Reference documentation and code samples for the Privileged Access Manager V1 API class Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.
Client for the PrivilegedAccessManager service.
This API allows customers to manage temporary, request based privileged access to their resources.
It defines the following resource model:
A collection of
Entitlement
resources. An entitlement allows configuring (among other things):- Some kind of privileged access that users can request.
- A set of users called requesters who can request this access.
- A maximum duration for which the access can be requested.
- An optional approval workflow which must be satisfied before access is granted.
A collection of
Grant
resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.
After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.
Inherits
- Object
Methods
.configure
def self.configure() { |config| ... } -> Client::Configuration
Configure the PrivilegedAccessManager Client class.
See Configuration for a description of the configuration fields.
- (config) — Configure the Client client.
- config (Client::Configuration)
# Modify the configuration for all PrivilegedAccessManager clients ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.configure do |config| config.timeout = 10.0 end
#approve_grant
def approve_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
def approve_grant(name: nil, reason: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
ApproveGrant
is used to approve a grant. This method can only be called
on a grant when it's in the APPROVAL_AWAITED
state. This operation can't
be undone.
def approve_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
approve_grant
via a request object, either of type
ApproveGrantRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def approve_grant(name: nil, reason: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
approve_grant
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- name (::String) — Required. Name of the grant resource which is being approved.
-
reason (::String) — Optional. The reason for approving this grant. This is required if the
require_approver_justification
field of theManualApprovals
workflow used in this grant is true.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::PrivilegedAccessManager::V1::Grant)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::ApproveGrantRequest.new # Call the approve_grant method. result = client.approve_grant request # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant. p result
#check_onboarding_status
def check_onboarding_status(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
def check_onboarding_status(parent: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
CheckOnboardingStatus reports the onboarding status for a project/folder/organization. Any findings reported by this API need to be fixed before PAM can be used on the resource.
def check_onboarding_status(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
check_onboarding_status
via a request object, either of type
CheckOnboardingStatusRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def check_onboarding_status(parent: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse
check_onboarding_status
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
parent (::String) —
Required. The resource for which the onboarding status should be checked. Should be in one of the following formats:
projects/{project-number|project-id}/locations/{region}
folders/{folder-number}/locations/{region}
organizations/{organization-number}/locations/{region}
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusRequest.new # Call the check_onboarding_status method. result = client.check_onboarding_status request # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::CheckOnboardingStatusResponse. p result
#configure
def configure() { |config| ... } -> Client::Configuration
Configure the PrivilegedAccessManager Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on Client.configure.
See Configuration for a description of the configuration fields.
- (config) — Configure the Client client.
- config (Client::Configuration)
#create_entitlement
def create_entitlement(request, options = nil) -> ::Gapic::Operation
def create_entitlement(parent: nil, entitlement_id: nil, entitlement: nil, request_id: nil) -> ::Gapic::Operation
Creates a new entitlement in a given project/folder/organization and location.
def create_entitlement(request, options = nil) -> ::Gapic::Operation
create_entitlement
via a request object, either of type
CreateEntitlementRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def create_entitlement(parent: nil, entitlement_id: nil, entitlement: nil, request_id: nil) -> ::Gapic::Operation
create_entitlement
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
parent (::String) —
Required. Name of the parent resource for the entitlement. Possible formats:
organizations/{organization-number}/locations/{region}
folders/{folder-number}/locations/{region}
projects/{project-id|project-number}/locations/{region}
-
entitlement_id (::String) — Required. The ID to use for this entitlement. This becomes the last part of
the resource name.
This value should be 4-63 characters in length, and valid characters are "[a-z]", "[0-9]", and "-". The first character should be from [a-z].
This value should be unique among all other entitlements under the specified
parent
. - entitlement (::Google::Cloud::PrivilegedAccessManager::V1::Entitlement, ::Hash) — Required. The resource being created
-
request_id (::String) — Optional. An optional request ID to identify requests. Specify a unique
request ID so that if you must retry your request, the server knows to
ignore the request if it has already been completed. The server guarantees
this for at least 60 minutes after the first request.
For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, ignores the second request and returns the previous operation's response. This prevents clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::Operation)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::CreateEntitlementRequest.new # Call the create_entitlement method. result = client.create_entitlement request # The returned object is of type Gapic::Operation. You can use it to # check the status of an operation, cancel it, or wait for results. # Here is how to wait for a response. result.wait_until_done! timeout: 60 if result.response? p result.response else puts "No response received." end
#create_grant
def create_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
def create_grant(parent: nil, grant: nil, request_id: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Creates a new grant in a given project and location.
def create_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
create_grant
via a request object, either of type
CreateGrantRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def create_grant(parent: nil, grant: nil, request_id: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
create_grant
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- parent (::String) — Required. Name of the parent entitlement for which this grant is being requested.
- grant (::Google::Cloud::PrivilegedAccessManager::V1::Grant, ::Hash) — Required. The resource being created.
-
request_id (::String) — Optional. An optional request ID to identify requests. Specify a unique
request ID so that if you must retry your request, the server knows to
ignore the request if it has already been completed. The server guarantees
this for at least 60 minutes after the first request.
For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, ignores the second request. This prevents clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::PrivilegedAccessManager::V1::Grant)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::CreateGrantRequest.new # Call the create_grant method. result = client.create_grant request # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant. p result
#delete_entitlement
def delete_entitlement(request, options = nil) -> ::Gapic::Operation
def delete_entitlement(name: nil, request_id: nil, force: nil) -> ::Gapic::Operation
Deletes a single entitlement. This method can only be called when there are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the entitlement.
def delete_entitlement(request, options = nil) -> ::Gapic::Operation
delete_entitlement
via a request object, either of type
DeleteEntitlementRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def delete_entitlement(name: nil, request_id: nil, force: nil) -> ::Gapic::Operation
delete_entitlement
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- name (::String) — Required. Name of the resource.
-
request_id (::String) — Optional. An optional request ID to identify requests. Specify a unique
request ID so that if you must retry your request, the server knows to
ignore the request if it has already been completed. The server guarantees
this for at least 60 minutes after the first request.
For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, ignores the second request. This prevents clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
- force (::Boolean) — Optional. If set to true, any child grant under this entitlement is also deleted. (Otherwise, the request only works if the entitlement has no child grant.)
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::Operation)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::DeleteEntitlementRequest.new # Call the delete_entitlement method. result = client.delete_entitlement request # The returned object is of type Gapic::Operation. You can use it to # check the status of an operation, cancel it, or wait for results. # Here is how to wait for a response. result.wait_until_done! timeout: 60 if result.response? p result.response else puts "No response received." end
#deny_grant
def deny_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
def deny_grant(name: nil, reason: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
DenyGrant
is used to deny a grant. This method can only be called on a
grant when it's in the APPROVAL_AWAITED
state. This operation can't be
undone.
def deny_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
deny_grant
via a request object, either of type
DenyGrantRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def deny_grant(name: nil, reason: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
deny_grant
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- name (::String) — Required. Name of the grant resource which is being denied.
-
reason (::String) — Optional. The reason for denying this grant. This is required if
require_approver_justification
field of theManualApprovals
workflow used in this grant is true.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::PrivilegedAccessManager::V1::Grant)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::DenyGrantRequest.new # Call the deny_grant method. result = client.deny_grant request # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant. p result
#get_entitlement
def get_entitlement(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
def get_entitlement(name: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
Gets details of a single entitlement.
def get_entitlement(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
get_entitlement
via a request object, either of type
GetEntitlementRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def get_entitlement(name: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement
get_entitlement
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- name (::String) — Required. Name of the resource.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::PrivilegedAccessManager::V1::Entitlement)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::GetEntitlementRequest.new # Call the get_entitlement method. result = client.get_entitlement request # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Entitlement. p result
#get_grant
def get_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
def get_grant(name: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
Get details of a single grant.
def get_grant(request, options = nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
get_grant
via a request object, either of type
GetGrantRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def get_grant(name: nil) -> ::Google::Cloud::PrivilegedAccessManager::V1::Grant
get_grant
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- name (::String) — Required. Name of the resource.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::PrivilegedAccessManager::V1::Grant)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::GetGrantRequest.new # Call the get_grant method. result = client.get_grant request # The returned object is of type Google::Cloud::PrivilegedAccessManager::V1::Grant. p result
#initialize
def initialize() { |config| ... } -> Client
Create a new PrivilegedAccessManager client object.
- (config) — Configure the PrivilegedAccessManager client.
- config (Client::Configuration)
- (Client) — a new instance of Client
# Create a client using the default configuration client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a client using a custom configuration client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new do |config| config.timeout = 10.0 end
#list_entitlements
def list_entitlements(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
def list_entitlements(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
Lists entitlements in a given project/folder/organization and location.
def list_entitlements(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
list_entitlements
via a request object, either of type
ListEntitlementsRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def list_entitlements(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
list_entitlements
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- parent (::String) — Required. The parent which owns the entitlement resources.
- page_size (::Integer) — Optional. Requested page size. Server may return fewer items than requested. If unspecified, the server picks an appropriate default.
- page_token (::String) — Optional. A token identifying a page of results the server should return.
- filter (::String) — Optional. Filtering results.
- order_by (::String) — Optional. Hint for how to order the results.
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::ListEntitlementsRequest.new # Call the list_entitlements method. result = client.list_entitlements request # The returned object is of type Gapic::PagedEnumerable. You can iterate # over elements, and API calls will be issued to fetch pages as needed. result.each do |item| # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement. p item end
#list_grants
def list_grants(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
def list_grants(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
Lists grants for a given entitlement.
def list_grants(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
list_grants
via a request object, either of type
ListGrantsRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def list_grants(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
list_grants
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- parent (::String) — Required. The parent resource which owns the grants.
- page_size (::Integer) — Optional. Requested page size. The server may return fewer items than requested. If unspecified, the server picks an appropriate default.
- page_token (::String) — Optional. A token identifying a page of results the server should return.
- filter (::String) — Optional. Filtering results.
- order_by (::String) — Optional. Hint for how to order the results
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::ListGrantsRequest.new # Call the list_grants method. result = client.list_grants request # The returned object is of type Gapic::PagedEnumerable. You can iterate # over elements, and API calls will be issued to fetch pages as needed. result.each do |item| # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Grant. p item end
#location_client
def location_client() -> Google::Cloud::Location::Locations::Client
Get the associated client for mix-in of the Locations.
- (Google::Cloud::Location::Locations::Client)
#operations_client
def operations_client() -> ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Operations
Get the associated client for long-running operations.
#revoke_grant
def revoke_grant(request, options = nil) -> ::Gapic::Operation
def revoke_grant(name: nil, reason: nil) -> ::Gapic::Operation
RevokeGrant
is used to immediately revoke access for a grant. This method
can be called when the grant is in a non-terminal state.
def revoke_grant(request, options = nil) -> ::Gapic::Operation
revoke_grant
via a request object, either of type
RevokeGrantRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def revoke_grant(name: nil, reason: nil) -> ::Gapic::Operation
revoke_grant
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- name (::String) — Required. Name of the grant resource which is being revoked.
- reason (::String) — Optional. The reason for revoking this grant.
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::Operation)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::RevokeGrantRequest.new # Call the revoke_grant method. result = client.revoke_grant request # The returned object is of type Gapic::Operation. You can use it to # check the status of an operation, cancel it, or wait for results. # Here is how to wait for a response. result.wait_until_done! timeout: 60 if result.response? p result.response else puts "No response received." end
#search_entitlements
def search_entitlements(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
def search_entitlements(parent: nil, caller_access_type: nil, filter: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
SearchEntitlements
returns entitlements on which the caller has the
specified access.
def search_entitlements(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
search_entitlements
via a request object, either of type
SearchEntitlementsRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def search_entitlements(parent: nil, caller_access_type: nil, filter: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>
search_entitlements
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- parent (::String) — Required. The parent which owns the entitlement resources.
- caller_access_type (::Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest::CallerAccessType) — Required. Only entitlements where the calling user has this access are returned.
- filter (::String) — Optional. Only entitlements matching this filter are returned in the response.
- page_size (::Integer) — Optional. Requested page size. The server may return fewer items than requested. If unspecified, the server picks an appropriate default.
- page_token (::String) — Optional. A token identifying a page of results the server should return.
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Entitlement>)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::SearchEntitlementsRequest.new # Call the search_entitlements method. result = client.search_entitlements request # The returned object is of type Gapic::PagedEnumerable. You can iterate # over elements, and API calls will be issued to fetch pages as needed. result.each do |item| # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Entitlement. p item end
#search_grants
def search_grants(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
def search_grants(parent: nil, caller_relationship: nil, filter: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
SearchGrants
returns grants that are related to the calling user in the
specified way.
def search_grants(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
search_grants
via a request object, either of type
SearchGrantsRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def search_grants(parent: nil, caller_relationship: nil, filter: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>
search_grants
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- parent (::String) — Required. The parent which owns the grant resources.
- caller_relationship (::Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest::CallerRelationshipType) — Required. Only grants which the caller is related to by this relationship are returned in the response.
- filter (::String) — Optional. Only grants matching this filter are returned in the response.
- page_size (::Integer) — Optional. Requested page size. The server may return fewer items than requested. If unspecified, server picks an appropriate default.
- page_token (::String) — Optional. A token identifying a page of results the server should return.
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::PagedEnumerable<::Google::Cloud::PrivilegedAccessManager::V1::Grant>)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::SearchGrantsRequest.new # Call the search_grants method. result = client.search_grants request # The returned object is of type Gapic::PagedEnumerable. You can iterate # over elements, and API calls will be issued to fetch pages as needed. result.each do |item| # Each element is of type ::Google::Cloud::PrivilegedAccessManager::V1::Grant. p item end
#universe_domain
def universe_domain() -> String
The effective universe domain
- (String)
#update_entitlement
def update_entitlement(request, options = nil) -> ::Gapic::Operation
def update_entitlement(entitlement: nil, update_mask: nil) -> ::Gapic::Operation
Updates the entitlement specified in the request. Updated fields in the entitlement need to be specified in an update mask. The changes made to an entitlement are applicable only on future grants of the entitlement. However, if new approvers are added or existing approvers are removed from the approval workflow, the changes are effective on existing grants.
The following fields are not supported for updates:
- All immutable fields
- Entitlement name
- Resource name
- Resource type
- Adding an approval workflow in an entitlement which previously had no approval workflow.
- Deleting the approval workflow from an entitlement.
- Adding or deleting a step in the approval workflow (only one step is supported)
Note that updates are allowed on the list of approvers in an approval workflow step.
def update_entitlement(request, options = nil) -> ::Gapic::Operation
update_entitlement
via a request object, either of type
UpdateEntitlementRequest or an equivalent Hash.
- request (::Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def update_entitlement(entitlement: nil, update_mask: nil) -> ::Gapic::Operation
update_entitlement
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- entitlement (::Google::Cloud::PrivilegedAccessManager::V1::Entitlement, ::Hash) — Required. The entitlement resource that is updated.
-
update_mask (::Google::Protobuf::FieldMask, ::Hash) — Required. The list of fields to update. A field is overwritten if, and only
if, it is in the mask. Any immutable fields set in the mask are ignored by
the server. Repeated fields and map fields are only allowed in the last
position of a
paths
string and overwrite the existing values. Hence an update to a repeated field or a map should contain the entire list of values. The fields specified in the update_mask are relative to the resource and not to the request. (e.g.MaxRequestDuration
; notentitlement.MaxRequestDuration
) A value of '*' for this field refers to full replacement of the resource.
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::Operation)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/privileged_access_manager/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::PrivilegedAccessManager::V1::UpdateEntitlementRequest.new # Call the update_entitlement method. result = client.update_entitlement request # The returned object is of type Gapic::Operation. You can use it to # check the status of an operation, cancel it, or wait for results. # Here is how to wait for a response. result.wait_until_done! timeout: 60 if result.response? p result.response else puts "No response received." end