Class: Google::Cloud::Asset::V1::IamPolicyAnalysisResult
- Inherits:
-
Object
- Object
- Google::Cloud::Asset::V1::IamPolicyAnalysisResult
- Extended by:
- Protobuf::MessageExts::ClassMethods
- Includes:
- Protobuf::MessageExts
- Defined in:
- proto_docs/google/cloud/asset/v1/assets.rb
Overview
IAM Policy analysis result, consisting of one IAM policy binding and derived access control lists.
Defined Under Namespace
Classes: Access, AccessControlList, Edge, Identity, IdentityList, Resource
Instance Attribute Summary collapse
-
#access_control_lists ⇒ ::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>
The access control lists derived from the iam_binding that match or potentially match resource and access selectors specified in the request.
-
#attached_resource_full_name ⇒ ::String
The full resource name of the resource to which the iam_binding policy attaches.
-
#fully_explored ⇒ ::Boolean
Represents whether all analyses on the iam_binding have successfully finished.
-
#iam_binding ⇒ ::Google::Iam::V1::Binding
The IAM policy binding under analysis.
-
#identity_list ⇒ ::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList
The identity list derived from members of the iam_binding that match or potentially match identity selector specified in the request.
Instance Attribute Details
#access_control_lists ⇒ ::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>
Returns The access control lists derived from the iam_binding that match or potentially match resource and access selectors specified in the request.
986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 |
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 986 class IamPolicyAnalysisResult include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A Google Cloud resource under analysis. # @!attribute [rw] full_resource_name # @return [::String] # The [full resource # name](https://cloud.google.com/asset-inventory/docs/resource-name-format) # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this resource. class Resource include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An IAM role or permission under analysis. # @!attribute [rw] role # @return [::String] # The role. # @!attribute [rw] permission # @return [::String] # The permission. # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this access. class Access include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An identity under analysis. # @!attribute [rw] name # @return [::String] # The identity of members, formatted as appear in an # [IAM policy # binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For # example, they might be formatted like the following: # # - user:[email protected] # - group:[email protected] # - serviceAccount:[email protected] # - projectOwner:some_project_id # - domain:google.com # - allUsers # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this identity. class Identity include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A directional edge. # @!attribute [rw] source_node # @return [::String] # The source node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. # @!attribute [rw] target_node # @return [::String] # The target node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. class Edge include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An access control list, derived from the above IAM policy binding, which # contains a set of resources and accesses. May include one # item from each set to compose an access control entry. # # NOTICE that there could be multiple access control lists for one IAM policy # binding. The access control lists are created based on resource and access # combinations. # # For example, assume we have the following cases in one IAM policy binding: # - Permission P1 and P2 apply to resource R1 and R2; # - Permission P3 applies to resource R2 and R3; # # This will result in the following access control lists: # - AccessControlList 1: [R1, R2], [P1, P2] # - AccessControlList 2: [R2, R3], [P3] # @!attribute [rw] resources # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>] # The resources that match one of the following conditions: # - The resource_selector, if it is specified in request; # - Otherwise, resources reachable from the policy attached resource. # @!attribute [rw] accesses # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>] # The accesses that match one of the following conditions: # - The access_selector, if it is specified in request; # - Otherwise, access specifiers reachable from the policy binding's role. # @!attribute [rw] resource_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Resource edges of the graph starting from the policy attached # resource to any descendant resources. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains the full resource name of a parent resource and # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains the full resource name of a child resource. This field is # present only if the output_resource_edges option is enabled in request. # @!attribute [rw] condition_evaluation # @return [::Google::Cloud::Asset::V1::ConditionEvaluation] # Condition evaluation for this AccessControlList, if there is a condition # defined in the above IAM policy binding. class AccessControlList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # The identities and group edges. # @!attribute [rw] identities # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>] # Only the identities that match one of the following conditions will be # presented: # - The identity_selector, if it is specified in request; # - Otherwise, identities reachable from the policy binding's members. # @!attribute [rw] group_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Group identity edges of the graph starting from the binding's # group members to any node of the # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList#identities identities}. # The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains a group, such as `group:[email protected]`. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains a member of the group, such as `group:[email protected]` or # `user:[email protected]`. This field is present only if the # output_group_edges option is enabled in request. class IdentityList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |
#attached_resource_full_name ⇒ ::String
Returns The full resource name of the resource to which the iam_binding policy attaches.
986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 |
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 986 class IamPolicyAnalysisResult include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A Google Cloud resource under analysis. # @!attribute [rw] full_resource_name # @return [::String] # The [full resource # name](https://cloud.google.com/asset-inventory/docs/resource-name-format) # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this resource. class Resource include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An IAM role or permission under analysis. # @!attribute [rw] role # @return [::String] # The role. # @!attribute [rw] permission # @return [::String] # The permission. # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this access. class Access include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An identity under analysis. # @!attribute [rw] name # @return [::String] # The identity of members, formatted as appear in an # [IAM policy # binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For # example, they might be formatted like the following: # # - user:[email protected] # - group:[email protected] # - serviceAccount:[email protected] # - projectOwner:some_project_id # - domain:google.com # - allUsers # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this identity. class Identity include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A directional edge. # @!attribute [rw] source_node # @return [::String] # The source node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. # @!attribute [rw] target_node # @return [::String] # The target node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. class Edge include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An access control list, derived from the above IAM policy binding, which # contains a set of resources and accesses. May include one # item from each set to compose an access control entry. # # NOTICE that there could be multiple access control lists for one IAM policy # binding. The access control lists are created based on resource and access # combinations. # # For example, assume we have the following cases in one IAM policy binding: # - Permission P1 and P2 apply to resource R1 and R2; # - Permission P3 applies to resource R2 and R3; # # This will result in the following access control lists: # - AccessControlList 1: [R1, R2], [P1, P2] # - AccessControlList 2: [R2, R3], [P3] # @!attribute [rw] resources # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>] # The resources that match one of the following conditions: # - The resource_selector, if it is specified in request; # - Otherwise, resources reachable from the policy attached resource. # @!attribute [rw] accesses # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>] # The accesses that match one of the following conditions: # - The access_selector, if it is specified in request; # - Otherwise, access specifiers reachable from the policy binding's role. # @!attribute [rw] resource_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Resource edges of the graph starting from the policy attached # resource to any descendant resources. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains the full resource name of a parent resource and # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains the full resource name of a child resource. This field is # present only if the output_resource_edges option is enabled in request. # @!attribute [rw] condition_evaluation # @return [::Google::Cloud::Asset::V1::ConditionEvaluation] # Condition evaluation for this AccessControlList, if there is a condition # defined in the above IAM policy binding. class AccessControlList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # The identities and group edges. # @!attribute [rw] identities # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>] # Only the identities that match one of the following conditions will be # presented: # - The identity_selector, if it is specified in request; # - Otherwise, identities reachable from the policy binding's members. # @!attribute [rw] group_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Group identity edges of the graph starting from the binding's # group members to any node of the # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList#identities identities}. # The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains a group, such as `group:[email protected]`. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains a member of the group, such as `group:[email protected]` or # `user:[email protected]`. This field is present only if the # output_group_edges option is enabled in request. class IdentityList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |
#fully_explored ⇒ ::Boolean
Returns Represents whether all analyses on the iam_binding have successfully finished.
986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 |
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 986 class IamPolicyAnalysisResult include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A Google Cloud resource under analysis. # @!attribute [rw] full_resource_name # @return [::String] # The [full resource # name](https://cloud.google.com/asset-inventory/docs/resource-name-format) # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this resource. class Resource include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An IAM role or permission under analysis. # @!attribute [rw] role # @return [::String] # The role. # @!attribute [rw] permission # @return [::String] # The permission. # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this access. class Access include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An identity under analysis. # @!attribute [rw] name # @return [::String] # The identity of members, formatted as appear in an # [IAM policy # binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For # example, they might be formatted like the following: # # - user:[email protected] # - group:[email protected] # - serviceAccount:[email protected] # - projectOwner:some_project_id # - domain:google.com # - allUsers # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this identity. class Identity include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A directional edge. # @!attribute [rw] source_node # @return [::String] # The source node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. # @!attribute [rw] target_node # @return [::String] # The target node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. class Edge include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An access control list, derived from the above IAM policy binding, which # contains a set of resources and accesses. May include one # item from each set to compose an access control entry. # # NOTICE that there could be multiple access control lists for one IAM policy # binding. The access control lists are created based on resource and access # combinations. # # For example, assume we have the following cases in one IAM policy binding: # - Permission P1 and P2 apply to resource R1 and R2; # - Permission P3 applies to resource R2 and R3; # # This will result in the following access control lists: # - AccessControlList 1: [R1, R2], [P1, P2] # - AccessControlList 2: [R2, R3], [P3] # @!attribute [rw] resources # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>] # The resources that match one of the following conditions: # - The resource_selector, if it is specified in request; # - Otherwise, resources reachable from the policy attached resource. # @!attribute [rw] accesses # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>] # The accesses that match one of the following conditions: # - The access_selector, if it is specified in request; # - Otherwise, access specifiers reachable from the policy binding's role. # @!attribute [rw] resource_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Resource edges of the graph starting from the policy attached # resource to any descendant resources. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains the full resource name of a parent resource and # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains the full resource name of a child resource. This field is # present only if the output_resource_edges option is enabled in request. # @!attribute [rw] condition_evaluation # @return [::Google::Cloud::Asset::V1::ConditionEvaluation] # Condition evaluation for this AccessControlList, if there is a condition # defined in the above IAM policy binding. class AccessControlList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # The identities and group edges. # @!attribute [rw] identities # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>] # Only the identities that match one of the following conditions will be # presented: # - The identity_selector, if it is specified in request; # - Otherwise, identities reachable from the policy binding's members. # @!attribute [rw] group_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Group identity edges of the graph starting from the binding's # group members to any node of the # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList#identities identities}. # The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains a group, such as `group:[email protected]`. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains a member of the group, such as `group:[email protected]` or # `user:[email protected]`. This field is present only if the # output_group_edges option is enabled in request. class IdentityList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |
#iam_binding ⇒ ::Google::Iam::V1::Binding
Returns The IAM policy binding under analysis.
986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 |
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 986 class IamPolicyAnalysisResult include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A Google Cloud resource under analysis. # @!attribute [rw] full_resource_name # @return [::String] # The [full resource # name](https://cloud.google.com/asset-inventory/docs/resource-name-format) # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this resource. class Resource include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An IAM role or permission under analysis. # @!attribute [rw] role # @return [::String] # The role. # @!attribute [rw] permission # @return [::String] # The permission. # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this access. class Access include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An identity under analysis. # @!attribute [rw] name # @return [::String] # The identity of members, formatted as appear in an # [IAM policy # binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For # example, they might be formatted like the following: # # - user:[email protected] # - group:[email protected] # - serviceAccount:[email protected] # - projectOwner:some_project_id # - domain:google.com # - allUsers # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this identity. class Identity include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A directional edge. # @!attribute [rw] source_node # @return [::String] # The source node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. # @!attribute [rw] target_node # @return [::String] # The target node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. class Edge include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An access control list, derived from the above IAM policy binding, which # contains a set of resources and accesses. May include one # item from each set to compose an access control entry. # # NOTICE that there could be multiple access control lists for one IAM policy # binding. The access control lists are created based on resource and access # combinations. # # For example, assume we have the following cases in one IAM policy binding: # - Permission P1 and P2 apply to resource R1 and R2; # - Permission P3 applies to resource R2 and R3; # # This will result in the following access control lists: # - AccessControlList 1: [R1, R2], [P1, P2] # - AccessControlList 2: [R2, R3], [P3] # @!attribute [rw] resources # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>] # The resources that match one of the following conditions: # - The resource_selector, if it is specified in request; # - Otherwise, resources reachable from the policy attached resource. # @!attribute [rw] accesses # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>] # The accesses that match one of the following conditions: # - The access_selector, if it is specified in request; # - Otherwise, access specifiers reachable from the policy binding's role. # @!attribute [rw] resource_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Resource edges of the graph starting from the policy attached # resource to any descendant resources. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains the full resource name of a parent resource and # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains the full resource name of a child resource. This field is # present only if the output_resource_edges option is enabled in request. # @!attribute [rw] condition_evaluation # @return [::Google::Cloud::Asset::V1::ConditionEvaluation] # Condition evaluation for this AccessControlList, if there is a condition # defined in the above IAM policy binding. class AccessControlList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # The identities and group edges. # @!attribute [rw] identities # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>] # Only the identities that match one of the following conditions will be # presented: # - The identity_selector, if it is specified in request; # - Otherwise, identities reachable from the policy binding's members. # @!attribute [rw] group_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Group identity edges of the graph starting from the binding's # group members to any node of the # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList#identities identities}. # The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains a group, such as `group:[email protected]`. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains a member of the group, such as `group:[email protected]` or # `user:[email protected]`. This field is present only if the # output_group_edges option is enabled in request. class IdentityList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |
#identity_list ⇒ ::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList
Returns The identity list derived from members of the iam_binding that match or potentially match identity selector specified in the request.
986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 |
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 986 class IamPolicyAnalysisResult include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A Google Cloud resource under analysis. # @!attribute [rw] full_resource_name # @return [::String] # The [full resource # name](https://cloud.google.com/asset-inventory/docs/resource-name-format) # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this resource. class Resource include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An IAM role or permission under analysis. # @!attribute [rw] role # @return [::String] # The role. # @!attribute [rw] permission # @return [::String] # The permission. # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this access. class Access include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An identity under analysis. # @!attribute [rw] name # @return [::String] # The identity of members, formatted as appear in an # [IAM policy # binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For # example, they might be formatted like the following: # # - user:[email protected] # - group:[email protected] # - serviceAccount:[email protected] # - projectOwner:some_project_id # - domain:google.com # - allUsers # @!attribute [rw] analysis_state # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState] # The analysis state of this identity. class Identity include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A directional edge. # @!attribute [rw] source_node # @return [::String] # The source node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. # @!attribute [rw] target_node # @return [::String] # The target node of the edge. For example, it could be a full resource # name for a resource node or an email of an identity. class Edge include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An access control list, derived from the above IAM policy binding, which # contains a set of resources and accesses. May include one # item from each set to compose an access control entry. # # NOTICE that there could be multiple access control lists for one IAM policy # binding. The access control lists are created based on resource and access # combinations. # # For example, assume we have the following cases in one IAM policy binding: # - Permission P1 and P2 apply to resource R1 and R2; # - Permission P3 applies to resource R2 and R3; # # This will result in the following access control lists: # - AccessControlList 1: [R1, R2], [P1, P2] # - AccessControlList 2: [R2, R3], [P3] # @!attribute [rw] resources # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>] # The resources that match one of the following conditions: # - The resource_selector, if it is specified in request; # - Otherwise, resources reachable from the policy attached resource. # @!attribute [rw] accesses # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>] # The accesses that match one of the following conditions: # - The access_selector, if it is specified in request; # - Otherwise, access specifiers reachable from the policy binding's role. # @!attribute [rw] resource_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Resource edges of the graph starting from the policy attached # resource to any descendant resources. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains the full resource name of a parent resource and # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains the full resource name of a child resource. This field is # present only if the output_resource_edges option is enabled in request. # @!attribute [rw] condition_evaluation # @return [::Google::Cloud::Asset::V1::ConditionEvaluation] # Condition evaluation for this AccessControlList, if there is a condition # defined in the above IAM policy binding. class AccessControlList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # The identities and group edges. # @!attribute [rw] identities # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>] # Only the identities that match one of the following conditions will be # presented: # - The identity_selector, if it is specified in request; # - Otherwise, identities reachable from the policy binding's members. # @!attribute [rw] group_edges # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>] # Group identity edges of the graph starting from the binding's # group members to any node of the # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList#identities identities}. # The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#source_node Edge.source_node} # contains a group, such as `group:[email protected]`. The # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node} # contains a member of the group, such as `group:[email protected]` or # `user:[email protected]`. This field is present only if the # output_group_edges option is enabled in request. class IdentityList include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |