Class: Google::Cloud::PolicySimulator::V1::BindingExplanation
- Inherits:
-
Object
- Object
- Google::Cloud::PolicySimulator::V1::BindingExplanation
- Extended by:
- Protobuf::MessageExts::ClassMethods
- Includes:
- Protobuf::MessageExts
- Defined in:
- proto_docs/google/cloud/policysimulator/v1/explanations.rb
Overview
Details about how a binding in a policy affects a principal's ability to use a permission.
Defined Under Namespace
Modules: Membership, RolePermission Classes: AnnotatedMembership, MembershipsEntry
Instance Attribute Summary collapse
-
#access ⇒ ::Google::Cloud::PolicySimulator::V1::AccessState
Required.
-
#condition ⇒ ::Google::Type::Expr
A condition expression that prevents this binding from granting access unless the expression evaluates to
true
. -
#memberships ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership}
Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly.
-
#relevance ⇒ ::Google::Cloud::PolicySimulator::V1::HeuristicRelevance
The relevance of this binding to the overall determination for the entire policy.
-
#role ⇒ ::String
The role that this binding grants.
-
#role_permission ⇒ ::Google::Cloud::PolicySimulator::V1::BindingExplanation::RolePermission
Indicates whether the role granted by this binding contains the specified permission.
-
#role_permission_relevance ⇒ ::Google::Cloud::PolicySimulator::V1::HeuristicRelevance
The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.
Instance Attribute Details
#access ⇒ ::Google::Cloud::PolicySimulator::V1::AccessState
Returns Required. Indicates whether this binding provides the specified permission to the specified principal for the specified resource.
This field does not indicate whether the principal actually has the
permission for the resource. There might be another binding that overrides
this binding. To determine whether the principal actually has the
permission, use the access
field in the
[TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
# File 'proto_docs/google/cloud/policysimulator/v1/explanations.rb', line 167 class BindingExplanation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Details about whether the binding includes the principal. # @!attribute [rw] membership # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::Membership] # Indicates whether the binding includes the principal. # @!attribute [rw] relevance # @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance] # The relevance of the principal's status to the overall determination for # the binding. class AnnotatedMembership include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership] class MembershipsEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Whether a role includes a specific permission. module RolePermission # Default value. This value is unused. ROLE_PERMISSION_UNSPECIFIED = 0 # The permission is included in the role. ROLE_PERMISSION_INCLUDED = 1 # The permission is not included in the role. ROLE_PERMISSION_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3 end # Whether the binding includes the principal. module Membership # Default value. This value is unused. MEMBERSHIP_UNSPECIFIED = 0 # The binding includes the principal. The principal can be included # directly or indirectly. For example: # # * A principal is included directly if that principal is listed in the # binding. # * A principal is included indirectly if that principal is in a Google # group or Google Workspace domain that is listed in the binding. MEMBERSHIP_INCLUDED = 1 # The binding does not include the principal. MEMBERSHIP_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. MEMBERSHIP_UNKNOWN_INFO_DENIED = 3 # The principal is an unsupported type. Only Google Accounts and service # accounts are supported. MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4 end end |
#condition ⇒ ::Google::Type::Expr
Returns A condition expression that prevents this binding from granting access
unless the expression evaluates to true
.
To learn about IAM Conditions, see https://cloud.google.com/iam/docs/conditions-overview.
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
# File 'proto_docs/google/cloud/policysimulator/v1/explanations.rb', line 167 class BindingExplanation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Details about whether the binding includes the principal. # @!attribute [rw] membership # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::Membership] # Indicates whether the binding includes the principal. # @!attribute [rw] relevance # @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance] # The relevance of the principal's status to the overall determination for # the binding. class AnnotatedMembership include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership] class MembershipsEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Whether a role includes a specific permission. module RolePermission # Default value. This value is unused. ROLE_PERMISSION_UNSPECIFIED = 0 # The permission is included in the role. ROLE_PERMISSION_INCLUDED = 1 # The permission is not included in the role. ROLE_PERMISSION_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3 end # Whether the binding includes the principal. module Membership # Default value. This value is unused. MEMBERSHIP_UNSPECIFIED = 0 # The binding includes the principal. The principal can be included # directly or indirectly. For example: # # * A principal is included directly if that principal is listed in the # binding. # * A principal is included indirectly if that principal is in a Google # group or Google Workspace domain that is listed in the binding. MEMBERSHIP_INCLUDED = 1 # The binding does not include the principal. MEMBERSHIP_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. MEMBERSHIP_UNKNOWN_INFO_DENIED = 3 # The principal is an unsupported type. Only Google Accounts and service # accounts are supported. MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4 end end |
#memberships ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership}
Returns Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the binding, and each value indicates whether the principal in the binding includes the principal in the request.
For example, suppose that a binding includes the following principals:
user:[email protected]
group:[email protected]
The principal in the replayed access tuple is user:[email protected]
. This
user is a principal of the group group:[email protected]
.
For the first principal in the binding, the key is
user:[email protected]
, and the membership
field in the value is set to
MEMBERSHIP_NOT_INCLUDED
.
For the second principal in the binding, the key is
group:[email protected]
, and the membership
field in the value is
set to MEMBERSHIP_INCLUDED
.
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
# File 'proto_docs/google/cloud/policysimulator/v1/explanations.rb', line 167 class BindingExplanation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Details about whether the binding includes the principal. # @!attribute [rw] membership # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::Membership] # Indicates whether the binding includes the principal. # @!attribute [rw] relevance # @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance] # The relevance of the principal's status to the overall determination for # the binding. class AnnotatedMembership include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership] class MembershipsEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Whether a role includes a specific permission. module RolePermission # Default value. This value is unused. ROLE_PERMISSION_UNSPECIFIED = 0 # The permission is included in the role. ROLE_PERMISSION_INCLUDED = 1 # The permission is not included in the role. ROLE_PERMISSION_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3 end # Whether the binding includes the principal. module Membership # Default value. This value is unused. MEMBERSHIP_UNSPECIFIED = 0 # The binding includes the principal. The principal can be included # directly or indirectly. For example: # # * A principal is included directly if that principal is listed in the # binding. # * A principal is included indirectly if that principal is in a Google # group or Google Workspace domain that is listed in the binding. MEMBERSHIP_INCLUDED = 1 # The binding does not include the principal. MEMBERSHIP_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. MEMBERSHIP_UNKNOWN_INFO_DENIED = 3 # The principal is an unsupported type. Only Google Accounts and service # accounts are supported. MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4 end end |
#relevance ⇒ ::Google::Cloud::PolicySimulator::V1::HeuristicRelevance
Returns The relevance of this binding to the overall determination for the entire policy.
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
# File 'proto_docs/google/cloud/policysimulator/v1/explanations.rb', line 167 class BindingExplanation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Details about whether the binding includes the principal. # @!attribute [rw] membership # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::Membership] # Indicates whether the binding includes the principal. # @!attribute [rw] relevance # @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance] # The relevance of the principal's status to the overall determination for # the binding. class AnnotatedMembership include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership] class MembershipsEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Whether a role includes a specific permission. module RolePermission # Default value. This value is unused. ROLE_PERMISSION_UNSPECIFIED = 0 # The permission is included in the role. ROLE_PERMISSION_INCLUDED = 1 # The permission is not included in the role. ROLE_PERMISSION_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3 end # Whether the binding includes the principal. module Membership # Default value. This value is unused. MEMBERSHIP_UNSPECIFIED = 0 # The binding includes the principal. The principal can be included # directly or indirectly. For example: # # * A principal is included directly if that principal is listed in the # binding. # * A principal is included indirectly if that principal is in a Google # group or Google Workspace domain that is listed in the binding. MEMBERSHIP_INCLUDED = 1 # The binding does not include the principal. MEMBERSHIP_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. MEMBERSHIP_UNKNOWN_INFO_DENIED = 3 # The principal is an unsupported type. Only Google Accounts and service # accounts are supported. MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4 end end |
#role ⇒ ::String
Returns The role that this binding grants. For example,
roles/compute.serviceAgent
.
For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
# File 'proto_docs/google/cloud/policysimulator/v1/explanations.rb', line 167 class BindingExplanation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Details about whether the binding includes the principal. # @!attribute [rw] membership # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::Membership] # Indicates whether the binding includes the principal. # @!attribute [rw] relevance # @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance] # The relevance of the principal's status to the overall determination for # the binding. class AnnotatedMembership include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership] class MembershipsEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Whether a role includes a specific permission. module RolePermission # Default value. This value is unused. ROLE_PERMISSION_UNSPECIFIED = 0 # The permission is included in the role. ROLE_PERMISSION_INCLUDED = 1 # The permission is not included in the role. ROLE_PERMISSION_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3 end # Whether the binding includes the principal. module Membership # Default value. This value is unused. MEMBERSHIP_UNSPECIFIED = 0 # The binding includes the principal. The principal can be included # directly or indirectly. For example: # # * A principal is included directly if that principal is listed in the # binding. # * A principal is included indirectly if that principal is in a Google # group or Google Workspace domain that is listed in the binding. MEMBERSHIP_INCLUDED = 1 # The binding does not include the principal. MEMBERSHIP_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. MEMBERSHIP_UNKNOWN_INFO_DENIED = 3 # The principal is an unsupported type. Only Google Accounts and service # accounts are supported. MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4 end end |
#role_permission ⇒ ::Google::Cloud::PolicySimulator::V1::BindingExplanation::RolePermission
Returns Indicates whether the role granted by this binding contains the specified permission.
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
# File 'proto_docs/google/cloud/policysimulator/v1/explanations.rb', line 167 class BindingExplanation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Details about whether the binding includes the principal. # @!attribute [rw] membership # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::Membership] # Indicates whether the binding includes the principal. # @!attribute [rw] relevance # @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance] # The relevance of the principal's status to the overall determination for # the binding. class AnnotatedMembership include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership] class MembershipsEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Whether a role includes a specific permission. module RolePermission # Default value. This value is unused. ROLE_PERMISSION_UNSPECIFIED = 0 # The permission is included in the role. ROLE_PERMISSION_INCLUDED = 1 # The permission is not included in the role. ROLE_PERMISSION_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3 end # Whether the binding includes the principal. module Membership # Default value. This value is unused. MEMBERSHIP_UNSPECIFIED = 0 # The binding includes the principal. The principal can be included # directly or indirectly. For example: # # * A principal is included directly if that principal is listed in the # binding. # * A principal is included indirectly if that principal is in a Google # group or Google Workspace domain that is listed in the binding. MEMBERSHIP_INCLUDED = 1 # The binding does not include the principal. MEMBERSHIP_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. MEMBERSHIP_UNKNOWN_INFO_DENIED = 3 # The principal is an unsupported type. Only Google Accounts and service # accounts are supported. MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4 end end |
#role_permission_relevance ⇒ ::Google::Cloud::PolicySimulator::V1::HeuristicRelevance
Returns The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
# File 'proto_docs/google/cloud/policysimulator/v1/explanations.rb', line 167 class BindingExplanation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Details about whether the binding includes the principal. # @!attribute [rw] membership # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::Membership] # Indicates whether the binding includes the principal. # @!attribute [rw] relevance # @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance] # The relevance of the principal's status to the overall determination for # the binding. class AnnotatedMembership include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership] class MembershipsEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Whether a role includes a specific permission. module RolePermission # Default value. This value is unused. ROLE_PERMISSION_UNSPECIFIED = 0 # The permission is included in the role. ROLE_PERMISSION_INCLUDED = 1 # The permission is not included in the role. ROLE_PERMISSION_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3 end # Whether the binding includes the principal. module Membership # Default value. This value is unused. MEMBERSHIP_UNSPECIFIED = 0 # The binding includes the principal. The principal can be included # directly or indirectly. For example: # # * A principal is included directly if that principal is listed in the # binding. # * A principal is included indirectly if that principal is in a Google # group or Google Workspace domain that is listed in the binding. MEMBERSHIP_INCLUDED = 1 # The binding does not include the principal. MEMBERSHIP_NOT_INCLUDED = 2 # The user who created the # {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not # allowed to access the binding. MEMBERSHIP_UNKNOWN_INFO_DENIED = 3 # The principal is an unsupported type. Only Google Accounts and service # accounts are supported. MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4 end end |