# frozen_string_literal: true # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Auto-generated by gapic-generator-ruby. DO NOT EDIT! module Google module Cloud module AccessApproval module V1 # Home office and physical location of the principal. # @!attribute [rw] principal_office_country # @return [String] # The "home office" location of the principal. A two-letter country code # (ISO 3166-1 alpha-2), such as "US", "DE" or "GB" or a region code. In some # limited situations Google systems may refer refer to a region code instead # of a country code. # Possible Region Codes: #
    #
  1. ASI: Asia
    2. #
  2. EUR: Europe
    3. #
  3. OCE: Oceania
    4. #
  4. AFR: Africa
    5. #
  5. NAM: North America
    6. #
  6. SAM: South America
    7. #
  7. ANT: Antarctica
    8. #
  8. ANY: Any location
    9. #
# @!attribute [rw] principal_physical_location_country # @return [String] # Physical location of the principal at the time of the access. A # two-letter country code (ISO 3166-1 alpha-2), such as "US", "DE" or "GB" or # a region code. In some limited situations Google systems may refer refer to # a region code instead of a country code. # Possible Region Codes: #
    #
  1. ASI: Asia
    2. #
  2. EUR: Europe
    3. #
  3. OCE: Oceania
    4. #
  4. AFR: Africa
    5. #
  5. NAM: North America
    6. #
  6. SAM: South America
    7. #
  7. ANT: Antarctica
    8. #
  8. ANY: Any location
    9. #
class AccessLocations include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] type # @return [Google::Cloud::AccessApproval::V1::AccessReason::Type] # Type of access justification. # @!attribute [rw] detail # @return [String] # More detail about certain reason types. See comments for each type above. class AccessReason include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods # Type of access justification. module Type # Default value for proto, shouldn't be used. TYPE_UNSPECIFIED = 0 # Customer made a request or raised an issue that required the principal to # access customer data. `detail` is of the form ("#####" is the issue ID): #
    #
  1. "Feedback Report: #####"
    2. #
  2. "Case Number: #####"
    3. #
  3. "Case ID: #####"
    4. #
  4. "E-PIN Reference: #####"
    5. #
  5. "Google-#####"
    6. #
  6. "T-#####"
    7. #
CUSTOMER_INITIATED_SUPPORT = 1 # The principal accessed customer data in order to diagnose or resolve a # suspected issue in services or a known outage. Often this access is used # to confirm that customers are not affected by a suspected service issue # or to remediate a reversible system issue. GOOGLE_INITIATED_SERVICE = 2 # Google initiated service for security, fraud, abuse, or compliance # purposes. GOOGLE_INITIATED_REVIEW = 3 end end # A decision that has been made to approve access to a resource. # @!attribute [rw] approve_time # @return [Google::Protobuf::Timestamp] # The time at which approval was granted. # @!attribute [rw] expire_time # @return [Google::Protobuf::Timestamp] # The time at which the approval expires. class ApproveDecision include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # A decision that has been made to dismiss an approval request. # @!attribute [rw] dismiss_time # @return [Google::Protobuf::Timestamp] # The time at which the approval request was dismissed. class DismissDecision include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # The properties associated with the resource of the request. # @!attribute [rw] excludes_descendants # @return [Boolean] # Whether an approval will exclude the descendants of the resource being # requested. class ResourceProperties include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # A request for the customer to approve access to a resource. # @!attribute [rw] name # @return [String] # The resource name of the request. Format is # "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request_id}". # @!attribute [rw] requested_resource_name # @return [String] # The resource for which approval is being requested. The format of the # resource name is defined at # https://cloud.google.com/apis/design/resource_names. The resource name here # may either be a "full" resource name (e.g. # "//library.googleapis.com/shelves/shelf1/books/book2") or a "relative" # resource name (e.g. "shelves/shelf1/books/book2") as described in the # resource name specification. # @!attribute [rw] requested_resource_properties # @return [Google::Cloud::AccessApproval::V1::ResourceProperties] # Properties related to the resource represented by requested_resource_name. # @!attribute [rw] requested_reason # @return [Google::Cloud::AccessApproval::V1::AccessReason] # The justification for which approval is being requested. # @!attribute [rw] requested_locations # @return [Google::Cloud::AccessApproval::V1::AccessLocations] # The locations for which approval is being requested. # @!attribute [rw] request_time # @return [Google::Protobuf::Timestamp] # The time at which approval was requested. # @!attribute [rw] requested_expiration # @return [Google::Protobuf::Timestamp] # The requested expiration for the approval. If the request is approved, # access will be granted from the time of approval until the expiration time. # @!attribute [rw] approve # @return [Google::Cloud::AccessApproval::V1::ApproveDecision] # Access was approved. # @!attribute [rw] dismiss # @return [Google::Cloud::AccessApproval::V1::DismissDecision] # The request was dismissed. class ApprovalRequest include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Represents the enrollment of a cloud resource into a specific service. # @!attribute [rw] cloud_product # @return [String] # The product for which Access Approval will be enrolled. Allowed values are # listed below (case-sensitive): #
    #
  1. all
    2. #
  2. appengine.googleapis.com
    3. #
  3. bigquery.googleapis.com
    4. #
  4. bigtable.googleapis.com
    5. #
  5. cloudkms.googleapis.com
    6. #
  6. compute.googleapis.com
    7. #
  7. dataflow.googleapis.com
    8. #
  8. iam.googleapis.com
    9. #
  9. pubsub.googleapis.com
    10. #
  10. storage.googleapis.com
    11. #
      # @!attribute [rw] enrollment_level # @return [Google::Cloud::AccessApproval::V1::EnrollmentLevel] # The enrollment level of the service. class EnrolledService include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Settings on a Project/Folder/Organization related to Access Approval. # @!attribute [rw] name # @return [String] # The resource name of the settings. Format is one of: #
        #
      1. "projects/\\{project_id}/accessApprovalSettings"
        2. #
      2. "folders/\\{folder_id}/accessApprovalSettings"
        3. #
      3. "organizations/\\{organization_id}/accessApprovalSettings"
        4. #
          # @!attribute [rw] notification_emails # @return [Array] # A list of email addresses to which notifications relating to approval # requests should be sent. Notifications relating to a resource will be sent # to all emails in the settings of ancestor resources of that resource. A # maximum of 50 email addresses are allowed. # @!attribute [rw] enrolled_services # @return [Array] # A list of Google Cloud Services for which the given resource has Access # Approval enrolled. Access requests for the resource given by name against # any of these services contained here will be required to have explicit # approval. If name refers to an organization, enrollment can be done for # individual services. If name refers to a folder or project, enrollment can # only be done on an all or nothing basis. # # If a cloud_product is repeated in this list, the first entry will be # honored and all following entries will be discarded. A maximum of 10 # enrolled services will be enforced, to be expanded as the set of supported # services is expanded. # @!attribute [r] enrolled_ancestor # @return [Boolean] # Output only. This field is read only (not settable via # UpdateAccessAccessApprovalSettings method). If the field is true, that # indicates that at least one service is enrolled for Access Approval in one # or more ancestors of the Project or Folder (this field will always be # unset for the organization since organizations do not have ancestors). class AccessApprovalSettings include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Request to list approval requests. # @!attribute [rw] parent # @return [String] # The parent resource. This may be "projects/\\{project_id}", # "folders/\\{folder_id}", or "organizations/\\{organization_id}". # @!attribute [rw] filter # @return [String] # A filter on the type of approval requests to retrieve. Must be one of the # following values: #
            #
          1. [not set]: Requests that are pending or have active approvals.
            2. #
          2. ALL: All requests.
            3. #
          3. PENDING: Only pending requests.
            4. #
          4. ACTIVE: Only active (i.e. currently approved) requests.
            5. #
          5. DISMISSED: Only dismissed (including expired) requests.
            6. #
          # @!attribute [rw] page_size # @return [Integer] # Requested page size. # @!attribute [rw] page_token # @return [String] # A token identifying the page of results to return. class ListApprovalRequestsMessage include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Response to listing of ApprovalRequest objects. # @!attribute [rw] approval_requests # @return [Array] # Approval request details. # @!attribute [rw] next_page_token # @return [String] # Token to retrieve the next page of results, or empty if there are no more. class ListApprovalRequestsResponse include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Request to get an approval request. # @!attribute [rw] name # @return [String] # Name of the approval request to retrieve. class GetApprovalRequestMessage include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Request to approve an ApprovalRequest. # @!attribute [rw] name # @return [String] # Name of the approval request to approve. # @!attribute [rw] expire_time # @return [Google::Protobuf::Timestamp] # The expiration time of this approval. class ApproveApprovalRequestMessage include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Request to dismiss an approval request. # @!attribute [rw] name # @return [String] # Name of the ApprovalRequest to dismiss. class DismissApprovalRequestMessage include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Request to get access approval settings. # @!attribute [rw] name # @return [String] # Name of the AccessApprovalSettings to retrieve. class GetAccessApprovalSettingsMessage include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Request to update access approval settings. # @!attribute [rw] settings # @return [Google::Cloud::AccessApproval::V1::AccessApprovalSettings] # The new AccessApprovalSettings. # @!attribute [rw] update_mask # @return [Google::Protobuf::FieldMask] # The update mask applies to the settings. Only the top level fields of # AccessApprovalSettings (notification_emails & enrolled_services) are # supported. For each field, if it is included, the currently stored value # will be entirely overwritten with the value of the field passed in this # request. # # For the `FieldMask` definition, see # https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask # If this field is left unset, only the notification_emails field will be # updated. class UpdateAccessApprovalSettingsMessage include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Request to delete access approval settings. # @!attribute [rw] name # @return [String] # Name of the AccessApprovalSettings to delete. class DeleteAccessApprovalSettingsMessage include Google::Protobuf::MessageExts extend Google::Protobuf::MessageExts::ClassMethods end # Represents the type of enrollment for a given service to Access Approval. module EnrollmentLevel # Default value for proto, shouldn't be used. ENROLLMENT_LEVEL_UNSPECIFIED = 0 # Service is enrolled in Access Approval for all requests BLOCK_ALL = 1 end end end end end