This product is not supported for your selected Datadog site. ().

gcp_privilegedaccessmanager_grant

additional_email_recipients

Type: UNORDERED_LIST_STRING
Provider name: additionalEmailRecipients
Description: Optional. Additional email addresses to notify for all the actions performed on the grant.

ancestors

Type: UNORDERED_LIST_STRING

audit_trail

Type: STRUCT
Provider name: auditTrail
Description: Output only. Audit trail of access provided by this grant. If unspecified then access was never granted.

  • access_grant_time
    Type: TIMESTAMP
    Provider name: accessGrantTime
    Description: Output only. The time at which access was given.
  • access_remove_time
    Type: TIMESTAMP
    Provider name: accessRemoveTime
    Description: Output only. The time at which the system removed access. This could be because of an automatic expiry or because of a revocation. If unspecified, then access hasn’t been removed yet.

create_time

Type: TIMESTAMP
Provider name: createTime
Description: Output only. Create time stamp.

externally_modified

Type: BOOLEAN
Provider name: externallyModified
Description: Output only. Flag set by the PAM system to indicate that policy bindings made by this grant have been modified from outside PAM. After it is set, this flag remains set forever irrespective of the grant state. A true value here indicates that PAM no longer has any certainty on the access a user has because of this grant.

justification

Type: STRUCT
Provider name: justification
Description: Optional. Justification of why this access is needed.

  • unstructured_justification
    Type: STRING
    Provider name: unstructuredJustification
    Description: A free form textual justification. The system only ensures that this is not empty. No other kind of validation is performed on the string.

labels

Type: UNORDERED_LIST_STRING

name

Type: STRING
Provider name: name
Description: Identifier. Name of this grant. Possible formats: * organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id} * folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id} * projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id} The last segment of this name ({grant-id}) is autogenerated.

organization_id

Type: STRING

parent

Type: STRING

privileged_access

Type: STRUCT
Provider name: privilegedAccess
Description: Output only. The access that would be granted by this grant.

  • gcp_iam_access
    Type: STRUCT
    Provider name: gcpIamAccess
    Description: Access to a Google Cloud resource through IAM.
    • resource
      Type: STRING
      Provider name: resource
      Description: Required. Name of the resource.
    • resource_type
      Type: STRING
      Provider name: resourceType
      Description: Required. The type of this resource.
    • role_bindings
      Type: UNORDERED_LIST_STRUCT
      Provider name: roleBindings
      Description: Required. Role bindings that are created on successful grant.
      • condition_expression
        Type: STRING
        Provider name: conditionExpression
        Description: Optional. The expression field of the IAM condition to be associated with the role. If specified, a user with an active grant for this entitlement is able to access the resource only if this condition evaluates to true for their request. This field uses the same CEL format as IAM and supports all attributes that IAM supports, except tags. https://cloud.google.com/iam/docs/conditions-overview#attributes.
      • role
        Type: STRING
        Provider name: role
        Description: Required. IAM role to be granted. https://cloud.google.com/iam/docs/roles-overview.

project_id

Type: STRING

project_number

Type: STRING

requested_duration

Type: STRING
Provider name: requestedDuration
Description: Required. The amount of time access is needed for. This value should be less than the max_request_duration value of the entitlement.

requester

Type: STRING
Provider name: requester
Description: Output only. Username of the user who created this grant.

resource_name

Type: STRING

state

Type: STRING
Provider name: state
Description: Output only. Current state of this grant.
Possible values:

  • STATE_UNSPECIFIED - Unspecified state. This value is never returned by the server.
  • APPROVAL_AWAITED - The entitlement had an approval workflow configured and this grant is waiting for the workflow to complete.
  • DENIED - The approval workflow completed with a denied result. No access is granted for this grant. This is a terminal state.
  • SCHEDULED - The approval workflow completed successfully with an approved result or none was configured. Access is provided at an appropriate time.
  • ACTIVATING - Access is being given.
  • ACTIVE - Access was successfully given and is currently active.
  • ACTIVATION_FAILED - The system could not give access due to a non-retriable error. This is a terminal state.
  • EXPIRED - Expired after waiting for the approval workflow to complete. This is a terminal state.
  • REVOKING - Access is being revoked.
  • REVOKED - Access was revoked by a user. This is a terminal state.
  • ENDED - System took back access as the requested duration was over. This is a terminal state.
  • WITHDRAWING - Access is being withdrawn.
  • WITHDRAWN - Grant was withdrawn by the grant owner. This is a terminal state.

tags

Type: UNORDERED_LIST_STRING

timeline

Type: STRUCT
Provider name: timeline
Description: Output only. Timeline of this grant.

  • events
    Type: UNORDERED_LIST_STRUCT
    Provider name: events
    Description: Output only. The events that have occurred on this grant. This list contains entries in the same order as they occurred. The first entry is always be of type Requested and there is always at least one entry in this array.

    • activated
      Type: STRUCT
      Provider name: activated
      Description: The grant was successfully activated to give access.

    • activation_failed
      Type: STRUCT
      Provider name: activationFailed
      Description: There was a non-retriable error while trying to give access.

      • error
        Type: STRUCT
        Provider name: error
        Description: Output only. The error that occurred while activating the grant.
        • code
          Type: INT32
          Provider name: code
          Description: The status code, which should be an enum value of google.rpc.Code.
        • message
          Type: STRING
          Provider name: message
          Description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.

    • approved
      Type: STRUCT
      Provider name: approved
      Description: The grant was approved.

      • actor
        Type: STRING
        Provider name: actor
        Description: Output only. Username of the user who approved the grant.
      • reason
        Type: STRING
        Provider name: reason
        Description: Output only. The reason provided by the approver for approving the grant.

    • denied
      Type: STRUCT
      Provider name: denied
      Description: The grant was denied.

      • actor
        Type: STRING
        Provider name: actor
        Description: Output only. Username of the user who denied the grant.
      • reason
        Type: STRING
        Provider name: reason
        Description: Output only. The reason provided by the approver for denying the grant.

    • ended
      Type: STRUCT
      Provider name: ended
      Description: Access given by the grant ended automatically as the approved duration was over.

    • event_time
      Type: TIMESTAMP
      Provider name: eventTime
      Description: Output only. The time (as recorded at server) when this event occurred.

    • expired
      Type: STRUCT
      Provider name: expired
      Description: The approval workflow did not complete in the necessary duration, and so the grant is expired.

    • externally_modified
      Type: STRUCT
      Provider name: externallyModified
      Description: The policy bindings made by grant have been modified outside of PAM.

    • requested
      Type: STRUCT
      Provider name: requested
      Description: The grant was requested.

      • expire_time
        Type: TIMESTAMP
        Provider name: expireTime
        Description: Output only. The time at which this grant expires unless the approval workflow completes. If omitted, then the request never expires.

    • revoked
      Type: STRUCT
      Provider name: revoked
      Description: The grant was revoked.

      • actor
        Type: STRING
        Provider name: actor
        Description: Output only. Username of the user who revoked the grant.
      • reason
        Type: STRING
        Provider name: reason
        Description: Output only. The reason provided by the user for revoking the grant.

    • scheduled
      Type: STRUCT
      Provider name: scheduled
      Description: The grant has been scheduled to give access.

      • scheduled_activation_time
        Type: TIMESTAMP
        Provider name: scheduledActivationTime
        Description: Output only. The time at which the access is granted.

    • withdrawn
      Type: STRUCT
      Provider name: withdrawn
      Description: The grant was withdrawn.

update_time

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. Update time stamp.