Class: Google::Apis::AccessapprovalV1::AccessApprovalSettings

Inherits:

Object

• Object
• Google::Apis::AccessapprovalV1::AccessApprovalSettings

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/accessapproval_v1/classes.rb,
lib/google/apis/accessapproval_v1/representations.rb,
lib/google/apis/accessapproval_v1/representations.rb

Overview

Settings on a Project/Folder/Organization related to Access Approval.

Instance Attribute Summary

• #active_key_version ⇒ String

  The asymmetric crypto key version to use for signing approval requests.

• #ancestor_has_active_key_version ⇒ Boolean (also: #ancestor_has_active_key_version?)

  Output only.

• #ancestors_enrolled_services ⇒ Array<Google::Apis::AccessapprovalV1::EnrolledService>

  Output only.

• #approval_policy ⇒ Google::Apis::AccessapprovalV1::CustomerApprovalApprovalPolicy

  Represents all the policies that can be set for Customer Approval.

• #effective_approval_policy ⇒ Google::Apis::AccessapprovalV1::CustomerApprovalApprovalPolicy

  Represents all the policies that can be set for Customer Approval.

• #enrolled_ancestor ⇒ Boolean (also: #enrolled_ancestor?)

  Output only.

• #enrolled_services ⇒ Array<Google::Apis::AccessapprovalV1::EnrolledService>

  A list of Google Cloud Services for which the given resource has Access Approval enrolled.

• #invalid_key_version ⇒ Boolean (also: #invalid_key_version?)

  Output only.

• #name ⇒ String

  The resource name of the settings.

• #notification_emails ⇒ Array<String>

  A list of email addresses to which notifications relating to approval requests should be sent.

• #notification_pubsub_topic ⇒ String

  Optional.

• #prefer_no_broad_approval_requests ⇒ Boolean (also: #prefer_no_broad_approval_requests?)

  This field is used to set a preference for granularity of an access approval request.

• #preferred_request_expiration_days ⇒ Fixnum

  Set the default access approval request expiration time.

• #request_scope_max_width_preference ⇒ String

  Optional.

• #require_customer_visible_justification ⇒ Boolean (also: #require_customer_visible_justification?)

  Optional.

Instance Method Summary

• #initialize(**args) ⇒ AccessApprovalSettings constructor

  A new instance of AccessApprovalSettings.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ AccessApprovalSettings

Returns a new instance of AccessApprovalSettings.

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 175

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#active_key_version ⇒ String

The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a Google-managed key should be used for signing. This property will be ignored if set by an ancestor of this resource, and new non-empty values may not be set. Corresponds to the JSON property activeKeyVersion

Returns:

• (String)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 62

def active_key_version
  @active_key_version
end

#ancestor_has_active_key_version ⇒ Boolean Also known as: ancestor_has_active_key_version?

Output only. This field is read only (not settable via UpdateAccessApprovalSettings method). If the field is true, that indicates that an ancestor of this Project or Folder has set active_key_version (this field will always be unset for the organization since organizations do not have ancestors). Corresponds to the JSON property ancestorHasActiveKeyVersion

Returns:

• (Boolean)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 71

def ancestor_has_active_key_version
  @ancestor_has_active_key_version
end

#ancestors_enrolled_services ⇒ Array<Google::Apis::AccessapprovalV1::EnrolledService>

Output only. Field to differentiate ancestor enrolled services from locally enrolled services. Corresponds to the JSON property ancestorsEnrolledServices

Returns:

• (Array<Google::Apis::AccessapprovalV1::EnrolledService>)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 78

def ancestors_enrolled_services
  @ancestors_enrolled_services
end

#approval_policy ⇒ Google::Apis::AccessapprovalV1::CustomerApprovalApprovalPolicy

Represents all the policies that can be set for Customer Approval. Corresponds to the JSON property approvalPolicy

Returns:

• (Google::Apis::AccessapprovalV1::CustomerApprovalApprovalPolicy)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 83

def approval_policy
  @approval_policy
end

#effective_approval_policy ⇒ Google::Apis::AccessapprovalV1::CustomerApprovalApprovalPolicy

Represents all the policies that can be set for Customer Approval. Corresponds to the JSON property effectiveApprovalPolicy

Returns:

• (Google::Apis::AccessapprovalV1::CustomerApprovalApprovalPolicy)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 88

def effective_approval_policy
  @effective_approval_policy
end

#enrolled_ancestor ⇒ Boolean Also known as: enrolled_ancestor?

Output only. This field is read only (not settable via UpdateAccessApprovalSettings method). If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project or Folder (this field will always be unset for the organization since organizations do not have ancestors). Corresponds to the JSON property enrolledAncestor

Returns:

• (Boolean)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 97

def enrolled_ancestor
  @enrolled_ancestor
end

#enrolled_services ⇒ Array<Google::Apis::AccessapprovalV1::EnrolledService>

A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the resource given by name against any of these services contained here will be required to have explicit approval. If name refers to an organization, enrollment can be done for individual services. If name refers to a folder or project, enrollment can only be done on an all or nothing basis. If a cloud_product is repeated in this list, the first entry will be honored and all following entries will be discarded. Corresponds to the JSON property enrolledServices

Returns:

• (Array<Google::Apis::AccessapprovalV1::EnrolledService>)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 109

def enrolled_services
  @enrolled_services
end

#invalid_key_version ⇒ Boolean Also known as: invalid_key_version?

Output only. This field is read only (not settable via UpdateAccessApprovalSettings method). If the field is true, that indicates that there is some configuration issue with the active_key_version configured at this level in the resource hierarchy (e.g. it doesn't exist or the Access Approval service account doesn't have the correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, as key versions are inherited top-down. Corresponds to the JSON property invalidKeyVersion

Returns:

• (Boolean)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 120

def invalid_key_version
  @invalid_key_version
end

#name ⇒ String

The resource name of the settings. Format is one of: * "projects/project/ accessApprovalSettings" * "folders/folder/accessApprovalSettings" * " organizations/organization/accessApprovalSettings" Corresponds to the JSON property name

Returns:

• (String)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 128

def name
  @name
end

#notification_emails ⇒ Array<String>

A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email addresses are allowed. Corresponds to the JSON property notificationEmails

Returns:

• (Array<String>)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 136

def notification_emails
  @notification_emails
end

#notification_pubsub_topic ⇒ String

Optional. A pubsub topic that notifications relating to access approval are published to. Notifications include pre-approved accesses. Corresponds to the JSON property notificationPubsubTopic

Returns:

• (String)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 142

def notification_pubsub_topic
  @notification_pubsub_topic
end

#prefer_no_broad_approval_requests ⇒ Boolean Also known as: prefer_no_broad_approval_requests?

This field is used to set a preference for granularity of an access approval request. If true, Google personnel will be asked to send resource-level requests when possible. If false, Google personnel will be asked to send requests at the project level. Corresponds to the JSON property preferNoBroadApprovalRequests

Returns:

• (Boolean)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 150

def prefer_no_broad_approval_requests
  @prefer_no_broad_approval_requests
end

#preferred_request_expiration_days ⇒ Fixnum

Set the default access approval request expiration time. This value is able to be set directly by the customer at the time of approval, overriding this suggested value. We recommend setting this value to 30 days. Corresponds to the JSON property preferredRequestExpirationDays

Returns:

• (Fixnum)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 158

def preferred_request_expiration_days
  @preferred_request_expiration_days
end

#request_scope_max_width_preference ⇒ String

Optional. A setting that indicates the maximum scope of an Access Approval request: either organization, folder, or project. Google administrators will be asked to send requests no broader than the configured scope. Corresponds to the JSON property requestScopeMaxWidthPreference

Returns:

• (String)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 165

def request_scope_max_width_preference
  @request_scope_max_width_preference
end

#require_customer_visible_justification ⇒ Boolean Also known as: require_customer_visible_justification?

Optional. When enabled, Google will only be able to send approval requests for access reasons with a customer accessible case ID in the reason detail. Also known as "Require customer initiated support case justification" Corresponds to the JSON property requireCustomerVisibleJustification

Returns:

• (Boolean)

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 172

def require_customer_visible_justification
  @require_customer_visible_justification
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/accessapproval_v1/classes.rb', line 180

def update!(**args)
  @active_key_version = args[:active_key_version] if args.key?(:active_key_version)
  @ancestor_has_active_key_version = args[:ancestor_has_active_key_version] if args.key?(:ancestor_has_active_key_version)
  @ancestors_enrolled_services = args[:ancestors_enrolled_services] if args.key?(:ancestors_enrolled_services)
  @approval_policy = args[:approval_policy] if args.key?(:approval_policy)
  @effective_approval_policy = args[:effective_approval_policy] if args.key?(:effective_approval_policy)
  @enrolled_ancestor = args[:enrolled_ancestor] if args.key?(:enrolled_ancestor)
  @enrolled_services = args[:enrolled_services] if args.key?(:enrolled_services)
  @invalid_key_version = args[:invalid_key_version] if args.key?(:invalid_key_version)
  @name = args[:name] if args.key?(:name)
  @notification_emails = args[:notification_emails] if args.key?(:notification_emails)
  @notification_pubsub_topic = args[:notification_pubsub_topic] if args.key?(:notification_pubsub_topic)
  @prefer_no_broad_approval_requests = args[:prefer_no_broad_approval_requests] if args.key?(:prefer_no_broad_approval_requests)
  @preferred_request_expiration_days = args[:preferred_request_expiration_days] if args.key?(:preferred_request_expiration_days)
  @request_scope_max_width_preference = args[:request_scope_max_width_preference] if args.key?(:request_scope_max_width_preference)
  @require_customer_visible_justification = args[:require_customer_visible_justification] if args.key?(:require_customer_visible_justification)
end