Types for Google Cloud Accessapproval v1 API¶
- class google.cloud.accessapproval_v1.types.AccessApprovalServiceAccount(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageAccess Approval service account related to a project/folder/organization.
- name¶
The resource name of the Access Approval service account. Format is one of:
“projects/{project}/serviceAccount”
“folders/{folder}/serviceAccount”
“organizations/{organization}/serviceAccount”.
- Type
- class google.cloud.accessapproval_v1.types.AccessApprovalSettings(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageSettings on a Project/Folder/Organization related to Access Approval.
- name¶
The resource name of the settings. Format is one of:
“projects/{project}/accessApprovalSettings”
“folders/{folder}/accessApprovalSettings”
“organizations/{organization}/accessApprovalSettings”.
- Type
- notification_emails¶
A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email addresses are allowed.
- Type
MutableSequence[str]
- enrolled_services¶
A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the resource given by name against any of these services contained here will be required to have explicit approval. If name refers to an organization, enrollment can be done for individual services. If name refers to a folder or project, enrollment can only be done on an all or nothing basis.
If a cloud_product is repeated in this list, the first entry will be honored and all following entries will be discarded. A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
- Type
MutableSequence[google.cloud.accessapproval_v1.types.EnrolledService]
- enrolled_ancestor¶
Output only. This field is read only (not settable via UpdateAccessApprovalSettings method). If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project or Folder (this field will always be unset for the organization since organizations do not have ancestors).
- Type
- active_key_version¶
The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a Google-managed key should be used for signing. This property will be ignored if set by an ancestor of this resource, and new non-empty values may not be set.
- Type
- ancestor_has_active_key_version¶
Output only. This field is read only (not settable via UpdateAccessApprovalSettings method). If the field is true, that indicates that an ancestor of this Project or Folder has set active_key_version (this field will always be unset for the organization since organizations do not have ancestors).
- Type
- invalid_key_version¶
Output only. This field is read only (not settable via UpdateAccessApprovalSettings method). If the field is true, that indicates that there is some configuration issue with the active_key_version configured at this level in the resource hierarchy (e.g. it doesn’t exist or the Access Approval service account doesn’t have the correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, as key versions are inherited top-down.
- Type
- class google.cloud.accessapproval_v1.types.AccessLocations(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageHome office and physical location of the principal.
- principal_office_country¶
The “home office” location of the principal. A two-letter country code (ISO 3166-1 alpha-2), such as “US”, “DE” or “GB” or a region code. In some limited situations Google systems may refer refer to a region code instead of a country code. Possible Region Codes:
ASI: Asia
EUR: Europe
OCE: Oceania
AFR: Africa
NAM: North America
SAM: South America
ANT: Antarctica
ANY: Any location
- Type
- principal_physical_location_country¶
Physical location of the principal at the time of the access. A two-letter country code (ISO 3166-1 alpha-2), such as “US”, “DE” or “GB” or a region code. In some limited situations Google systems may refer refer to a region code instead of a country code. Possible Region Codes:
ASI: Asia
EUR: Europe
OCE: Oceania
AFR: Africa
NAM: North America
SAM: South America
ANT: Antarctica
ANY: Any location
- Type
- class google.cloud.accessapproval_v1.types.AccessReason(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message- type_¶
Type of access justification.
- class Type(value)[source]¶
Bases:
proto.enums.EnumType of access justification.
- Values:
- TYPE_UNSPECIFIED (0):
Default value for proto, shouldn’t be used.
- CUSTOMER_INITIATED_SUPPORT (1):
Customer made a request or raised an issue that required the principal to access customer data.
detailis of the form (“#####” is the issue ID):“Feedback Report: #####”
“Case Number: #####”
“Case ID: #####”
“E-PIN Reference: #####”
“Google-#####”
“T-#####”.
- GOOGLE_INITIATED_SERVICE (2):
The principal accessed customer data in order to diagnose or resolve a suspected issue in services. Often this access is used to confirm that customers are not affected by a suspected service issue or to remediate a reversible system issue.
- GOOGLE_INITIATED_REVIEW (3):
Google initiated service for security, fraud, abuse, or compliance purposes.
- THIRD_PARTY_DATA_REQUEST (4):
The principal was compelled to access customer data in order to respond to a legal third party data request or process, including legal processes from customers themselves.
- GOOGLE_RESPONSE_TO_PRODUCTION_ALERT (5):
The principal accessed customer data in order to diagnose or resolve a suspected issue in services or a known outage.
- class google.cloud.accessapproval_v1.types.ApprovalRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageA request for the customer to approve access to a resource.
This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.
- name¶
The resource name of the request. Format is “{projects|folders|organizations}/{id}/approvalRequests/{approval_request}”.
- Type
- requested_resource_name¶
The resource for which approval is being requested. The format of the resource name is defined at https://cloud.google.com/apis/design/resource_names. The resource name here may either be a “full” resource name (e.g. “//library.googleapis.com/shelves/shelf1/books/book2”) or a “relative” resource name (e.g. “shelves/shelf1/books/book2”) as described in the resource name specification.
- Type
- requested_resource_properties¶
Properties related to the resource represented by requested_resource_name.
- requested_reason¶
The justification for which approval is being requested.
- requested_locations¶
The locations for which approval is being requested.
- request_time¶
The time at which approval was requested.
- requested_expiration¶
The requested expiration for the approval. If the request is approved, access will be granted from the time of approval until the expiration time.
- class google.cloud.accessapproval_v1.types.ApproveApprovalRequestMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to approve an ApprovalRequest.
- expire_time¶
The expiration time of this approval.
- class google.cloud.accessapproval_v1.types.ApproveDecision(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageA decision that has been made to approve access to a resource.
- approve_time¶
The time at which approval was granted.
- expire_time¶
The time at which the approval expires.
- invalidate_time¶
If set, denotes the timestamp at which the approval is invalidated.
- signature_info¶
The signature for the ApprovalRequest and details on how it was signed.
- class google.cloud.accessapproval_v1.types.DeleteAccessApprovalSettingsMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to delete access approval settings.
- class google.cloud.accessapproval_v1.types.DismissApprovalRequestMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to dismiss an approval request.
- class google.cloud.accessapproval_v1.types.DismissDecision(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageA decision that has been made to dismiss an approval request.
- dismiss_time¶
The time at which the approval request was dismissed.
- class google.cloud.accessapproval_v1.types.EnrolledService(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRepresents the enrollment of a cloud resource into a specific service.
- cloud_product¶
The product for which Access Approval will be enrolled. Allowed values are listed below (case-sensitive):
all
GA
App Engine
BigQuery
Cloud Bigtable
Cloud Key Management Service
Compute Engine
Cloud Dataflow
Cloud Dataproc
Cloud DLP
Cloud EKM
Cloud HSM
Cloud Identity and Access Management
Cloud Logging
Cloud Pub/Sub
Cloud Spanner
Cloud SQL
Cloud Storage
Google Kubernetes Engine
Organization Policy Serivice
Persistent Disk
Resource Manager
Secret Manager
Speaker ID
Note: These values are supported as input for legacy purposes, but will not be returned from the API.
all
ga-only
appengine.googleapis.com
bigquery.googleapis.com
bigtable.googleapis.com
container.googleapis.com
cloudkms.googleapis.com
cloudresourcemanager.googleapis.com
cloudsql.googleapis.com
compute.googleapis.com
dataflow.googleapis.com
dataproc.googleapis.com
dlp.googleapis.com
iam.googleapis.com
logging.googleapis.com
orgpolicy.googleapis.com
pubsub.googleapis.com
spanner.googleapis.com
secretmanager.googleapis.com
speakerid.googleapis.com
storage.googleapis.com
Calls to UpdateAccessApprovalSettings using ‘all’ or any of the XXX.googleapis.com will be translated to the associated product name (‘all’, ‘App Engine’, etc.).
Note: ‘all’ will enroll the resource in all products supported at both ‘GA’ and ‘Preview’ levels.
More information about levels of support is available at https://cloud.google.com/access-approval/docs/supported-services
- Type
- enrollment_level¶
The enrollment level of the service.
- class google.cloud.accessapproval_v1.types.EnrollmentLevel(value)[source]¶
Bases:
proto.enums.EnumRepresents the type of enrollment for a given service to Access Approval.
- Values:
- ENROLLMENT_LEVEL_UNSPECIFIED (0):
Default value for proto, shouldn’t be used.
- BLOCK_ALL (1):
Service is enrolled in Access Approval for all requests
- class google.cloud.accessapproval_v1.types.GetAccessApprovalServiceAccountMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to get an Access Approval service account.
- class google.cloud.accessapproval_v1.types.GetAccessApprovalSettingsMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to get access approval settings.
- class google.cloud.accessapproval_v1.types.GetApprovalRequestMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to get an approval request.
- class google.cloud.accessapproval_v1.types.InvalidateApprovalRequestMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to invalidate an existing approval.
- class google.cloud.accessapproval_v1.types.ListApprovalRequestsMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to list approval requests.
- parent¶
The parent resource. This may be “projects/{project}”, “folders/{folder}”, or “organizations/{organization}”.
- Type
- filter¶
A filter on the type of approval requests to retrieve. Must be one of the following values:
[not set]: Requests that are pending or have active approvals.
ALL: All requests.
PENDING: Only pending requests.
ACTIVE: Only active (i.e. currently approved) requests.
DISMISSED: Only requests that have been dismissed, or requests that are not approved and past expiration.
EXPIRED: Only requests that have been approved, and the approval has expired.
HISTORY: Active, dismissed and expired requests.
- Type
- class google.cloud.accessapproval_v1.types.ListApprovalRequestsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageResponse to listing of ApprovalRequest objects.
- approval_requests¶
Approval request details.
- Type
MutableSequence[google.cloud.accessapproval_v1.types.ApprovalRequest]
- class google.cloud.accessapproval_v1.types.ResourceProperties(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageThe properties associated with the resource of the request.
- class google.cloud.accessapproval_v1.types.SignatureInfo(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageInformation about the digital signature of the resource.
This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.
- class google.cloud.accessapproval_v1.types.UpdateAccessApprovalSettingsMessage(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.MessageRequest to update access approval settings.
- settings¶
The new AccessApprovalSettings.
- update_mask¶
The update mask applies to the settings. Only the top level fields of AccessApprovalSettings (notification_emails & enrolled_services) are supported. For each field, if it is included, the currently stored value will be entirely overwritten with the value of the field passed in this request.
For the
FieldMaskdefinition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask If this field is left unset, only the notification_emails field will be updated.
