Class: Google::Cloud::Asset::V1::IamPolicySearchResult

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/asset/v1/assets.rb

Overview

A result of IAM Policy search, containing information of an IAM policy.

Defined Under Namespace

Classes: Explanation

Instance Attribute Summary collapse

Instance Attribute Details

#asset_type::String

Returns The type of the resource associated with this IAM policy. Example: compute.googleapis.com/Disk.

To search against the asset_type:

  • specify the asset_types field in your search request.

Returns:

  • (::String)

    The type of the resource associated with this IAM policy. Example: compute.googleapis.com/Disk.

    To search against the asset_type:

    • specify the asset_types field in your search request.


876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 876

class IamPolicySearchResult
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Explanation about the IAM policy search result.
  # @!attribute [rw] matched_permissions
  #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
  #     The map from roles to their included permissions that match the
  #     permission query (i.e., a query containing `policy.role.permissions:`).
  #     Example: if query `policy.role.permissions:compute.disk.get`
  #     matches a policy binding that contains owner role, the
  #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
  #     roles can also be found in the returned `policy` bindings. Note that the
  #     map is populated only for requests with permission queries.
  class Explanation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # IAM permissions
    # @!attribute [rw] permissions
    #   @return [::Array<::String>]
    #     A list of permissions. A sample permission string: `compute.disk.get`.
    class Permissions
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
    class MatchedPermissionsEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#explanation::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation

Returns Explanation about the IAM policy search result. It contains additional information to explain why the search result matches the query.

Returns:



876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 876

class IamPolicySearchResult
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Explanation about the IAM policy search result.
  # @!attribute [rw] matched_permissions
  #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
  #     The map from roles to their included permissions that match the
  #     permission query (i.e., a query containing `policy.role.permissions:`).
  #     Example: if query `policy.role.permissions:compute.disk.get`
  #     matches a policy binding that contains owner role, the
  #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
  #     roles can also be found in the returned `policy` bindings. Note that the
  #     map is populated only for requests with permission queries.
  class Explanation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # IAM permissions
    # @!attribute [rw] permissions
    #   @return [::Array<::String>]
    #     A list of permissions. A sample permission string: `compute.disk.get`.
    class Permissions
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
    class MatchedPermissionsEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#folders::Array<::String>

Returns The folder(s) that the IAM policy belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs to one or more folders.

To search against folders:

  • use a field query. Example: folders:(123 OR 456)
  • use a free text query. Example: 123
  • specify the scope field as this folder in your search request.

Returns:

  • (::Array<::String>)

    The folder(s) that the IAM policy belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs to one or more folders.

    To search against folders:

    • use a field query. Example: folders:(123 OR 456)
    • use a free text query. Example: 123
    • specify the scope field as this folder in your search request.


876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 876

class IamPolicySearchResult
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Explanation about the IAM policy search result.
  # @!attribute [rw] matched_permissions
  #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
  #     The map from roles to their included permissions that match the
  #     permission query (i.e., a query containing `policy.role.permissions:`).
  #     Example: if query `policy.role.permissions:compute.disk.get`
  #     matches a policy binding that contains owner role, the
  #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
  #     roles can also be found in the returned `policy` bindings. Note that the
  #     map is populated only for requests with permission queries.
  class Explanation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # IAM permissions
    # @!attribute [rw] permissions
    #   @return [::Array<::String>]
    #     A list of permissions. A sample permission string: `compute.disk.get`.
    class Permissions
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
    class MatchedPermissionsEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#organization::String

Returns The organization that the IAM policy belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs to an organization.

To search against organization:

  • use a field query. Example: organization:123
  • use a free text query. Example: 123
  • specify the scope field as this organization in your search request.

Returns:

  • (::String)

    The organization that the IAM policy belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs to an organization.

    To search against organization:

    • use a field query. Example: organization:123
    • use a free text query. Example: 123
    • specify the scope field as this organization in your search request.


876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 876

class IamPolicySearchResult
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Explanation about the IAM policy search result.
  # @!attribute [rw] matched_permissions
  #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
  #     The map from roles to their included permissions that match the
  #     permission query (i.e., a query containing `policy.role.permissions:`).
  #     Example: if query `policy.role.permissions:compute.disk.get`
  #     matches a policy binding that contains owner role, the
  #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
  #     roles can also be found in the returned `policy` bindings. Note that the
  #     map is populated only for requests with permission queries.
  class Explanation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # IAM permissions
    # @!attribute [rw] permissions
    #   @return [::Array<::String>]
    #     A list of permissions. A sample permission string: `compute.disk.get`.
    class Permissions
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
    class MatchedPermissionsEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#policy::Google::Iam::V1::Policy

Returns The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constrain on policies (e.g., an empty query), this contains all the bindings.

To search against the policy bindings:

  • use a field query:
    • query by the policy contained members. Example: policy:[email protected]
    • query by the policy contained roles. Example: policy:roles/compute.admin
    • query by the policy contained roles' included permissions. Example: policy.role.permissions:compute.instances.create.

Returns:

  • (::Google::Iam::V1::Policy)

    The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constrain on policies (e.g., an empty query), this contains all the bindings.

    To search against the policy bindings:

    • use a field query:
      • query by the policy contained members. Example: policy:[email protected]
      • query by the policy contained roles. Example: policy:roles/compute.admin
      • query by the policy contained roles' included permissions. Example: policy.role.permissions:compute.instances.create


876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 876

class IamPolicySearchResult
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Explanation about the IAM policy search result.
  # @!attribute [rw] matched_permissions
  #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
  #     The map from roles to their included permissions that match the
  #     permission query (i.e., a query containing `policy.role.permissions:`).
  #     Example: if query `policy.role.permissions:compute.disk.get`
  #     matches a policy binding that contains owner role, the
  #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
  #     roles can also be found in the returned `policy` bindings. Note that the
  #     map is populated only for requests with permission queries.
  class Explanation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # IAM permissions
    # @!attribute [rw] permissions
    #   @return [::Array<::String>]
    #     A list of permissions. A sample permission string: `compute.disk.get`.
    class Permissions
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
    class MatchedPermissionsEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#project::String

Returns The project that the associated Google Cloud resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty.

To search against the project:

  • specify the scope field as this project in your search request.

Returns:

  • (::String)

    The project that the associated Google Cloud resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty.

    To search against the project:

    • specify the scope field as this project in your search request.


876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 876

class IamPolicySearchResult
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Explanation about the IAM policy search result.
  # @!attribute [rw] matched_permissions
  #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
  #     The map from roles to their included permissions that match the
  #     permission query (i.e., a query containing `policy.role.permissions:`).
  #     Example: if query `policy.role.permissions:compute.disk.get`
  #     matches a policy binding that contains owner role, the
  #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
  #     roles can also be found in the returned `policy` bindings. Note that the
  #     map is populated only for requests with permission queries.
  class Explanation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # IAM permissions
    # @!attribute [rw] permissions
    #   @return [::Array<::String>]
    #     A list of permissions. A sample permission string: `compute.disk.get`.
    class Permissions
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
    class MatchedPermissionsEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#resource::String

Returns The full resource name of the resource associated with this IAM policy. Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See Cloud Asset Inventory Resource Name Format for more information.

To search against the resource:

  • use a field query. Example: resource:organizations/123.

Returns:

  • (::String)

    The full resource name of the resource associated with this IAM policy. Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See Cloud Asset Inventory Resource Name Format for more information.

    To search against the resource:

    • use a field query. Example: resource:organizations/123


876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
# File 'proto_docs/google/cloud/asset/v1/assets.rb', line 876

class IamPolicySearchResult
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Explanation about the IAM policy search result.
  # @!attribute [rw] matched_permissions
  #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
  #     The map from roles to their included permissions that match the
  #     permission query (i.e., a query containing `policy.role.permissions:`).
  #     Example: if query `policy.role.permissions:compute.disk.get`
  #     matches a policy binding that contains owner role, the
  #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
  #     roles can also be found in the returned `policy` bindings. Note that the
  #     map is populated only for requests with permission queries.
  class Explanation
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # IAM permissions
    # @!attribute [rw] permissions
    #   @return [::Array<::String>]
    #     A list of permissions. A sample permission string: `compute.disk.get`.
    class Permissions
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
    class MatchedPermissionsEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end