Package Classes (0.1.5)

Summary of entries of Classes for google-cloud-privilegedaccessmanager.

Classes

PrivilegedAccessManagerAsyncClient

This API allows customers to manage temporary, request based privileged access to their resources.

It defines the following resource model:

  • A collection of Entitlement resources. An entitlement allows configuring (among other things):

    • Some kind of privileged access that users can request.
    • A set of users called requesters who can request this access.
    • A maximum duration for which the access can be requested.
    • An optional approval workflow which must be satisfied before access is granted.
  • A collection of Grant resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.

    After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.

PrivilegedAccessManagerClient

This API allows customers to manage temporary, request based privileged access to their resources.

It defines the following resource model:

  • A collection of Entitlement resources. An entitlement allows configuring (among other things):

    • Some kind of privileged access that users can request.
    • A set of users called requesters who can request this access.
    • A maximum duration for which the access can be requested.
    • An optional approval workflow which must be satisfied before access is granted.
  • A collection of Grant resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.

    After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.

ListEntitlementsAsyncPager

A pager for iterating through list_entitlements requests.

This class thinly wraps an initial ListEntitlementsResponse object, and provides an __aiter__ method to iterate through its entitlements field.

If there are more pages, the __aiter__ method will make additional ListEntitlements requests and continue to iterate through the entitlements field on the corresponding responses.

All the usual ListEntitlementsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListEntitlementsPager

A pager for iterating through list_entitlements requests.

This class thinly wraps an initial ListEntitlementsResponse object, and provides an __iter__ method to iterate through its entitlements field.

If there are more pages, the __iter__ method will make additional ListEntitlements requests and continue to iterate through the entitlements field on the corresponding responses.

All the usual ListEntitlementsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListGrantsAsyncPager

A pager for iterating through list_grants requests.

This class thinly wraps an initial ListGrantsResponse object, and provides an __aiter__ method to iterate through its grants field.

If there are more pages, the __aiter__ method will make additional ListGrants requests and continue to iterate through the grants field on the corresponding responses.

All the usual ListGrantsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListGrantsPager

A pager for iterating through list_grants requests.

This class thinly wraps an initial ListGrantsResponse object, and provides an __iter__ method to iterate through its grants field.

If there are more pages, the __iter__ method will make additional ListGrants requests and continue to iterate through the grants field on the corresponding responses.

All the usual ListGrantsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

SearchEntitlementsAsyncPager

A pager for iterating through search_entitlements requests.

This class thinly wraps an initial SearchEntitlementsResponse object, and provides an __aiter__ method to iterate through its entitlements field.

If there are more pages, the __aiter__ method will make additional SearchEntitlements requests and continue to iterate through the entitlements field on the corresponding responses.

All the usual SearchEntitlementsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

SearchEntitlementsPager

A pager for iterating through search_entitlements requests.

This class thinly wraps an initial SearchEntitlementsResponse object, and provides an __iter__ method to iterate through its entitlements field.

If there are more pages, the __iter__ method will make additional SearchEntitlements requests and continue to iterate through the entitlements field on the corresponding responses.

All the usual SearchEntitlementsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

SearchGrantsAsyncPager

A pager for iterating through search_grants requests.

This class thinly wraps an initial SearchGrantsResponse object, and provides an __aiter__ method to iterate through its grants field.

If there are more pages, the __aiter__ method will make additional SearchGrants requests and continue to iterate through the grants field on the corresponding responses.

All the usual SearchGrantsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

SearchGrantsPager

A pager for iterating through search_grants requests.

This class thinly wraps an initial SearchGrantsResponse object, and provides an __iter__ method to iterate through its grants field.

If there are more pages, the __iter__ method will make additional SearchGrants requests and continue to iterate through the grants field on the corresponding responses.

All the usual SearchGrantsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

AccessControlEntry

AccessControlEntry is used to control who can do some operation.

ApprovalWorkflow

Different types of approval workflows that can be used to gate privileged access granting.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

ApproveGrantRequest

Request message for ApproveGrant method.

CheckOnboardingStatusRequest

Request message for CheckOnboardingStatus method.

CheckOnboardingStatusResponse

Response message for CheckOnboardingStatus method.

Finding

Finding represents an issue which prevents PAM from functioning properly for this resource.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

IAMAccessDenied

PAM's service account is being denied access by Cloud IAM. This can be fixed by granting a role that contains the missing permissions to the service account or exempting it from deny policies if they are blocking the access.

CreateEntitlementRequest

Message for creating an entitlement.

CreateGrantRequest

Message for creating a grant

DeleteEntitlementRequest

Message for deleting an entitlement.

DenyGrantRequest

Request message for DenyGrant method.

Entitlement

An entitlement defines the eligibility of a set of users to obtain predefined access for some time possibly after going through an approval workflow.

AdditionalNotificationTargets

AdditionalNotificationTargets includes email addresses to be notified.

RequesterJustificationConfig

Defines how a requester must provide a justification when requesting access.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

NotMandatory

The justification is not mandatory but can be provided in any of the supported formats.

Unstructured

The requester has to provide a justification in the form of a string.

State

Different states an entitlement can be in.

GetEntitlementRequest

Message for getting an entitlement.

GetGrantRequest

Message for getting a grant.

Grant

A grant represents a request from a user for obtaining the access specified in an entitlement they are eligible for.

AuditTrail

Audit trail for the access provided by this grant.

State

Different states a grant can be in.

Timeline

Timeline of a grant describing what happened to it and when.

Event

A single operation on the grant.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Activated

An event representing that the grant was successfully activated.

ActivationFailed

An event representing that the grant activation failed.

Approved

An event representing that the grant was approved.

Denied

An event representing that the grant was denied.

Ended

An event representing that the grant has ended.

Expired

An event representing that the grant was expired.

ExternallyModified

An event representing that the policy bindings made by this grant were modified externally.

Requested

An event representing that a grant was requested.

Revoked

An event representing that the grant was revoked.

Scheduled

An event representing that the grant has been scheduled to be activated later.

Justification

Justification represents a justification for requesting access.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

ListEntitlementsRequest

Message for requesting list of entitlements.

ListEntitlementsResponse

Message for response to listing entitlements.

ListGrantsRequest

Message for requesting list of grants.

ListGrantsResponse

Message for response to listing grants.

ManualApprovals

A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for a grant. The workflow can consist of multiple serial steps where each step defines who can act as approver in that step and how many of those users should approve before the workflow moves to the next step.

This can be used to create approval workflows such as:

  • Require an approval from any user in a group G.
  • Require an approval from any k number of users from a Group G.
  • Require an approval from any user in a group G and then from a user U.

A single user might be part of the approvers ACL for multiple steps in this workflow, but they can only approve once and that approval is only considered to satisfy the approval step at which it was granted.

Step

Step represents a logical step in a manual approval workflow.

OperationMetadata

Represents the metadata of the long-running operation.

PrivilegedAccess

Privileged access that this service can be used to gate.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

GcpIamAccess

GcpIamAccess represents IAM based access control on a Google Cloud resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.

RoleBinding

IAM role bindings that are created after a successful grant.

RevokeGrantRequest

Request message for RevokeGrant method.

SearchEntitlementsRequest

Request message for SearchEntitlements method.

CallerAccessType

Different types of access a user can have on the entitlement resource.

SearchEntitlementsResponse

Response message for SearchEntitlements method.

SearchGrantsRequest

Request message for SearchGrants method.

CallerRelationshipType

Different types of relationships a user can have with a grant.

SearchGrantsResponse

Response message for SearchGrants method.

UpdateEntitlementRequest

Message for updating an entitlement.

Modules

pagers

API documentation for privilegedaccessmanager_v1.services.privileged_access_manager.pagers module.