Class: Google::Cloud::PrivilegedAccessManager::V1::Entitlement

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb

Overview

An entitlement defines the eligibility of a set of users to obtain predefined access for some time possibly after going through an approval workflow.

Defined Under Namespace

Modules: State Classes: AdditionalNotificationTargets, RequesterJustificationConfig

Instance Attribute Summary collapse

Instance Attribute Details

#additional_notification_targets::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::AdditionalNotificationTargets

Returns Optional. Additional email addresses to be notified based on actions taken.

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#approval_workflow::Google::Cloud::PrivilegedAccessManager::V1::ApprovalWorkflow

Returns Optional. The approvals needed before access are granted to a requester. No approvals are needed if this field is null.

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#create_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. Create time stamp.

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#eligible_users::Array<::Google::Cloud::PrivilegedAccessManager::V1::AccessControlEntry>

Returns Optional. Who can create grants using this entitlement. This list should contain at most one entry.

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#etag::String

Returns An etag is used for optimistic concurrency control as a way to prevent simultaneous updates to the same entitlement. An etag is returned in the response to GetEntitlement and the caller should put the etag in the request to UpdateEntitlement so that their change is applied on the same version. If this field is omitted or if there is a mismatch while updating an entitlement, then the server rejects the request.

Returns:

  • (::String)

    An etag is used for optimistic concurrency control as a way to prevent simultaneous updates to the same entitlement. An etag is returned in the response to GetEntitlement and the caller should put the etag in the request to UpdateEntitlement so that their change is applied on the same version. If this field is omitted or if there is a mismatch while updating an entitlement, then the server rejects the request.



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#max_request_duration::Google::Protobuf::Duration

Returns Required. The maximum amount of time that access is granted for a request. A requester can ask for a duration less than this, but never more.

Returns:

  • (::Google::Protobuf::Duration)

    Required. The maximum amount of time that access is granted for a request. A requester can ask for a duration less than this, but never more.



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#name::String

Returns Identifier. Name of the entitlement. Possible formats:

  • organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}
  • folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}
  • projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}.

Returns:

  • (::String)

    Identifier. Name of the entitlement. Possible formats:

    • organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}
    • folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}
    • projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}


124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#privileged_access::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccess

Returns The access granted to a requester on successful approval.

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#requester_justification_config::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig

Returns Required. The manner in which the requester should provide a justification for requesting access.

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#state::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::State (readonly)

Returns Output only. Current state of this entitlement.

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end

#update_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. Update time stamp.

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 124

class Entitlement
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Defines how a requester must provide a justification when requesting
  # access.
  # @!attribute [rw] not_mandatory
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::NotMandatory]
  #     This option means the requester isn't required to provide a
  #     justification.
  #
  #     Note: The following fields are mutually exclusive: `not_mandatory`, `unstructured`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] unstructured
  #   @return [::Google::Cloud::PrivilegedAccessManager::V1::Entitlement::RequesterJustificationConfig::Unstructured]
  #     This option means the requester must provide a string as
  #     justification. If this is selected, the server allows the requester
  #     to provide a justification but doesn't validate it.
  #
  #     Note: The following fields are mutually exclusive: `unstructured`, `not_mandatory`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  class RequesterJustificationConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The justification is not mandatory but can be provided in any of the
    # supported formats.
    class NotMandatory
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # The requester has to provide a justification in the form of a string.
    class Unstructured
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # `AdditionalNotificationTargets` includes email addresses to be notified.
  # @!attribute [rw] admin_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a principal
  #     (requester) is granted access.
  # @!attribute [rw] requester_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email address to be notified about an eligible
  #     entitlement.
  class AdditionalNotificationTargets
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different states an entitlement can be in.
  module State
    # Unspecified state. This value is never returned by the server.
    STATE_UNSPECIFIED = 0

    # The entitlement is being created.
    CREATING = 1

    # The entitlement is available for requesting access.
    AVAILABLE = 2

    # The entitlement is being deleted.
    DELETING = 3

    # The entitlement has been deleted.
    DELETED = 4

    # The entitlement is being updated.
    UPDATING = 5
  end
end