Skip to main content

Google Cloud Privilegedaccessmanager API client library

Project description

preview pypi versions

Privileged Access Manager: Privileged Access Manager (PAM) helps you on your journey towards least privilege and helps mitigate risks tied to privileged access misuse or abuse. PAM allows you to shift from always-on standing privileges towards on-demand access with just-in-time, time-bound, and approval-based access elevations. PAM allows IAM administrators to create entitlements that can grant just-in-time, temporary access to any resource scope. Requesters can explore eligible entitlements and request the access needed for their task. Approvers are notified when approvals await their decision. Streamlined workflows facilitated by using PAM can support various use cases, including emergency access for incident responders, time-boxed access for developers for critical deployment or maintenance, temporary access for operators for data ingestion and audits, JIT access to service accounts for automated tasks, and more.

Quick Start

In order to use this library, you first need to go through the following steps:

  1. Select or create a Cloud Platform project.

  2. Enable billing for your project.

  3. Enable the Privileged Access Manager.

  4. Set up Authentication.

Installation

Install this library in a virtual environment using venv. venv is a tool that creates isolated Python environments. These isolated environments can have separate versions of Python packages, which allows you to isolate one project’s dependencies from the dependencies of other projects.

With venv, it’s possible to install this library without needing system install permissions, and without clashing with the installed system dependencies.

Code samples and snippets

Code samples and snippets live in the samples/ folder.

Supported Python Versions

Our client libraries are compatible with all current active and maintenance versions of Python.

Python >= 3.10, including 3.14

Unsupported Python Versions

Python <= 3.9

If you are using an end-of-life version of Python, we recommend that you update as soon as possible to an actively supported version.

Mac/Linux

python3 -m venv <your-env>
source <your-env>/bin/activate
pip install google-cloud-privilegedaccessmanager

Windows

py -m venv <your-env>
.\<your-env>\Scripts\activate
pip install google-cloud-privilegedaccessmanager

Next Steps

Logging

This library uses the standard Python logging functionality to log some RPC events that could be of interest for debugging and monitoring purposes. Note the following:

  1. Logs may contain sensitive information. Take care to restrict access to the logs if they are saved, whether it be on local storage or on Google Cloud Logging.

  2. Google may refine the occurrence, level, and content of various log messages in this library without flagging such changes as breaking. Do not depend on immutability of the logging events.

  3. By default, the logging events from this library are not handled. You must explicitly configure log handling using one of the mechanisms below.

Simple, environment-based configuration

To enable logging for this library without any changes in your code, set the GOOGLE_SDK_PYTHON_LOGGING_SCOPE environment variable to a valid Google logging scope. This configures handling of logging events (at level logging.DEBUG or higher) from this library in a default manner, emitting the logged messages in a structured format. It does not currently allow customizing the logging levels captured nor the handlers, formatters, etc. used for any logging event.

A logging scope is a period-separated namespace that begins with google, identifying the Python module or package to log.

  • Valid logging scopes: google, google.cloud.asset.v1, google.api, google.auth, etc.

  • Invalid logging scopes: foo, 123, etc.

NOTE: If the logging scope is invalid, the library does not set up any logging handlers.

Environment-Based Examples

  • Enabling the default handler for all Google-based loggers

export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google
  • Enabling the default handler for a specific Google module (for a client library called library_v1):

export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google.cloud.library_v1

Advanced, code-based configuration

You can also configure a valid logging scope using Python’s standard logging mechanism.

Code-Based Examples

  • Configuring a handler for all Google-based loggers

import logging

from google.cloud import library_v1

base_logger = logging.getLogger("google")
base_logger.addHandler(logging.StreamHandler())
base_logger.setLevel(logging.DEBUG)
  • Configuring a handler for a specific Google module (for a client library called library_v1):

import logging

from google.cloud import library_v1

base_logger = logging.getLogger("google.cloud.library_v1")
base_logger.addHandler(logging.StreamHandler())
base_logger.setLevel(logging.DEBUG)

Logging details

  1. Regardless of which of the mechanisms above you use to configure logging for this library, by default logging events are not propagated up to the root logger from the google-level logger. If you need the events to be propagated to the root logger, you must explicitly set logging.getLogger("google").propagate = True in your code.

  2. You can mix the different logging configurations above for different Google modules. For example, you may want use a code-based logging configuration for one library, but decide you need to also set up environment-based logging configuration for another library.

    1. If you attempt to use both code-based and environment-based configuration for the same module, the environment-based configuration will be ineffectual if the code -based configuration gets applied first.

  3. The Google-specific logging configurations (default handlers for environment-based configuration; not propagating logging events to the root logger) get executed the first time any client library is instantiated in your application, and only if the affected loggers have not been previously configured. (This is the reason for 2.i. above.)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

google_cloud_privilegedaccessmanager-0.4.1.tar.gz (110.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file google_cloud_privilegedaccessmanager-0.4.1.tar.gz.

File metadata

File hashes

Hashes for google_cloud_privilegedaccessmanager-0.4.1.tar.gz
Algorithm Hash digest
SHA256 f0da4e36d98d69565f0607d855e44fd332876df0d7647ed195449aff2199672d
MD5 45ae80eb5652f37543029eb29585b86f
BLAKE2b-256 5b53f8c36758d91d33faf3e205d93cb99e4a328434dc857e810f04a1f6f284d4

See more details on using hashes here.

Provenance

The following attestation bundles were made for google_cloud_privilegedaccessmanager-0.4.1.tar.gz:

Publisher: google-cloud-sdk-py@oss-exit-gate-prod.iam.gserviceaccount.com

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.
  • Statement: Publication detail:
    • Token Issuer: https://accounts.google.com
    • Service Account: google-cloud-sdk-py@oss-exit-gate-prod.iam.gserviceaccount.com

File details

Details for the file google_cloud_privilegedaccessmanager-0.4.1-py3-none-any.whl.

File metadata

File hashes

Hashes for google_cloud_privilegedaccessmanager-0.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f409de15fec855f709d648464440464ef2cacdc757d6926c5077bb4c28c57fe3
MD5 281f748e2b94773eb94a57389dd5213c
BLAKE2b-256 11669c97fd8f4fa77d73da83e0c8b1a92ce3047ed9179717c7bc3875c2d82212

See more details on using hashes here.

Provenance

The following attestation bundles were made for google_cloud_privilegedaccessmanager-0.4.1-py3-none-any.whl:

Publisher: google-cloud-sdk-py@oss-exit-gate-prod.iam.gserviceaccount.com

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.
  • Statement: Publication detail:
    • Token Issuer: https://accounts.google.com
    • Service Account: google-cloud-sdk-py@oss-exit-gate-prod.iam.gserviceaccount.com

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page