PrivilegedAccessManager

google_cloud_privilegedaccessmanager_v1::client

Struct PrivilegedAccessManager 

Source 
pub struct PrivilegedAccessManager { /* private fields */ }
Expand description

Implements a client for the Privileged Access Manager API.

§Example

let client = PrivilegedAccessManager::builder().build().await?;
// use `client` to make requests to the Privileged Access Manager API.

§Service Description

This API allows customers to manage temporary, request based privileged access to their resources.

It defines the following resource model:

  • A collection of Entitlement resources. An entitlement allows configuring (among other things):

    • Some kind of privileged access that users can request.
    • A set of users called requesters who can request this access.
    • A maximum duration for which the access can be requested.
    • An optional approval workflow which must be satisfied before access is granted.

  • A collection of Grant resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.

    After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.

§Configuration

To configure PrivilegedAccessManager use the with_* methods in the type returned by builder(). The default configuration should work for most applications. Common configuration changes include

  • with_endpoint(): by default this client uses the global default endpoint (https://privilegedaccessmanager.googleapis.com). Applications using regional endpoints or running in restricted networks (e.g. a network configured override this default.
  • with_credentials(): by default this client uses Application Default Credentials. Applications using custom authentication may need to override this default.

§Pooling and Cloning

PrivilegedAccessManager holds a connection pool internally, it is advised to create one and the reuse it. You do not need to wrap PrivilegedAccessManager in an Rc or Arc to reuse it, because it already uses an Arc internally.

Implementations§

Source§

impl PrivilegedAccessManager

Source

pub fn builder() -> ClientBuilder

Returns a builder for PrivilegedAccessManager.

let client = PrivilegedAccessManager::builder().build().await?;
Source

pub fn from_stub<T>(stub: T) -> Self
where T: PrivilegedAccessManager + 'static,

Creates a new client from the provided stub.

The most common case for calling this function is in tests mocking the client’s behavior.

Source

pub fn check_onboarding_status(&self) -> CheckOnboardingStatus

CheckOnboardingStatus reports the onboarding status for a project/folder/organization. Any findings reported by this API need to be fixed before PAM can be used on the resource.

Source

pub fn list_entitlements(&self) -> ListEntitlements

Lists entitlements in a given project/folder/organization and location.

Source

pub fn search_entitlements(&self) -> SearchEntitlements

SearchEntitlements returns entitlements on which the caller has the specified access.

Source

pub fn get_entitlement(&self) -> GetEntitlement

Gets details of a single entitlement.

Source

pub fn create_entitlement(&self) -> CreateEntitlement

Creates a new entitlement in a given project/folder/organization and location.

§Long running operations

This method is used to start, and/or poll a long-running Operation. The Working with long-running operations chapter in the user guide covers these operations in detail.

Source

pub fn delete_entitlement(&self) -> DeleteEntitlement

Deletes a single entitlement. This method can only be called when there are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the entitlement.

§Long running operations

This method is used to start, and/or poll a long-running Operation. The Working with long-running operations chapter in the user guide covers these operations in detail.

Source

pub fn update_entitlement(&self) -> UpdateEntitlement

Updates the entitlement specified in the request. Updated fields in the entitlement need to be specified in an update mask. The changes made to an entitlement are applicable only on future grants of the entitlement. However, if new approvers are added or existing approvers are removed from the approval workflow, the changes are effective on existing grants.

The following fields are not supported for updates:

  • All immutable fields
  • Entitlement name
  • Resource name
  • Resource type
  • Adding an approval workflow in an entitlement which previously had no approval workflow.
  • Deleting the approval workflow from an entitlement.
  • Adding or deleting a step in the approval workflow (only one step is supported)

Note that updates are allowed on the list of approvers in an approval workflow step.

§Long running operations

This method is used to start, and/or poll a long-running Operation. The Working with long-running operations chapter in the user guide covers these operations in detail.

Source

pub fn list_grants(&self) -> ListGrants

Lists grants for a given entitlement.

Source

pub fn search_grants(&self) -> SearchGrants

SearchGrants returns grants that are related to the calling user in the specified way.

Source

pub fn get_grant(&self) -> GetGrant

Get details of a single grant.

Source

pub fn create_grant(&self) -> CreateGrant

Creates a new grant in a given project/folder/organization and location.

Source

pub fn approve_grant(&self) -> ApproveGrant

ApproveGrant is used to approve a grant. This method can only be called on a grant when it’s in the APPROVAL_AWAITED state. This operation can’t be undone.

Source

pub fn deny_grant(&self) -> DenyGrant

DenyGrant is used to deny a grant. This method can only be called on a grant when it’s in the APPROVAL_AWAITED state. This operation can’t be undone.

Source

pub fn revoke_grant(&self) -> RevokeGrant

RevokeGrant is used to immediately revoke access for a grant. This method can be called when the grant is in a non-terminal state.

§Long running operations

This method is used to start, and/or poll a long-running Operation. The Working with long-running operations chapter in the user guide covers these operations in detail.

Source

pub fn list_locations(&self) -> ListLocations

Lists information about the supported locations for this service.

Source

pub fn get_location(&self) -> GetLocation

Gets information about a location.

Source

pub fn list_operations(&self) -> ListOperations

Provides the Operations service functionality in this service.

Source

pub fn get_operation(&self) -> GetOperation

Provides the Operations service functionality in this service.

Source

pub fn delete_operation(&self) -> DeleteOperation

Provides the Operations service functionality in this service.

Trait Implementations§

Source§

impl Clone for PrivilegedAccessManager

Source§

fn clone(&self) -> PrivilegedAccessManager

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PrivilegedAccessManager

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more