func (*Entitlement_AdditionalNotificationTargets) ProtoMessage
func (*Entitlement_AdditionalNotificationTargets) ProtoMessage()
func (*Entitlement_AdditionalNotificationTargets) ProtoReflect
func (x *Entitlement_AdditionalNotificationTargets) ProtoReflect() protoreflect.Message
func (*Entitlement_AdditionalNotificationTargets) Reset
func (x *Entitlement_AdditionalNotificationTargets) Reset()
func (*Entitlement_AdditionalNotificationTargets) String
func (x *Entitlement_AdditionalNotificationTargets) String() string
Entitlement_RequesterJustificationConfig
type Entitlement_RequesterJustificationConfig struct {
// This is a required field and the user must explicitly opt out if a
// justification from the requester isn't mandatory.
//
// Types that are assignable to JustificationType:
//
// *Entitlement_RequesterJustificationConfig_NotMandatory_
// *Entitlement_RequesterJustificationConfig_Unstructured_
JustificationType isEntitlement_RequesterJustificationConfig_JustificationType `protobuf_oneof:"justification_type"`
// contains filtered or unexported fields
}
Defines how a requester must provide a justification when requesting access.
func (*Entitlement_RequesterJustificationConfig) Descriptor
func (*Entitlement_RequesterJustificationConfig) Descriptor() ([]byte, []int)
Deprecated: Use Entitlement_RequesterJustificationConfig.ProtoReflect.Descriptor instead.
func (*Entitlement_RequesterJustificationConfig) GetJustificationType
func (m *Entitlement_RequesterJustificationConfig) GetJustificationType() isEntitlement_RequesterJustificationConfig_JustificationType
func (*Entitlement_RequesterJustificationConfig) GetNotMandatory
func (x *Entitlement_RequesterJustificationConfig) GetNotMandatory() *Entitlement_RequesterJustificationConfig_NotMandatory
func (*Entitlement_RequesterJustificationConfig) GetUnstructured
func (x *Entitlement_RequesterJustificationConfig) GetUnstructured() *Entitlement_RequesterJustificationConfig_Unstructured
func (*Entitlement_RequesterJustificationConfig) ProtoMessage
func (*Entitlement_RequesterJustificationConfig) ProtoMessage()
func (*Entitlement_RequesterJustificationConfig) ProtoReflect
func (x *Entitlement_RequesterJustificationConfig) ProtoReflect() protoreflect.Message
func (*Entitlement_RequesterJustificationConfig) Reset
func (x *Entitlement_RequesterJustificationConfig) Reset()
func (*Entitlement_RequesterJustificationConfig) String
func (x *Entitlement_RequesterJustificationConfig) String() string
Entitlement_RequesterJustificationConfig_NotMandatory
type Entitlement_RequesterJustificationConfig_NotMandatory struct {
// contains filtered or unexported fields
}
The justification is not mandatory but can be provided in any of the supported formats.
func (*Entitlement_RequesterJustificationConfig_NotMandatory) Descriptor
func (*Entitlement_RequesterJustificationConfig_NotMandatory) Descriptor() ([]byte, []int)
Deprecated: Use Entitlement_RequesterJustificationConfig_NotMandatory.ProtoReflect.Descriptor instead.
func (*Entitlement_RequesterJustificationConfig_NotMandatory) ProtoMessage
func (*Entitlement_RequesterJustificationConfig_NotMandatory) ProtoMessage()
func (*Entitlement_RequesterJustificationConfig_NotMandatory) ProtoReflect
func (x *Entitlement_RequesterJustificationConfig_NotMandatory) ProtoReflect() protoreflect.Message
func (*Entitlement_RequesterJustificationConfig_NotMandatory) Reset
func (x *Entitlement_RequesterJustificationConfig_NotMandatory) Reset()
func (*Entitlement_RequesterJustificationConfig_NotMandatory) String
func (x *Entitlement_RequesterJustificationConfig_NotMandatory) String() string
Entitlement_RequesterJustificationConfig_NotMandatory_
type Entitlement_RequesterJustificationConfig_NotMandatory_ struct {
// This option means the requester isn't required to provide a
// justification.
NotMandatory *Entitlement_RequesterJustificationConfig_NotMandatory `protobuf:"bytes,1,opt,name=not_mandatory,json=notMandatory,proto3,oneof"`
}
Entitlement_RequesterJustificationConfig_Unstructured
type Entitlement_RequesterJustificationConfig_Unstructured struct {
// contains filtered or unexported fields
}
The requester has to provide a justification in the form of a string.
func (*Entitlement_RequesterJustificationConfig_Unstructured) Descriptor
func (*Entitlement_RequesterJustificationConfig_Unstructured) Descriptor() ([]byte, []int)
Deprecated: Use Entitlement_RequesterJustificationConfig_Unstructured.ProtoReflect.Descriptor instead.
func (*Entitlement_RequesterJustificationConfig_Unstructured) ProtoMessage
func (*Entitlement_RequesterJustificationConfig_Unstructured) ProtoMessage()
func (*Entitlement_RequesterJustificationConfig_Unstructured) ProtoReflect
func (x *Entitlement_RequesterJustificationConfig_Unstructured) ProtoReflect() protoreflect.Message
func (*Entitlement_RequesterJustificationConfig_Unstructured) Reset
func (x *Entitlement_RequesterJustificationConfig_Unstructured) Reset()
func (*Entitlement_RequesterJustificationConfig_Unstructured) String
func (x *Entitlement_RequesterJustificationConfig_Unstructured) String() string
Entitlement_RequesterJustificationConfig_Unstructured_
type Entitlement_RequesterJustificationConfig_Unstructured_ struct {
// This option means the requester must provide a string as
// justification. If this is selected, the server allows the requester
// to provide a justification but doesn't validate it.
Unstructured *Entitlement_RequesterJustificationConfig_Unstructured `protobuf:"bytes,2,opt,name=unstructured,proto3,oneof"`
}
Entitlement_State
type Entitlement_State int32
Different states an entitlement can be in.
Entitlement_STATE_UNSPECIFIED, Entitlement_CREATING, Entitlement_AVAILABLE, Entitlement_DELETING, Entitlement_DELETED, Entitlement_UPDATING
const (
// Unspecified state. This value is never returned by the server.
Entitlement_STATE_UNSPECIFIED Entitlement_State = 0
// The entitlement is being created.
Entitlement_CREATING Entitlement_State = 1
// The entitlement is available for requesting access.
Entitlement_AVAILABLE Entitlement_State = 2
// The entitlement is being deleted.
Entitlement_DELETING Entitlement_State = 3
// The entitlement has been deleted.
Entitlement_DELETED Entitlement_State = 4
// The entitlement is being updated.
Entitlement_UPDATING Entitlement_State = 5
)
func (Entitlement_State) Descriptor
func (Entitlement_State) Descriptor() protoreflect.EnumDescriptor
func (Entitlement_State) Enum
func (x Entitlement_State) Enum() *Entitlement_State
func (Entitlement_State) EnumDescriptor
func (Entitlement_State) EnumDescriptor() ([]byte, []int)
Deprecated: Use Entitlement_State.Descriptor instead.
func (Entitlement_State) Number
func (x Entitlement_State) Number() protoreflect.EnumNumber
func (Entitlement_State) String
func (x Entitlement_State) String() string
func (Entitlement_State) Type
func (Entitlement_State) Type() protoreflect.EnumType
GetEntitlementRequest
type GetEntitlementRequest struct {
// Required. Name of the resource.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Message for getting an entitlement.
func (*GetEntitlementRequest) Descriptor
func (*GetEntitlementRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetEntitlementRequest.ProtoReflect.Descriptor instead.
func (*GetEntitlementRequest) GetName
func (x *GetEntitlementRequest) GetName() string
func (*GetEntitlementRequest) ProtoMessage
func (*GetEntitlementRequest) ProtoMessage()
func (*GetEntitlementRequest) ProtoReflect
func (x *GetEntitlementRequest) ProtoReflect() protoreflect.Message
func (*GetEntitlementRequest) Reset
func (x *GetEntitlementRequest) Reset()
func (*GetEntitlementRequest) String
func (x *GetEntitlementRequest) String() string
GetGrantRequest
type GetGrantRequest struct {
// Required. Name of the resource.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Message for getting a grant.
func (*GetGrantRequest) Descriptor
func (*GetGrantRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetGrantRequest.ProtoReflect.Descriptor instead.
func (*GetGrantRequest) GetName
func (x *GetGrantRequest) GetName() string
func (*GetGrantRequest) ProtoMessage
func (*GetGrantRequest) ProtoMessage()
func (*GetGrantRequest) ProtoReflect
func (x *GetGrantRequest) ProtoReflect() protoreflect.Message
func (*GetGrantRequest) Reset
func (x *GetGrantRequest) Reset()
func (*GetGrantRequest) String
func (x *GetGrantRequest) String() string
Grant
type Grant struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
Requester string `protobuf:"bytes,4,opt,name=requester,proto3" json:"requester,omitempty"`
RequestedDuration *durationpb.Duration `protobuf:"bytes,5,opt,name=requested_duration,json=requestedDuration,proto3" json:"requested_duration,omitempty"`
Justification *Justification `protobuf:"bytes,6,opt,name=justification,proto3" json:"justification,omitempty"`
State Grant_State `protobuf:"varint,7,opt,name=state,proto3,enum=google.cloud.privilegedaccessmanager.v1.Grant_State" json:"state,omitempty"`
Timeline *Grant_Timeline `protobuf:"bytes,8,opt,name=timeline,proto3" json:"timeline,omitempty"`
PrivilegedAccess *PrivilegedAccess `protobuf:"bytes,9,opt,name=privileged_access,json=privilegedAccess,proto3" json:"privileged_access,omitempty"`
AuditTrail *Grant_AuditTrail `protobuf:"bytes,10,opt,name=audit_trail,json=auditTrail,proto3" json:"audit_trail,omitempty"`
AdditionalEmailRecipients []string "" /* 139 byte string literal not displayed */
ExternallyModified bool `protobuf:"varint,12,opt,name=externally_modified,json=externallyModified,proto3" json:"externally_modified,omitempty"`
}
A grant represents a request from a user for obtaining the access specified in an entitlement they are eligible for.
func (*Grant) Descriptor
Deprecated: Use Grant.ProtoReflect.Descriptor instead.
func (*Grant) GetAdditionalEmailRecipients
func (*Grant) GetAuditTrail
func (x *Grant) GetAuditTrail() *Grant_AuditTrail
func (*Grant) GetCreateTime
func (x *Grant) GetCreateTime() *timestamppb.Timestamp
func (*Grant) GetExternallyModified
func (*Grant) GetJustification
func (x *Grant) GetJustification() *Justification
func (*Grant) GetName
func (*Grant) GetPrivilegedAccess
func (x *Grant) GetPrivilegedAccess() *PrivilegedAccess
func (*Grant) GetRequestedDuration
func (x *Grant) GetRequestedDuration() *durationpb.Duration
func (*Grant) GetRequester
func (*Grant) GetState
func (x *Grant) GetState() Grant_State
func (*Grant) GetTimeline
func (x *Grant) GetTimeline() *Grant_Timeline
func (*Grant) GetUpdateTime
func (x *Grant) GetUpdateTime() *timestamppb.Timestamp
func (*Grant) ProtoMessage
func (*Grant) ProtoMessage()
func (*Grant) ProtoReflect
func (x *Grant) ProtoReflect() protoreflect.Message
func (*Grant) Reset
func (x *Grant) Reset()
func (*Grant) String
Grant_AuditTrail
type Grant_AuditTrail struct {
// Output only. The time at which access was given.
AccessGrantTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=access_grant_time,json=accessGrantTime,proto3" json:"access_grant_time,omitempty"`
// Output only. The time at which the system removed access. This could be
// because of an automatic expiry or because of a revocation.
//
// If unspecified, then access hasn't been removed yet.
AccessRemoveTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=access_remove_time,json=accessRemoveTime,proto3" json:"access_remove_time,omitempty"`
// contains filtered or unexported fields
}
Audit trail for the access provided by this grant.
func (*Grant_AuditTrail) Descriptor
func (*Grant_AuditTrail) Descriptor() ([]byte, []int)
Deprecated: Use Grant_AuditTrail.ProtoReflect.Descriptor instead.
func (*Grant_AuditTrail) GetAccessGrantTime
func (x *Grant_AuditTrail) GetAccessGrantTime() *timestamppb.Timestamp
func (*Grant_AuditTrail) GetAccessRemoveTime
func (x *Grant_AuditTrail) GetAccessRemoveTime() *timestamppb.Timestamp
func (*Grant_AuditTrail) ProtoMessage
func (*Grant_AuditTrail) ProtoMessage()
func (*Grant_AuditTrail) ProtoReflect
func (x *Grant_AuditTrail) ProtoReflect() protoreflect.Message
func (*Grant_AuditTrail) Reset
func (x *Grant_AuditTrail) Reset()
func (*Grant_AuditTrail) String
func (x *Grant_AuditTrail) String() string
Grant_State
type Grant_State int32
Different states a grant can be in.
Grant_STATE_UNSPECIFIED, Grant_APPROVAL_AWAITED, Grant_DENIED, Grant_SCHEDULED, Grant_ACTIVATING, Grant_ACTIVE, Grant_ACTIVATION_FAILED, Grant_EXPIRED, Grant_REVOKING, Grant_REVOKED, Grant_ENDED
const (
// Unspecified state. This value is never returned by the server.
Grant_STATE_UNSPECIFIED Grant_State = 0
// The entitlement had an approval workflow configured and this grant is
// waiting for the workflow to complete.
Grant_APPROVAL_AWAITED Grant_State = 1
// The approval workflow completed with a denied result. No access is
// granted for this grant. This is a terminal state.
Grant_DENIED Grant_State = 3
// The approval workflow completed successfully with an approved result or
// none was configured. Access is provided at an appropriate time.
Grant_SCHEDULED Grant_State = 4
// Access is being given.
Grant_ACTIVATING Grant_State = 5
// Access was successfully given and is currently active.
Grant_ACTIVE Grant_State = 6
// The system could not give access due to a non-retriable error. This is a
// terminal state.
Grant_ACTIVATION_FAILED Grant_State = 7
// Expired after waiting for the approval workflow to complete. This is a
// terminal state.
Grant_EXPIRED Grant_State = 8
// Access is being revoked.
Grant_REVOKING Grant_State = 9
// Access was revoked by a user. This is a terminal state.
Grant_REVOKED Grant_State = 10
// System took back access as the requested duration was over. This is a
// terminal state.
Grant_ENDED Grant_State = 11
)
func (Grant_State) Descriptor
func (Grant_State) Descriptor() protoreflect.EnumDescriptor
func (Grant_State) Enum
func (x Grant_State) Enum() *Grant_State
func (Grant_State) EnumDescriptor
func (Grant_State) EnumDescriptor() ([]byte, []int)
Deprecated: Use Grant_State.Descriptor instead.
func (Grant_State) Number
func (x Grant_State) Number() protoreflect.EnumNumber
func (Grant_State) String
func (x Grant_State) String() string
func (Grant_State) Type
func (Grant_State) Type() protoreflect.EnumType
Grant_Timeline
type Grant_Timeline struct {
// Output only. The events that have occurred on this grant. This list
// contains entries in the same order as they occurred. The first entry is
// always be of type `Requested` and there is always at least one entry in
// this array.
Events []*Grant_Timeline_Event `protobuf:"bytes,1,rep,name=events,proto3" json:"events,omitempty"`
// contains filtered or unexported fields
}
Timeline of a grant describing what happened to it and when.
func (*Grant_Timeline) Descriptor
func (*Grant_Timeline) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline.ProtoReflect.Descriptor instead.
func (*Grant_Timeline) GetEvents
func (x *Grant_Timeline) GetEvents() []*Grant_Timeline_Event
func (*Grant_Timeline) ProtoMessage
func (*Grant_Timeline) ProtoMessage()
func (*Grant_Timeline) ProtoReflect
func (x *Grant_Timeline) ProtoReflect() protoreflect.Message
func (*Grant_Timeline) Reset
func (x *Grant_Timeline) Reset()
func (*Grant_Timeline) String
func (x *Grant_Timeline) String() string
Grant_Timeline_Event
type Grant_Timeline_Event struct {
// Types that are assignable to Event:
//
// *Grant_Timeline_Event_Requested_
// *Grant_Timeline_Event_Approved_
// *Grant_Timeline_Event_Denied_
// *Grant_Timeline_Event_Revoked_
// *Grant_Timeline_Event_Scheduled_
// *Grant_Timeline_Event_Activated_
// *Grant_Timeline_Event_ActivationFailed_
// *Grant_Timeline_Event_Expired_
// *Grant_Timeline_Event_Ended_
// *Grant_Timeline_Event_ExternallyModified_
Event isGrant_Timeline_Event_Event `protobuf_oneof:"event"`
// Output only. The time (as recorded at server) when this event occurred.
EventTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=event_time,json=eventTime,proto3" json:"event_time,omitempty"`
// contains filtered or unexported fields
}
A single operation on the grant.
func (*Grant_Timeline_Event) Descriptor
func (*Grant_Timeline_Event) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event) GetActivated
func (x *Grant_Timeline_Event) GetActivated() *Grant_Timeline_Event_Activated
func (*Grant_Timeline_Event) GetActivationFailed
func (x *Grant_Timeline_Event) GetActivationFailed() *Grant_Timeline_Event_ActivationFailed
func (*Grant_Timeline_Event) GetApproved
func (x *Grant_Timeline_Event) GetApproved() *Grant_Timeline_Event_Approved
func (*Grant_Timeline_Event) GetDenied
func (x *Grant_Timeline_Event) GetDenied() *Grant_Timeline_Event_Denied
func (*Grant_Timeline_Event) GetEnded
func (x *Grant_Timeline_Event) GetEnded() *Grant_Timeline_Event_Ended
func (*Grant_Timeline_Event) GetEvent
func (m *Grant_Timeline_Event) GetEvent() isGrant_Timeline_Event_Event
func (*Grant_Timeline_Event) GetEventTime
func (x *Grant_Timeline_Event) GetEventTime() *timestamppb.Timestamp
func (*Grant_Timeline_Event) GetExpired
func (x *Grant_Timeline_Event) GetExpired() *Grant_Timeline_Event_Expired
func (*Grant_Timeline_Event) GetExternallyModified
func (x *Grant_Timeline_Event) GetExternallyModified() *Grant_Timeline_Event_ExternallyModified
func (*Grant_Timeline_Event) GetRequested
func (x *Grant_Timeline_Event) GetRequested() *Grant_Timeline_Event_Requested
func (*Grant_Timeline_Event) GetRevoked
func (x *Grant_Timeline_Event) GetRevoked() *Grant_Timeline_Event_Revoked
func (*Grant_Timeline_Event) GetScheduled
func (x *Grant_Timeline_Event) GetScheduled() *Grant_Timeline_Event_Scheduled
func (*Grant_Timeline_Event) ProtoMessage
func (*Grant_Timeline_Event) ProtoMessage()
func (*Grant_Timeline_Event) ProtoReflect
func (x *Grant_Timeline_Event) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event) Reset
func (x *Grant_Timeline_Event) Reset()
func (*Grant_Timeline_Event) String
func (x *Grant_Timeline_Event) String() string
Grant_Timeline_Event_Activated
type Grant_Timeline_Event_Activated struct {
// contains filtered or unexported fields
}
An event representing that the grant was successfully activated.
func (*Grant_Timeline_Event_Activated) Descriptor
func (*Grant_Timeline_Event_Activated) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_Activated.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_Activated) ProtoMessage
func (*Grant_Timeline_Event_Activated) ProtoMessage()
func (*Grant_Timeline_Event_Activated) ProtoReflect
func (x *Grant_Timeline_Event_Activated) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_Activated) Reset
func (x *Grant_Timeline_Event_Activated) Reset()
func (*Grant_Timeline_Event_Activated) String
func (x *Grant_Timeline_Event_Activated) String() string
Grant_Timeline_Event_Activated_
type Grant_Timeline_Event_Activated_ struct {
// The grant was successfully activated to give access.
Activated *Grant_Timeline_Event_Activated `protobuf:"bytes,7,opt,name=activated,proto3,oneof"`
}
Grant_Timeline_Event_ActivationFailed
type Grant_Timeline_Event_ActivationFailed struct {
// Output only. The error that occurred while activating the grant.
Error *status.Status `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
// contains filtered or unexported fields
}
An event representing that the grant activation failed.
func (*Grant_Timeline_Event_ActivationFailed) Descriptor
func (*Grant_Timeline_Event_ActivationFailed) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_ActivationFailed.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_ActivationFailed) GetError
func (x *Grant_Timeline_Event_ActivationFailed) GetError() *status.Status
func (*Grant_Timeline_Event_ActivationFailed) ProtoMessage
func (*Grant_Timeline_Event_ActivationFailed) ProtoMessage()
func (*Grant_Timeline_Event_ActivationFailed) ProtoReflect
func (x *Grant_Timeline_Event_ActivationFailed) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_ActivationFailed) Reset
func (x *Grant_Timeline_Event_ActivationFailed) Reset()
func (*Grant_Timeline_Event_ActivationFailed) String
func (x *Grant_Timeline_Event_ActivationFailed) String() string
Grant_Timeline_Event_ActivationFailed_
type Grant_Timeline_Event_ActivationFailed_ struct {
// There was a non-retriable error while trying to give access.
ActivationFailed *Grant_Timeline_Event_ActivationFailed `protobuf:"bytes,8,opt,name=activation_failed,json=activationFailed,proto3,oneof"`
}
Grant_Timeline_Event_Approved
type Grant_Timeline_Event_Approved struct {
// Output only. The reason provided by the approver for approving the
// grant.
Reason string `protobuf:"bytes,1,opt,name=reason,proto3" json:"reason,omitempty"`
// Output only. Username of the user who approved the grant.
Actor string `protobuf:"bytes,2,opt,name=actor,proto3" json:"actor,omitempty"`
// contains filtered or unexported fields
}
An event representing that the grant was approved.
func (*Grant_Timeline_Event_Approved) Descriptor
func (*Grant_Timeline_Event_Approved) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_Approved.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_Approved) GetActor
func (x *Grant_Timeline_Event_Approved) GetActor() string
func (*Grant_Timeline_Event_Approved) GetReason
func (x *Grant_Timeline_Event_Approved) GetReason() string
func (*Grant_Timeline_Event_Approved) ProtoMessage
func (*Grant_Timeline_Event_Approved) ProtoMessage()
func (*Grant_Timeline_Event_Approved) ProtoReflect
func (x *Grant_Timeline_Event_Approved) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_Approved) Reset
func (x *Grant_Timeline_Event_Approved) Reset()
func (*Grant_Timeline_Event_Approved) String
func (x *Grant_Timeline_Event_Approved) String() string
Grant_Timeline_Event_Approved_
type Grant_Timeline_Event_Approved_ struct {
// The grant was approved.
Approved *Grant_Timeline_Event_Approved `protobuf:"bytes,3,opt,name=approved,proto3,oneof"`
}
Grant_Timeline_Event_Denied
type Grant_Timeline_Event_Denied struct {
// Output only. The reason provided by the approver for denying the
// grant.
Reason string `protobuf:"bytes,1,opt,name=reason,proto3" json:"reason,omitempty"`
// Output only. Username of the user who denied the grant.
Actor string `protobuf:"bytes,2,opt,name=actor,proto3" json:"actor,omitempty"`
// contains filtered or unexported fields
}
An event representing that the grant was denied.
func (*Grant_Timeline_Event_Denied) Descriptor
func (*Grant_Timeline_Event_Denied) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_Denied.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_Denied) GetActor
func (x *Grant_Timeline_Event_Denied) GetActor() string
func (*Grant_Timeline_Event_Denied) GetReason
func (x *Grant_Timeline_Event_Denied) GetReason() string
func (*Grant_Timeline_Event_Denied) ProtoMessage
func (*Grant_Timeline_Event_Denied) ProtoMessage()
func (*Grant_Timeline_Event_Denied) ProtoReflect
func (x *Grant_Timeline_Event_Denied) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_Denied) Reset
func (x *Grant_Timeline_Event_Denied) Reset()
func (*Grant_Timeline_Event_Denied) String
func (x *Grant_Timeline_Event_Denied) String() string
Grant_Timeline_Event_Denied_
type Grant_Timeline_Event_Denied_ struct {
// The grant was denied.
Denied *Grant_Timeline_Event_Denied `protobuf:"bytes,4,opt,name=denied,proto3,oneof"`
}
Grant_Timeline_Event_Ended
type Grant_Timeline_Event_Ended struct {
// contains filtered or unexported fields
}
An event representing that the grant has ended.
func (*Grant_Timeline_Event_Ended) Descriptor
func (*Grant_Timeline_Event_Ended) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_Ended.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_Ended) ProtoMessage
func (*Grant_Timeline_Event_Ended) ProtoMessage()
func (*Grant_Timeline_Event_Ended) ProtoReflect
func (x *Grant_Timeline_Event_Ended) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_Ended) Reset
func (x *Grant_Timeline_Event_Ended) Reset()
func (*Grant_Timeline_Event_Ended) String
func (x *Grant_Timeline_Event_Ended) String() string
Grant_Timeline_Event_Ended_
type Grant_Timeline_Event_Ended_ struct {
// Access given by the grant ended automatically as the approved
// duration was over.
Ended *Grant_Timeline_Event_Ended `protobuf:"bytes,11,opt,name=ended,proto3,oneof"`
}
Grant_Timeline_Event_Expired
type Grant_Timeline_Event_Expired struct {
// contains filtered or unexported fields
}
An event representing that the grant was expired.
func (*Grant_Timeline_Event_Expired) Descriptor
func (*Grant_Timeline_Event_Expired) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_Expired.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_Expired) ProtoMessage
func (*Grant_Timeline_Event_Expired) ProtoMessage()
func (*Grant_Timeline_Event_Expired) ProtoReflect
func (x *Grant_Timeline_Event_Expired) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_Expired) Reset
func (x *Grant_Timeline_Event_Expired) Reset()
func (*Grant_Timeline_Event_Expired) String
func (x *Grant_Timeline_Event_Expired) String() string
Grant_Timeline_Event_Expired_
type Grant_Timeline_Event_Expired_ struct {
// The approval workflow did not complete in the necessary duration,
// and so the grant is expired.
Expired *Grant_Timeline_Event_Expired `protobuf:"bytes,10,opt,name=expired,proto3,oneof"`
}
Grant_Timeline_Event_ExternallyModified
type Grant_Timeline_Event_ExternallyModified struct {
// contains filtered or unexported fields
}
An event representing that the policy bindings made by this grant were modified externally.
func (*Grant_Timeline_Event_ExternallyModified) Descriptor
func (*Grant_Timeline_Event_ExternallyModified) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_ExternallyModified.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_ExternallyModified) ProtoMessage
func (*Grant_Timeline_Event_ExternallyModified) ProtoMessage()
func (*Grant_Timeline_Event_ExternallyModified) ProtoReflect
func (x *Grant_Timeline_Event_ExternallyModified) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_ExternallyModified) Reset
func (x *Grant_Timeline_Event_ExternallyModified) Reset()
func (*Grant_Timeline_Event_ExternallyModified) String
func (x *Grant_Timeline_Event_ExternallyModified) String() string
Grant_Timeline_Event_ExternallyModified_
type Grant_Timeline_Event_ExternallyModified_ struct {
// The policy bindings made by grant have been modified outside of PAM.
ExternallyModified *Grant_Timeline_Event_ExternallyModified `protobuf:"bytes,12,opt,name=externally_modified,json=externallyModified,proto3,oneof"`
}
Grant_Timeline_Event_Requested
type Grant_Timeline_Event_Requested struct {
// Output only. The time at which this grant expires unless the approval
// workflow completes. If omitted, then the request never expires.
ExpireTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
// contains filtered or unexported fields
}
An event representing that a grant was requested.
func (*Grant_Timeline_Event_Requested) Descriptor
func (*Grant_Timeline_Event_Requested) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_Requested.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_Requested) GetExpireTime
func (x *Grant_Timeline_Event_Requested) GetExpireTime() *timestamppb.Timestamp
func (*Grant_Timeline_Event_Requested) ProtoMessage
func (*Grant_Timeline_Event_Requested) ProtoMessage()
func (*Grant_Timeline_Event_Requested) ProtoReflect
func (x *Grant_Timeline_Event_Requested) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_Requested) Reset
func (x *Grant_Timeline_Event_Requested) Reset()
func (*Grant_Timeline_Event_Requested) String
func (x *Grant_Timeline_Event_Requested) String() string
Grant_Timeline_Event_Requested_
type Grant_Timeline_Event_Requested_ struct {
// The grant was requested.
Requested *Grant_Timeline_Event_Requested `protobuf:"bytes,2,opt,name=requested,proto3,oneof"`
}
Grant_Timeline_Event_Revoked
type Grant_Timeline_Event_Revoked struct {
// Output only. The reason provided by the user for revoking the grant.
Reason string `protobuf:"bytes,1,opt,name=reason,proto3" json:"reason,omitempty"`
// Output only. Username of the user who revoked the grant.
Actor string `protobuf:"bytes,2,opt,name=actor,proto3" json:"actor,omitempty"`
// contains filtered or unexported fields
}
An event representing that the grant was revoked.
func (*Grant_Timeline_Event_Revoked) Descriptor
func (*Grant_Timeline_Event_Revoked) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_Revoked.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_Revoked) GetActor
func (x *Grant_Timeline_Event_Revoked) GetActor() string
func (*Grant_Timeline_Event_Revoked) GetReason
func (x *Grant_Timeline_Event_Revoked) GetReason() string
func (*Grant_Timeline_Event_Revoked) ProtoMessage
func (*Grant_Timeline_Event_Revoked) ProtoMessage()
func (*Grant_Timeline_Event_Revoked) ProtoReflect
func (x *Grant_Timeline_Event_Revoked) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_Revoked) Reset
func (x *Grant_Timeline_Event_Revoked) Reset()
func (*Grant_Timeline_Event_Revoked) String
func (x *Grant_Timeline_Event_Revoked) String() string
Grant_Timeline_Event_Revoked_
type Grant_Timeline_Event_Revoked_ struct {
// The grant was revoked.
Revoked *Grant_Timeline_Event_Revoked `protobuf:"bytes,5,opt,name=revoked,proto3,oneof"`
}
Grant_Timeline_Event_Scheduled
type Grant_Timeline_Event_Scheduled struct {
ScheduledActivationTime *timestamppb.Timestamp "" /* 132 byte string literal not displayed */
}
An event representing that the grant has been scheduled to be activated later.
func (*Grant_Timeline_Event_Scheduled) Descriptor
func (*Grant_Timeline_Event_Scheduled) Descriptor() ([]byte, []int)
Deprecated: Use Grant_Timeline_Event_Scheduled.ProtoReflect.Descriptor instead.
func (*Grant_Timeline_Event_Scheduled) GetScheduledActivationTime
func (x *Grant_Timeline_Event_Scheduled) GetScheduledActivationTime() *timestamppb.Timestamp
func (*Grant_Timeline_Event_Scheduled) ProtoMessage
func (*Grant_Timeline_Event_Scheduled) ProtoMessage()
func (*Grant_Timeline_Event_Scheduled) ProtoReflect
func (x *Grant_Timeline_Event_Scheduled) ProtoReflect() protoreflect.Message
func (*Grant_Timeline_Event_Scheduled) Reset
func (x *Grant_Timeline_Event_Scheduled) Reset()
func (*Grant_Timeline_Event_Scheduled) String
func (x *Grant_Timeline_Event_Scheduled) String() string
Grant_Timeline_Event_Scheduled_
type Grant_Timeline_Event_Scheduled_ struct {
// The grant has been scheduled to give access.
Scheduled *Grant_Timeline_Event_Scheduled `protobuf:"bytes,6,opt,name=scheduled,proto3,oneof"`
}
Justification
type Justification struct {
// Types that are assignable to Justification:
//
// *Justification_UnstructuredJustification
Justification isJustification_Justification `protobuf_oneof:"justification"`
// contains filtered or unexported fields
}
Justification represents a justification for requesting access.
func (*Justification) Descriptor
func (*Justification) Descriptor() ([]byte, []int)
Deprecated: Use Justification.ProtoReflect.Descriptor instead.
func (*Justification) GetJustification
func (m *Justification) GetJustification() isJustification_Justification
func (*Justification) GetUnstructuredJustification
func (x *Justification) GetUnstructuredJustification() string
func (*Justification) ProtoMessage
func (*Justification) ProtoMessage()
func (*Justification) ProtoReflect
func (x *Justification) ProtoReflect() protoreflect.Message
func (*Justification) Reset
func (x *Justification) Reset()
func (*Justification) String
func (x *Justification) String() string
Justification_UnstructuredJustification
type Justification_UnstructuredJustification struct {
// A free form textual justification. The system only ensures that this
// is not empty. No other kind of validation is performed on the string.
UnstructuredJustification string `protobuf:"bytes,1,opt,name=unstructured_justification,json=unstructuredJustification,proto3,oneof"`
}
ListEntitlementsRequest
type ListEntitlementsRequest struct {
// Required. The parent which owns the entitlement resources.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Requested page size. Server may return fewer items than
// requested. If unspecified, the server picks an appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A token identifying a page of results the server should return.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional. Filtering results.
Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
// Optional. Hint for how to order the results.
OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
// contains filtered or unexported fields
}
Message for requesting list of entitlements.
func (*ListEntitlementsRequest) Descriptor
func (*ListEntitlementsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListEntitlementsRequest.ProtoReflect.Descriptor instead.
func (*ListEntitlementsRequest) GetFilter
func (x *ListEntitlementsRequest) GetFilter() string
func (*ListEntitlementsRequest) GetOrderBy
func (x *ListEntitlementsRequest) GetOrderBy() string
func (*ListEntitlementsRequest) GetPageSize
func (x *ListEntitlementsRequest) GetPageSize() int32
func (*ListEntitlementsRequest) GetPageToken
func (x *ListEntitlementsRequest) GetPageToken() string
func (*ListEntitlementsRequest) GetParent
func (x *ListEntitlementsRequest) GetParent() string
func (*ListEntitlementsRequest) ProtoMessage
func (*ListEntitlementsRequest) ProtoMessage()
func (*ListEntitlementsRequest) ProtoReflect
func (x *ListEntitlementsRequest) ProtoReflect() protoreflect.Message
func (*ListEntitlementsRequest) Reset
func (x *ListEntitlementsRequest) Reset()
func (*ListEntitlementsRequest) String
func (x *ListEntitlementsRequest) String() string
ListEntitlementsResponse
type ListEntitlementsResponse struct {
// The list of entitlements.
Entitlements []*Entitlement `protobuf:"bytes,1,rep,name=entitlements,proto3" json:"entitlements,omitempty"`
// A token identifying a page of results the server should return.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// Locations that could not be reached.
Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
// contains filtered or unexported fields
}
Message for response to listing entitlements.
func (*ListEntitlementsResponse) Descriptor
func (*ListEntitlementsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListEntitlementsResponse.ProtoReflect.Descriptor instead.
func (*ListEntitlementsResponse) GetEntitlements
func (x *ListEntitlementsResponse) GetEntitlements() []*Entitlement
func (*ListEntitlementsResponse) GetNextPageToken
func (x *ListEntitlementsResponse) GetNextPageToken() string
func (*ListEntitlementsResponse) GetUnreachable
func (x *ListEntitlementsResponse) GetUnreachable() []string
func (*ListEntitlementsResponse) ProtoMessage
func (*ListEntitlementsResponse) ProtoMessage()
func (*ListEntitlementsResponse) ProtoReflect
func (x *ListEntitlementsResponse) ProtoReflect() protoreflect.Message
func (*ListEntitlementsResponse) Reset
func (x *ListEntitlementsResponse) Reset()
func (*ListEntitlementsResponse) String
func (x *ListEntitlementsResponse) String() string
ListGrantsRequest
type ListGrantsRequest struct {
// Required. The parent resource which owns the grants.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Requested page size. The server may return fewer items than
// requested. If unspecified, the server picks an appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A token identifying a page of results the server should return.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional. Filtering results.
Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
// Optional. Hint for how to order the results
OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
// contains filtered or unexported fields
}
Message for requesting list of grants.
func (*ListGrantsRequest) Descriptor
func (*ListGrantsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListGrantsRequest.ProtoReflect.Descriptor instead.
func (*ListGrantsRequest) GetFilter
func (x *ListGrantsRequest) GetFilter() string
func (*ListGrantsRequest) GetOrderBy
func (x *ListGrantsRequest) GetOrderBy() string
func (*ListGrantsRequest) GetPageSize
func (x *ListGrantsRequest) GetPageSize() int32
func (*ListGrantsRequest) GetPageToken
func (x *ListGrantsRequest) GetPageToken() string
func (*ListGrantsRequest) GetParent
func (x *ListGrantsRequest) GetParent() string
func (*ListGrantsRequest) ProtoMessage
func (*ListGrantsRequest) ProtoMessage()
func (*ListGrantsRequest) ProtoReflect
func (x *ListGrantsRequest) ProtoReflect() protoreflect.Message
func (*ListGrantsRequest) Reset
func (x *ListGrantsRequest) Reset()
func (*ListGrantsRequest) String
func (x *ListGrantsRequest) String() string
ListGrantsResponse
type ListGrantsResponse struct {
// The list of grants.
Grants []*Grant `protobuf:"bytes,1,rep,name=grants,proto3" json:"grants,omitempty"`
// A token identifying a page of results the server should return.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// Locations that could not be reached.
Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
// contains filtered or unexported fields
}
Message for response to listing grants.
func (*ListGrantsResponse) Descriptor
func (*ListGrantsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListGrantsResponse.ProtoReflect.Descriptor instead.
func (*ListGrantsResponse) GetGrants
func (x *ListGrantsResponse) GetGrants() []*Grant
func (*ListGrantsResponse) GetNextPageToken
func (x *ListGrantsResponse) GetNextPageToken() string
func (*ListGrantsResponse) GetUnreachable
func (x *ListGrantsResponse) GetUnreachable() []string
func (*ListGrantsResponse) ProtoMessage
func (*ListGrantsResponse) ProtoMessage()
func (*ListGrantsResponse) ProtoReflect
func (x *ListGrantsResponse) ProtoReflect() protoreflect.Message
func (*ListGrantsResponse) Reset
func (x *ListGrantsResponse) Reset()
func (*ListGrantsResponse) String
func (x *ListGrantsResponse) String() string
ManualApprovals
type ManualApprovals struct {
RequireApproverJustification bool "" /* 148 byte string literal not displayed */
Steps []*ManualApprovals_Step `protobuf:"bytes,2,rep,name=steps,proto3" json:"steps,omitempty"`
}
A manual approval workflow where users who are designated as approvers
need to call the ApproveGrant
/DenyGrant
APIs for a grant. The workflow
can consist of multiple serial steps where each step defines who can act as
approver in that step and how many of those users should approve before the
workflow moves to the next step.
This can be used to create approval workflows such as:
- Require an approval from any user in a group G.
- Require an approval from any k number of users from a Group G.
- Require an approval from any user in a group G and then from a user U.
A single user might be part of the approvers
ACL for multiple steps in this
workflow, but they can only approve once and that approval is only considered
to satisfy the approval step at which it was granted.
func (*ManualApprovals) Descriptor
func (*ManualApprovals) Descriptor() ([]byte, []int)
Deprecated: Use ManualApprovals.ProtoReflect.Descriptor instead.
func (*ManualApprovals) GetRequireApproverJustification
func (x *ManualApprovals) GetRequireApproverJustification() bool
func (*ManualApprovals) GetSteps
func (x *ManualApprovals) GetSteps() []*ManualApprovals_Step
func (*ManualApprovals) ProtoMessage
func (*ManualApprovals) ProtoMessage()
func (*ManualApprovals) ProtoReflect
func (x *ManualApprovals) ProtoReflect() protoreflect.Message
func (*ManualApprovals) Reset
func (x *ManualApprovals) Reset()
func (*ManualApprovals) String
func (x *ManualApprovals) String() string
ManualApprovals_Step
type ManualApprovals_Step struct {
Approvers []*AccessControlEntry `protobuf:"bytes,1,rep,name=approvers,proto3" json:"approvers,omitempty"`
ApprovalsNeeded int32 `protobuf:"varint,2,opt,name=approvals_needed,json=approvalsNeeded,proto3" json:"approvals_needed,omitempty"`
ApproverEmailRecipients []string "" /* 132 byte string literal not displayed */
}
Step represents a logical step in a manual approval workflow.
func (*ManualApprovals_Step) Descriptor
func (*ManualApprovals_Step) Descriptor() ([]byte, []int)
Deprecated: Use ManualApprovals_Step.ProtoReflect.Descriptor instead.
func (*ManualApprovals_Step) GetApprovalsNeeded
func (x *ManualApprovals_Step) GetApprovalsNeeded() int32
func (*ManualApprovals_Step) GetApproverEmailRecipients
func (x *ManualApprovals_Step) GetApproverEmailRecipients() []string
func (*ManualApprovals_Step) GetApprovers
func (x *ManualApprovals_Step) GetApprovers() []*AccessControlEntry
func (*ManualApprovals_Step) ProtoMessage
func (*ManualApprovals_Step) ProtoMessage()
func (*ManualApprovals_Step) ProtoReflect
func (x *ManualApprovals_Step) ProtoReflect() protoreflect.Message
func (*ManualApprovals_Step) Reset
func (x *ManualApprovals_Step) Reset()
func (*ManualApprovals_Step) String
func (x *ManualApprovals_Step) String() string
OperationMetadata
type OperationMetadata struct {
// Output only. The time the operation was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time the operation finished running.
EndTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"`
// Output only. Server-defined resource path for the target of the operation.
Target string `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
// Output only. Name of the verb executed by the operation.
Verb string `protobuf:"bytes,4,opt,name=verb,proto3" json:"verb,omitempty"`
// Output only. Human-readable status of the operation, if any.
StatusMessage string `protobuf:"bytes,5,opt,name=status_message,json=statusMessage,proto3" json:"status_message,omitempty"`
// Output only. Identifies whether the user has requested cancellation
// of the operation. Operations that have been cancelled successfully
// have [Operation.error][] value with a
// [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
// `Code.CANCELLED`.
RequestedCancellation bool `protobuf:"varint,6,opt,name=requested_cancellation,json=requestedCancellation,proto3" json:"requested_cancellation,omitempty"`
// Output only. API version used to start the operation.
ApiVersion string `protobuf:"bytes,7,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"`
// contains filtered or unexported fields
}
Represents the metadata of the long-running operation.
func (*OperationMetadata) Descriptor
func (*OperationMetadata) Descriptor() ([]byte, []int)
Deprecated: Use OperationMetadata.ProtoReflect.Descriptor instead.
func (*OperationMetadata) GetApiVersion
func (x *OperationMetadata) GetApiVersion() string
func (*OperationMetadata) GetCreateTime
func (x *OperationMetadata) GetCreateTime() *timestamppb.Timestamp
func (*OperationMetadata) GetEndTime
func (x *OperationMetadata) GetEndTime() *timestamppb.Timestamp
func (*OperationMetadata) GetRequestedCancellation
func (x *OperationMetadata) GetRequestedCancellation() bool
func (*OperationMetadata) GetStatusMessage
func (x *OperationMetadata) GetStatusMessage() string
func (*OperationMetadata) GetTarget
func (x *OperationMetadata) GetTarget() string
func (*OperationMetadata) GetVerb
func (x *OperationMetadata) GetVerb() string
func (*OperationMetadata) ProtoMessage
func (*OperationMetadata) ProtoMessage()
func (*OperationMetadata) ProtoReflect
func (x *OperationMetadata) ProtoReflect() protoreflect.Message
func (*OperationMetadata) Reset
func (x *OperationMetadata) Reset()
func (*OperationMetadata) String
func (x *OperationMetadata) String() string
PrivilegedAccess
type PrivilegedAccess struct {
// Types that are assignable to AccessType:
//
// *PrivilegedAccess_GcpIamAccess_
AccessType isPrivilegedAccess_AccessType `protobuf_oneof:"access_type"`
// contains filtered or unexported fields
}
Privileged access that this service can be used to gate.
func (*PrivilegedAccess) Descriptor
func (*PrivilegedAccess) Descriptor() ([]byte, []int)
Deprecated: Use PrivilegedAccess.ProtoReflect.Descriptor instead.
func (*PrivilegedAccess) GetAccessType
func (m *PrivilegedAccess) GetAccessType() isPrivilegedAccess_AccessType
func (*PrivilegedAccess) GetGcpIamAccess
func (x *PrivilegedAccess) GetGcpIamAccess() *PrivilegedAccess_GcpIamAccess
func (*PrivilegedAccess) ProtoMessage
func (*PrivilegedAccess) ProtoMessage()
func (*PrivilegedAccess) ProtoReflect
func (x *PrivilegedAccess) ProtoReflect() protoreflect.Message
func (*PrivilegedAccess) Reset
func (x *PrivilegedAccess) Reset()
func (*PrivilegedAccess) String
func (x *PrivilegedAccess) String() string
PrivilegedAccessManagerClient
type PrivilegedAccessManagerClient interface {
// `CheckOnboardingStatus` reports the onboarding status for a
// project/folder/organization. Any findings reported by this API need to be
// fixed before PAM can be used on the resource.
CheckOnboardingStatus(ctx context.Context, in *CheckOnboardingStatusRequest, opts ...grpc.CallOption) (*CheckOnboardingStatusResponse, error)
// Lists entitlements in a given project/folder/organization and location.
ListEntitlements(ctx context.Context, in *ListEntitlementsRequest, opts ...grpc.CallOption) (*ListEntitlementsResponse, error)
// `SearchEntitlements` returns entitlements on which the caller has the
// specified access.
SearchEntitlements(ctx context.Context, in *SearchEntitlementsRequest, opts ...grpc.CallOption) (*SearchEntitlementsResponse, error)
// Gets details of a single entitlement.
GetEntitlement(ctx context.Context, in *GetEntitlementRequest, opts ...grpc.CallOption) (*Entitlement, error)
// Creates a new entitlement in a given project/folder/organization and
// location.
CreateEntitlement(ctx context.Context, in *CreateEntitlementRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Deletes a single entitlement. This method can only be called when there
// are no in-progress (`ACTIVE`/`ACTIVATING`/`REVOKING`) grants under the
// entitlement.
DeleteEntitlement(ctx context.Context, in *DeleteEntitlementRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Updates the entitlement specified in the request. Updated fields in the
// entitlement need to be specified in an update mask. The changes made to an
// entitlement are applicable only on future grants of the entitlement.
// However, if new approvers are added or existing approvers are removed from
// the approval workflow, the changes are effective on existing grants.
//
// The following fields are not supported for updates:
//
// - All immutable fields
// - Entitlement name
// - Resource name
// - Resource type
// - Adding an approval workflow in an entitlement which previously had no
// approval workflow.
// - Deleting the approval workflow from an entitlement.
// - Adding or deleting a step in the approval workflow (only one step is
// supported)
//
// Note that updates are allowed on the list of approvers in an approval
// workflow step.
UpdateEntitlement(ctx context.Context, in *UpdateEntitlementRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Lists grants for a given entitlement.
ListGrants(ctx context.Context, in *ListGrantsRequest, opts ...grpc.CallOption) (*ListGrantsResponse, error)
// `SearchGrants` returns grants that are related to the calling user in the
// specified way.
SearchGrants(ctx context.Context, in *SearchGrantsRequest, opts ...grpc.CallOption) (*SearchGrantsResponse, error)
// Get details of a single grant.
GetGrant(ctx context.Context, in *GetGrantRequest, opts ...grpc.CallOption) (*Grant, error)
// Creates a new grant in a given project/folder/organization and
// location.
CreateGrant(ctx context.Context, in *CreateGrantRequest, opts ...grpc.CallOption) (*Grant, error)
// `ApproveGrant` is used to approve a grant. This method can only be called
// on a grant when it's in the `APPROVAL_AWAITED` state. This operation can't
// be undone.
ApproveGrant(ctx context.Context, in *ApproveGrantRequest, opts ...grpc.CallOption) (*Grant, error)
// `DenyGrant` is used to deny a grant. This method can only be called on a
// grant when it's in the `APPROVAL_AWAITED` state. This operation can't be
// undone.
DenyGrant(ctx context.Context, in *DenyGrantRequest, opts ...grpc.CallOption) (*Grant, error)
// `RevokeGrant` is used to immediately revoke access for a grant. This method
// can be called when the grant is in a non-terminal state.
RevokeGrant(ctx context.Context, in *RevokeGrantRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
}
PrivilegedAccessManagerClient is the client API for PrivilegedAccessManager service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewPrivilegedAccessManagerClient
func NewPrivilegedAccessManagerClient(cc grpc.ClientConnInterface) PrivilegedAccessManagerClient
PrivilegedAccessManagerServer
type PrivilegedAccessManagerServer interface {
// `CheckOnboardingStatus` reports the onboarding status for a
// project/folder/organization. Any findings reported by this API need to be
// fixed before PAM can be used on the resource.
CheckOnboardingStatus(context.Context, *CheckOnboardingStatusRequest) (*CheckOnboardingStatusResponse, error)
// Lists entitlements in a given project/folder/organization and location.
ListEntitlements(context.Context, *ListEntitlementsRequest) (*ListEntitlementsResponse, error)
// `SearchEntitlements` returns entitlements on which the caller has the
// specified access.
SearchEntitlements(context.Context, *SearchEntitlementsRequest) (*SearchEntitlementsResponse, error)
// Gets details of a single entitlement.
GetEntitlement(context.Context, *GetEntitlementRequest) (*Entitlement, error)
// Creates a new entitlement in a given project/folder/organization and
// location.
CreateEntitlement(context.Context, *CreateEntitlementRequest) (*longrunningpb.Operation, error)
// Deletes a single entitlement. This method can only be called when there
// are no in-progress (`ACTIVE`/`ACTIVATING`/`REVOKING`) grants under the
// entitlement.
DeleteEntitlement(context.Context, *DeleteEntitlementRequest) (*longrunningpb.Operation, error)
// Updates the entitlement specified in the request. Updated fields in the
// entitlement need to be specified in an update mask. The changes made to an
// entitlement are applicable only on future grants of the entitlement.
// However, if new approvers are added or existing approvers are removed from
// the approval workflow, the changes are effective on existing grants.
//
// The following fields are not supported for updates:
//
// - All immutable fields
// - Entitlement name
// - Resource name
// - Resource type
// - Adding an approval workflow in an entitlement which previously had no
// approval workflow.
// - Deleting the approval workflow from an entitlement.
// - Adding or deleting a step in the approval workflow (only one step is
// supported)
//
// Note that updates are allowed on the list of approvers in an approval
// workflow step.
UpdateEntitlement(context.Context, *UpdateEntitlementRequest) (*longrunningpb.Operation, error)
// Lists grants for a given entitlement.
ListGrants(context.Context, *ListGrantsRequest) (*ListGrantsResponse, error)
// `SearchGrants` returns grants that are related to the calling user in the
// specified way.
SearchGrants(context.Context, *SearchGrantsRequest) (*SearchGrantsResponse, error)
// Get details of a single grant.
GetGrant(context.Context, *GetGrantRequest) (*Grant, error)
// Creates a new grant in a given project/folder/organization and
// location.
CreateGrant(context.Context, *CreateGrantRequest) (*Grant, error)
// `ApproveGrant` is used to approve a grant. This method can only be called
// on a grant when it's in the `APPROVAL_AWAITED` state. This operation can't
// be undone.
ApproveGrant(context.Context, *ApproveGrantRequest) (*Grant, error)
// `DenyGrant` is used to deny a grant. This method can only be called on a
// grant when it's in the `APPROVAL_AWAITED` state. This operation can't be
// undone.
DenyGrant(context.Context, *DenyGrantRequest) (*Grant, error)
// `RevokeGrant` is used to immediately revoke access for a grant. This method
// can be called when the grant is in a non-terminal state.
RevokeGrant(context.Context, *RevokeGrantRequest) (*longrunningpb.Operation, error)
}
PrivilegedAccessManagerServer is the server API for PrivilegedAccessManager service.
PrivilegedAccess_GcpIamAccess
type PrivilegedAccess_GcpIamAccess struct {
// Required. The type of this resource.
ResourceType string `protobuf:"bytes,1,opt,name=resource_type,json=resourceType,proto3" json:"resource_type,omitempty"`
// Required. Name of the resource.
Resource string `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
// Required. Role bindings that are created on successful grant.
RoleBindings []*PrivilegedAccess_GcpIamAccess_RoleBinding `protobuf:"bytes,4,rep,name=role_bindings,json=roleBindings,proto3" json:"role_bindings,omitempty"`
// contains filtered or unexported fields
}
GcpIamAccess
represents IAM based access control on a Google Cloud
resource. Refer to https://cloud.google.com/iam/docs to understand more
about IAM.
func (*PrivilegedAccess_GcpIamAccess) Descriptor
func (*PrivilegedAccess_GcpIamAccess) Descriptor() ([]byte, []int)
Deprecated: Use PrivilegedAccess_GcpIamAccess.ProtoReflect.Descriptor instead.
func (*PrivilegedAccess_GcpIamAccess) GetResource
func (x *PrivilegedAccess_GcpIamAccess) GetResource() string
func (*PrivilegedAccess_GcpIamAccess) GetResourceType
func (x *PrivilegedAccess_GcpIamAccess) GetResourceType() string
func (*PrivilegedAccess_GcpIamAccess) GetRoleBindings
func (x *PrivilegedAccess_GcpIamAccess) GetRoleBindings() []*PrivilegedAccess_GcpIamAccess_RoleBinding
func (*PrivilegedAccess_GcpIamAccess) ProtoMessage
func (*PrivilegedAccess_GcpIamAccess) ProtoMessage()
func (*PrivilegedAccess_GcpIamAccess) ProtoReflect
func (x *PrivilegedAccess_GcpIamAccess) ProtoReflect() protoreflect.Message
func (*PrivilegedAccess_GcpIamAccess) Reset
func (x *PrivilegedAccess_GcpIamAccess) Reset()
func (*PrivilegedAccess_GcpIamAccess) String
func (x *PrivilegedAccess_GcpIamAccess) String() string
PrivilegedAccess_GcpIamAccess_
type PrivilegedAccess_GcpIamAccess_ struct {
// Access to a Google Cloud resource through IAM.
GcpIamAccess *PrivilegedAccess_GcpIamAccess `protobuf:"bytes,1,opt,name=gcp_iam_access,json=gcpIamAccess,proto3,oneof"`
}
PrivilegedAccess_GcpIamAccess_RoleBinding
type PrivilegedAccess_GcpIamAccess_RoleBinding struct {
// Required. IAM role to be granted.
// https://cloud.google.com/iam/docs/roles-overview.
Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
// Optional. The expression field of the IAM condition to be associated
// with the role. If specified, a user with an active grant for this
// entitlement is able to access the resource only if this condition
// evaluates to true for their request.
//
// This field uses the same CEL format as IAM and supports all attributes
// that IAM supports, except tags.
// https://cloud.google.com/iam/docs/conditions-overview#attributes.
ConditionExpression string `protobuf:"bytes,2,opt,name=condition_expression,json=conditionExpression,proto3" json:"condition_expression,omitempty"`
// contains filtered or unexported fields
}
IAM role bindings that are created after a successful grant.
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) Descriptor
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) Descriptor() ([]byte, []int)
Deprecated: Use PrivilegedAccess_GcpIamAccess_RoleBinding.ProtoReflect.Descriptor instead.
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) GetConditionExpression
func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) GetConditionExpression() string
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) GetRole
func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) GetRole() string
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) ProtoMessage
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) ProtoMessage()
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) ProtoReflect
func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) ProtoReflect() protoreflect.Message
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) Reset
func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) Reset()
func (*PrivilegedAccess_GcpIamAccess_RoleBinding) String
func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) String() string
RevokeGrantRequest
type RevokeGrantRequest struct {
// Required. Name of the grant resource which is being revoked.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The reason for revoking this grant.
Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"`
// contains filtered or unexported fields
}
Request message for RevokeGrant
method.
func (*RevokeGrantRequest) Descriptor
func (*RevokeGrantRequest) Descriptor() ([]byte, []int)
Deprecated: Use RevokeGrantRequest.ProtoReflect.Descriptor instead.
func (*RevokeGrantRequest) GetName
func (x *RevokeGrantRequest) GetName() string
func (*RevokeGrantRequest) GetReason
func (x *RevokeGrantRequest) GetReason() string
func (*RevokeGrantRequest) ProtoMessage
func (*RevokeGrantRequest) ProtoMessage()
func (*RevokeGrantRequest) ProtoReflect
func (x *RevokeGrantRequest) ProtoReflect() protoreflect.Message
func (*RevokeGrantRequest) Reset
func (x *RevokeGrantRequest) Reset()
func (*RevokeGrantRequest) String
func (x *RevokeGrantRequest) String() string
SearchEntitlementsRequest
type SearchEntitlementsRequest struct {
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
CallerAccessType SearchEntitlementsRequest_CallerAccessType "" /* 200 byte string literal not displayed */
Filter string `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"`
PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
}
Request message for SearchEntitlements
method.
func (*SearchEntitlementsRequest) Descriptor
func (*SearchEntitlementsRequest) Descriptor() ([]byte, []int)
Deprecated: Use SearchEntitlementsRequest.ProtoReflect.Descriptor instead.
func (*SearchEntitlementsRequest) GetCallerAccessType
func (x *SearchEntitlementsRequest) GetCallerAccessType() SearchEntitlementsRequest_CallerAccessType
func (*SearchEntitlementsRequest) GetFilter
func (x *SearchEntitlementsRequest) GetFilter() string
func (*SearchEntitlementsRequest) GetPageSize
func (x *SearchEntitlementsRequest) GetPageSize() int32
func (*SearchEntitlementsRequest) GetPageToken
func (x *SearchEntitlementsRequest) GetPageToken() string
func (*SearchEntitlementsRequest) GetParent
func (x *SearchEntitlementsRequest) GetParent() string
func (*SearchEntitlementsRequest) ProtoMessage
func (*SearchEntitlementsRequest) ProtoMessage()
func (*SearchEntitlementsRequest) ProtoReflect
func (x *SearchEntitlementsRequest) ProtoReflect() protoreflect.Message
func (*SearchEntitlementsRequest) Reset
func (x *SearchEntitlementsRequest) Reset()
func (*SearchEntitlementsRequest) String
func (x *SearchEntitlementsRequest) String() string
SearchEntitlementsRequest_CallerAccessType
type SearchEntitlementsRequest_CallerAccessType int32
Different types of access a user can have on the entitlement resource.
SearchEntitlementsRequest_CALLER_ACCESS_TYPE_UNSPECIFIED, SearchEntitlementsRequest_GRANT_REQUESTER, SearchEntitlementsRequest_GRANT_APPROVER
const (
// Unspecified access type.
SearchEntitlementsRequest_CALLER_ACCESS_TYPE_UNSPECIFIED SearchEntitlementsRequest_CallerAccessType = 0
// The user has access to create grants using this entitlement.
SearchEntitlementsRequest_GRANT_REQUESTER SearchEntitlementsRequest_CallerAccessType = 1
// The user has access to approve/deny grants created under this
// entitlement.
SearchEntitlementsRequest_GRANT_APPROVER SearchEntitlementsRequest_CallerAccessType = 2
)
func (SearchEntitlementsRequest_CallerAccessType) Descriptor
func (SearchEntitlementsRequest_CallerAccessType) Descriptor() protoreflect.EnumDescriptor
func (SearchEntitlementsRequest_CallerAccessType) Enum
func (x SearchEntitlementsRequest_CallerAccessType) Enum() *SearchEntitlementsRequest_CallerAccessType
func (SearchEntitlementsRequest_CallerAccessType) EnumDescriptor
func (SearchEntitlementsRequest_CallerAccessType) EnumDescriptor() ([]byte, []int)
Deprecated: Use SearchEntitlementsRequest_CallerAccessType.Descriptor instead.
func (SearchEntitlementsRequest_CallerAccessType) Number
func (x SearchEntitlementsRequest_CallerAccessType) Number() protoreflect.EnumNumber
func (SearchEntitlementsRequest_CallerAccessType) String
func (x SearchEntitlementsRequest_CallerAccessType) String() string
func (SearchEntitlementsRequest_CallerAccessType) Type
func (SearchEntitlementsRequest_CallerAccessType) Type() protoreflect.EnumType
SearchEntitlementsResponse
type SearchEntitlementsResponse struct {
// The list of entitlements.
Entitlements []*Entitlement `protobuf:"bytes,1,rep,name=entitlements,proto3" json:"entitlements,omitempty"`
// A token identifying a page of results the server should return.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
Response message for SearchEntitlements
method.
func (*SearchEntitlementsResponse) Descriptor
func (*SearchEntitlementsResponse) Descriptor() ([]byte, []int)
Deprecated: Use SearchEntitlementsResponse.ProtoReflect.Descriptor instead.
func (*SearchEntitlementsResponse) GetEntitlements
func (x *SearchEntitlementsResponse) GetEntitlements() []*Entitlement
func (*SearchEntitlementsResponse) GetNextPageToken
func (x *SearchEntitlementsResponse) GetNextPageToken() string
func (*SearchEntitlementsResponse) ProtoMessage
func (*SearchEntitlementsResponse) ProtoMessage()
func (*SearchEntitlementsResponse) ProtoReflect
func (x *SearchEntitlementsResponse) ProtoReflect() protoreflect.Message
func (*SearchEntitlementsResponse) Reset
func (x *SearchEntitlementsResponse) Reset()
func (*SearchEntitlementsResponse) String
func (x *SearchEntitlementsResponse) String() string
SearchGrantsRequest
type SearchGrantsRequest struct {
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
CallerRelationship SearchGrantsRequest_CallerRelationshipType "" /* 204 byte string literal not displayed */
Filter string `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"`
PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
}
Request message for SearchGrants
method.
func (*SearchGrantsRequest) Descriptor
func (*SearchGrantsRequest) Descriptor() ([]byte, []int)
Deprecated: Use SearchGrantsRequest.ProtoReflect.Descriptor instead.
func (*SearchGrantsRequest) GetCallerRelationship
func (x *SearchGrantsRequest) GetCallerRelationship() SearchGrantsRequest_CallerRelationshipType
func (*SearchGrantsRequest) GetFilter
func (x *SearchGrantsRequest) GetFilter() string
func (*SearchGrantsRequest) GetPageSize
func (x *SearchGrantsRequest) GetPageSize() int32
func (*SearchGrantsRequest) GetPageToken
func (x *SearchGrantsRequest) GetPageToken() string
func (*SearchGrantsRequest) GetParent
func (x *SearchGrantsRequest) GetParent() string
func (*SearchGrantsRequest) ProtoMessage
func (*SearchGrantsRequest) ProtoMessage()
func (*SearchGrantsRequest) ProtoReflect
func (x *SearchGrantsRequest) ProtoReflect() protoreflect.Message
func (*SearchGrantsRequest) Reset
func (x *SearchGrantsRequest) Reset()
func (*SearchGrantsRequest) String
func (x *SearchGrantsRequest) String() string
SearchGrantsRequest_CallerRelationshipType
type SearchGrantsRequest_CallerRelationshipType int32
Different types of relationships a user can have with a grant.
SearchGrantsRequest_CALLER_RELATIONSHIP_TYPE_UNSPECIFIED, SearchGrantsRequest_HAD_CREATED, SearchGrantsRequest_CAN_APPROVE, SearchGrantsRequest_HAD_APPROVED
const (
// Unspecified caller relationship type.
SearchGrantsRequest_CALLER_RELATIONSHIP_TYPE_UNSPECIFIED SearchGrantsRequest_CallerRelationshipType = 0
// The user created this grant by calling `CreateGrant` earlier.
SearchGrantsRequest_HAD_CREATED SearchGrantsRequest_CallerRelationshipType = 1
// The user is an approver for the entitlement that this grant is parented
// under and can currently approve/deny it.
SearchGrantsRequest_CAN_APPROVE SearchGrantsRequest_CallerRelationshipType = 2
// The caller had successfully approved/denied this grant earlier.
SearchGrantsRequest_HAD_APPROVED SearchGrantsRequest_CallerRelationshipType = 3
)
func (SearchGrantsRequest_CallerRelationshipType) Descriptor
func (SearchGrantsRequest_CallerRelationshipType) Descriptor() protoreflect.EnumDescriptor
func (SearchGrantsRequest_CallerRelationshipType) Enum
func (x SearchGrantsRequest_CallerRelationshipType) Enum() *SearchGrantsRequest_CallerRelationshipType
func (SearchGrantsRequest_CallerRelationshipType) EnumDescriptor
func (SearchGrantsRequest_CallerRelationshipType) EnumDescriptor() ([]byte, []int)
Deprecated: Use SearchGrantsRequest_CallerRelationshipType.Descriptor instead.
func (SearchGrantsRequest_CallerRelationshipType) Number
func (x SearchGrantsRequest_CallerRelationshipType) Number() protoreflect.EnumNumber
func (SearchGrantsRequest_CallerRelationshipType) String
func (x SearchGrantsRequest_CallerRelationshipType) String() string
func (SearchGrantsRequest_CallerRelationshipType) Type
func (SearchGrantsRequest_CallerRelationshipType) Type() protoreflect.EnumType
SearchGrantsResponse
type SearchGrantsResponse struct {
// The list of grants.
Grants []*Grant `protobuf:"bytes,1,rep,name=grants,proto3" json:"grants,omitempty"`
// A token identifying a page of results the server should return.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
Response message for SearchGrants
method.
func (*SearchGrantsResponse) Descriptor
func (*SearchGrantsResponse) Descriptor() ([]byte, []int)
Deprecated: Use SearchGrantsResponse.ProtoReflect.Descriptor instead.
func (*SearchGrantsResponse) GetGrants
func (x *SearchGrantsResponse) GetGrants() []*Grant
func (*SearchGrantsResponse) GetNextPageToken
func (x *SearchGrantsResponse) GetNextPageToken() string
func (*SearchGrantsResponse) ProtoMessage
func (*SearchGrantsResponse) ProtoMessage()
func (*SearchGrantsResponse) ProtoReflect
func (x *SearchGrantsResponse) ProtoReflect() protoreflect.Message
func (*SearchGrantsResponse) Reset
func (x *SearchGrantsResponse) Reset()
func (*SearchGrantsResponse) String
func (x *SearchGrantsResponse) String() string
UnimplementedPrivilegedAccessManagerServer
type UnimplementedPrivilegedAccessManagerServer struct {
}
UnimplementedPrivilegedAccessManagerServer can be embedded to have forward compatible implementations.
func (*UnimplementedPrivilegedAccessManagerServer) ApproveGrant
func (*UnimplementedPrivilegedAccessManagerServer) ApproveGrant(context.Context, *ApproveGrantRequest) (*Grant, error)
func (*UnimplementedPrivilegedAccessManagerServer) CheckOnboardingStatus
func (*UnimplementedPrivilegedAccessManagerServer) CheckOnboardingStatus(context.Context, *CheckOnboardingStatusRequest) (*CheckOnboardingStatusResponse, error)
func (*UnimplementedPrivilegedAccessManagerServer) CreateEntitlement
func (*UnimplementedPrivilegedAccessManagerServer) CreateEntitlement(context.Context, *CreateEntitlementRequest) (*longrunningpb.Operation, error)
func (*UnimplementedPrivilegedAccessManagerServer) CreateGrant
func (*UnimplementedPrivilegedAccessManagerServer) CreateGrant(context.Context, *CreateGrantRequest) (*Grant, error)
func (*UnimplementedPrivilegedAccessManagerServer) DeleteEntitlement
func (*UnimplementedPrivilegedAccessManagerServer) DeleteEntitlement(context.Context, *DeleteEntitlementRequest) (*longrunningpb.Operation, error)
func (*UnimplementedPrivilegedAccessManagerServer) DenyGrant
func (*UnimplementedPrivilegedAccessManagerServer) DenyGrant(context.Context, *DenyGrantRequest) (*Grant, error)
func (*UnimplementedPrivilegedAccessManagerServer) GetEntitlement
func (*UnimplementedPrivilegedAccessManagerServer) GetEntitlement(context.Context, *GetEntitlementRequest) (*Entitlement, error)
func (*UnimplementedPrivilegedAccessManagerServer) GetGrant
func (*UnimplementedPrivilegedAccessManagerServer) GetGrant(context.Context, *GetGrantRequest) (*Grant, error)
func (*UnimplementedPrivilegedAccessManagerServer) ListEntitlements
func (*UnimplementedPrivilegedAccessManagerServer) ListEntitlements(context.Context, *ListEntitlementsRequest) (*ListEntitlementsResponse, error)
func (*UnimplementedPrivilegedAccessManagerServer) ListGrants
func (*UnimplementedPrivilegedAccessManagerServer) ListGrants(context.Context, *ListGrantsRequest) (*ListGrantsResponse, error)
func (*UnimplementedPrivilegedAccessManagerServer) RevokeGrant
func (*UnimplementedPrivilegedAccessManagerServer) RevokeGrant(context.Context, *RevokeGrantRequest) (*longrunningpb.Operation, error)
func (*UnimplementedPrivilegedAccessManagerServer) SearchEntitlements
func (*UnimplementedPrivilegedAccessManagerServer) SearchEntitlements(context.Context, *SearchEntitlementsRequest) (*SearchEntitlementsResponse, error)
func (*UnimplementedPrivilegedAccessManagerServer) SearchGrants
func (*UnimplementedPrivilegedAccessManagerServer) SearchGrants(context.Context, *SearchGrantsRequest) (*SearchGrantsResponse, error)
func (*UnimplementedPrivilegedAccessManagerServer) UpdateEntitlement
func (*UnimplementedPrivilegedAccessManagerServer) UpdateEntitlement(context.Context, *UpdateEntitlementRequest) (*longrunningpb.Operation, error)
UpdateEntitlementRequest
type UpdateEntitlementRequest struct {
// Required. The entitlement resource that is updated.
Entitlement *Entitlement `protobuf:"bytes,1,opt,name=entitlement,proto3" json:"entitlement,omitempty"`
// Required. The list of fields to update. A field is overwritten if, and only
// if, it is in the mask. Any immutable fields set in the mask are ignored by
// the server. Repeated fields and map fields are only allowed in the last
// position of a `paths` string and overwrite the existing values. Hence an
// update to a repeated field or a map should contain the entire list of
// values. The fields specified in the update_mask are relative to the
// resource and not to the request.
// (e.g. `MaxRequestDuration`; *not* `entitlement.MaxRequestDuration`)
// A value of '*' for this field refers to full replacement of the resource.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}
Message for updating an entitlement.
func (*UpdateEntitlementRequest) Descriptor
func (*UpdateEntitlementRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateEntitlementRequest.ProtoReflect.Descriptor instead.
func (*UpdateEntitlementRequest) GetEntitlement
func (x *UpdateEntitlementRequest) GetEntitlement() *Entitlement
func (*UpdateEntitlementRequest) GetUpdateMask
func (x *UpdateEntitlementRequest) GetUpdateMask() *fieldmaskpb.FieldMask
func (*UpdateEntitlementRequest) ProtoMessage
func (*UpdateEntitlementRequest) ProtoMessage()
func (*UpdateEntitlementRequest) ProtoReflect
func (x *UpdateEntitlementRequest) ProtoReflect() protoreflect.Message
func (*UpdateEntitlementRequest) Reset
func (x *UpdateEntitlementRequest) Reset()
func (*UpdateEntitlementRequest) String
func (x *UpdateEntitlementRequest) String() string