privilegedaccessmanagerpb

package
v0.0.0-...-7cd1b21 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package privilegedaccessmanagerpb is a reverse proxy.

It translates gRPC into RESTful JSON APIs.

Index

Constants

This section is empty.

Variables

View Source 
var (
	Entitlement_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "CREATING",
		2: "AVAILABLE",
		3: "DELETING",
		4: "DELETED",
		5: "UPDATING",
	}
	Entitlement_State_value = map[string]int32{
		"STATE_UNSPECIFIED": 0,
		"CREATING":          1,
		"AVAILABLE":         2,
		"DELETING":          3,
		"DELETED":           4,
		"UPDATING":          5,
	}
)

Enum value maps for Entitlement_State.

View Source 
var (
	SearchEntitlementsRequest_CallerAccessType_name = map[int32]string{
		0: "CALLER_ACCESS_TYPE_UNSPECIFIED",
		1: "GRANT_REQUESTER",
		2: "GRANT_APPROVER",
	}
	SearchEntitlementsRequest_CallerAccessType_value = map[string]int32{
		"CALLER_ACCESS_TYPE_UNSPECIFIED": 0,
		"GRANT_REQUESTER":                1,
		"GRANT_APPROVER":                 2,
	}
)

Enum value maps for SearchEntitlementsRequest_CallerAccessType.

View Source 
var (
	Grant_State_name = map[int32]string{
		0:  "STATE_UNSPECIFIED",
		1:  "APPROVAL_AWAITED",
		3:  "DENIED",
		4:  "SCHEDULED",
		5:  "ACTIVATING",
		6:  "ACTIVE",
		7:  "ACTIVATION_FAILED",
		8:  "EXPIRED",
		9:  "REVOKING",
		10: "REVOKED",
		11: "ENDED",
	}
	Grant_State_value = map[string]int32{
		"STATE_UNSPECIFIED": 0,
		"APPROVAL_AWAITED":  1,
		"DENIED":            3,
		"SCHEDULED":         4,
		"ACTIVATING":        5,
		"ACTIVE":            6,
		"ACTIVATION_FAILED": 7,
		"EXPIRED":           8,
		"REVOKING":          9,
		"REVOKED":           10,
		"ENDED":             11,
	}
)

Enum value maps for Grant_State.

View Source 
var (
	SearchGrantsRequest_CallerRelationshipType_name = map[int32]string{
		0: "CALLER_RELATIONSHIP_TYPE_UNSPECIFIED",
		1: "HAD_CREATED",
		2: "CAN_APPROVE",
		3: "HAD_APPROVED",
	}
	SearchGrantsRequest_CallerRelationshipType_value = map[string]int32{
		"CALLER_RELATIONSHIP_TYPE_UNSPECIFIED": 0,
		"HAD_CREATED":                          1,
		"CAN_APPROVE":                          2,
		"HAD_APPROVED":                         3,
	}
)

Enum value maps for SearchGrantsRequest_CallerRelationshipType.

View Source 
var File_mockgcp_cloud_privilegedaccessmanager_v1_privilegedaccessmanager_proto protoreflect.FileDescriptor
View Source 
var PrivilegedAccessManager_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "mockgcp.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager",
	HandlerType: (*PrivilegedAccessManagerServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CheckOnboardingStatus",
			Handler:    _PrivilegedAccessManager_CheckOnboardingStatus_Handler,
		},
		{
			MethodName: "ListEntitlements",
			Handler:    _PrivilegedAccessManager_ListEntitlements_Handler,
		},
		{
			MethodName: "SearchEntitlements",
			Handler:    _PrivilegedAccessManager_SearchEntitlements_Handler,
		},
		{
			MethodName: "GetEntitlement",
			Handler:    _PrivilegedAccessManager_GetEntitlement_Handler,
		},
		{
			MethodName: "CreateEntitlement",
			Handler:    _PrivilegedAccessManager_CreateEntitlement_Handler,
		},
		{
			MethodName: "DeleteEntitlement",
			Handler:    _PrivilegedAccessManager_DeleteEntitlement_Handler,
		},
		{
			MethodName: "UpdateEntitlement",
			Handler:    _PrivilegedAccessManager_UpdateEntitlement_Handler,
		},
		{
			MethodName: "ListGrants",
			Handler:    _PrivilegedAccessManager_ListGrants_Handler,
		},
		{
			MethodName: "SearchGrants",
			Handler:    _PrivilegedAccessManager_SearchGrants_Handler,
		},
		{
			MethodName: "GetGrant",
			Handler:    _PrivilegedAccessManager_GetGrant_Handler,
		},
		{
			MethodName: "CreateGrant",
			Handler:    _PrivilegedAccessManager_CreateGrant_Handler,
		},
		{
			MethodName: "ApproveGrant",
			Handler:    _PrivilegedAccessManager_ApproveGrant_Handler,
		},
		{
			MethodName: "DenyGrant",
			Handler:    _PrivilegedAccessManager_DenyGrant_Handler,
		},
		{
			MethodName: "RevokeGrant",
			Handler:    _PrivilegedAccessManager_RevokeGrant_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "mockgcp/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.proto",
}

PrivilegedAccessManager_ServiceDesc is the grpc.ServiceDesc for PrivilegedAccessManager service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterPrivilegedAccessManagerHandler 

func RegisterPrivilegedAccessManagerHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error

RegisterPrivilegedAccessManagerHandler registers the http handlers for service PrivilegedAccessManager to "mux". The handlers forward requests to the grpc endpoint over "conn".

func RegisterPrivilegedAccessManagerHandlerClient 

func RegisterPrivilegedAccessManagerHandlerClient(ctx context.Context, mux *runtime.ServeMux, client PrivilegedAccessManagerClient) error

RegisterPrivilegedAccessManagerHandlerClient registers the http handlers for service PrivilegedAccessManager to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "PrivilegedAccessManagerClient". Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "PrivilegedAccessManagerClient" doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in "PrivilegedAccessManagerClient" to call the correct interceptors.

func RegisterPrivilegedAccessManagerHandlerFromEndpoint 

func RegisterPrivilegedAccessManagerHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error)

RegisterPrivilegedAccessManagerHandlerFromEndpoint is same as RegisterPrivilegedAccessManagerHandler but automatically dials to "endpoint" and closes the connection when "ctx" gets done.

func RegisterPrivilegedAccessManagerHandlerServer 

func RegisterPrivilegedAccessManagerHandlerServer(ctx context.Context, mux *runtime.ServeMux, server PrivilegedAccessManagerServer) error

RegisterPrivilegedAccessManagerHandlerServer registers the http handlers for service PrivilegedAccessManager to "mux". UnaryRPC :call PrivilegedAccessManagerServer directly. StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterPrivilegedAccessManagerHandlerFromEndpoint instead.

func RegisterPrivilegedAccessManagerServer 

func RegisterPrivilegedAccessManagerServer(s grpc.ServiceRegistrar, srv PrivilegedAccessManagerServer)

Types

type AccessControlEntry 

type AccessControlEntry struct {

	// Optional. Users who are allowed for the operation. Each entry should be a
	// valid v1 IAM principal identifier. The format for these is documented at:
	// https://cloud.google.com/iam/docs/principal-identifiers#v1
	Principals []string `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"`
	// contains filtered or unexported fields
}

`AccessControlEntry` is used to control who can do some operation.

func (*AccessControlEntry) Descriptor deprecated 

func (*AccessControlEntry) Descriptor() ([]byte, []int)

Deprecated: Use AccessControlEntry.ProtoReflect.Descriptor instead.

func (*AccessControlEntry) GetPrincipals 

func (x *AccessControlEntry) GetPrincipals() []string

func (*AccessControlEntry) ProtoMessage 

func (*AccessControlEntry) ProtoMessage()

func (*AccessControlEntry) ProtoReflect 

func (x *AccessControlEntry) ProtoReflect() protoreflect.Message

func (*AccessControlEntry) Reset 

func (x *AccessControlEntry) Reset()

func (*AccessControlEntry) String 

func (x *AccessControlEntry) String() string

type ApprovalWorkflow 

type ApprovalWorkflow struct {

	// Types that are assignable to ApprovalWorkflow:
	//
	//	*ApprovalWorkflow_ManualApprovals
	ApprovalWorkflow isApprovalWorkflow_ApprovalWorkflow `protobuf_oneof:"approval_workflow"`
	// contains filtered or unexported fields
}

Different types of approval workflows that can be used to gate privileged access granting.

func (*ApprovalWorkflow) Descriptor deprecated 

func (*ApprovalWorkflow) Descriptor() ([]byte, []int)

Deprecated: Use ApprovalWorkflow.ProtoReflect.Descriptor instead.

func (*ApprovalWorkflow) GetApprovalWorkflow 

func (m *ApprovalWorkflow) GetApprovalWorkflow() isApprovalWorkflow_ApprovalWorkflow

func (*ApprovalWorkflow) GetManualApprovals 

func (x *ApprovalWorkflow) GetManualApprovals() *ManualApprovals

func (*ApprovalWorkflow) ProtoMessage 

func (*ApprovalWorkflow) ProtoMessage()

func (*ApprovalWorkflow) ProtoReflect 

func (x *ApprovalWorkflow) ProtoReflect() protoreflect.Message

func (*ApprovalWorkflow) Reset 

func (x *ApprovalWorkflow) Reset()

func (*ApprovalWorkflow) String 

func (x *ApprovalWorkflow) String() string

type ApprovalWorkflow_ManualApprovals 

type ApprovalWorkflow_ManualApprovals struct {
	// An approval workflow where users designated as approvers review and act
	// on the grants.
	ManualApprovals *ManualApprovals `protobuf:"bytes,1,opt,name=manual_approvals,json=manualApprovals,proto3,oneof"`
}

type ApproveGrantRequest 

type ApproveGrantRequest struct {

	// Required. Name of the grant resource which is being approved.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. The reason for approving this grant. This is required if the
	// `require_approver_justification` field of the `ManualApprovals` workflow
	// used in this grant is true.
	Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"`
	// contains filtered or unexported fields
}

Request message for `ApproveGrant` method.

func (*ApproveGrantRequest) Descriptor deprecated 

func (*ApproveGrantRequest) Descriptor() ([]byte, []int)

Deprecated: Use ApproveGrantRequest.ProtoReflect.Descriptor instead.

func (*ApproveGrantRequest) GetName 

func (x *ApproveGrantRequest) GetName() string

func (*ApproveGrantRequest) GetReason 

func (x *ApproveGrantRequest) GetReason() string

func (*ApproveGrantRequest) ProtoMessage 

func (*ApproveGrantRequest) ProtoMessage()

func (*ApproveGrantRequest) ProtoReflect 

func (x *ApproveGrantRequest) ProtoReflect() protoreflect.Message

func (*ApproveGrantRequest) Reset 

func (x *ApproveGrantRequest) Reset()

func (*ApproveGrantRequest) String 

func (x *ApproveGrantRequest) String() string

type CheckOnboardingStatusRequest 

type CheckOnboardingStatusRequest struct {

	// Required. The resource for which the onboarding status should be checked.
	// Should be in one of the following formats:
	//
	// * `projects/{project-number|project-id}/locations/{region}`
	// * `folders/{folder-number}/locations/{region}`
	// * `organizations/{organization-number}/locations/{region}`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// contains filtered or unexported fields
}

Request message for `CheckOnboardingStatus` method.

func (*CheckOnboardingStatusRequest) Descriptor deprecated 

func (*CheckOnboardingStatusRequest) Descriptor() ([]byte, []int)

Deprecated: Use CheckOnboardingStatusRequest.ProtoReflect.Descriptor instead.

func (*CheckOnboardingStatusRequest) GetParent 

func (x *CheckOnboardingStatusRequest) GetParent() string

func (*CheckOnboardingStatusRequest) ProtoMessage 

func (*CheckOnboardingStatusRequest) ProtoMessage()

func (*CheckOnboardingStatusRequest) ProtoReflect 

func (x *CheckOnboardingStatusRequest) ProtoReflect() protoreflect.Message

func (*CheckOnboardingStatusRequest) Reset 

func (x *CheckOnboardingStatusRequest) Reset()

func (*CheckOnboardingStatusRequest) String 

func (x *CheckOnboardingStatusRequest) String() string

type CheckOnboardingStatusResponse 

type CheckOnboardingStatusResponse struct {

	// The service account that PAM uses to act on this resource.
	ServiceAccount string `protobuf:"bytes,1,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
	// List of issues that are preventing PAM from functioning for this resource
	// and need to be fixed to complete onboarding. Some issues might not be
	// detected or reported.
	Findings []*CheckOnboardingStatusResponse_Finding `protobuf:"bytes,2,rep,name=findings,proto3" json:"findings,omitempty"`
	// contains filtered or unexported fields
}

Response message for `CheckOnboardingStatus` method.

func (*CheckOnboardingStatusResponse) Descriptor deprecated 

func (*CheckOnboardingStatusResponse) Descriptor() ([]byte, []int)

Deprecated: Use CheckOnboardingStatusResponse.ProtoReflect.Descriptor instead.

func (*CheckOnboardingStatusResponse) GetFindings 

func (x *CheckOnboardingStatusResponse) GetFindings() []*CheckOnboardingStatusResponse_Finding

func (*CheckOnboardingStatusResponse) GetServiceAccount 

func (x *CheckOnboardingStatusResponse) GetServiceAccount() string

func (*CheckOnboardingStatusResponse) ProtoMessage 

func (*CheckOnboardingStatusResponse) ProtoMessage()

func (*CheckOnboardingStatusResponse) ProtoReflect 

func (x *CheckOnboardingStatusResponse) ProtoReflect() protoreflect.Message

func (*CheckOnboardingStatusResponse) Reset 

func (x *CheckOnboardingStatusResponse) Reset()

func (*CheckOnboardingStatusResponse) String 

func (x *CheckOnboardingStatusResponse) String() string

type CheckOnboardingStatusResponse_Finding 

type CheckOnboardingStatusResponse_Finding struct {

	// Types that are assignable to FindingType:
	//
	//	*CheckOnboardingStatusResponse_Finding_IamAccessDenied
	FindingType isCheckOnboardingStatusResponse_Finding_FindingType `protobuf_oneof:"finding_type"`
	// contains filtered or unexported fields
}

Finding represents an issue which prevents PAM from functioning properly for this resource.

func (*CheckOnboardingStatusResponse_Finding) Descriptor deprecated 

func (*CheckOnboardingStatusResponse_Finding) Descriptor() ([]byte, []int)

Deprecated: Use CheckOnboardingStatusResponse_Finding.ProtoReflect.Descriptor instead.

func (*CheckOnboardingStatusResponse_Finding) GetFindingType 

func (m *CheckOnboardingStatusResponse_Finding) GetFindingType() isCheckOnboardingStatusResponse_Finding_FindingType

func (*CheckOnboardingStatusResponse_Finding) GetIamAccessDenied 

func (x *CheckOnboardingStatusResponse_Finding) GetIamAccessDenied() *CheckOnboardingStatusResponse_Finding_IAMAccessDenied

func (*CheckOnboardingStatusResponse_Finding) ProtoMessage 

func (*CheckOnboardingStatusResponse_Finding) ProtoMessage()

func (*CheckOnboardingStatusResponse_Finding) ProtoReflect 

func (x *CheckOnboardingStatusResponse_Finding) ProtoReflect() protoreflect.Message

func (*CheckOnboardingStatusResponse_Finding) Reset 

func (x *CheckOnboardingStatusResponse_Finding) Reset()

func (*CheckOnboardingStatusResponse_Finding) String 

func (x *CheckOnboardingStatusResponse_Finding) String() string

type CheckOnboardingStatusResponse_Finding_IAMAccessDenied 

type CheckOnboardingStatusResponse_Finding_IAMAccessDenied struct {

	// List of permissions that are being denied.
	MissingPermissions []string `protobuf:"bytes,1,rep,name=missing_permissions,json=missingPermissions,proto3" json:"missing_permissions,omitempty"`
	// contains filtered or unexported fields
}

PAM's service account is being denied access by Cloud IAM. This can be fixed by granting a role that contains the missing permissions to the service account or exempting it from deny policies if they are blocking the access.

func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) Descriptor deprecated 

func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) Descriptor() ([]byte, []int)

Deprecated: Use CheckOnboardingStatusResponse_Finding_IAMAccessDenied.ProtoReflect.Descriptor instead.

func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) GetMissingPermissions 

func (x *CheckOnboardingStatusResponse_Finding_IAMAccessDenied) GetMissingPermissions() []string

func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) ProtoMessage 

func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) ProtoMessage()

func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) ProtoReflect 

func (x *CheckOnboardingStatusResponse_Finding_IAMAccessDenied) ProtoReflect() protoreflect.Message

func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) Reset 

func (x *CheckOnboardingStatusResponse_Finding_IAMAccessDenied) Reset()

func (*CheckOnboardingStatusResponse_Finding_IAMAccessDenied) String 

func (x *CheckOnboardingStatusResponse_Finding_IAMAccessDenied) String() string

type CheckOnboardingStatusResponse_Finding_IamAccessDenied 

type CheckOnboardingStatusResponse_Finding_IamAccessDenied struct {
	// PAM's service account is being denied access by Cloud IAM.
	IamAccessDenied *CheckOnboardingStatusResponse_Finding_IAMAccessDenied `protobuf:"bytes,1,opt,name=iam_access_denied,json=iamAccessDenied,proto3,oneof"`
}

type CreateEntitlementRequest 

type CreateEntitlementRequest struct {

	// Required. Name of the parent resource for the entitlement.
	// Possible formats:
	//
	// * `organizations/{organization-number}/locations/{region}`
	// * `folders/{folder-number}/locations/{region}`
	// * `projects/{project-id|project-number}/locations/{region}`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The ID to use for this entitlement. This becomes the last part of
	// the resource name.
	//
	// This value should be 4-63 characters in length, and valid characters are
	// "[a-z]", "[0-9]", and "-". The first character should be from [a-z].
	//
	// This value should be unique among all other entitlements under the
	// specified `parent`.
	EntitlementId string `protobuf:"bytes,2,opt,name=entitlement_id,json=entitlementId,proto3" json:"entitlement_id,omitempty"`
	// Required. The resource being created
	Entitlement *Entitlement `protobuf:"bytes,3,opt,name=entitlement,proto3" json:"entitlement,omitempty"`
	// Optional. An optional request ID to identify requests. Specify a unique
	// request ID so that if you must retry your request, the server knows to
	// ignore the request if it has already been completed. The server guarantees
	// this for at least 60 minutes after the first request.
	//
	// For example, consider a situation where you make an initial request and the
	// request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, ignores the second request and returns the
	// previous operation's response. This prevents clients from accidentally
	// creating duplicate entitlements.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Message for creating an entitlement.

func (*CreateEntitlementRequest) Descriptor deprecated 

func (*CreateEntitlementRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateEntitlementRequest.ProtoReflect.Descriptor instead.

func (*CreateEntitlementRequest) GetEntitlement 

func (x *CreateEntitlementRequest) GetEntitlement() *Entitlement

func (*CreateEntitlementRequest) GetEntitlementId 

func (x *CreateEntitlementRequest) GetEntitlementId() string

func (*CreateEntitlementRequest) GetParent 

func (x *CreateEntitlementRequest) GetParent() string

func (*CreateEntitlementRequest) GetRequestId 

func (x *CreateEntitlementRequest) GetRequestId() string

func (*CreateEntitlementRequest) ProtoMessage 

func (*CreateEntitlementRequest) ProtoMessage()

func (*CreateEntitlementRequest) ProtoReflect 

func (x *CreateEntitlementRequest) ProtoReflect() protoreflect.Message

func (*CreateEntitlementRequest) Reset 

func (x *CreateEntitlementRequest) Reset()

func (*CreateEntitlementRequest) String 

func (x *CreateEntitlementRequest) String() string

type CreateGrantRequest 

type CreateGrantRequest struct {

	// Required. Name of the parent entitlement for which this grant is being
	// requested.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The resource being created.
	Grant *Grant `protobuf:"bytes,2,opt,name=grant,proto3" json:"grant,omitempty"`
	// Optional. An optional request ID to identify requests. Specify a unique
	// request ID so that if you must retry your request, the server knows to
	// ignore the request if it has already been completed. The server guarantees
	// this for at least 60 minutes after the first request.
	//
	// For example, consider a situation where you make an initial request and the
	// request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, ignores the second request. This prevents
	// clients from accidentally creating duplicate grants.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,3,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Message for creating a grant

func (*CreateGrantRequest) Descriptor deprecated 

func (*CreateGrantRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateGrantRequest.ProtoReflect.Descriptor instead.

func (*CreateGrantRequest) GetGrant 

func (x *CreateGrantRequest) GetGrant() *Grant

func (*CreateGrantRequest) GetParent 

func (x *CreateGrantRequest) GetParent() string

func (*CreateGrantRequest) GetRequestId 

func (x *CreateGrantRequest) GetRequestId() string

func (*CreateGrantRequest) ProtoMessage 

func (*CreateGrantRequest) ProtoMessage()

func (*CreateGrantRequest) ProtoReflect 

func (x *CreateGrantRequest) ProtoReflect() protoreflect.Message

func (*CreateGrantRequest) Reset 

func (x *CreateGrantRequest) Reset()

func (*CreateGrantRequest) String 

func (x *CreateGrantRequest) String() string

type DeleteEntitlementRequest 

type DeleteEntitlementRequest struct {

	// Required. Name of the resource.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. An optional request ID to identify requests. Specify a unique
	// request ID so that if you must retry your request, the server knows to
	// ignore the request if it has already been completed. The server guarantees
	// this for at least 60 minutes after the first request.
	//
	// For example, consider a situation where you make an initial request and the
	// request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, ignores the second request.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,2,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// Optional. If set to true, any child grant under this entitlement is also
	// deleted. (Otherwise, the request only works if the entitlement has no child
	// grant.)
	Force bool `protobuf:"varint,3,opt,name=force,proto3" json:"force,omitempty"`
	// contains filtered or unexported fields
}

Message for deleting an entitlement.

func (*DeleteEntitlementRequest) Descriptor deprecated 

func (*DeleteEntitlementRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteEntitlementRequest.ProtoReflect.Descriptor instead.

func (*DeleteEntitlementRequest) GetForce 

func (x *DeleteEntitlementRequest) GetForce() bool

func (*DeleteEntitlementRequest) GetName 

func (x *DeleteEntitlementRequest) GetName() string

func (*DeleteEntitlementRequest) GetRequestId 

func (x *DeleteEntitlementRequest) GetRequestId() string

func (*DeleteEntitlementRequest) ProtoMessage 

func (*DeleteEntitlementRequest) ProtoMessage()

func (*DeleteEntitlementRequest) ProtoReflect 

func (x *DeleteEntitlementRequest) ProtoReflect() protoreflect.Message

func (*DeleteEntitlementRequest) Reset 

func (x *DeleteEntitlementRequest) Reset()

func (*DeleteEntitlementRequest) String 

func (x *DeleteEntitlementRequest) String() string

type DenyGrantRequest 

type DenyGrantRequest struct {

	// Required. Name of the grant resource which is being denied.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. The reason for denying this grant. This is required if
	// `require_approver_justification` field of the `ManualApprovals` workflow
	// used in this grant is true.
	Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"`
	// contains filtered or unexported fields
}

Request message for `DenyGrant` method.

func (*DenyGrantRequest) Descriptor deprecated 

func (*DenyGrantRequest) Descriptor() ([]byte, []int)

Deprecated: Use DenyGrantRequest.ProtoReflect.Descriptor instead.

func (*DenyGrantRequest) GetName 

func (x *DenyGrantRequest) GetName() string

func (*DenyGrantRequest) GetReason 

func (x *DenyGrantRequest) GetReason() string

func (*DenyGrantRequest) ProtoMessage 

func (*DenyGrantRequest) ProtoMessage()

func (*DenyGrantRequest) ProtoReflect 

func (x *DenyGrantRequest) ProtoReflect() protoreflect.Message

func (*DenyGrantRequest) Reset 

func (x *DenyGrantRequest) Reset()

func (*DenyGrantRequest) String 

func (x *DenyGrantRequest) String() string

type Entitlement 

type Entitlement struct {

	// Identifier. Name of the entitlement.
	// Possible formats:
	//
	// * `organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}`
	// * `folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}`
	// * `projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. Create time stamp.
	CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. Update time stamp.
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Optional. Who can create grants using this entitlement. This list should
	// contain at most one entry.
	EligibleUsers []*AccessControlEntry `protobuf:"bytes,5,rep,name=eligible_users,json=eligibleUsers,proto3" json:"eligible_users,omitempty"`
	// Optional. The approvals needed before access are granted to a requester. No
	// approvals are needed if this field is null.
	ApprovalWorkflow *ApprovalWorkflow `protobuf:"bytes,6,opt,name=approval_workflow,json=approvalWorkflow,proto3" json:"approval_workflow,omitempty"`
	// The access granted to a requester on successful approval.
	PrivilegedAccess *PrivilegedAccess `protobuf:"bytes,7,opt,name=privileged_access,json=privilegedAccess,proto3" json:"privileged_access,omitempty"`
	// Required. The maximum amount of time that access is granted for a request.
	// A requester can ask for a duration less than this, but never more.
	MaxRequestDuration *duration.Duration `protobuf:"bytes,8,opt,name=max_request_duration,json=maxRequestDuration,proto3" json:"max_request_duration,omitempty"`
	// Output only. Current state of this entitlement.
	State Entitlement_State `` /* 128-byte string literal not displayed */
	// Required. The manner in which the requester should provide a justification
	// for requesting access.
	RequesterJustificationConfig *Entitlement_RequesterJustificationConfig `` /* 148-byte string literal not displayed */
	// Optional. Additional email addresses to be notified based on actions taken.
	AdditionalNotificationTargets *Entitlement_AdditionalNotificationTargets `` /* 151-byte string literal not displayed */
	// An `etag` is used for optimistic concurrency control as a way to prevent
	// simultaneous updates to the same entitlement. An `etag` is returned in the
	// response to `GetEntitlement` and the caller should put the `etag` in the
	// request to `UpdateEntitlement` so that their change is applied on
	// the same version. If this field is omitted or if there is a mismatch while
	// updating an entitlement, then the server rejects the request.
	Etag string `protobuf:"bytes,12,opt,name=etag,proto3" json:"etag,omitempty"`
	// contains filtered or unexported fields
}

An entitlement defines the eligibility of a set of users to obtain predefined access for some time possibly after going through an approval workflow.

func (*Entitlement) Descriptor deprecated 

func (*Entitlement) Descriptor() ([]byte, []int)

Deprecated: Use Entitlement.ProtoReflect.Descriptor instead.

func (*Entitlement) GetAdditionalNotificationTargets 

func (x *Entitlement) GetAdditionalNotificationTargets() *Entitlement_AdditionalNotificationTargets

func (*Entitlement) GetApprovalWorkflow 

func (x *Entitlement) GetApprovalWorkflow() *ApprovalWorkflow

func (*Entitlement) GetCreateTime 

func (x *Entitlement) GetCreateTime() *timestamp.Timestamp

func (*Entitlement) GetEligibleUsers 

func (x *Entitlement) GetEligibleUsers() []*AccessControlEntry

func (*Entitlement) GetEtag 

func (x *Entitlement) GetEtag() string

func (*Entitlement) GetMaxRequestDuration 

func (x *Entitlement) GetMaxRequestDuration() *duration.Duration

func (*Entitlement) GetName 

func (x *Entitlement) GetName() string

func (*Entitlement) GetPrivilegedAccess 

func (x *Entitlement) GetPrivilegedAccess() *PrivilegedAccess

func (*Entitlement) GetRequesterJustificationConfig 

func (x *Entitlement) GetRequesterJustificationConfig() *Entitlement_RequesterJustificationConfig

func (*Entitlement) GetState 

func (x *Entitlement) GetState() Entitlement_State

func (*Entitlement) GetUpdateTime 

func (x *Entitlement) GetUpdateTime() *timestamp.Timestamp

func (*Entitlement) ProtoMessage 

func (*Entitlement) ProtoMessage()

func (*Entitlement) ProtoReflect 

func (x *Entitlement) ProtoReflect() protoreflect.Message

func (*Entitlement) Reset 

func (x *Entitlement) Reset()

func (*Entitlement) String 

func (x *Entitlement) String() string

type Entitlement_AdditionalNotificationTargets 

type Entitlement_AdditionalNotificationTargets struct {

	// Optional. Additional email addresses to be notified when a principal
	// (requester) is granted access.
	AdminEmailRecipients []string `protobuf:"bytes,1,rep,name=admin_email_recipients,json=adminEmailRecipients,proto3" json:"admin_email_recipients,omitempty"`
	// Optional. Additional email address to be notified about an eligible
	// entitlement.
	RequesterEmailRecipients []string `` /* 135-byte string literal not displayed */
	// contains filtered or unexported fields
}

`AdditionalNotificationTargets` includes email addresses to be notified.

func (*Entitlement_AdditionalNotificationTargets) Descriptor deprecated 

func (*Entitlement_AdditionalNotificationTargets) Descriptor() ([]byte, []int)

Deprecated: Use Entitlement_AdditionalNotificationTargets.ProtoReflect.Descriptor instead.

func (*Entitlement_AdditionalNotificationTargets) GetAdminEmailRecipients 

func (x *Entitlement_AdditionalNotificationTargets) GetAdminEmailRecipients() []string

func (*Entitlement_AdditionalNotificationTargets) GetRequesterEmailRecipients 

func (x *Entitlement_AdditionalNotificationTargets) GetRequesterEmailRecipients() []string

func (*Entitlement_AdditionalNotificationTargets) ProtoMessage 

func (*Entitlement_AdditionalNotificationTargets) ProtoMessage()

func (*Entitlement_AdditionalNotificationTargets) ProtoReflect 

func (x *Entitlement_AdditionalNotificationTargets) ProtoReflect() protoreflect.Message

func (*Entitlement_AdditionalNotificationTargets) Reset 

func (x *Entitlement_AdditionalNotificationTargets) Reset()

func (*Entitlement_AdditionalNotificationTargets) String 

func (x *Entitlement_AdditionalNotificationTargets) String() string

type Entitlement_RequesterJustificationConfig 

type Entitlement_RequesterJustificationConfig struct {

	// This is a required field and the user must explicitly opt out if a
	// justification from the requester isn't mandatory.
	//
	// Types that are assignable to JustificationType:
	//
	//	*Entitlement_RequesterJustificationConfig_NotMandatory_
	//	*Entitlement_RequesterJustificationConfig_Unstructured_
	JustificationType isEntitlement_RequesterJustificationConfig_JustificationType `protobuf_oneof:"justification_type"`
	// contains filtered or unexported fields
}

Defines how a requester must provide a justification when requesting access.

func (*Entitlement_RequesterJustificationConfig) Descriptor deprecated 

func (*Entitlement_RequesterJustificationConfig) Descriptor() ([]byte, []int)

Deprecated: Use Entitlement_RequesterJustificationConfig.ProtoReflect.Descriptor instead.

func (*Entitlement_RequesterJustificationConfig) GetJustificationType 

func (m *Entitlement_RequesterJustificationConfig) GetJustificationType() isEntitlement_RequesterJustificationConfig_JustificationType

func (*Entitlement_RequesterJustificationConfig) GetNotMandatory 

func (x *Entitlement_RequesterJustificationConfig) GetNotMandatory() *Entitlement_RequesterJustificationConfig_NotMandatory

func (*Entitlement_RequesterJustificationConfig) GetUnstructured 

func (x *Entitlement_RequesterJustificationConfig) GetUnstructured() *Entitlement_RequesterJustificationConfig_Unstructured

func (*Entitlement_RequesterJustificationConfig) ProtoMessage 

func (*Entitlement_RequesterJustificationConfig) ProtoMessage()

func (*Entitlement_RequesterJustificationConfig) ProtoReflect 

func (x *Entitlement_RequesterJustificationConfig) ProtoReflect() protoreflect.Message

func (*Entitlement_RequesterJustificationConfig) Reset 

func (x *Entitlement_RequesterJustificationConfig) Reset()

func (*Entitlement_RequesterJustificationConfig) String 

func (x *Entitlement_RequesterJustificationConfig) String() string

type Entitlement_RequesterJustificationConfig_NotMandatory 

type Entitlement_RequesterJustificationConfig_NotMandatory struct {
	// contains filtered or unexported fields
}

The justification is not mandatory but can be provided in any of the supported formats.

func (*Entitlement_RequesterJustificationConfig_NotMandatory) Descriptor deprecated 

func (*Entitlement_RequesterJustificationConfig_NotMandatory) Descriptor() ([]byte, []int)

Deprecated: Use Entitlement_RequesterJustificationConfig_NotMandatory.ProtoReflect.Descriptor instead.

func (*Entitlement_RequesterJustificationConfig_NotMandatory) ProtoMessage 

func (*Entitlement_RequesterJustificationConfig_NotMandatory) ProtoMessage()

func (*Entitlement_RequesterJustificationConfig_NotMandatory) ProtoReflect 

func (x *Entitlement_RequesterJustificationConfig_NotMandatory) ProtoReflect() protoreflect.Message

func (*Entitlement_RequesterJustificationConfig_NotMandatory) Reset 

func (x *Entitlement_RequesterJustificationConfig_NotMandatory) Reset()

func (*Entitlement_RequesterJustificationConfig_NotMandatory) String 

func (x *Entitlement_RequesterJustificationConfig_NotMandatory) String() string

type Entitlement_RequesterJustificationConfig_NotMandatory_ 

type Entitlement_RequesterJustificationConfig_NotMandatory_ struct {
	// This option means the requester isn't required to provide a
	// justification.
	NotMandatory *Entitlement_RequesterJustificationConfig_NotMandatory `protobuf:"bytes,1,opt,name=not_mandatory,json=notMandatory,proto3,oneof"`
}

type Entitlement_RequesterJustificationConfig_Unstructured 

type Entitlement_RequesterJustificationConfig_Unstructured struct {
	// contains filtered or unexported fields
}

The requester has to provide a justification in the form of a string.

func (*Entitlement_RequesterJustificationConfig_Unstructured) Descriptor deprecated 

func (*Entitlement_RequesterJustificationConfig_Unstructured) Descriptor() ([]byte, []int)

Deprecated: Use Entitlement_RequesterJustificationConfig_Unstructured.ProtoReflect.Descriptor instead.

func (*Entitlement_RequesterJustificationConfig_Unstructured) ProtoMessage 

func (*Entitlement_RequesterJustificationConfig_Unstructured) ProtoMessage()

func (*Entitlement_RequesterJustificationConfig_Unstructured) ProtoReflect 

func (x *Entitlement_RequesterJustificationConfig_Unstructured) ProtoReflect() protoreflect.Message

func (*Entitlement_RequesterJustificationConfig_Unstructured) Reset 

func (x *Entitlement_RequesterJustificationConfig_Unstructured) Reset()

func (*Entitlement_RequesterJustificationConfig_Unstructured) String 

func (x *Entitlement_RequesterJustificationConfig_Unstructured) String() string

type Entitlement_RequesterJustificationConfig_Unstructured_ 

type Entitlement_RequesterJustificationConfig_Unstructured_ struct {
	// This option means the requester must provide a string as
	// justification. If this is selected, the server allows the requester
	// to provide a justification but doesn't validate it.
	Unstructured *Entitlement_RequesterJustificationConfig_Unstructured `protobuf:"bytes,2,opt,name=unstructured,proto3,oneof"`
}

type Entitlement_State 

type Entitlement_State int32

Different states an entitlement can be in. 

const (
	// Unspecified state. This value is never returned by the server.
	Entitlement_STATE_UNSPECIFIED Entitlement_State = 0
	// The entitlement is being created.
	Entitlement_CREATING Entitlement_State = 1
	// The entitlement is available for requesting access.
	Entitlement_AVAILABLE Entitlement_State = 2
	// The entitlement is being deleted.
	Entitlement_DELETING Entitlement_State = 3
	// The entitlement has been deleted.
	Entitlement_DELETED Entitlement_State = 4
	// The entitlement is being updated.
	Entitlement_UPDATING Entitlement_State = 5
)

func (Entitlement_State) Descriptor 

func (Entitlement_State) Descriptor() protoreflect.EnumDescriptor

func (Entitlement_State) Enum 

func (x Entitlement_State) Enum() *Entitlement_State

func (Entitlement_State) EnumDescriptor deprecated 

func (Entitlement_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use Entitlement_State.Descriptor instead.

func (Entitlement_State) Number 

func (x Entitlement_State) Number() protoreflect.EnumNumber

func (Entitlement_State) String 

func (x Entitlement_State) String() string

func (Entitlement_State) Type 

func (Entitlement_State) Type() protoreflect.EnumType

type GetEntitlementRequest 

type GetEntitlementRequest struct {

	// Required. Name of the resource.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Message for getting an entitlement.

func (*GetEntitlementRequest) Descriptor deprecated 

func (*GetEntitlementRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEntitlementRequest.ProtoReflect.Descriptor instead.

func (*GetEntitlementRequest) GetName 

func (x *GetEntitlementRequest) GetName() string

func (*GetEntitlementRequest) ProtoMessage 

func (*GetEntitlementRequest) ProtoMessage()

func (*GetEntitlementRequest) ProtoReflect 

func (x *GetEntitlementRequest) ProtoReflect() protoreflect.Message

func (*GetEntitlementRequest) Reset 

func (x *GetEntitlementRequest) Reset()

func (*GetEntitlementRequest) String 

func (x *GetEntitlementRequest) String() string

type GetGrantRequest 

type GetGrantRequest struct {

	// Required. Name of the resource.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Message for getting a grant.

func (*GetGrantRequest) Descriptor deprecated 

func (*GetGrantRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetGrantRequest.ProtoReflect.Descriptor instead.

func (*GetGrantRequest) GetName 

func (x *GetGrantRequest) GetName() string

func (*GetGrantRequest) ProtoMessage 

func (*GetGrantRequest) ProtoMessage()

func (*GetGrantRequest) ProtoReflect 

func (x *GetGrantRequest) ProtoReflect() protoreflect.Message

func (*GetGrantRequest) Reset 

func (x *GetGrantRequest) Reset()

func (*GetGrantRequest) String 

func (x *GetGrantRequest) String() string

type Grant 

type Grant struct {

	// Identifier. Name of this grant.
	// Possible formats:
	//
	// * `organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`
	// * `folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`
	// * `projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`
	//
	// The last segment of this name (`{grant-id}`) is autogenerated.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. Create time stamp.
	CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. Update time stamp.
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Output only. Username of the user who created this grant.
	Requester string `protobuf:"bytes,4,opt,name=requester,proto3" json:"requester,omitempty"`
	// Required. The amount of time access is needed for. This value should be
	// less than the `max_request_duration` value of the entitlement.
	RequestedDuration *duration.Duration `protobuf:"bytes,5,opt,name=requested_duration,json=requestedDuration,proto3" json:"requested_duration,omitempty"`
	// Optional. Justification of why this access is needed.
	Justification *Justification `protobuf:"bytes,6,opt,name=justification,proto3" json:"justification,omitempty"`
	// Output only. Current state of this grant.
	State Grant_State `protobuf:"varint,7,opt,name=state,proto3,enum=mockgcp.cloud.privilegedaccessmanager.v1.Grant_State" json:"state,omitempty"`
	// Output only. Timeline of this grant.
	Timeline *Grant_Timeline `protobuf:"bytes,8,opt,name=timeline,proto3" json:"timeline,omitempty"`
	// Output only. The access that would be granted by this grant.
	PrivilegedAccess *PrivilegedAccess `protobuf:"bytes,9,opt,name=privileged_access,json=privilegedAccess,proto3" json:"privileged_access,omitempty"`
	// Output only. Audit trail of access provided by this grant. If unspecified
	// then access was never granted.
	AuditTrail *Grant_AuditTrail `protobuf:"bytes,10,opt,name=audit_trail,json=auditTrail,proto3" json:"audit_trail,omitempty"`
	// Optional. Additional email addresses to notify for all the actions
	// performed on the grant.
	AdditionalEmailRecipients []string `` /* 139-byte string literal not displayed */
	// Output only. Flag set by the PAM system to indicate that policy bindings
	// made by this grant have been modified from outside PAM.
	//
	// After it is set, this flag remains set forever irrespective of the grant
	// state. A `true` value here indicates that PAM no longer has any certainty
	// on the access a user has because of this grant.
	ExternallyModified bool `protobuf:"varint,12,opt,name=externally_modified,json=externallyModified,proto3" json:"externally_modified,omitempty"`
	// contains filtered or unexported fields
}

A grant represents a request from a user for obtaining the access specified in an entitlement they are eligible for.

func (*Grant) Descriptor deprecated 

func (*Grant) Descriptor() ([]byte, []int)

Deprecated: Use Grant.ProtoReflect.Descriptor instead.

func (*Grant) GetAdditionalEmailRecipients 

func (x *Grant) GetAdditionalEmailRecipients() []string

func (*Grant) GetAuditTrail 

func (x *Grant) GetAuditTrail() *Grant_AuditTrail

func (*Grant) GetCreateTime 

func (x *Grant) GetCreateTime() *timestamp.Timestamp

func (*Grant) GetExternallyModified 

func (x *Grant) GetExternallyModified() bool

func (*Grant) GetJustification 

func (x *Grant) GetJustification() *Justification

func (*Grant) GetName 

func (x *Grant) GetName() string

func (*Grant) GetPrivilegedAccess 

func (x *Grant) GetPrivilegedAccess() *PrivilegedAccess

func (*Grant) GetRequestedDuration 

func (x *Grant) GetRequestedDuration() *duration.Duration

func (*Grant) GetRequester 

func (x *Grant) GetRequester() string

func (*Grant) GetState 

func (x *Grant) GetState() Grant_State

func (*Grant) GetTimeline 

func (x *Grant) GetTimeline() *Grant_Timeline

func (*Grant) GetUpdateTime 

func (x *Grant) GetUpdateTime() *timestamp.Timestamp

func (*Grant) ProtoMessage 

func (*Grant) ProtoMessage()

func (*Grant) ProtoReflect 

func (x *Grant) ProtoReflect() protoreflect.Message

func (*Grant) Reset 

func (x *Grant) Reset()

func (*Grant) String 

func (x *Grant) String() string

type Grant_AuditTrail 

type Grant_AuditTrail struct {

	// Output only. The time at which access was given.
	AccessGrantTime *timestamp.Timestamp `protobuf:"bytes,1,opt,name=access_grant_time,json=accessGrantTime,proto3" json:"access_grant_time,omitempty"`
	// Output only. The time at which the system removed access. This could be
	// because of an automatic expiry or because of a revocation.
	//
	// If unspecified, then access hasn't been removed yet.
	AccessRemoveTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=access_remove_time,json=accessRemoveTime,proto3" json:"access_remove_time,omitempty"`
	// contains filtered or unexported fields
}

Audit trail for the access provided by this grant.

func (*Grant_AuditTrail) Descriptor deprecated 

func (*Grant_AuditTrail) Descriptor() ([]byte, []int)

Deprecated: Use Grant_AuditTrail.ProtoReflect.Descriptor instead.

func (*Grant_AuditTrail) GetAccessGrantTime 

func (x *Grant_AuditTrail) GetAccessGrantTime() *timestamp.Timestamp

func (*Grant_AuditTrail) GetAccessRemoveTime 

func (x *Grant_AuditTrail) GetAccessRemoveTime() *timestamp.Timestamp

func (*Grant_AuditTrail) ProtoMessage 

func (*Grant_AuditTrail) ProtoMessage()

func (*Grant_AuditTrail) ProtoReflect 

func (x *Grant_AuditTrail) ProtoReflect() protoreflect.Message

func (*Grant_AuditTrail) Reset 

func (x *Grant_AuditTrail) Reset()

func (*Grant_AuditTrail) String 

func (x *Grant_AuditTrail) String() string

type Grant_State 

type Grant_State int32

Different states a grant can be in. 

const (
	// Unspecified state. This value is never returned by the server.
	Grant_STATE_UNSPECIFIED Grant_State = 0
	// The entitlement had an approval workflow configured and this grant is
	// waiting for the workflow to complete.
	Grant_APPROVAL_AWAITED Grant_State = 1
	// The approval workflow completed with a denied result. No access is
	// granted for this grant. This is a terminal state.
	Grant_DENIED Grant_State = 3
	// The approval workflow completed successfully with an approved result or
	// none was configured. Access is provided at an appropriate time.
	Grant_SCHEDULED Grant_State = 4
	// Access is being given.
	Grant_ACTIVATING Grant_State = 5
	// Access was successfully given and is currently active.
	Grant_ACTIVE Grant_State = 6
	// The system could not give access due to a non-retriable error. This is a
	// terminal state.
	Grant_ACTIVATION_FAILED Grant_State = 7
	// Expired after waiting for the approval workflow to complete. This is a
	// terminal state.
	Grant_EXPIRED Grant_State = 8
	// Access is being revoked.
	Grant_REVOKING Grant_State = 9
	// Access was revoked by a user. This is a terminal state.
	Grant_REVOKED Grant_State = 10
	// System took back access as the requested duration was over. This is a
	// terminal state.
	Grant_ENDED Grant_State = 11
)

func (Grant_State) Descriptor 

func (Grant_State) Descriptor() protoreflect.EnumDescriptor

func (Grant_State) Enum 

func (x Grant_State) Enum() *Grant_State

func (Grant_State) EnumDescriptor deprecated 

func (Grant_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use Grant_State.Descriptor instead.

func (Grant_State) Number 

func (x Grant_State) Number() protoreflect.EnumNumber

func (Grant_State) String 

func (x Grant_State) String() string

func (Grant_State) Type 

func (Grant_State) Type() protoreflect.EnumType

type Grant_Timeline 

type Grant_Timeline struct {

	// Output only. The events that have occurred on this grant. This list
	// contains entries in the same order as they occurred. The first entry is
	// always be of type `Requested` and there is always at least one entry in
	// this array.
	Events []*Grant_Timeline_Event `protobuf:"bytes,1,rep,name=events,proto3" json:"events,omitempty"`
	// contains filtered or unexported fields
}

Timeline of a grant describing what happened to it and when.

func (*Grant_Timeline) Descriptor deprecated 

func (*Grant_Timeline) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline.ProtoReflect.Descriptor instead.

func (*Grant_Timeline) GetEvents 

func (x *Grant_Timeline) GetEvents() []*Grant_Timeline_Event

func (*Grant_Timeline) ProtoMessage 

func (*Grant_Timeline) ProtoMessage()

func (*Grant_Timeline) ProtoReflect 

func (x *Grant_Timeline) ProtoReflect() protoreflect.Message

func (*Grant_Timeline) Reset 

func (x *Grant_Timeline) Reset()

func (*Grant_Timeline) String 

func (x *Grant_Timeline) String() string

type Grant_Timeline_Event 

type Grant_Timeline_Event struct {

	// Types that are assignable to Event:
	//
	//	*Grant_Timeline_Event_Requested_
	//	*Grant_Timeline_Event_Approved_
	//	*Grant_Timeline_Event_Denied_
	//	*Grant_Timeline_Event_Revoked_
	//	*Grant_Timeline_Event_Scheduled_
	//	*Grant_Timeline_Event_Activated_
	//	*Grant_Timeline_Event_ActivationFailed_
	//	*Grant_Timeline_Event_Expired_
	//	*Grant_Timeline_Event_Ended_
	//	*Grant_Timeline_Event_ExternallyModified_
	Event isGrant_Timeline_Event_Event `protobuf_oneof:"event"`
	// Output only. The time (as recorded at server) when this event occurred.
	EventTime *timestamp.Timestamp `protobuf:"bytes,1,opt,name=event_time,json=eventTime,proto3" json:"event_time,omitempty"`
	// contains filtered or unexported fields
}

A single operation on the grant.

func (*Grant_Timeline_Event) Descriptor deprecated 

func (*Grant_Timeline_Event) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event) GetActivated 

func (x *Grant_Timeline_Event) GetActivated() *Grant_Timeline_Event_Activated

func (*Grant_Timeline_Event) GetActivationFailed 

func (x *Grant_Timeline_Event) GetActivationFailed() *Grant_Timeline_Event_ActivationFailed

func (*Grant_Timeline_Event) GetApproved 

func (x *Grant_Timeline_Event) GetApproved() *Grant_Timeline_Event_Approved

func (*Grant_Timeline_Event) GetDenied 

func (x *Grant_Timeline_Event) GetDenied() *Grant_Timeline_Event_Denied

func (*Grant_Timeline_Event) GetEnded 

func (x *Grant_Timeline_Event) GetEnded() *Grant_Timeline_Event_Ended

func (*Grant_Timeline_Event) GetEvent 

func (m *Grant_Timeline_Event) GetEvent() isGrant_Timeline_Event_Event

func (*Grant_Timeline_Event) GetEventTime 

func (x *Grant_Timeline_Event) GetEventTime() *timestamp.Timestamp

func (*Grant_Timeline_Event) GetExpired 

func (x *Grant_Timeline_Event) GetExpired() *Grant_Timeline_Event_Expired

func (*Grant_Timeline_Event) GetExternallyModified 

func (x *Grant_Timeline_Event) GetExternallyModified() *Grant_Timeline_Event_ExternallyModified

func (*Grant_Timeline_Event) GetRequested 

func (x *Grant_Timeline_Event) GetRequested() *Grant_Timeline_Event_Requested

func (*Grant_Timeline_Event) GetRevoked 

func (x *Grant_Timeline_Event) GetRevoked() *Grant_Timeline_Event_Revoked

func (*Grant_Timeline_Event) GetScheduled 

func (x *Grant_Timeline_Event) GetScheduled() *Grant_Timeline_Event_Scheduled

func (*Grant_Timeline_Event) ProtoMessage 

func (*Grant_Timeline_Event) ProtoMessage()

func (*Grant_Timeline_Event) ProtoReflect 

func (x *Grant_Timeline_Event) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event) Reset 

func (x *Grant_Timeline_Event) Reset()

func (*Grant_Timeline_Event) String 

func (x *Grant_Timeline_Event) String() string

type Grant_Timeline_Event_Activated 

type Grant_Timeline_Event_Activated struct {
	// contains filtered or unexported fields
}

An event representing that the grant was successfully activated.

func (*Grant_Timeline_Event_Activated) Descriptor deprecated 

func (*Grant_Timeline_Event_Activated) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_Activated.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_Activated) ProtoMessage 

func (*Grant_Timeline_Event_Activated) ProtoMessage()

func (*Grant_Timeline_Event_Activated) ProtoReflect 

func (x *Grant_Timeline_Event_Activated) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_Activated) Reset 

func (x *Grant_Timeline_Event_Activated) Reset()

func (*Grant_Timeline_Event_Activated) String 

func (x *Grant_Timeline_Event_Activated) String() string

type Grant_Timeline_Event_Activated_ 

type Grant_Timeline_Event_Activated_ struct {
	// The grant was successfully activated to give access.
	Activated *Grant_Timeline_Event_Activated `protobuf:"bytes,7,opt,name=activated,proto3,oneof"`
}

type Grant_Timeline_Event_ActivationFailed 

type Grant_Timeline_Event_ActivationFailed struct {

	// Output only. The error that occurred while activating the grant.
	Error *status.Status `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
	// contains filtered or unexported fields
}

An event representing that the grant activation failed.

func (*Grant_Timeline_Event_ActivationFailed) Descriptor deprecated 

func (*Grant_Timeline_Event_ActivationFailed) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_ActivationFailed.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_ActivationFailed) GetError 

func (x *Grant_Timeline_Event_ActivationFailed) GetError() *status.Status

func (*Grant_Timeline_Event_ActivationFailed) ProtoMessage 

func (*Grant_Timeline_Event_ActivationFailed) ProtoMessage()

func (*Grant_Timeline_Event_ActivationFailed) ProtoReflect 

func (x *Grant_Timeline_Event_ActivationFailed) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_ActivationFailed) Reset 

func (x *Grant_Timeline_Event_ActivationFailed) Reset()

func (*Grant_Timeline_Event_ActivationFailed) String 

func (x *Grant_Timeline_Event_ActivationFailed) String() string

type Grant_Timeline_Event_ActivationFailed_ 

type Grant_Timeline_Event_ActivationFailed_ struct {
	// There was a non-retriable error while trying to give access.
	ActivationFailed *Grant_Timeline_Event_ActivationFailed `protobuf:"bytes,8,opt,name=activation_failed,json=activationFailed,proto3,oneof"`
}

type Grant_Timeline_Event_Approved 

type Grant_Timeline_Event_Approved struct {

	// Output only. The reason provided by the approver for approving the
	// grant.
	Reason string `protobuf:"bytes,1,opt,name=reason,proto3" json:"reason,omitempty"`
	// Output only. Username of the user who approved the grant.
	Actor string `protobuf:"bytes,2,opt,name=actor,proto3" json:"actor,omitempty"`
	// contains filtered or unexported fields
}

An event representing that the grant was approved.

func (*Grant_Timeline_Event_Approved) Descriptor deprecated 

func (*Grant_Timeline_Event_Approved) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_Approved.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_Approved) GetActor 

func (x *Grant_Timeline_Event_Approved) GetActor() string

func (*Grant_Timeline_Event_Approved) GetReason 

func (x *Grant_Timeline_Event_Approved) GetReason() string

func (*Grant_Timeline_Event_Approved) ProtoMessage 

func (*Grant_Timeline_Event_Approved) ProtoMessage()

func (*Grant_Timeline_Event_Approved) ProtoReflect 

func (x *Grant_Timeline_Event_Approved) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_Approved) Reset 

func (x *Grant_Timeline_Event_Approved) Reset()

func (*Grant_Timeline_Event_Approved) String 

func (x *Grant_Timeline_Event_Approved) String() string

type Grant_Timeline_Event_Approved_ 

type Grant_Timeline_Event_Approved_ struct {
	// The grant was approved.
	Approved *Grant_Timeline_Event_Approved `protobuf:"bytes,3,opt,name=approved,proto3,oneof"`
}

type Grant_Timeline_Event_Denied 

type Grant_Timeline_Event_Denied struct {

	// Output only. The reason provided by the approver for denying the
	// grant.
	Reason string `protobuf:"bytes,1,opt,name=reason,proto3" json:"reason,omitempty"`
	// Output only. Username of the user who denied the grant.
	Actor string `protobuf:"bytes,2,opt,name=actor,proto3" json:"actor,omitempty"`
	// contains filtered or unexported fields
}

An event representing that the grant was denied.

func (*Grant_Timeline_Event_Denied) Descriptor deprecated 

func (*Grant_Timeline_Event_Denied) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_Denied.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_Denied) GetActor 

func (x *Grant_Timeline_Event_Denied) GetActor() string

func (*Grant_Timeline_Event_Denied) GetReason 

func (x *Grant_Timeline_Event_Denied) GetReason() string

func (*Grant_Timeline_Event_Denied) ProtoMessage 

func (*Grant_Timeline_Event_Denied) ProtoMessage()

func (*Grant_Timeline_Event_Denied) ProtoReflect 

func (x *Grant_Timeline_Event_Denied) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_Denied) Reset 

func (x *Grant_Timeline_Event_Denied) Reset()

func (*Grant_Timeline_Event_Denied) String 

func (x *Grant_Timeline_Event_Denied) String() string

type Grant_Timeline_Event_Denied_ 

type Grant_Timeline_Event_Denied_ struct {
	// The grant was denied.
	Denied *Grant_Timeline_Event_Denied `protobuf:"bytes,4,opt,name=denied,proto3,oneof"`
}

type Grant_Timeline_Event_Ended 

type Grant_Timeline_Event_Ended struct {
	// contains filtered or unexported fields
}

An event representing that the grant has ended.

func (*Grant_Timeline_Event_Ended) Descriptor deprecated 

func (*Grant_Timeline_Event_Ended) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_Ended.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_Ended) ProtoMessage 

func (*Grant_Timeline_Event_Ended) ProtoMessage()

func (*Grant_Timeline_Event_Ended) ProtoReflect 

func (x *Grant_Timeline_Event_Ended) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_Ended) Reset 

func (x *Grant_Timeline_Event_Ended) Reset()

func (*Grant_Timeline_Event_Ended) String 

func (x *Grant_Timeline_Event_Ended) String() string

type Grant_Timeline_Event_Ended_ 

type Grant_Timeline_Event_Ended_ struct {
	// Access given by the grant ended automatically as the approved
	// duration was over.
	Ended *Grant_Timeline_Event_Ended `protobuf:"bytes,11,opt,name=ended,proto3,oneof"`
}

type Grant_Timeline_Event_Expired 

type Grant_Timeline_Event_Expired struct {
	// contains filtered or unexported fields
}

An event representing that the grant was expired.

func (*Grant_Timeline_Event_Expired) Descriptor deprecated 

func (*Grant_Timeline_Event_Expired) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_Expired.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_Expired) ProtoMessage 

func (*Grant_Timeline_Event_Expired) ProtoMessage()

func (*Grant_Timeline_Event_Expired) ProtoReflect 

func (x *Grant_Timeline_Event_Expired) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_Expired) Reset 

func (x *Grant_Timeline_Event_Expired) Reset()

func (*Grant_Timeline_Event_Expired) String 

func (x *Grant_Timeline_Event_Expired) String() string

type Grant_Timeline_Event_Expired_ 

type Grant_Timeline_Event_Expired_ struct {
	// The approval workflow did not complete in the necessary duration,
	// and so the grant is expired.
	Expired *Grant_Timeline_Event_Expired `protobuf:"bytes,10,opt,name=expired,proto3,oneof"`
}

type Grant_Timeline_Event_ExternallyModified 

type Grant_Timeline_Event_ExternallyModified struct {
	// contains filtered or unexported fields
}

An event representing that the policy bindings made by this grant were modified externally.

func (*Grant_Timeline_Event_ExternallyModified) Descriptor deprecated 

func (*Grant_Timeline_Event_ExternallyModified) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_ExternallyModified.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_ExternallyModified) ProtoMessage 

func (*Grant_Timeline_Event_ExternallyModified) ProtoMessage()

func (*Grant_Timeline_Event_ExternallyModified) ProtoReflect 

func (x *Grant_Timeline_Event_ExternallyModified) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_ExternallyModified) Reset 

func (x *Grant_Timeline_Event_ExternallyModified) Reset()

func (*Grant_Timeline_Event_ExternallyModified) String 

func (x *Grant_Timeline_Event_ExternallyModified) String() string

type Grant_Timeline_Event_ExternallyModified_ 

type Grant_Timeline_Event_ExternallyModified_ struct {
	// The policy bindings made by grant have been modified outside of PAM.
	ExternallyModified *Grant_Timeline_Event_ExternallyModified `protobuf:"bytes,12,opt,name=externally_modified,json=externallyModified,proto3,oneof"`
}

type Grant_Timeline_Event_Requested 

type Grant_Timeline_Event_Requested struct {

	// Output only. The time at which this grant expires unless the approval
	// workflow completes. If omitted, then the request never expires.
	ExpireTime *timestamp.Timestamp `protobuf:"bytes,1,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// contains filtered or unexported fields
}

An event representing that a grant was requested.

func (*Grant_Timeline_Event_Requested) Descriptor deprecated 

func (*Grant_Timeline_Event_Requested) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_Requested.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_Requested) GetExpireTime 

func (x *Grant_Timeline_Event_Requested) GetExpireTime() *timestamp.Timestamp

func (*Grant_Timeline_Event_Requested) ProtoMessage 

func (*Grant_Timeline_Event_Requested) ProtoMessage()

func (*Grant_Timeline_Event_Requested) ProtoReflect 

func (x *Grant_Timeline_Event_Requested) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_Requested) Reset 

func (x *Grant_Timeline_Event_Requested) Reset()

func (*Grant_Timeline_Event_Requested) String 

func (x *Grant_Timeline_Event_Requested) String() string

type Grant_Timeline_Event_Requested_ 

type Grant_Timeline_Event_Requested_ struct {
	// The grant was requested.
	Requested *Grant_Timeline_Event_Requested `protobuf:"bytes,2,opt,name=requested,proto3,oneof"`
}

type Grant_Timeline_Event_Revoked 

type Grant_Timeline_Event_Revoked struct {

	// Output only. The reason provided by the user for revoking the grant.
	Reason string `protobuf:"bytes,1,opt,name=reason,proto3" json:"reason,omitempty"`
	// Output only. Username of the user who revoked the grant.
	Actor string `protobuf:"bytes,2,opt,name=actor,proto3" json:"actor,omitempty"`
	// contains filtered or unexported fields
}

An event representing that the grant was revoked.

func (*Grant_Timeline_Event_Revoked) Descriptor deprecated 

func (*Grant_Timeline_Event_Revoked) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_Revoked.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_Revoked) GetActor 

func (x *Grant_Timeline_Event_Revoked) GetActor() string

func (*Grant_Timeline_Event_Revoked) GetReason 

func (x *Grant_Timeline_Event_Revoked) GetReason() string

func (*Grant_Timeline_Event_Revoked) ProtoMessage 

func (*Grant_Timeline_Event_Revoked) ProtoMessage()

func (*Grant_Timeline_Event_Revoked) ProtoReflect 

func (x *Grant_Timeline_Event_Revoked) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_Revoked) Reset 

func (x *Grant_Timeline_Event_Revoked) Reset()

func (*Grant_Timeline_Event_Revoked) String 

func (x *Grant_Timeline_Event_Revoked) String() string

type Grant_Timeline_Event_Revoked_ 

type Grant_Timeline_Event_Revoked_ struct {
	// The grant was revoked.
	Revoked *Grant_Timeline_Event_Revoked `protobuf:"bytes,5,opt,name=revoked,proto3,oneof"`
}

type Grant_Timeline_Event_Scheduled 

type Grant_Timeline_Event_Scheduled struct {

	// Output only. The time at which the access is granted.
	ScheduledActivationTime *timestamp.Timestamp `` /* 132-byte string literal not displayed */
	// contains filtered or unexported fields
}

An event representing that the grant has been scheduled to be activated later.

func (*Grant_Timeline_Event_Scheduled) Descriptor deprecated 

func (*Grant_Timeline_Event_Scheduled) Descriptor() ([]byte, []int)

Deprecated: Use Grant_Timeline_Event_Scheduled.ProtoReflect.Descriptor instead.

func (*Grant_Timeline_Event_Scheduled) GetScheduledActivationTime 

func (x *Grant_Timeline_Event_Scheduled) GetScheduledActivationTime() *timestamp.Timestamp

func (*Grant_Timeline_Event_Scheduled) ProtoMessage 

func (*Grant_Timeline_Event_Scheduled) ProtoMessage()

func (*Grant_Timeline_Event_Scheduled) ProtoReflect 

func (x *Grant_Timeline_Event_Scheduled) ProtoReflect() protoreflect.Message

func (*Grant_Timeline_Event_Scheduled) Reset 

func (x *Grant_Timeline_Event_Scheduled) Reset()

func (*Grant_Timeline_Event_Scheduled) String 

func (x *Grant_Timeline_Event_Scheduled) String() string

type Grant_Timeline_Event_Scheduled_ 

type Grant_Timeline_Event_Scheduled_ struct {
	// The grant has been scheduled to give access.
	Scheduled *Grant_Timeline_Event_Scheduled `protobuf:"bytes,6,opt,name=scheduled,proto3,oneof"`
}

type Justification 

type Justification struct {

	// Types that are assignable to Justification:
	//
	//	*Justification_UnstructuredJustification
	Justification isJustification_Justification `protobuf_oneof:"justification"`
	// contains filtered or unexported fields
}

Justification represents a justification for requesting access.

func (*Justification) Descriptor deprecated 

func (*Justification) Descriptor() ([]byte, []int)

Deprecated: Use Justification.ProtoReflect.Descriptor instead.

func (*Justification) GetJustification 

func (m *Justification) GetJustification() isJustification_Justification

func (*Justification) GetUnstructuredJustification 

func (x *Justification) GetUnstructuredJustification() string

func (*Justification) ProtoMessage 

func (*Justification) ProtoMessage()

func (*Justification) ProtoReflect 

func (x *Justification) ProtoReflect() protoreflect.Message

func (*Justification) Reset 

func (x *Justification) Reset()

func (*Justification) String 

func (x *Justification) String() string

type Justification_UnstructuredJustification 

type Justification_UnstructuredJustification struct {
	// A free form textual justification. The system only ensures that this
	// is not empty. No other kind of validation is performed on the string.
	UnstructuredJustification string `protobuf:"bytes,1,opt,name=unstructured_justification,json=unstructuredJustification,proto3,oneof"`
}

type ListEntitlementsRequest 

type ListEntitlementsRequest struct {

	// Required. The parent which owns the entitlement resources.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Requested page size. Server may return fewer items than
	// requested. If unspecified, the server picks an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. A token identifying a page of results the server should return.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Filtering results.
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Hint for how to order the results.
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Message for requesting list of entitlements.

func (*ListEntitlementsRequest) Descriptor deprecated 

func (*ListEntitlementsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListEntitlementsRequest.ProtoReflect.Descriptor instead.

func (*ListEntitlementsRequest) GetFilter 

func (x *ListEntitlementsRequest) GetFilter() string

func (*ListEntitlementsRequest) GetOrderBy 

func (x *ListEntitlementsRequest) GetOrderBy() string

func (*ListEntitlementsRequest) GetPageSize 

func (x *ListEntitlementsRequest) GetPageSize() int32

func (*ListEntitlementsRequest) GetPageToken 

func (x *ListEntitlementsRequest) GetPageToken() string

func (*ListEntitlementsRequest) GetParent 

func (x *ListEntitlementsRequest) GetParent() string

func (*ListEntitlementsRequest) ProtoMessage 

func (*ListEntitlementsRequest) ProtoMessage()

func (*ListEntitlementsRequest) ProtoReflect 

func (x *ListEntitlementsRequest) ProtoReflect() protoreflect.Message

func (*ListEntitlementsRequest) Reset 

func (x *ListEntitlementsRequest) Reset()

func (*ListEntitlementsRequest) String 

func (x *ListEntitlementsRequest) String() string

type ListEntitlementsResponse 

type ListEntitlementsResponse struct {

	// The list of entitlements.
	Entitlements []*Entitlement `protobuf:"bytes,1,rep,name=entitlements,proto3" json:"entitlements,omitempty"`
	// A token identifying a page of results the server should return.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// Locations that could not be reached.
	Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
	// contains filtered or unexported fields
}

Message for response to listing entitlements.

func (*ListEntitlementsResponse) Descriptor deprecated 

func (*ListEntitlementsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListEntitlementsResponse.ProtoReflect.Descriptor instead.

func (*ListEntitlementsResponse) GetEntitlements 

func (x *ListEntitlementsResponse) GetEntitlements() []*Entitlement

func (*ListEntitlementsResponse) GetNextPageToken 

func (x *ListEntitlementsResponse) GetNextPageToken() string

func (*ListEntitlementsResponse) GetUnreachable 

func (x *ListEntitlementsResponse) GetUnreachable() []string

func (*ListEntitlementsResponse) ProtoMessage 

func (*ListEntitlementsResponse) ProtoMessage()

func (*ListEntitlementsResponse) ProtoReflect 

func (x *ListEntitlementsResponse) ProtoReflect() protoreflect.Message

func (*ListEntitlementsResponse) Reset 

func (x *ListEntitlementsResponse) Reset()

func (*ListEntitlementsResponse) String 

func (x *ListEntitlementsResponse) String() string

type ListGrantsRequest 

type ListGrantsRequest struct {

	// Required. The parent resource which owns the grants.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Requested page size. The server may return fewer items than
	// requested. If unspecified, the server picks an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. A token identifying a page of results the server should return.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Filtering results.
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Hint for how to order the results
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Message for requesting list of grants.

func (*ListGrantsRequest) Descriptor deprecated 

func (*ListGrantsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListGrantsRequest.ProtoReflect.Descriptor instead.

func (*ListGrantsRequest) GetFilter 

func (x *ListGrantsRequest) GetFilter() string

func (*ListGrantsRequest) GetOrderBy 

func (x *ListGrantsRequest) GetOrderBy() string

func (*ListGrantsRequest) GetPageSize 

func (x *ListGrantsRequest) GetPageSize() int32

func (*ListGrantsRequest) GetPageToken 

func (x *ListGrantsRequest) GetPageToken() string

func (*ListGrantsRequest) GetParent 

func (x *ListGrantsRequest) GetParent() string

func (*ListGrantsRequest) ProtoMessage 

func (*ListGrantsRequest) ProtoMessage()

func (*ListGrantsRequest) ProtoReflect 

func (x *ListGrantsRequest) ProtoReflect() protoreflect.Message

func (*ListGrantsRequest) Reset 

func (x *ListGrantsRequest) Reset()

func (*ListGrantsRequest) String 

func (x *ListGrantsRequest) String() string

type ListGrantsResponse 

type ListGrantsResponse struct {

	// The list of grants.
	Grants []*Grant `protobuf:"bytes,1,rep,name=grants,proto3" json:"grants,omitempty"`
	// A token identifying a page of results the server should return.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// Locations that could not be reached.
	Unreachable []string `protobuf:"bytes,3,rep,name=unreachable,proto3" json:"unreachable,omitempty"`
	// contains filtered or unexported fields
}

Message for response to listing grants.

func (*ListGrantsResponse) Descriptor deprecated 

func (*ListGrantsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListGrantsResponse.ProtoReflect.Descriptor instead.

func (*ListGrantsResponse) GetGrants 

func (x *ListGrantsResponse) GetGrants() []*Grant

func (*ListGrantsResponse) GetNextPageToken 

func (x *ListGrantsResponse) GetNextPageToken() string

func (*ListGrantsResponse) GetUnreachable 

func (x *ListGrantsResponse) GetUnreachable() []string

func (*ListGrantsResponse) ProtoMessage 

func (*ListGrantsResponse) ProtoMessage()

func (*ListGrantsResponse) ProtoReflect 

func (x *ListGrantsResponse) ProtoReflect() protoreflect.Message

func (*ListGrantsResponse) Reset 

func (x *ListGrantsResponse) Reset()

func (*ListGrantsResponse) String 

func (x *ListGrantsResponse) String() string

type ManualApprovals 

type ManualApprovals struct {

	// Optional. Do the approvers need to provide a justification for their
	// actions?
	RequireApproverJustification bool `` /* 148-byte string literal not displayed */
	// Optional. List of approval steps in this workflow. These steps are followed
	// in the specified order sequentially. Only 1 step is supported.
	Steps []*ManualApprovals_Step `protobuf:"bytes,2,rep,name=steps,proto3" json:"steps,omitempty"`
	// contains filtered or unexported fields
}

A manual approval workflow where users who are designated as approvers need to call the `ApproveGrant`/`DenyGrant` APIs for a grant. The workflow can consist of multiple serial steps where each step defines who can act as approver in that step and how many of those users should approve before the workflow moves to the next step.

This can be used to create approval workflows such as:

* Require an approval from any user in a group G. * Require an approval from any k number of users from a Group G. * Require an approval from any user in a group G and then from a user U.

A single user might be part of the `approvers` ACL for multiple steps in this workflow, but they can only approve once and that approval is only considered to satisfy the approval step at which it was granted.

func (*ManualApprovals) Descriptor deprecated 

func (*ManualApprovals) Descriptor() ([]byte, []int)

Deprecated: Use ManualApprovals.ProtoReflect.Descriptor instead.

func (*ManualApprovals) GetRequireApproverJustification 

func (x *ManualApprovals) GetRequireApproverJustification() bool

func (*ManualApprovals) GetSteps 

func (x *ManualApprovals) GetSteps() []*ManualApprovals_Step

func (*ManualApprovals) ProtoMessage 

func (*ManualApprovals) ProtoMessage()

func (*ManualApprovals) ProtoReflect 

func (x *ManualApprovals) ProtoReflect() protoreflect.Message

func (*ManualApprovals) Reset 

func (x *ManualApprovals) Reset()

func (*ManualApprovals) String 

func (x *ManualApprovals) String() string

type ManualApprovals_Step 

type ManualApprovals_Step struct {

	// Optional. The potential set of approvers in this step. This list must
	// contain at most one entry.
	Approvers []*AccessControlEntry `protobuf:"bytes,1,rep,name=approvers,proto3" json:"approvers,omitempty"`
	// Required. How many users from the above list need to approve. If there
	// aren't enough distinct users in the list, then the workflow indefinitely
	// blocks. Should always be greater than 0. 1 is the only supported value.
	ApprovalsNeeded int32 `protobuf:"varint,2,opt,name=approvals_needed,json=approvalsNeeded,proto3" json:"approvals_needed,omitempty"`
	// Optional. Additional email addresses to be notified when a grant is
	// pending approval.
	ApproverEmailRecipients []string `` /* 132-byte string literal not displayed */
	// contains filtered or unexported fields
}

Step represents a logical step in a manual approval workflow.

func (*ManualApprovals_Step) Descriptor deprecated 

func (*ManualApprovals_Step) Descriptor() ([]byte, []int)

Deprecated: Use ManualApprovals_Step.ProtoReflect.Descriptor instead.

func (*ManualApprovals_Step) GetApprovalsNeeded 

func (x *ManualApprovals_Step) GetApprovalsNeeded() int32

func (*ManualApprovals_Step) GetApproverEmailRecipients 

func (x *ManualApprovals_Step) GetApproverEmailRecipients() []string

func (*ManualApprovals_Step) GetApprovers 

func (x *ManualApprovals_Step) GetApprovers() []*AccessControlEntry

func (*ManualApprovals_Step) ProtoMessage 

func (*ManualApprovals_Step) ProtoMessage()

func (*ManualApprovals_Step) ProtoReflect 

func (x *ManualApprovals_Step) ProtoReflect() protoreflect.Message

func (*ManualApprovals_Step) Reset 

func (x *ManualApprovals_Step) Reset()

func (*ManualApprovals_Step) String 

func (x *ManualApprovals_Step) String() string

type OperationMetadata 

type OperationMetadata struct {

	// Output only. The time the operation was created.
	CreateTime *timestamp.Timestamp `protobuf:"bytes,1,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time the operation finished running.
	EndTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"`
	// Output only. Server-defined resource path for the target of the operation.
	Target string `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
	// Output only. Name of the verb executed by the operation.
	Verb string `protobuf:"bytes,4,opt,name=verb,proto3" json:"verb,omitempty"`
	// Output only. Human-readable status of the operation, if any.
	StatusMessage string `protobuf:"bytes,5,opt,name=status_message,json=statusMessage,proto3" json:"status_message,omitempty"`
	// Output only. Identifies whether the user has requested cancellation
	// of the operation. Operations that have been cancelled successfully
	// have [Operation.error][] value with a
	// [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
	// `Code.CANCELLED`.
	RequestedCancellation bool `protobuf:"varint,6,opt,name=requested_cancellation,json=requestedCancellation,proto3" json:"requested_cancellation,omitempty"`
	// Output only. API version used to start the operation.
	ApiVersion string `protobuf:"bytes,7,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"`
	// contains filtered or unexported fields
}

Represents the metadata of the long-running operation.

func (*OperationMetadata) Descriptor deprecated 

func (*OperationMetadata) Descriptor() ([]byte, []int)

Deprecated: Use OperationMetadata.ProtoReflect.Descriptor instead.

func (*OperationMetadata) GetApiVersion 

func (x *OperationMetadata) GetApiVersion() string

func (*OperationMetadata) GetCreateTime 

func (x *OperationMetadata) GetCreateTime() *timestamp.Timestamp

func (*OperationMetadata) GetEndTime 

func (x *OperationMetadata) GetEndTime() *timestamp.Timestamp

func (*OperationMetadata) GetRequestedCancellation 

func (x *OperationMetadata) GetRequestedCancellation() bool

func (*OperationMetadata) GetStatusMessage 

func (x *OperationMetadata) GetStatusMessage() string

func (*OperationMetadata) GetTarget 

func (x *OperationMetadata) GetTarget() string

func (*OperationMetadata) GetVerb 

func (x *OperationMetadata) GetVerb() string

func (*OperationMetadata) ProtoMessage 

func (*OperationMetadata) ProtoMessage()

func (*OperationMetadata) ProtoReflect 

func (x *OperationMetadata) ProtoReflect() protoreflect.Message

func (*OperationMetadata) Reset 

func (x *OperationMetadata) Reset()

func (*OperationMetadata) String 

func (x *OperationMetadata) String() string

type PrivilegedAccess 

type PrivilegedAccess struct {

	// Types that are assignable to AccessType:
	//
	//	*PrivilegedAccess_GcpIamAccess_
	AccessType isPrivilegedAccess_AccessType `protobuf_oneof:"access_type"`
	// contains filtered or unexported fields
}

Privileged access that this service can be used to gate.

func (*PrivilegedAccess) Descriptor deprecated 

func (*PrivilegedAccess) Descriptor() ([]byte, []int)

Deprecated: Use PrivilegedAccess.ProtoReflect.Descriptor instead.

func (*PrivilegedAccess) GetAccessType 

func (m *PrivilegedAccess) GetAccessType() isPrivilegedAccess_AccessType

func (*PrivilegedAccess) GetGcpIamAccess 

func (x *PrivilegedAccess) GetGcpIamAccess() *PrivilegedAccess_GcpIamAccess

func (*PrivilegedAccess) ProtoMessage 

func (*PrivilegedAccess) ProtoMessage()

func (*PrivilegedAccess) ProtoReflect 

func (x *PrivilegedAccess) ProtoReflect() protoreflect.Message

func (*PrivilegedAccess) Reset 

func (x *PrivilegedAccess) Reset()

func (*PrivilegedAccess) String 

func (x *PrivilegedAccess) String() string

type PrivilegedAccessManagerClient 

type PrivilegedAccessManagerClient interface {
	// `CheckOnboardingStatus` reports the onboarding status for a
	// project/folder/organization. Any findings reported by this API need to be
	// fixed before PAM can be used on the resource.
	CheckOnboardingStatus(ctx context.Context, in *CheckOnboardingStatusRequest, opts ...grpc.CallOption) (*CheckOnboardingStatusResponse, error)
	// Lists entitlements in a given project/folder/organization and location.
	ListEntitlements(ctx context.Context, in *ListEntitlementsRequest, opts ...grpc.CallOption) (*ListEntitlementsResponse, error)
	// `SearchEntitlements` returns entitlements on which the caller has the
	// specified access.
	SearchEntitlements(ctx context.Context, in *SearchEntitlementsRequest, opts ...grpc.CallOption) (*SearchEntitlementsResponse, error)
	// Gets details of a single entitlement.
	GetEntitlement(ctx context.Context, in *GetEntitlementRequest, opts ...grpc.CallOption) (*Entitlement, error)
	// Creates a new entitlement in a given project/folder/organization and
	// location.
	CreateEntitlement(ctx context.Context, in *CreateEntitlementRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Deletes a single entitlement. This method can only be called when there
	// are no in-progress (`ACTIVE`/`ACTIVATING`/`REVOKING`) grants under the
	// entitlement.
	DeleteEntitlement(ctx context.Context, in *DeleteEntitlementRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Updates the entitlement specified in the request. Updated fields in the
	// entitlement need to be specified in an update mask. The changes made to an
	// entitlement are applicable only on future grants of the entitlement.
	// However, if new approvers are added or existing approvers are removed from
	// the approval workflow, the changes are effective on existing grants.
	//
	// The following fields are not supported for updates:
	//
	//   - All immutable fields
	//   - Entitlement name
	//   - Resource name
	//   - Resource type
	//   - Adding an approval workflow in an entitlement which previously had no
	//     approval workflow.
	//   - Deleting the approval workflow from an entitlement.
	//   - Adding or deleting a step in the approval workflow (only one step is
	//     supported)
	//
	// Note that updates are allowed on the list of approvers in an approval
	// workflow step.
	UpdateEntitlement(ctx context.Context, in *UpdateEntitlementRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Lists grants for a given entitlement.
	ListGrants(ctx context.Context, in *ListGrantsRequest, opts ...grpc.CallOption) (*ListGrantsResponse, error)
	// `SearchGrants` returns grants that are related to the calling user in the
	// specified way.
	SearchGrants(ctx context.Context, in *SearchGrantsRequest, opts ...grpc.CallOption) (*SearchGrantsResponse, error)
	// Get details of a single grant.
	GetGrant(ctx context.Context, in *GetGrantRequest, opts ...grpc.CallOption) (*Grant, error)
	// Creates a new grant in a given project/folder/organization and
	// location.
	CreateGrant(ctx context.Context, in *CreateGrantRequest, opts ...grpc.CallOption) (*Grant, error)
	// `ApproveGrant` is used to approve a grant. This method can only be called
	// on a grant when it's in the `APPROVAL_AWAITED` state. This operation can't
	// be undone.
	ApproveGrant(ctx context.Context, in *ApproveGrantRequest, opts ...grpc.CallOption) (*Grant, error)
	// `DenyGrant` is used to deny a grant. This method can only be called on a
	// grant when it's in the `APPROVAL_AWAITED` state. This operation can't be
	// undone.
	DenyGrant(ctx context.Context, in *DenyGrantRequest, opts ...grpc.CallOption) (*Grant, error)
	// `RevokeGrant` is used to immediately revoke access for a grant. This method
	// can be called when the grant is in a non-terminal state.
	RevokeGrant(ctx context.Context, in *RevokeGrantRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
}

PrivilegedAccessManagerClient is the client API for PrivilegedAccessManager service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewPrivilegedAccessManagerClient 

func NewPrivilegedAccessManagerClient(cc grpc.ClientConnInterface) PrivilegedAccessManagerClient

type PrivilegedAccessManagerServer 

type PrivilegedAccessManagerServer interface {
	// `CheckOnboardingStatus` reports the onboarding status for a
	// project/folder/organization. Any findings reported by this API need to be
	// fixed before PAM can be used on the resource.
	CheckOnboardingStatus(context.Context, *CheckOnboardingStatusRequest) (*CheckOnboardingStatusResponse, error)
	// Lists entitlements in a given project/folder/organization and location.
	ListEntitlements(context.Context, *ListEntitlementsRequest) (*ListEntitlementsResponse, error)
	// `SearchEntitlements` returns entitlements on which the caller has the
	// specified access.
	SearchEntitlements(context.Context, *SearchEntitlementsRequest) (*SearchEntitlementsResponse, error)
	// Gets details of a single entitlement.
	GetEntitlement(context.Context, *GetEntitlementRequest) (*Entitlement, error)
	// Creates a new entitlement in a given project/folder/organization and
	// location.
	CreateEntitlement(context.Context, *CreateEntitlementRequest) (*longrunningpb.Operation, error)
	// Deletes a single entitlement. This method can only be called when there
	// are no in-progress (`ACTIVE`/`ACTIVATING`/`REVOKING`) grants under the
	// entitlement.
	DeleteEntitlement(context.Context, *DeleteEntitlementRequest) (*longrunningpb.Operation, error)
	// Updates the entitlement specified in the request. Updated fields in the
	// entitlement need to be specified in an update mask. The changes made to an
	// entitlement are applicable only on future grants of the entitlement.
	// However, if new approvers are added or existing approvers are removed from
	// the approval workflow, the changes are effective on existing grants.
	//
	// The following fields are not supported for updates:
	//
	//   - All immutable fields
	//   - Entitlement name
	//   - Resource name
	//   - Resource type
	//   - Adding an approval workflow in an entitlement which previously had no
	//     approval workflow.
	//   - Deleting the approval workflow from an entitlement.
	//   - Adding or deleting a step in the approval workflow (only one step is
	//     supported)
	//
	// Note that updates are allowed on the list of approvers in an approval
	// workflow step.
	UpdateEntitlement(context.Context, *UpdateEntitlementRequest) (*longrunningpb.Operation, error)
	// Lists grants for a given entitlement.
	ListGrants(context.Context, *ListGrantsRequest) (*ListGrantsResponse, error)
	// `SearchGrants` returns grants that are related to the calling user in the
	// specified way.
	SearchGrants(context.Context, *SearchGrantsRequest) (*SearchGrantsResponse, error)
	// Get details of a single grant.
	GetGrant(context.Context, *GetGrantRequest) (*Grant, error)
	// Creates a new grant in a given project/folder/organization and
	// location.
	CreateGrant(context.Context, *CreateGrantRequest) (*Grant, error)
	// `ApproveGrant` is used to approve a grant. This method can only be called
	// on a grant when it's in the `APPROVAL_AWAITED` state. This operation can't
	// be undone.
	ApproveGrant(context.Context, *ApproveGrantRequest) (*Grant, error)
	// `DenyGrant` is used to deny a grant. This method can only be called on a
	// grant when it's in the `APPROVAL_AWAITED` state. This operation can't be
	// undone.
	DenyGrant(context.Context, *DenyGrantRequest) (*Grant, error)
	// `RevokeGrant` is used to immediately revoke access for a grant. This method
	// can be called when the grant is in a non-terminal state.
	RevokeGrant(context.Context, *RevokeGrantRequest) (*longrunningpb.Operation, error)
	// contains filtered or unexported methods
}

PrivilegedAccessManagerServer is the server API for PrivilegedAccessManager service. All implementations must embed UnimplementedPrivilegedAccessManagerServer for forward compatibility

type PrivilegedAccess_GcpIamAccess 

type PrivilegedAccess_GcpIamAccess struct {

	// Required. The type of this resource.
	ResourceType string `protobuf:"bytes,1,opt,name=resource_type,json=resourceType,proto3" json:"resource_type,omitempty"`
	// Required. Name of the resource.
	Resource string `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
	// Required. Role bindings that are created on successful grant.
	RoleBindings []*PrivilegedAccess_GcpIamAccess_RoleBinding `protobuf:"bytes,4,rep,name=role_bindings,json=roleBindings,proto3" json:"role_bindings,omitempty"`
	// contains filtered or unexported fields
}

`GcpIamAccess` represents IAM based access control on a Google Cloud resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.

func (*PrivilegedAccess_GcpIamAccess) Descriptor deprecated 

func (*PrivilegedAccess_GcpIamAccess) Descriptor() ([]byte, []int)

Deprecated: Use PrivilegedAccess_GcpIamAccess.ProtoReflect.Descriptor instead.

func (*PrivilegedAccess_GcpIamAccess) GetResource 

func (x *PrivilegedAccess_GcpIamAccess) GetResource() string

func (*PrivilegedAccess_GcpIamAccess) GetResourceType 

func (x *PrivilegedAccess_GcpIamAccess) GetResourceType() string

func (*PrivilegedAccess_GcpIamAccess) GetRoleBindings 

func (x *PrivilegedAccess_GcpIamAccess) GetRoleBindings() []*PrivilegedAccess_GcpIamAccess_RoleBinding

func (*PrivilegedAccess_GcpIamAccess) ProtoMessage 

func (*PrivilegedAccess_GcpIamAccess) ProtoMessage()

func (*PrivilegedAccess_GcpIamAccess) ProtoReflect 

func (x *PrivilegedAccess_GcpIamAccess) ProtoReflect() protoreflect.Message

func (*PrivilegedAccess_GcpIamAccess) Reset 

func (x *PrivilegedAccess_GcpIamAccess) Reset()

func (*PrivilegedAccess_GcpIamAccess) String 

func (x *PrivilegedAccess_GcpIamAccess) String() string

type PrivilegedAccess_GcpIamAccess_ 

type PrivilegedAccess_GcpIamAccess_ struct {
	// Access to a Google Cloud resource through IAM.
	GcpIamAccess *PrivilegedAccess_GcpIamAccess `protobuf:"bytes,1,opt,name=gcp_iam_access,json=gcpIamAccess,proto3,oneof"`
}

type PrivilegedAccess_GcpIamAccess_RoleBinding 

type PrivilegedAccess_GcpIamAccess_RoleBinding struct {

	// Required. IAM role to be granted.
	// https://cloud.google.com/iam/docs/roles-overview.
	Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
	// Optional. The expression field of the IAM condition to be associated
	// with the role. If specified, a user with an active grant for this
	// entitlement is able to access the resource only if this condition
	// evaluates to true for their request.
	//
	// This field uses the same CEL format as IAM and supports all attributes
	// that IAM supports, except tags.
	// https://cloud.google.com/iam/docs/conditions-overview#attributes.
	ConditionExpression string `protobuf:"bytes,2,opt,name=condition_expression,json=conditionExpression,proto3" json:"condition_expression,omitempty"`
	// contains filtered or unexported fields
}

IAM role bindings that are created after a successful grant.

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) Descriptor deprecated 

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) Descriptor() ([]byte, []int)

Deprecated: Use PrivilegedAccess_GcpIamAccess_RoleBinding.ProtoReflect.Descriptor instead.

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) GetConditionExpression 

func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) GetConditionExpression() string

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) GetRole 

func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) GetRole() string

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) ProtoMessage 

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) ProtoMessage()

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) ProtoReflect 

func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) ProtoReflect() protoreflect.Message

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) Reset 

func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) Reset()

func (*PrivilegedAccess_GcpIamAccess_RoleBinding) String 

func (x *PrivilegedAccess_GcpIamAccess_RoleBinding) String() string

type RevokeGrantRequest 

type RevokeGrantRequest struct {

	// Required. Name of the grant resource which is being revoked.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. The reason for revoking this grant.
	Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"`
	// contains filtered or unexported fields
}

Request message for `RevokeGrant` method.

func (*RevokeGrantRequest) Descriptor deprecated 

func (*RevokeGrantRequest) Descriptor() ([]byte, []int)

Deprecated: Use RevokeGrantRequest.ProtoReflect.Descriptor instead.

func (*RevokeGrantRequest) GetName 

func (x *RevokeGrantRequest) GetName() string

func (*RevokeGrantRequest) GetReason 

func (x *RevokeGrantRequest) GetReason() string

func (*RevokeGrantRequest) ProtoMessage 

func (*RevokeGrantRequest) ProtoMessage()

func (*RevokeGrantRequest) ProtoReflect 

func (x *RevokeGrantRequest) ProtoReflect() protoreflect.Message

func (*RevokeGrantRequest) Reset 

func (x *RevokeGrantRequest) Reset()

func (*RevokeGrantRequest) String 

func (x *RevokeGrantRequest) String() string

type SearchEntitlementsRequest 

type SearchEntitlementsRequest struct {

	// Required. The parent which owns the entitlement resources.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. Only entitlements where the calling user has this access are
	// returned.
	CallerAccessType SearchEntitlementsRequest_CallerAccessType `` /* 201-byte string literal not displayed */
	// Optional. Only entitlements matching this filter are returned in the
	// response.
	Filter string `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Requested page size. The server may return fewer items than
	// requested. If unspecified, the server picks an appropriate default.
	PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. A token identifying a page of results the server should return.
	PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

Request message for `SearchEntitlements` method.

func (*SearchEntitlementsRequest) Descriptor deprecated 

func (*SearchEntitlementsRequest) Descriptor() ([]byte, []int)

Deprecated: Use SearchEntitlementsRequest.ProtoReflect.Descriptor instead.

func (*SearchEntitlementsRequest) GetCallerAccessType 

func (x *SearchEntitlementsRequest) GetCallerAccessType() SearchEntitlementsRequest_CallerAccessType

func (*SearchEntitlementsRequest) GetFilter 

func (x *SearchEntitlementsRequest) GetFilter() string

func (*SearchEntitlementsRequest) GetPageSize 

func (x *SearchEntitlementsRequest) GetPageSize() int32

func (*SearchEntitlementsRequest) GetPageToken 

func (x *SearchEntitlementsRequest) GetPageToken() string

func (*SearchEntitlementsRequest) GetParent 

func (x *SearchEntitlementsRequest) GetParent() string

func (*SearchEntitlementsRequest) ProtoMessage 

func (*SearchEntitlementsRequest) ProtoMessage()

func (*SearchEntitlementsRequest) ProtoReflect 

func (x *SearchEntitlementsRequest) ProtoReflect() protoreflect.Message

func (*SearchEntitlementsRequest) Reset 

func (x *SearchEntitlementsRequest) Reset()

func (*SearchEntitlementsRequest) String 

func (x *SearchEntitlementsRequest) String() string

type SearchEntitlementsRequest_CallerAccessType 

type SearchEntitlementsRequest_CallerAccessType int32

Different types of access a user can have on the entitlement resource. 

const (
	// Unspecified access type.
	SearchEntitlementsRequest_CALLER_ACCESS_TYPE_UNSPECIFIED SearchEntitlementsRequest_CallerAccessType = 0
	// The user has access to create grants using this entitlement.
	SearchEntitlementsRequest_GRANT_REQUESTER SearchEntitlementsRequest_CallerAccessType = 1
	// The user has access to approve/deny grants created under this
	// entitlement.
	SearchEntitlementsRequest_GRANT_APPROVER SearchEntitlementsRequest_CallerAccessType = 2
)

func (SearchEntitlementsRequest_CallerAccessType) Descriptor 

func (SearchEntitlementsRequest_CallerAccessType) Descriptor() protoreflect.EnumDescriptor

func (SearchEntitlementsRequest_CallerAccessType) Enum 

func (x SearchEntitlementsRequest_CallerAccessType) Enum() *SearchEntitlementsRequest_CallerAccessType

func (SearchEntitlementsRequest_CallerAccessType) EnumDescriptor deprecated 

func (SearchEntitlementsRequest_CallerAccessType) EnumDescriptor() ([]byte, []int)

Deprecated: Use SearchEntitlementsRequest_CallerAccessType.Descriptor instead.

func (SearchEntitlementsRequest_CallerAccessType) Number 

func (x SearchEntitlementsRequest_CallerAccessType) Number() protoreflect.EnumNumber

func (SearchEntitlementsRequest_CallerAccessType) String 

func (x SearchEntitlementsRequest_CallerAccessType) String() string

func (SearchEntitlementsRequest_CallerAccessType) Type 

func (SearchEntitlementsRequest_CallerAccessType) Type() protoreflect.EnumType

type SearchEntitlementsResponse 

type SearchEntitlementsResponse struct {

	// The list of entitlements.
	Entitlements []*Entitlement `protobuf:"bytes,1,rep,name=entitlements,proto3" json:"entitlements,omitempty"`
	// A token identifying a page of results the server should return.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

Response message for `SearchEntitlements` method.

func (*SearchEntitlementsResponse) Descriptor deprecated 

func (*SearchEntitlementsResponse) Descriptor() ([]byte, []int)

Deprecated: Use SearchEntitlementsResponse.ProtoReflect.Descriptor instead.

func (*SearchEntitlementsResponse) GetEntitlements 

func (x *SearchEntitlementsResponse) GetEntitlements() []*Entitlement

func (*SearchEntitlementsResponse) GetNextPageToken 

func (x *SearchEntitlementsResponse) GetNextPageToken() string

func (*SearchEntitlementsResponse) ProtoMessage 

func (*SearchEntitlementsResponse) ProtoMessage()

func (*SearchEntitlementsResponse) ProtoReflect 

func (x *SearchEntitlementsResponse) ProtoReflect() protoreflect.Message

func (*SearchEntitlementsResponse) Reset 

func (x *SearchEntitlementsResponse) Reset()

func (*SearchEntitlementsResponse) String 

func (x *SearchEntitlementsResponse) String() string

type SearchGrantsRequest 

type SearchGrantsRequest struct {

	// Required. The parent which owns the grant resources.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. Only grants which the caller is related to by this relationship
	// are returned in the response.
	CallerRelationship SearchGrantsRequest_CallerRelationshipType `` /* 205-byte string literal not displayed */
	// Optional. Only grants matching this filter are returned in the response.
	Filter string `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Requested page size. The server may return fewer items than
	// requested. If unspecified, server picks an appropriate default.
	PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. A token identifying a page of results the server should return.
	PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

Request message for `SearchGrants` method.

func (*SearchGrantsRequest) Descriptor deprecated 

func (*SearchGrantsRequest) Descriptor() ([]byte, []int)

Deprecated: Use SearchGrantsRequest.ProtoReflect.Descriptor instead.

func (*SearchGrantsRequest) GetCallerRelationship 

func (x *SearchGrantsRequest) GetCallerRelationship() SearchGrantsRequest_CallerRelationshipType

func (*SearchGrantsRequest) GetFilter 

func (x *SearchGrantsRequest) GetFilter() string

func (*SearchGrantsRequest) GetPageSize 

func (x *SearchGrantsRequest) GetPageSize() int32

func (*SearchGrantsRequest) GetPageToken 

func (x *SearchGrantsRequest) GetPageToken() string

func (*SearchGrantsRequest) GetParent 

func (x *SearchGrantsRequest) GetParent() string

func (*SearchGrantsRequest) ProtoMessage 

func (*SearchGrantsRequest) ProtoMessage()

func (*SearchGrantsRequest) ProtoReflect 

func (x *SearchGrantsRequest) ProtoReflect() protoreflect.Message

func (*SearchGrantsRequest) Reset 

func (x *SearchGrantsRequest) Reset()

func (*SearchGrantsRequest) String 

func (x *SearchGrantsRequest) String() string

type SearchGrantsRequest_CallerRelationshipType 

type SearchGrantsRequest_CallerRelationshipType int32

Different types of relationships a user can have with a grant. 

const (
	// Unspecified caller relationship type.
	SearchGrantsRequest_CALLER_RELATIONSHIP_TYPE_UNSPECIFIED SearchGrantsRequest_CallerRelationshipType = 0
	// The user created this grant by calling `CreateGrant` earlier.
	SearchGrantsRequest_HAD_CREATED SearchGrantsRequest_CallerRelationshipType = 1
	// The user is an approver for the entitlement that this grant is parented
	// under and can currently approve/deny it.
	SearchGrantsRequest_CAN_APPROVE SearchGrantsRequest_CallerRelationshipType = 2
	// The caller had successfully approved/denied this grant earlier.
	SearchGrantsRequest_HAD_APPROVED SearchGrantsRequest_CallerRelationshipType = 3
)

func (SearchGrantsRequest_CallerRelationshipType) Descriptor 

func (SearchGrantsRequest_CallerRelationshipType) Descriptor() protoreflect.EnumDescriptor

func (SearchGrantsRequest_CallerRelationshipType) Enum 

func (x SearchGrantsRequest_CallerRelationshipType) Enum() *SearchGrantsRequest_CallerRelationshipType

func (SearchGrantsRequest_CallerRelationshipType) EnumDescriptor deprecated 

func (SearchGrantsRequest_CallerRelationshipType) EnumDescriptor() ([]byte, []int)

Deprecated: Use SearchGrantsRequest_CallerRelationshipType.Descriptor instead.

func (SearchGrantsRequest_CallerRelationshipType) Number 

func (x SearchGrantsRequest_CallerRelationshipType) Number() protoreflect.EnumNumber

func (SearchGrantsRequest_CallerRelationshipType) String 

func (x SearchGrantsRequest_CallerRelationshipType) String() string

func (SearchGrantsRequest_CallerRelationshipType) Type 

func (SearchGrantsRequest_CallerRelationshipType) Type() protoreflect.EnumType

type SearchGrantsResponse 

type SearchGrantsResponse struct {

	// The list of grants.
	Grants []*Grant `protobuf:"bytes,1,rep,name=grants,proto3" json:"grants,omitempty"`
	// A token identifying a page of results the server should return.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

Response message for `SearchGrants` method.

func (*SearchGrantsResponse) Descriptor deprecated 

func (*SearchGrantsResponse) Descriptor() ([]byte, []int)

Deprecated: Use SearchGrantsResponse.ProtoReflect.Descriptor instead.

func (*SearchGrantsResponse) GetGrants 

func (x *SearchGrantsResponse) GetGrants() []*Grant

func (*SearchGrantsResponse) GetNextPageToken 

func (x *SearchGrantsResponse) GetNextPageToken() string

func (*SearchGrantsResponse) ProtoMessage 

func (*SearchGrantsResponse) ProtoMessage()

func (*SearchGrantsResponse) ProtoReflect 

func (x *SearchGrantsResponse) ProtoReflect() protoreflect.Message

func (*SearchGrantsResponse) Reset 

func (x *SearchGrantsResponse) Reset()

func (*SearchGrantsResponse) String 

func (x *SearchGrantsResponse) String() string

type UnimplementedPrivilegedAccessManagerServer 

type UnimplementedPrivilegedAccessManagerServer struct {
}

UnimplementedPrivilegedAccessManagerServer must be embedded to have forward compatible implementations.

func (UnimplementedPrivilegedAccessManagerServer) ApproveGrant 

func (UnimplementedPrivilegedAccessManagerServer) ApproveGrant(context.Context, *ApproveGrantRequest) (*Grant, error)

func (UnimplementedPrivilegedAccessManagerServer) CheckOnboardingStatus 

func (UnimplementedPrivilegedAccessManagerServer) CheckOnboardingStatus(context.Context, *CheckOnboardingStatusRequest) (*CheckOnboardingStatusResponse, error)

func (UnimplementedPrivilegedAccessManagerServer) CreateEntitlement 

func (UnimplementedPrivilegedAccessManagerServer) CreateEntitlement(context.Context, *CreateEntitlementRequest) (*longrunningpb.Operation, error)

func (UnimplementedPrivilegedAccessManagerServer) CreateGrant 

func (UnimplementedPrivilegedAccessManagerServer) CreateGrant(context.Context, *CreateGrantRequest) (*Grant, error)

func (UnimplementedPrivilegedAccessManagerServer) DeleteEntitlement 

func (UnimplementedPrivilegedAccessManagerServer) DeleteEntitlement(context.Context, *DeleteEntitlementRequest) (*longrunningpb.Operation, error)

func (UnimplementedPrivilegedAccessManagerServer) DenyGrant 

func (UnimplementedPrivilegedAccessManagerServer) DenyGrant(context.Context, *DenyGrantRequest) (*Grant, error)

func (UnimplementedPrivilegedAccessManagerServer) GetEntitlement 

func (UnimplementedPrivilegedAccessManagerServer) GetEntitlement(context.Context, *GetEntitlementRequest) (*Entitlement, error)

func (UnimplementedPrivilegedAccessManagerServer) GetGrant 

func (UnimplementedPrivilegedAccessManagerServer) GetGrant(context.Context, *GetGrantRequest) (*Grant, error)

func (UnimplementedPrivilegedAccessManagerServer) ListEntitlements 

func (UnimplementedPrivilegedAccessManagerServer) ListEntitlements(context.Context, *ListEntitlementsRequest) (*ListEntitlementsResponse, error)

func (UnimplementedPrivilegedAccessManagerServer) ListGrants 

func (UnimplementedPrivilegedAccessManagerServer) ListGrants(context.Context, *ListGrantsRequest) (*ListGrantsResponse, error)

func (UnimplementedPrivilegedAccessManagerServer) RevokeGrant 

func (UnimplementedPrivilegedAccessManagerServer) RevokeGrant(context.Context, *RevokeGrantRequest) (*longrunningpb.Operation, error)

func (UnimplementedPrivilegedAccessManagerServer) SearchEntitlements 

func (UnimplementedPrivilegedAccessManagerServer) SearchEntitlements(context.Context, *SearchEntitlementsRequest) (*SearchEntitlementsResponse, error)

func (UnimplementedPrivilegedAccessManagerServer) SearchGrants 

func (UnimplementedPrivilegedAccessManagerServer) SearchGrants(context.Context, *SearchGrantsRequest) (*SearchGrantsResponse, error)

func (UnimplementedPrivilegedAccessManagerServer) UpdateEntitlement 

func (UnimplementedPrivilegedAccessManagerServer) UpdateEntitlement(context.Context, *UpdateEntitlementRequest) (*longrunningpb.Operation, error)

type UnsafePrivilegedAccessManagerServer 

type UnsafePrivilegedAccessManagerServer interface {
	// contains filtered or unexported methods
}

UnsafePrivilegedAccessManagerServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to PrivilegedAccessManagerServer will result in compilation errors.

type UpdateEntitlementRequest 

type UpdateEntitlementRequest struct {

	// Required. The entitlement resource that is updated.
	Entitlement *Entitlement `protobuf:"bytes,1,opt,name=entitlement,proto3" json:"entitlement,omitempty"`
	// Required. The list of fields to update. A field is overwritten if, and only
	// if, it is in the mask. Any immutable fields set in the mask are ignored by
	// the server. Repeated fields and map fields are only allowed in the last
	// position of a `paths` string and overwrite the existing values. Hence an
	// update to a repeated field or a map should contain the entire list of
	// values. The fields specified in the update_mask are relative to the
	// resource and not to the request.
	// (e.g. `MaxRequestDuration`; *not* `entitlement.MaxRequestDuration`)
	// A value of '*' for this field refers to full replacement of the resource.
	UpdateMask *field_mask.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

Message for updating an entitlement.

func (*UpdateEntitlementRequest) Descriptor deprecated 

func (*UpdateEntitlementRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateEntitlementRequest.ProtoReflect.Descriptor instead.

func (*UpdateEntitlementRequest) GetEntitlement 

func (x *UpdateEntitlementRequest) GetEntitlement() *Entitlement

func (*UpdateEntitlementRequest) GetUpdateMask 

func (x *UpdateEntitlementRequest) GetUpdateMask() *field_mask.FieldMask

func (*UpdateEntitlementRequest) ProtoMessage 

func (*UpdateEntitlementRequest) ProtoMessage()

func (*UpdateEntitlementRequest) ProtoReflect 

func (x *UpdateEntitlementRequest) ProtoReflect() protoreflect.Message

func (*UpdateEntitlementRequest) Reset 

func (x *UpdateEntitlementRequest) Reset()

func (*UpdateEntitlementRequest) String 

func (x *UpdateEntitlementRequest) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.