AccessApprovalClient

AccessApprovalClient

This API allows a customer to manage accesses to cloud resources by Google personnel. It defines the following resource model:

  • The API has a collection of ApprovalRequest resources, named approvalRequests/{approval_request}
  • The API has top-level settings per Project/Folder/Organization, named accessApprovalSettings

The service also periodically emails a list of recipients, defined at the Project/Folder/Organization level in the accessApprovalSettings, when there is a pending ApprovalRequest for them to act on. The ApprovalRequests can also optionally be published to a Pub/Sub topic owned by the customer (contact support if you would like to enable Pub/Sub notifications).

ApprovalRequests can be approved or dismissed. Google personnel can only access the indicated resource or resources if the request is approved (subject to some exclusions: https://cloud.google.com/access-approval/docs/overview#exclusions).

Note: Using Access Approval functionality will mean that Google may not be able to meet the SLAs for your chosen products, as any support response times may be dramatically increased. As such the SLAs do not apply to any service disruption to the extent impacted by Customer's use of Access Approval. Do not enable Access Approval for projects where you may require high service availability and rapid response by Google Cloud Support.

After a request is approved or dismissed, no further action may be taken on it. Requests with the requested_expiration in the past or with no activity for 14 days are considered dismissed. When an approval expires, the request is considered dismissed.

If a request is not approved or dismissed, we call it pending.

Constructor

new AccessApprovalClient(optionsopt, gaxInstanceopt)

Construct an instance of AccessApprovalClient.

Parameters:
Name Type Attributes Description
options object <optional>

The configuration object. The options accepted by the constructor are described in detail in this document. The common options are:

Properties
Name Type Attributes Description
credentials object <optional>

Credentials object.

Properties
Name Type Attributes Description
client_email string <optional>
private_key string <optional>
email string <optional>

Account email address. Required when using a .pem or .p12 keyFilename.
keyFilename string <optional>

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.
port number <optional>

The port on which to connect to the remote host.
projectId string <optional>

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.
apiEndpoint string <optional>

The domain name of the API remote host.
clientConfig gax.ClientConfig <optional>

Client configuration override. Follows the structure of gapicConfig.
fallback boolean <optional>

Use HTTP/1.1 REST mode. For more information, please check the documentation.
gaxInstance gax <optional>

loaded instance of google-gax. Useful if you need to avoid loading the default gRPC version and want to use the fallback HTTP implementation. Load only fallback version and pass it to the constructor: const gax = require('google-gax/build/src/fallback'); // avoids loading google-gax with gRPC const client = new AccessApprovalClient({fallback: true}, gax);

Members

apiEndpoint

The DNS address for this API service.

apiEndpoint

The DNS address for this API service - same as servicePath.

port

The port for this API service.

scopes

The scopes needed to make gRPC calls for every method defined in this service.

servicePath

The DNS address for this API service.

Methods

close() → {Promise}

Terminate the gRPC channel and close the client.

The client will no longer be usable and all future behavior is undefined.

Returns:
Type Description
Promise

A promise that resolves when the client is closed.

folderAccessApprovalSettingsPath(folder) → {string}

Return a fully-qualified folderAccessApprovalSettings resource name string.

Parameters:
Name Type Description
folder string
Returns:
Type Description
string

Resource name string.

folderApprovalRequestPath(folder, approval_request) → {string}

Return a fully-qualified folderApprovalRequest resource name string.

Parameters:
Name Type Description
folder string
approval_request string
Returns:
Type Description
string

Resource name string.

folderServiceAccountPath(folder) → {string}

Return a fully-qualified folderServiceAccount resource name string.

Parameters:
Name Type Description
folder string
Returns:
Type Description
string

Resource name string.

getProjectId() → {Promise}

Return the project ID used by this class.

Returns:
Type Description
Promise

A promise that resolves to string containing the project ID.

initialize() → {Promise}

Initialize the client. Performs asynchronous operations (such as authentication) and prepares the client. This function will be called automatically when any class method is called for the first time, but if you need to initialize it before calling an actual method, feel free to call initialize() directly.

You can await on this method if you want to make sure the client is initialized.

Returns:
Type Description
Promise

A promise that resolves to an authenticated service stub.

listApprovalRequestsAsync(request, optionsopt) → {Object}

Equivalent to listApprovalRequests, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

The parent resource. This may be "projects/{project}", "folders/{folder}", or "organizations/{organization}".
filter string

A filter on the type of approval requests to retrieve. Must be one of the following values:

* [not set]: Requests that are pending or have active approvals.
* ALL: All requests.
* PENDING: Only pending requests.
* ACTIVE: Only active (i.e. currently approved) requests.
* DISMISSED: Only requests that have been dismissed, or requests that
  are not approved and past expiration.
* EXPIRED: Only requests that have been approved, and the approval has
  expired.
* HISTORY: Active, dismissed and expired requests.
pageSize number

Requested page size.
pageToken string

A token identifying the page of results to return.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Object

An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing ApprovalRequest. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.
Example
  /**
   * This snippet has been automatically generated and should be regarded as a code template only.
   * It will require modifications to work.
   * It may require correct/in-range values for request initialization.
   * TODO(developer): Uncomment these variables before running the sample.
   */
  /**
   *  The parent resource. This may be "projects/{project}",
   *  "folders/{folder}", or "organizations/{organization}".
   */
  // const parent = 'abc123'
  /**
   *  A filter on the type of approval requests to retrieve. Must be one of the
   *  following values:
   *    * not set: Requests that are pending or have active approvals.
   *    * ALL: All requests.
   *    * PENDING: Only pending requests.
   *    * ACTIVE: Only active (i.e. currently approved) requests.
   *    * DISMISSED: Only requests that have been dismissed, or requests that
   *      are not approved and past expiration.
   *    * EXPIRED: Only requests that have been approved, and the approval has
   *      expired.
   *    * HISTORY: Active, dismissed and expired requests.
   */
  // const filter = 'abc123'
  /**
   *  Requested page size.
   */
  // const pageSize = 1234
  /**
   *  A token identifying the page of results to return.
   */
  // const pageToken = 'abc123'

  // Imports the Accessapproval library
  const {AccessApprovalClient} = require('@google-cloud/access-approval').v1;

  // Instantiates a client
  const accessapprovalClient = new AccessApprovalClient();

  async function callListApprovalRequests() {
    // Construct request
    const request = {
    };

    // Run request
    const iterable = accessapprovalClient.listApprovalRequestsAsync(request);
    for await (const response of iterable) {
        console.log(response);
    }
  }

  callListApprovalRequests();

listApprovalRequestsStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

The parent resource. This may be "projects/{project}", "folders/{folder}", or "organizations/{organization}".
filter string

A filter on the type of approval requests to retrieve. Must be one of the following values:

* [not set]: Requests that are pending or have active approvals.
* ALL: All requests.
* PENDING: Only pending requests.
* ACTIVE: Only active (i.e. currently approved) requests.
* DISMISSED: Only requests that have been dismissed, or requests that
  are not approved and past expiration.
* EXPIRED: Only requests that have been approved, and the approval has
  expired.
* HISTORY: Active, dismissed and expired requests.
pageSize number

Requested page size.
pageToken string

A token identifying the page of results to return.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Stream

An object stream which emits an object representing ApprovalRequest on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using listApprovalRequestsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

matchApprovalRequestFromFolderApprovalRequestName(folderApprovalRequestName) → {string}

Parse the approval_request from FolderApprovalRequest resource.

Parameters:
Name Type Description
folderApprovalRequestName string

A fully-qualified path representing folder_approval_request resource.
Returns:
Type Description
string

A string representing the approval_request.

matchApprovalRequestFromOrganizationApprovalRequestName(organizationApprovalRequestName) → {string}

Parse the approval_request from OrganizationApprovalRequest resource.

Parameters:
Name Type Description
organizationApprovalRequestName string

A fully-qualified path representing organization_approval_request resource.
Returns:
Type Description
string

A string representing the approval_request.

matchApprovalRequestFromProjectApprovalRequestName(projectApprovalRequestName) → {string}

Parse the approval_request from ProjectApprovalRequest resource.

Parameters:
Name Type Description
projectApprovalRequestName string

A fully-qualified path representing project_approval_request resource.
Returns:
Type Description
string

A string representing the approval_request.

matchFolderFromFolderAccessApprovalSettingsName(folderAccessApprovalSettingsName) → {string}

Parse the folder from FolderAccessApprovalSettings resource.

Parameters:
Name Type Description
folderAccessApprovalSettingsName string

A fully-qualified path representing folder_accessApprovalSettings resource.
Returns:
Type Description
string

A string representing the folder.

matchFolderFromFolderApprovalRequestName(folderApprovalRequestName) → {string}

Parse the folder from FolderApprovalRequest resource.

Parameters:
Name Type Description
folderApprovalRequestName string

A fully-qualified path representing folder_approval_request resource.
Returns:
Type Description
string

A string representing the folder.

matchFolderFromFolderServiceAccountName(folderServiceAccountName) → {string}

Parse the folder from FolderServiceAccount resource.

Parameters:
Name Type Description
folderServiceAccountName string

A fully-qualified path representing folder_serviceAccount resource.
Returns:
Type Description
string

A string representing the folder.

matchOrganizationFromOrganizationAccessApprovalSettingsName(organizationAccessApprovalSettingsName) → {string}

Parse the organization from OrganizationAccessApprovalSettings resource.

Parameters:
Name Type Description
organizationAccessApprovalSettingsName string

A fully-qualified path representing organization_accessApprovalSettings resource.
Returns:
Type Description
string

A string representing the organization.

matchOrganizationFromOrganizationApprovalRequestName(organizationApprovalRequestName) → {string}

Parse the organization from OrganizationApprovalRequest resource.

Parameters:
Name Type Description
organizationApprovalRequestName string

A fully-qualified path representing organization_approval_request resource.
Returns:
Type Description
string

A string representing the organization.

matchOrganizationFromOrganizationServiceAccountName(organizationServiceAccountName) → {string}

Parse the organization from OrganizationServiceAccount resource.

Parameters:
Name Type Description
organizationServiceAccountName string

A fully-qualified path representing organization_serviceAccount resource.
Returns:
Type Description
string

A string representing the organization.

matchProjectFromProjectAccessApprovalSettingsName(projectAccessApprovalSettingsName) → {string}

Parse the project from ProjectAccessApprovalSettings resource.

Parameters:
Name Type Description
projectAccessApprovalSettingsName string

A fully-qualified path representing project_accessApprovalSettings resource.
Returns:
Type Description
string

A string representing the project.

matchProjectFromProjectApprovalRequestName(projectApprovalRequestName) → {string}

Parse the project from ProjectApprovalRequest resource.

Parameters:
Name Type Description
projectApprovalRequestName string

A fully-qualified path representing project_approval_request resource.
Returns:
Type Description
string

A string representing the project.

matchProjectFromProjectName(projectName) → {string}

Parse the project from Project resource.

Parameters:
Name Type Description
projectName string

A fully-qualified path representing Project resource.
Returns:
Type Description
string

A string representing the project.

matchProjectFromProjectServiceAccountName(projectServiceAccountName) → {string}

Parse the project from ProjectServiceAccount resource.

Parameters:
Name Type Description
projectServiceAccountName string

A fully-qualified path representing project_serviceAccount resource.
Returns:
Type Description
string

A string representing the project.

organizationAccessApprovalSettingsPath(organization) → {string}

Return a fully-qualified organizationAccessApprovalSettings resource name string.

Parameters:
Name Type Description
organization string
Returns:
Type Description
string

Resource name string.

organizationApprovalRequestPath(organization, approval_request) → {string}

Return a fully-qualified organizationApprovalRequest resource name string.

Parameters:
Name Type Description
organization string
approval_request string
Returns:
Type Description
string

Resource name string.

organizationServiceAccountPath(organization) → {string}

Return a fully-qualified organizationServiceAccount resource name string.

Parameters:
Name Type Description
organization string
Returns:
Type Description
string

Resource name string.

projectAccessApprovalSettingsPath(project) → {string}

Return a fully-qualified projectAccessApprovalSettings resource name string.

Parameters:
Name Type Description
project string
Returns:
Type Description
string

Resource name string.

projectApprovalRequestPath(project, approval_request) → {string}

Return a fully-qualified projectApprovalRequest resource name string.

Parameters:
Name Type Description
project string
approval_request string
Returns:
Type Description
string

Resource name string.

projectPath(project) → {string}

Return a fully-qualified project resource name string.

Parameters:
Name Type Description
project string
Returns:
Type Description
string

Resource name string.

projectServiceAccountPath(project) → {string}

Return a fully-qualified projectServiceAccount resource name string.

Parameters:
Name Type Description
project string
Returns:
Type Description
string

Resource name string.