google-apis-policysimulator_v1beta1 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 47755099136c476ea8bd17c8ddfd521ed8dbd70a7e4db8b42d0433a2cc90f25b
4
+ data.tar.gz: 3e691a9ea385a350e9cd55d3933fa03e0205c5205c1ae6cc938ca50d9044de6c
5
+ SHA512:
6
+ metadata.gz: 3333628449a900f0b949bc3f11690bb6d446e67e0f47beca55a234a057fcea71767330a69130485f1ee5e48cacb63770c1f673103a79fc6f6c571eaa69296f35
7
+ data.tar.gz: cb37f15787dd6967d404dc56386f42ce583c54a52c065c86b3ea695598c58b0fcb8aa578baa7384ec67a7a133bbb16f10b199cb3740954530c97d2f118adac7c
data/.yardopts ADDED
@@ -0,0 +1,13 @@
1
+ --hide-void-return
2
+ --no-private
3
+ --verbose
4
+ --title=google-apis-policysimulator_v1beta1
5
+ --markup-provider=redcarpet
6
+ --markup=markdown
7
+ --main OVERVIEW.md
8
+ lib/google/apis/policysimulator_v1beta1/*.rb
9
+ lib/google/apis/policysimulator_v1beta1.rb
10
+ -
11
+ OVERVIEW.md
12
+ CHANGELOG.md
13
+ LICENSE.md
data/CHANGELOG.md ADDED
@@ -0,0 +1,7 @@
1
+ # Release history for google-apis-policysimulator_v1beta1
2
+
3
+ ### v0.1.0 (2021-02-24)
4
+
5
+ * Regenerated from discovery document revision 20210220
6
+ * Regenerated using generator version 0.1.2
7
+
data/LICENSE.md ADDED
@@ -0,0 +1,202 @@
1
+
2
+ Apache License
3
+ Version 2.0, January 2004
4
+ http://www.apache.org/licenses/
5
+
6
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7
+
8
+ 1. Definitions.
9
+
10
+ "License" shall mean the terms and conditions for use, reproduction,
11
+ and distribution as defined by Sections 1 through 9 of this document.
12
+
13
+ "Licensor" shall mean the copyright owner or entity authorized by
14
+ the copyright owner that is granting the License.
15
+
16
+ "Legal Entity" shall mean the union of the acting entity and all
17
+ other entities that control, are controlled by, or are under common
18
+ control with that entity. For the purposes of this definition,
19
+ "control" means (i) the power, direct or indirect, to cause the
20
+ direction or management of such entity, whether by contract or
21
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
22
+ outstanding shares, or (iii) beneficial ownership of such entity.
23
+
24
+ "You" (or "Your") shall mean an individual or Legal Entity
25
+ exercising permissions granted by this License.
26
+
27
+ "Source" form shall mean the preferred form for making modifications,
28
+ including but not limited to software source code, documentation
29
+ source, and configuration files.
30
+
31
+ "Object" form shall mean any form resulting from mechanical
32
+ transformation or translation of a Source form, including but
33
+ not limited to compiled object code, generated documentation,
34
+ and conversions to other media types.
35
+
36
+ "Work" shall mean the work of authorship, whether in Source or
37
+ Object form, made available under the License, as indicated by a
38
+ copyright notice that is included in or attached to the work
39
+ (an example is provided in the Appendix below).
40
+
41
+ "Derivative Works" shall mean any work, whether in Source or Object
42
+ form, that is based on (or derived from) the Work and for which the
43
+ editorial revisions, annotations, elaborations, or other modifications
44
+ represent, as a whole, an original work of authorship. For the purposes
45
+ of this License, Derivative Works shall not include works that remain
46
+ separable from, or merely link (or bind by name) to the interfaces of,
47
+ the Work and Derivative Works thereof.
48
+
49
+ "Contribution" shall mean any work of authorship, including
50
+ the original version of the Work and any modifications or additions
51
+ to that Work or Derivative Works thereof, that is intentionally
52
+ submitted to Licensor for inclusion in the Work by the copyright owner
53
+ or by an individual or Legal Entity authorized to submit on behalf of
54
+ the copyright owner. For the purposes of this definition, "submitted"
55
+ means any form of electronic, verbal, or written communication sent
56
+ to the Licensor or its representatives, including but not limited to
57
+ communication on electronic mailing lists, source code control systems,
58
+ and issue tracking systems that are managed by, or on behalf of, the
59
+ Licensor for the purpose of discussing and improving the Work, but
60
+ excluding communication that is conspicuously marked or otherwise
61
+ designated in writing by the copyright owner as "Not a Contribution."
62
+
63
+ "Contributor" shall mean Licensor and any individual or Legal Entity
64
+ on behalf of whom a Contribution has been received by Licensor and
65
+ subsequently incorporated within the Work.
66
+
67
+ 2. Grant of Copyright License. Subject to the terms and conditions of
68
+ this License, each Contributor hereby grants to You a perpetual,
69
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70
+ copyright license to reproduce, prepare Derivative Works of,
71
+ publicly display, publicly perform, sublicense, and distribute the
72
+ Work and such Derivative Works in Source or Object form.
73
+
74
+ 3. Grant of Patent License. Subject to the terms and conditions of
75
+ this License, each Contributor hereby grants to You a perpetual,
76
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77
+ (except as stated in this section) patent license to make, have made,
78
+ use, offer to sell, sell, import, and otherwise transfer the Work,
79
+ where such license applies only to those patent claims licensable
80
+ by such Contributor that are necessarily infringed by their
81
+ Contribution(s) alone or by combination of their Contribution(s)
82
+ with the Work to which such Contribution(s) was submitted. If You
83
+ institute patent litigation against any entity (including a
84
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
85
+ or a Contribution incorporated within the Work constitutes direct
86
+ or contributory patent infringement, then any patent licenses
87
+ granted to You under this License for that Work shall terminate
88
+ as of the date such litigation is filed.
89
+
90
+ 4. Redistribution. You may reproduce and distribute copies of the
91
+ Work or Derivative Works thereof in any medium, with or without
92
+ modifications, and in Source or Object form, provided that You
93
+ meet the following conditions:
94
+
95
+ (a) You must give any other recipients of the Work or
96
+ Derivative Works a copy of this License; and
97
+
98
+ (b) You must cause any modified files to carry prominent notices
99
+ stating that You changed the files; and
100
+
101
+ (c) You must retain, in the Source form of any Derivative Works
102
+ that You distribute, all copyright, patent, trademark, and
103
+ attribution notices from the Source form of the Work,
104
+ excluding those notices that do not pertain to any part of
105
+ the Derivative Works; and
106
+
107
+ (d) If the Work includes a "NOTICE" text file as part of its
108
+ distribution, then any Derivative Works that You distribute must
109
+ include a readable copy of the attribution notices contained
110
+ within such NOTICE file, excluding those notices that do not
111
+ pertain to any part of the Derivative Works, in at least one
112
+ of the following places: within a NOTICE text file distributed
113
+ as part of the Derivative Works; within the Source form or
114
+ documentation, if provided along with the Derivative Works; or,
115
+ within a display generated by the Derivative Works, if and
116
+ wherever such third-party notices normally appear. The contents
117
+ of the NOTICE file are for informational purposes only and
118
+ do not modify the License. You may add Your own attribution
119
+ notices within Derivative Works that You distribute, alongside
120
+ or as an addendum to the NOTICE text from the Work, provided
121
+ that such additional attribution notices cannot be construed
122
+ as modifying the License.
123
+
124
+ You may add Your own copyright statement to Your modifications and
125
+ may provide additional or different license terms and conditions
126
+ for use, reproduction, or distribution of Your modifications, or
127
+ for any such Derivative Works as a whole, provided Your use,
128
+ reproduction, and distribution of the Work otherwise complies with
129
+ the conditions stated in this License.
130
+
131
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
132
+ any Contribution intentionally submitted for inclusion in the Work
133
+ by You to the Licensor shall be under the terms and conditions of
134
+ this License, without any additional terms or conditions.
135
+ Notwithstanding the above, nothing herein shall supersede or modify
136
+ the terms of any separate license agreement you may have executed
137
+ with Licensor regarding such Contributions.
138
+
139
+ 6. Trademarks. This License does not grant permission to use the trade
140
+ names, trademarks, service marks, or product names of the Licensor,
141
+ except as required for reasonable and customary use in describing the
142
+ origin of the Work and reproducing the content of the NOTICE file.
143
+
144
+ 7. Disclaimer of Warranty. Unless required by applicable law or
145
+ agreed to in writing, Licensor provides the Work (and each
146
+ Contributor provides its Contributions) on an "AS IS" BASIS,
147
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148
+ implied, including, without limitation, any warranties or conditions
149
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150
+ PARTICULAR PURPOSE. You are solely responsible for determining the
151
+ appropriateness of using or redistributing the Work and assume any
152
+ risks associated with Your exercise of permissions under this License.
153
+
154
+ 8. Limitation of Liability. In no event and under no legal theory,
155
+ whether in tort (including negligence), contract, or otherwise,
156
+ unless required by applicable law (such as deliberate and grossly
157
+ negligent acts) or agreed to in writing, shall any Contributor be
158
+ liable to You for damages, including any direct, indirect, special,
159
+ incidental, or consequential damages of any character arising as a
160
+ result of this License or out of the use or inability to use the
161
+ Work (including but not limited to damages for loss of goodwill,
162
+ work stoppage, computer failure or malfunction, or any and all
163
+ other commercial damages or losses), even if such Contributor
164
+ has been advised of the possibility of such damages.
165
+
166
+ 9. Accepting Warranty or Additional Liability. While redistributing
167
+ the Work or Derivative Works thereof, You may choose to offer,
168
+ and charge a fee for, acceptance of support, warranty, indemnity,
169
+ or other liability obligations and/or rights consistent with this
170
+ License. However, in accepting such obligations, You may act only
171
+ on Your own behalf and on Your sole responsibility, not on behalf
172
+ of any other Contributor, and only if You agree to indemnify,
173
+ defend, and hold each Contributor harmless for any liability
174
+ incurred by, or claims asserted against, such Contributor by reason
175
+ of your accepting any such warranty or additional liability.
176
+
177
+ END OF TERMS AND CONDITIONS
178
+
179
+ APPENDIX: How to apply the Apache License to your work.
180
+
181
+ To apply the Apache License to your work, attach the following
182
+ boilerplate notice, with the fields enclosed by brackets "[]"
183
+ replaced with your own identifying information. (Don't include
184
+ the brackets!) The text should be enclosed in the appropriate
185
+ comment syntax for the file format. We also recommend that a
186
+ file or class name and description of purpose be included on the
187
+ same "printed page" as the copyright notice for easier
188
+ identification within third-party archives.
189
+
190
+ Copyright [yyyy] [name of copyright owner]
191
+
192
+ Licensed under the Apache License, Version 2.0 (the "License");
193
+ you may not use this file except in compliance with the License.
194
+ You may obtain a copy of the License at
195
+
196
+ http://www.apache.org/licenses/LICENSE-2.0
197
+
198
+ Unless required by applicable law or agreed to in writing, software
199
+ distributed under the License is distributed on an "AS IS" BASIS,
200
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201
+ See the License for the specific language governing permissions and
202
+ limitations under the License.
data/OVERVIEW.md ADDED
@@ -0,0 +1,96 @@
1
+ # Simple REST client for version V1beta1 of the Policy Simulator API
2
+
3
+ This is a simple client library for version V1beta1 of the Policy Simulator API. It provides:
4
+
5
+ * A client object that connects to the HTTP/JSON REST endpoint for the service.
6
+ * Ruby objects for data structures related to the service.
7
+ * Integration with the googleauth gem for authentication using OAuth, API keys, and service accounts.
8
+ * Control of retry, pagination, and timeouts.
9
+
10
+ Note that although this client library is supported and will continue to be updated to track changes to the service, it is otherwise considered complete and not under active development. Many Google services, especially Google Cloud Platform services, may provide a more modern client that is under more active development and improvement. See the section below titled *Which client should I use?* for more information.
11
+
12
+ ## Getting started
13
+
14
+ ### Before you begin
15
+
16
+ There are a few setup steps you need to complete before you can use this library:
17
+
18
+ 1. If you don't already have a Google account, [sign up](https://www.google.com/accounts).
19
+ 2. If you have never created a Google APIs Console project, read about [Managing Projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) and create a project in the [Google API Console](https://console.cloud.google.com/).
20
+ 3. Most APIs need to be enabled for your project. [Enable it](https://console.cloud.google.com/apis/library/policysimulator.googleapis.com) in the console.
21
+
22
+ ### Installation
23
+
24
+ Add this line to your application's Gemfile:
25
+
26
+ ```ruby
27
+ gem 'google-apis-policysimulator_v1beta1', '~> 0.1'
28
+ ```
29
+
30
+ And then execute:
31
+
32
+ ```
33
+ $ bundle
34
+ ```
35
+
36
+ Or install it yourself as:
37
+
38
+ ```
39
+ $ gem install google-apis-policysimulator_v1beta1
40
+ ```
41
+
42
+ ### Creating a client object
43
+
44
+ Once the gem is installed, you can load the client code and instantiate a client.
45
+
46
+ ```ruby
47
+ # Load the client
48
+ require "google/apis/policysimulator_v1beta1"
49
+
50
+ # Create a client object
51
+ client = Google::Apis::PolicysimulatorV1beta1::PolicySimulatorService.new
52
+
53
+ # Authenticate calls
54
+ client.authentication = # ... use the googleauth gem to create credentials
55
+ ```
56
+
57
+ See the class reference docs for information on the methods you can call from a client.
58
+
59
+ ## Documentation
60
+
61
+ More detailed descriptions of the Google simple REST clients are available in two documents.
62
+
63
+ * The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
64
+ * The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
65
+
66
+ (Note: the above documents are written for the simple REST clients in general, and their examples may not reflect the Policysimulator service in particular.)
67
+
68
+ For reference information on specific calls in the Policy Simulator API, see the {Google::Apis::PolicysimulatorV1beta1::PolicySimulatorService class reference docs}.
69
+
70
+ ## Which client should I use?
71
+
72
+ Google provides two types of Ruby API client libraries: **simple REST clients** and **modern clients**.
73
+
74
+ This library, `google-apis-policysimulator_v1beta1`, is a simple REST client. You can identify these clients by their gem names, which are always in the form `google-apis-<servicename>_<serviceversion>`. The simple REST clients connect to HTTP/JSON REST endpoints and are automatically generated from service discovery documents. They support most API functionality, but their class interfaces are sometimes awkward.
75
+
76
+ Modern clients are produced by a modern code generator, sometimes combined with hand-crafted functionality. Most modern clients connect to high-performance gRPC endpoints, although a few are backed by REST services. Modern clients are available for many Google services, especially Google Cloud Platform services, but do not yet support all the services covered by the simple clients.
77
+
78
+ Gem names for modern clients are often of the form `google-cloud-<service_name>`. (For example, [google-cloud-pubsub](https://rubygems.org/gems/google-cloud-pubsub).) Note that most modern clients also have corresponding "versioned" gems with names like `google-cloud-<service_name>-<version>`. (For example, [google-cloud-pubsub-v1](https://rubygems.org/gems/google-cloud-pubsub-v1).) The "versioned" gems can be used directly, but often provide lower-level interfaces. In most cases, the main gem is recommended.
79
+
80
+ **For most users, we recommend the modern client, if one is available.** Compared with simple clients, modern clients are generally much easier to use and more Ruby-like, support more advanced features such as streaming and long-running operations, and often provide much better performance. You may consider using a simple client instead, if a modern client is not yet available for the service you want to use, or if you are not able to use gRPC on your infrastructure.
81
+
82
+ The [product documentation](https://cloud.google.com/iam/docs/simulating-access) may provide guidance regarding the preferred client library to use.
83
+
84
+ ## Supported Ruby versions
85
+
86
+ This library is supported on Ruby 2.5+.
87
+
88
+ Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Currently, this means Ruby 2.5 and later. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule.
89
+
90
+ ## License
91
+
92
+ This library is licensed under Apache 2.0. Full license text is available in the {file:LICENSE.md LICENSE}.
93
+
94
+ ## Support
95
+
96
+ Please [report bugs at the project on Github](https://github.com/google/google-api-ruby-client/issues). Don't hesitate to [ask questions](http://stackoverflow.com/questions/tagged/google-api-ruby-client) about the client or APIs on [StackOverflow](http://stackoverflow.com).
@@ -0,0 +1,15 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require "google/apis/policysimulator_v1beta1"
@@ -0,0 +1,42 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'google/apis/policysimulator_v1beta1/service.rb'
16
+ require 'google/apis/policysimulator_v1beta1/classes.rb'
17
+ require 'google/apis/policysimulator_v1beta1/representations.rb'
18
+ require 'google/apis/policysimulator_v1beta1/gem_version.rb'
19
+
20
+ module Google
21
+ module Apis
22
+ # Policy Simulator API
23
+ #
24
+ # Policy Simulator is a collection of endpoints for creating, running, and
25
+ # viewing a Replay. A `Replay` is a type of simulation that lets you see how
26
+ # your members' access to resources might change if you changed your IAM policy.
27
+ # During a `Replay`, Policy Simulator re-evaluates, or replays, past access
28
+ # attempts under both the current policy and your proposed policy, and compares
29
+ # those results to determine how your members' access might change under the
30
+ # proposed policy.
31
+ #
32
+ # @see https://cloud.google.com/iam/docs/simulating-access
33
+ module PolicysimulatorV1beta1
34
+ # Version of the Policy Simulator API this client connects to.
35
+ # This is NOT the gem version.
36
+ VERSION = 'V1beta1'
37
+
38
+ # View and manage your data across Google Cloud Platform services
39
+ AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,1068 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'date'
16
+ require 'google/apis/core/base_service'
17
+ require 'google/apis/core/json_representation'
18
+ require 'google/apis/core/hashable'
19
+ require 'google/apis/errors'
20
+
21
+ module Google
22
+ module Apis
23
+ module PolicysimulatorV1beta1
24
+
25
+ # A summary and comparison of the member's access under the current (baseline)
26
+ # policies and the proposed (simulated) policies for a single access tuple.
27
+ class GoogleCloudPolicysimulatorV1beta1AccessStateDiff
28
+ include Google::Apis::Core::Hashable
29
+
30
+ # How the member's access, specified in the AccessState field, changed between
31
+ # the current (baseline) policies and proposed (simulated) policies.
32
+ # Corresponds to the JSON property `accessChange`
33
+ # @return [String]
34
+ attr_accessor :access_change
35
+
36
+ # Details about how a set of policies, listed in ExplainedPolicy, resulted in a
37
+ # certain AccessState when replaying an access tuple.
38
+ # Corresponds to the JSON property `baseline`
39
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1ExplainedAccess]
40
+ attr_accessor :baseline
41
+
42
+ # Details about how a set of policies, listed in ExplainedPolicy, resulted in a
43
+ # certain AccessState when replaying an access tuple.
44
+ # Corresponds to the JSON property `simulated`
45
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1ExplainedAccess]
46
+ attr_accessor :simulated
47
+
48
+ def initialize(**args)
49
+ update!(**args)
50
+ end
51
+
52
+ # Update properties of this object
53
+ def update!(**args)
54
+ @access_change = args[:access_change] if args.key?(:access_change)
55
+ @baseline = args[:baseline] if args.key?(:baseline)
56
+ @simulated = args[:simulated] if args.key?(:simulated)
57
+ end
58
+ end
59
+
60
+ # Information about the member, resource, and permission to check.
61
+ class GoogleCloudPolicysimulatorV1beta1AccessTuple
62
+ include Google::Apis::Core::Hashable
63
+
64
+ # Required. The full resource name that identifies the resource. For example, `//
65
+ # compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-
66
+ # instance`. For examples of full resource names for Google Cloud services, see
67
+ # https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
68
+ # Corresponds to the JSON property `fullResourceName`
69
+ # @return [String]
70
+ attr_accessor :full_resource_name
71
+
72
+ # Required. The IAM permission to check for the specified member and resource.
73
+ # For a complete list of IAM permissions, see https://cloud.google.com/iam/help/
74
+ # permissions/reference. For a complete list of predefined IAM roles and the
75
+ # permissions in each role, see https://cloud.google.com/iam/help/roles/
76
+ # reference.
77
+ # Corresponds to the JSON property `permission`
78
+ # @return [String]
79
+ attr_accessor :permission
80
+
81
+ # Required. The member, or principal, whose access you want to check, in the
82
+ # form of the email address that represents that member. For example, `alice@
83
+ # example.com` or `my-service-account@my-project.iam.gserviceaccount.com`. The
84
+ # member must be a Google Account or a service account. Other types of members
85
+ # are not supported.
86
+ # Corresponds to the JSON property `principal`
87
+ # @return [String]
88
+ attr_accessor :principal
89
+
90
+ def initialize(**args)
91
+ update!(**args)
92
+ end
93
+
94
+ # Update properties of this object
95
+ def update!(**args)
96
+ @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
97
+ @permission = args[:permission] if args.key?(:permission)
98
+ @principal = args[:principal] if args.key?(:principal)
99
+ end
100
+ end
101
+
102
+ # Details about how a binding in a policy affects a member's ability to use a
103
+ # permission.
104
+ class GoogleCloudPolicysimulatorV1beta1BindingExplanation
105
+ include Google::Apis::Core::Hashable
106
+
107
+ # Required. Indicates whether _this binding_ provides the specified permission
108
+ # to the specified member for the specified resource. This field does _not_
109
+ # indicate whether the member actually has the permission for the resource.
110
+ # There might be another binding that overrides this binding. To determine
111
+ # whether the member actually has the permission, use the `access` field in the
112
+ # TroubleshootIamPolicyResponse.
113
+ # Corresponds to the JSON property `access`
114
+ # @return [String]
115
+ attr_accessor :access
116
+
117
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
118
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
119
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
120
+ # "Summary size limit" description: "Determines if a summary is less than 100
121
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
122
+ # Requestor is owner" description: "Determines if requestor is the document
123
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
124
+ # Logic): title: "Public documents" description: "Determine whether the document
125
+ # should be publicly visible" expression: "document.type != 'private' &&
126
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
127
+ # string" description: "Create a notification string with a timestamp."
128
+ # expression: "'New message received at ' + string(document.create_time)" The
129
+ # exact variables and functions that may be referenced within an expression are
130
+ # determined by the service that evaluates it. See the service documentation for
131
+ # additional information.
132
+ # Corresponds to the JSON property `condition`
133
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleTypeExpr]
134
+ attr_accessor :condition
135
+
136
+ # Indicates whether each member in the binding includes the member specified in
137
+ # the request, either directly or indirectly. Each key identifies a member in
138
+ # the binding, and each value indicates whether the member in the binding
139
+ # includes the member in the request. For example, suppose that a binding
140
+ # includes the following members: * `user:alice@example.com` * `group:product-
141
+ # eng@example.com` The member in the replayed access tuple is `user:bob@example.
142
+ # com`. This user is a member of the group `group:product-eng@example.com`. For
143
+ # the first member in the binding, the key is `user:alice@example.com`, and the `
144
+ # membership` field in the value is set to `MEMBERSHIP_NOT_INCLUDED`. For the
145
+ # second member in the binding, the key is `group:product-eng@example.com`, and
146
+ # the `membership` field in the value is set to `MEMBERSHIP_INCLUDED`.
147
+ # Corresponds to the JSON property `memberships`
148
+ # @return [Hash<String,Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1BindingExplanationAnnotatedMembership>]
149
+ attr_accessor :memberships
150
+
151
+ # The relevance of this binding to the overall determination for the entire
152
+ # policy.
153
+ # Corresponds to the JSON property `relevance`
154
+ # @return [String]
155
+ attr_accessor :relevance
156
+
157
+ # The role that this binding grants. For example, `roles/compute.serviceAgent`.
158
+ # For a complete list of predefined IAM roles, as well as the permissions in
159
+ # each role, see https://cloud.google.com/iam/help/roles/reference.
160
+ # Corresponds to the JSON property `role`
161
+ # @return [String]
162
+ attr_accessor :role
163
+
164
+ # Indicates whether the role granted by this binding contains the specified
165
+ # permission.
166
+ # Corresponds to the JSON property `rolePermission`
167
+ # @return [String]
168
+ attr_accessor :role_permission
169
+
170
+ # The relevance of the permission's existence, or nonexistence, in the role to
171
+ # the overall determination for the entire policy.
172
+ # Corresponds to the JSON property `rolePermissionRelevance`
173
+ # @return [String]
174
+ attr_accessor :role_permission_relevance
175
+
176
+ def initialize(**args)
177
+ update!(**args)
178
+ end
179
+
180
+ # Update properties of this object
181
+ def update!(**args)
182
+ @access = args[:access] if args.key?(:access)
183
+ @condition = args[:condition] if args.key?(:condition)
184
+ @memberships = args[:memberships] if args.key?(:memberships)
185
+ @relevance = args[:relevance] if args.key?(:relevance)
186
+ @role = args[:role] if args.key?(:role)
187
+ @role_permission = args[:role_permission] if args.key?(:role_permission)
188
+ @role_permission_relevance = args[:role_permission_relevance] if args.key?(:role_permission_relevance)
189
+ end
190
+ end
191
+
192
+ # Details about whether the binding includes the member.
193
+ class GoogleCloudPolicysimulatorV1beta1BindingExplanationAnnotatedMembership
194
+ include Google::Apis::Core::Hashable
195
+
196
+ # Indicates whether the binding includes the member.
197
+ # Corresponds to the JSON property `membership`
198
+ # @return [String]
199
+ attr_accessor :membership
200
+
201
+ # The relevance of the member's status to the overall determination for the
202
+ # binding.
203
+ # Corresponds to the JSON property `relevance`
204
+ # @return [String]
205
+ attr_accessor :relevance
206
+
207
+ def initialize(**args)
208
+ update!(**args)
209
+ end
210
+
211
+ # Update properties of this object
212
+ def update!(**args)
213
+ @membership = args[:membership] if args.key?(:membership)
214
+ @relevance = args[:relevance] if args.key?(:relevance)
215
+ end
216
+ end
217
+
218
+ # Details about how a set of policies, listed in ExplainedPolicy, resulted in a
219
+ # certain AccessState when replaying an access tuple.
220
+ class GoogleCloudPolicysimulatorV1beta1ExplainedAccess
221
+ include Google::Apis::Core::Hashable
222
+
223
+ # Whether the member in the access tuple has permission to access the resource
224
+ # in the access tuple under the given policies.
225
+ # Corresponds to the JSON property `accessState`
226
+ # @return [String]
227
+ attr_accessor :access_state
228
+
229
+ # If the AccessState is `UNKNOWN`, this field contains a list of errors
230
+ # explaining why the result is `UNKNOWN`. If the `AccessState` is `GRANTED` or `
231
+ # NOT_GRANTED`, this field is omitted.
232
+ # Corresponds to the JSON property `errors`
233
+ # @return [Array<Google::Apis::PolicysimulatorV1beta1::GoogleRpcStatus>]
234
+ attr_accessor :errors
235
+
236
+ # If the AccessState is `UNKNOWN`, this field contains the policies that led to
237
+ # that result. If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
238
+ # omitted.
239
+ # Corresponds to the JSON property `policies`
240
+ # @return [Array<Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1ExplainedPolicy>]
241
+ attr_accessor :policies
242
+
243
+ def initialize(**args)
244
+ update!(**args)
245
+ end
246
+
247
+ # Update properties of this object
248
+ def update!(**args)
249
+ @access_state = args[:access_state] if args.key?(:access_state)
250
+ @errors = args[:errors] if args.key?(:errors)
251
+ @policies = args[:policies] if args.key?(:policies)
252
+ end
253
+ end
254
+
255
+ # Details about how a specific IAM Policy contributed to the access check.
256
+ class GoogleCloudPolicysimulatorV1beta1ExplainedPolicy
257
+ include Google::Apis::Core::Hashable
258
+
259
+ # Indicates whether _this policy_ provides the specified permission to the
260
+ # specified member for the specified resource. This field does _not_ indicate
261
+ # whether the member actually has the permission for the resource. There might
262
+ # be another policy that overrides this policy. To determine whether the member
263
+ # actually has the permission, use the `access` field in the
264
+ # TroubleshootIamPolicyResponse.
265
+ # Corresponds to the JSON property `access`
266
+ # @return [String]
267
+ attr_accessor :access
268
+
269
+ # Details about how each binding in the policy affects the member's ability, or
270
+ # inability, to use the permission for the resource. If the user who created the
271
+ # Replay does not have access to the policy, this field is omitted.
272
+ # Corresponds to the JSON property `bindingExplanations`
273
+ # @return [Array<Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1BindingExplanation>]
274
+ attr_accessor :binding_explanations
275
+
276
+ # The full resource name that identifies the resource. For example, `//compute.
277
+ # googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
278
+ # If the user who created the Replay does not have access to the policy, this
279
+ # field is omitted. For examples of full resource names for Google Cloud
280
+ # services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-
281
+ # names.
282
+ # Corresponds to the JSON property `fullResourceName`
283
+ # @return [String]
284
+ attr_accessor :full_resource_name
285
+
286
+ # An Identity and Access Management (IAM) policy, which specifies access
287
+ # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
288
+ # A `binding` binds one or more `members` to a single `role`. Members can be
289
+ # user accounts, service accounts, Google groups, and domains (such as G Suite).
290
+ # A `role` is a named list of permissions; each `role` can be an IAM predefined
291
+ # role or a user-created custom role. For some types of Google Cloud resources,
292
+ # a `binding` can also specify a `condition`, which is a logical expression that
293
+ # allows access to a resource only if the expression evaluates to `true`. A
294
+ # condition can add constraints based on attributes of the request, the resource,
295
+ # or both. To learn which resources support conditions in their IAM policies,
296
+ # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
297
+ # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
298
+ # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
299
+ # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
300
+ # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
301
+ # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
302
+ # title": "expirable access", "description": "Does not grant access after Sep
303
+ # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
304
+ # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
305
+ # members: - user:mike@example.com - group:admins@example.com - domain:google.
306
+ # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
307
+ # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
308
+ # roles/resourcemanager.organizationViewer condition: title: expirable access
309
+ # description: Does not grant access after Sep 2020 expression: request.time <
310
+ # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
311
+ # description of IAM and its features, see the [IAM documentation](https://cloud.
312
+ # google.com/iam/docs/).
313
+ # Corresponds to the JSON property `policy`
314
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleIamV1Policy]
315
+ attr_accessor :policy
316
+
317
+ # The relevance of this policy to the overall determination in the
318
+ # TroubleshootIamPolicyResponse. If the user who created the Replay does not
319
+ # have access to the policy, this field is omitted.
320
+ # Corresponds to the JSON property `relevance`
321
+ # @return [String]
322
+ attr_accessor :relevance
323
+
324
+ def initialize(**args)
325
+ update!(**args)
326
+ end
327
+
328
+ # Update properties of this object
329
+ def update!(**args)
330
+ @access = args[:access] if args.key?(:access)
331
+ @binding_explanations = args[:binding_explanations] if args.key?(:binding_explanations)
332
+ @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
333
+ @policy = args[:policy] if args.key?(:policy)
334
+ @relevance = args[:relevance] if args.key?(:relevance)
335
+ end
336
+ end
337
+
338
+ # Response message for Simulator.ListReplayResults.
339
+ class GoogleCloudPolicysimulatorV1beta1ListReplayResultsResponse
340
+ include Google::Apis::Core::Hashable
341
+
342
+ # A token that you can use to retrieve the next page of ReplayResult objects. If
343
+ # this field is omitted, there are no subsequent pages.
344
+ # Corresponds to the JSON property `nextPageToken`
345
+ # @return [String]
346
+ attr_accessor :next_page_token
347
+
348
+ # The results of running a Replay.
349
+ # Corresponds to the JSON property `replayResults`
350
+ # @return [Array<Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1ReplayResult>]
351
+ attr_accessor :replay_results
352
+
353
+ def initialize(**args)
354
+ update!(**args)
355
+ end
356
+
357
+ # Update properties of this object
358
+ def update!(**args)
359
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
360
+ @replay_results = args[:replay_results] if args.key?(:replay_results)
361
+ end
362
+ end
363
+
364
+ # A resource describing a `Replay`, or simulation.
365
+ class GoogleCloudPolicysimulatorV1beta1Replay
366
+ include Google::Apis::Core::Hashable
367
+
368
+ # The configuration used for a Replay.
369
+ # Corresponds to the JSON property `config`
370
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1ReplayConfig]
371
+ attr_accessor :config
372
+
373
+ # Output only. The resource name of the `Replay`, which has the following format:
374
+ # ``projects|folders|organizations`/`resource-id`/locations/global/replays/`
375
+ # replay-id``, where ``resource-id`` is the ID of the project, folder, or
376
+ # organization that owns the Replay. Example: `projects/my-example-project/
377
+ # locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
378
+ # Corresponds to the JSON property `name`
379
+ # @return [String]
380
+ attr_accessor :name
381
+
382
+ # Summary statistics about the replayed log entries.
383
+ # Corresponds to the JSON property `resultsSummary`
384
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1ReplayResultsSummary]
385
+ attr_accessor :results_summary
386
+
387
+ # Output only. The current state of the `Replay`.
388
+ # Corresponds to the JSON property `state`
389
+ # @return [String]
390
+ attr_accessor :state
391
+
392
+ def initialize(**args)
393
+ update!(**args)
394
+ end
395
+
396
+ # Update properties of this object
397
+ def update!(**args)
398
+ @config = args[:config] if args.key?(:config)
399
+ @name = args[:name] if args.key?(:name)
400
+ @results_summary = args[:results_summary] if args.key?(:results_summary)
401
+ @state = args[:state] if args.key?(:state)
402
+ end
403
+ end
404
+
405
+ # The configuration used for a Replay.
406
+ class GoogleCloudPolicysimulatorV1beta1ReplayConfig
407
+ include Google::Apis::Core::Hashable
408
+
409
+ # The logs to use as input for the Replay.
410
+ # Corresponds to the JSON property `logSource`
411
+ # @return [String]
412
+ attr_accessor :log_source
413
+
414
+ # A mapping of the resources that you want to simulate policies for and the
415
+ # policies that you want to simulate. Keys are the full resource names for the
416
+ # resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-
417
+ # project`. For examples of full resource names for Google Cloud services, see
418
+ # https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values
419
+ # are Policy objects representing the policies that you want to simulate.
420
+ # Replays automatically take into account any IAM policies inherited through the
421
+ # resource hierarchy, and any policies set on descendant resources. You do not
422
+ # need to include these policies in the policy overlay.
423
+ # Corresponds to the JSON property `policyOverlay`
424
+ # @return [Hash<String,Google::Apis::PolicysimulatorV1beta1::GoogleIamV1Policy>]
425
+ attr_accessor :policy_overlay
426
+
427
+ def initialize(**args)
428
+ update!(**args)
429
+ end
430
+
431
+ # Update properties of this object
432
+ def update!(**args)
433
+ @log_source = args[:log_source] if args.key?(:log_source)
434
+ @policy_overlay = args[:policy_overlay] if args.key?(:policy_overlay)
435
+ end
436
+ end
437
+
438
+ # The difference between the results of evaluating an access tuple under the
439
+ # current (baseline) policies and under the proposed (simulated) policies. This
440
+ # difference explains how a member's access could change if the proposed
441
+ # policies were applied.
442
+ class GoogleCloudPolicysimulatorV1beta1ReplayDiff
443
+ include Google::Apis::Core::Hashable
444
+
445
+ # A summary and comparison of the member's access under the current (baseline)
446
+ # policies and the proposed (simulated) policies for a single access tuple.
447
+ # Corresponds to the JSON property `accessDiff`
448
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1AccessStateDiff]
449
+ attr_accessor :access_diff
450
+
451
+ def initialize(**args)
452
+ update!(**args)
453
+ end
454
+
455
+ # Update properties of this object
456
+ def update!(**args)
457
+ @access_diff = args[:access_diff] if args.key?(:access_diff)
458
+ end
459
+ end
460
+
461
+ # Metadata about a Replay operation.
462
+ class GoogleCloudPolicysimulatorV1beta1ReplayOperationMetadata
463
+ include Google::Apis::Core::Hashable
464
+
465
+ # Time when the request was received.
466
+ # Corresponds to the JSON property `startTime`
467
+ # @return [String]
468
+ attr_accessor :start_time
469
+
470
+ def initialize(**args)
471
+ update!(**args)
472
+ end
473
+
474
+ # Update properties of this object
475
+ def update!(**args)
476
+ @start_time = args[:start_time] if args.key?(:start_time)
477
+ end
478
+ end
479
+
480
+ # The result of replaying a single access tuple against a simulated state.
481
+ class GoogleCloudPolicysimulatorV1beta1ReplayResult
482
+ include Google::Apis::Core::Hashable
483
+
484
+ # Information about the member, resource, and permission to check.
485
+ # Corresponds to the JSON property `accessTuple`
486
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1AccessTuple]
487
+ attr_accessor :access_tuple
488
+
489
+ # The difference between the results of evaluating an access tuple under the
490
+ # current (baseline) policies and under the proposed (simulated) policies. This
491
+ # difference explains how a member's access could change if the proposed
492
+ # policies were applied.
493
+ # Corresponds to the JSON property `diff`
494
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleCloudPolicysimulatorV1beta1ReplayDiff]
495
+ attr_accessor :diff
496
+
497
+ # The `Status` type defines a logical error model that is suitable for different
498
+ # programming environments, including REST APIs and RPC APIs. It is used by [
499
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
500
+ # data: error code, error message, and error details. You can find out more
501
+ # about this error model and how to work with it in the [API Design Guide](https:
502
+ # //cloud.google.com/apis/design/errors).
503
+ # Corresponds to the JSON property `error`
504
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleRpcStatus]
505
+ attr_accessor :error
506
+
507
+ # Represents a whole or partial calendar date, such as a birthday. The time of
508
+ # day and time zone are either specified elsewhere or are insignificant. The
509
+ # date is relative to the Gregorian Calendar. This can represent one of the
510
+ # following: * A full date, with non-zero year, month, and day values * A month
511
+ # and day value, with a zero year, such as an anniversary * A year on its own,
512
+ # with zero month and day values * A year and month value, with a zero day, such
513
+ # as a credit card expiration date Related types are google.type.TimeOfDay and `
514
+ # google.protobuf.Timestamp`.
515
+ # Corresponds to the JSON property `lastSeenDate`
516
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleTypeDate]
517
+ attr_accessor :last_seen_date
518
+
519
+ # The resource name of the `ReplayResult`, in the following format: ``projects|
520
+ # folders|organizations`/`resource-id`/locations/global/replays/`replay-id`/
521
+ # results/`replay-result-id``, where ``resource-id`` is the ID of the project,
522
+ # folder, or organization that owns the Replay. Example: `projects/my-example-
523
+ # project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36/results/
524
+ # 1234`
525
+ # Corresponds to the JSON property `name`
526
+ # @return [String]
527
+ attr_accessor :name
528
+
529
+ # The Replay that the access tuple was included in.
530
+ # Corresponds to the JSON property `parent`
531
+ # @return [String]
532
+ attr_accessor :parent
533
+
534
+ def initialize(**args)
535
+ update!(**args)
536
+ end
537
+
538
+ # Update properties of this object
539
+ def update!(**args)
540
+ @access_tuple = args[:access_tuple] if args.key?(:access_tuple)
541
+ @diff = args[:diff] if args.key?(:diff)
542
+ @error = args[:error] if args.key?(:error)
543
+ @last_seen_date = args[:last_seen_date] if args.key?(:last_seen_date)
544
+ @name = args[:name] if args.key?(:name)
545
+ @parent = args[:parent] if args.key?(:parent)
546
+ end
547
+ end
548
+
549
+ # Summary statistics about the replayed log entries.
550
+ class GoogleCloudPolicysimulatorV1beta1ReplayResultsSummary
551
+ include Google::Apis::Core::Hashable
552
+
553
+ # The number of replayed log entries with a difference between baseline and
554
+ # simulated policies.
555
+ # Corresponds to the JSON property `differenceCount`
556
+ # @return [Fixnum]
557
+ attr_accessor :difference_count
558
+
559
+ # The number of log entries that could not be replayed.
560
+ # Corresponds to the JSON property `errorCount`
561
+ # @return [Fixnum]
562
+ attr_accessor :error_count
563
+
564
+ # The total number of log entries replayed.
565
+ # Corresponds to the JSON property `logCount`
566
+ # @return [Fixnum]
567
+ attr_accessor :log_count
568
+
569
+ # Represents a whole or partial calendar date, such as a birthday. The time of
570
+ # day and time zone are either specified elsewhere or are insignificant. The
571
+ # date is relative to the Gregorian Calendar. This can represent one of the
572
+ # following: * A full date, with non-zero year, month, and day values * A month
573
+ # and day value, with a zero year, such as an anniversary * A year on its own,
574
+ # with zero month and day values * A year and month value, with a zero day, such
575
+ # as a credit card expiration date Related types are google.type.TimeOfDay and `
576
+ # google.protobuf.Timestamp`.
577
+ # Corresponds to the JSON property `newestDate`
578
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleTypeDate]
579
+ attr_accessor :newest_date
580
+
581
+ # Represents a whole or partial calendar date, such as a birthday. The time of
582
+ # day and time zone are either specified elsewhere or are insignificant. The
583
+ # date is relative to the Gregorian Calendar. This can represent one of the
584
+ # following: * A full date, with non-zero year, month, and day values * A month
585
+ # and day value, with a zero year, such as an anniversary * A year on its own,
586
+ # with zero month and day values * A year and month value, with a zero day, such
587
+ # as a credit card expiration date Related types are google.type.TimeOfDay and `
588
+ # google.protobuf.Timestamp`.
589
+ # Corresponds to the JSON property `oldestDate`
590
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleTypeDate]
591
+ attr_accessor :oldest_date
592
+
593
+ # The number of replayed log entries with no difference between baseline and
594
+ # simulated policies.
595
+ # Corresponds to the JSON property `unchangedCount`
596
+ # @return [Fixnum]
597
+ attr_accessor :unchanged_count
598
+
599
+ def initialize(**args)
600
+ update!(**args)
601
+ end
602
+
603
+ # Update properties of this object
604
+ def update!(**args)
605
+ @difference_count = args[:difference_count] if args.key?(:difference_count)
606
+ @error_count = args[:error_count] if args.key?(:error_count)
607
+ @log_count = args[:log_count] if args.key?(:log_count)
608
+ @newest_date = args[:newest_date] if args.key?(:newest_date)
609
+ @oldest_date = args[:oldest_date] if args.key?(:oldest_date)
610
+ @unchanged_count = args[:unchanged_count] if args.key?(:unchanged_count)
611
+ end
612
+ end
613
+
614
+ # Specifies the audit configuration for a service. The configuration determines
615
+ # which permission types are logged, and what identities, if any, are exempted
616
+ # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
617
+ # are AuditConfigs for both `allServices` and a specific service, the union of
618
+ # the two AuditConfigs is used for that service: the log_types specified in each
619
+ # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
620
+ # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
621
+ # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
622
+ # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
623
+ # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
624
+ # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
625
+ # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
626
+ # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
627
+ # exempts jose@example.com from DATA_READ logging, and aliya@example.com from
628
+ # DATA_WRITE logging.
629
+ class GoogleIamV1AuditConfig
630
+ include Google::Apis::Core::Hashable
631
+
632
+ # The configuration for logging of each type of permission.
633
+ # Corresponds to the JSON property `auditLogConfigs`
634
+ # @return [Array<Google::Apis::PolicysimulatorV1beta1::GoogleIamV1AuditLogConfig>]
635
+ attr_accessor :audit_log_configs
636
+
637
+ # Specifies a service that will be enabled for audit logging. For example, `
638
+ # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
639
+ # value that covers all services.
640
+ # Corresponds to the JSON property `service`
641
+ # @return [String]
642
+ attr_accessor :service
643
+
644
+ def initialize(**args)
645
+ update!(**args)
646
+ end
647
+
648
+ # Update properties of this object
649
+ def update!(**args)
650
+ @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
651
+ @service = args[:service] if args.key?(:service)
652
+ end
653
+ end
654
+
655
+ # Provides the configuration for logging a type of permissions. Example: ` "
656
+ # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
657
+ # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
658
+ # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
659
+ # DATA_READ logging.
660
+ class GoogleIamV1AuditLogConfig
661
+ include Google::Apis::Core::Hashable
662
+
663
+ # Specifies the identities that do not cause logging for this type of permission.
664
+ # Follows the same format of Binding.members.
665
+ # Corresponds to the JSON property `exemptedMembers`
666
+ # @return [Array<String>]
667
+ attr_accessor :exempted_members
668
+
669
+ # The log type that this config enables.
670
+ # Corresponds to the JSON property `logType`
671
+ # @return [String]
672
+ attr_accessor :log_type
673
+
674
+ def initialize(**args)
675
+ update!(**args)
676
+ end
677
+
678
+ # Update properties of this object
679
+ def update!(**args)
680
+ @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
681
+ @log_type = args[:log_type] if args.key?(:log_type)
682
+ end
683
+ end
684
+
685
+ # Associates `members` with a `role`.
686
+ class GoogleIamV1Binding
687
+ include Google::Apis::Core::Hashable
688
+
689
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
690
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
691
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
692
+ # "Summary size limit" description: "Determines if a summary is less than 100
693
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
694
+ # Requestor is owner" description: "Determines if requestor is the document
695
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
696
+ # Logic): title: "Public documents" description: "Determine whether the document
697
+ # should be publicly visible" expression: "document.type != 'private' &&
698
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
699
+ # string" description: "Create a notification string with a timestamp."
700
+ # expression: "'New message received at ' + string(document.create_time)" The
701
+ # exact variables and functions that may be referenced within an expression are
702
+ # determined by the service that evaluates it. See the service documentation for
703
+ # additional information.
704
+ # Corresponds to the JSON property `condition`
705
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleTypeExpr]
706
+ attr_accessor :condition
707
+
708
+ # Specifies the identities requesting access for a Cloud Platform resource. `
709
+ # members` can have the following values: * `allUsers`: A special identifier
710
+ # that represents anyone who is on the internet; with or without a Google
711
+ # account. * `allAuthenticatedUsers`: A special identifier that represents
712
+ # anyone who is authenticated with a Google account or a service account. * `
713
+ # user:`emailid``: An email address that represents a specific Google account.
714
+ # For example, `alice@example.com` . * `serviceAccount:`emailid``: An email
715
+ # address that represents a service account. For example, `my-other-app@appspot.
716
+ # gserviceaccount.com`. * `group:`emailid``: An email address that represents a
717
+ # Google group. For example, `admins@example.com`. * `deleted:user:`emailid`?uid=
718
+ # `uniqueid``: An email address (plus unique identifier) representing a user
719
+ # that has been recently deleted. For example, `alice@example.com?uid=
720
+ # 123456789012345678901`. If the user is recovered, this value reverts to `user:`
721
+ # emailid`` and the recovered user retains the role in the binding. * `deleted:
722
+ # serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus unique
723
+ # identifier) representing a service account that has been recently deleted. For
724
+ # example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
725
+ # If the service account is undeleted, this value reverts to `serviceAccount:`
726
+ # emailid`` and the undeleted service account retains the role in the binding. *
727
+ # `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
728
+ # identifier) representing a Google group that has been recently deleted. For
729
+ # example, `admins@example.com?uid=123456789012345678901`. If the group is
730
+ # recovered, this value reverts to `group:`emailid`` and the recovered group
731
+ # retains the role in the binding. * `domain:`domain``: The G Suite domain (
732
+ # primary) that represents all the users of that domain. For example, `google.
733
+ # com` or `example.com`.
734
+ # Corresponds to the JSON property `members`
735
+ # @return [Array<String>]
736
+ attr_accessor :members
737
+
738
+ # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`
739
+ # , or `roles/owner`.
740
+ # Corresponds to the JSON property `role`
741
+ # @return [String]
742
+ attr_accessor :role
743
+
744
+ def initialize(**args)
745
+ update!(**args)
746
+ end
747
+
748
+ # Update properties of this object
749
+ def update!(**args)
750
+ @condition = args[:condition] if args.key?(:condition)
751
+ @members = args[:members] if args.key?(:members)
752
+ @role = args[:role] if args.key?(:role)
753
+ end
754
+ end
755
+
756
+ # An Identity and Access Management (IAM) policy, which specifies access
757
+ # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
758
+ # A `binding` binds one or more `members` to a single `role`. Members can be
759
+ # user accounts, service accounts, Google groups, and domains (such as G Suite).
760
+ # A `role` is a named list of permissions; each `role` can be an IAM predefined
761
+ # role or a user-created custom role. For some types of Google Cloud resources,
762
+ # a `binding` can also specify a `condition`, which is a logical expression that
763
+ # allows access to a resource only if the expression evaluates to `true`. A
764
+ # condition can add constraints based on attributes of the request, the resource,
765
+ # or both. To learn which resources support conditions in their IAM policies,
766
+ # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
767
+ # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
768
+ # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
769
+ # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
770
+ # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
771
+ # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
772
+ # title": "expirable access", "description": "Does not grant access after Sep
773
+ # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
774
+ # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
775
+ # members: - user:mike@example.com - group:admins@example.com - domain:google.
776
+ # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
777
+ # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
778
+ # roles/resourcemanager.organizationViewer condition: title: expirable access
779
+ # description: Does not grant access after Sep 2020 expression: request.time <
780
+ # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
781
+ # description of IAM and its features, see the [IAM documentation](https://cloud.
782
+ # google.com/iam/docs/).
783
+ class GoogleIamV1Policy
784
+ include Google::Apis::Core::Hashable
785
+
786
+ # Specifies cloud audit logging configuration for this policy.
787
+ # Corresponds to the JSON property `auditConfigs`
788
+ # @return [Array<Google::Apis::PolicysimulatorV1beta1::GoogleIamV1AuditConfig>]
789
+ attr_accessor :audit_configs
790
+
791
+ # Associates a list of `members` to a `role`. Optionally, may specify a `
792
+ # condition` that determines how and when the `bindings` are applied. Each of
793
+ # the `bindings` must contain at least one member.
794
+ # Corresponds to the JSON property `bindings`
795
+ # @return [Array<Google::Apis::PolicysimulatorV1beta1::GoogleIamV1Binding>]
796
+ attr_accessor :bindings
797
+
798
+ # `etag` is used for optimistic concurrency control as a way to help prevent
799
+ # simultaneous updates of a policy from overwriting each other. It is strongly
800
+ # suggested that systems make use of the `etag` in the read-modify-write cycle
801
+ # to perform policy updates in order to avoid race conditions: An `etag` is
802
+ # returned in the response to `getIamPolicy`, and systems are expected to put
803
+ # that etag in the request to `setIamPolicy` to ensure that their change will be
804
+ # applied to the same version of the policy. **Important:** If you use IAM
805
+ # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
806
+ # If you omit this field, then IAM allows you to overwrite a version `3` policy
807
+ # with a version `1` policy, and all of the conditions in the version `3` policy
808
+ # are lost.
809
+ # Corresponds to the JSON property `etag`
810
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
811
+ # @return [String]
812
+ attr_accessor :etag
813
+
814
+ # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
815
+ # Requests that specify an invalid value are rejected. Any operation that
816
+ # affects conditional role bindings must specify version `3`. This requirement
817
+ # applies to the following operations: * Getting a policy that includes a
818
+ # conditional role binding * Adding a conditional role binding to a policy *
819
+ # Changing a conditional role binding in a policy * Removing any role binding,
820
+ # with or without a condition, from a policy that includes conditions **
821
+ # Important:** If you use IAM Conditions, you must include the `etag` field
822
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
823
+ # to overwrite a version `3` policy with a version `1` policy, and all of the
824
+ # conditions in the version `3` policy are lost. If a policy does not include
825
+ # any conditions, operations on that policy may specify any valid version or
826
+ # leave the field unset. To learn which resources support conditions in their
827
+ # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
828
+ # conditions/resource-policies).
829
+ # Corresponds to the JSON property `version`
830
+ # @return [Fixnum]
831
+ attr_accessor :version
832
+
833
+ def initialize(**args)
834
+ update!(**args)
835
+ end
836
+
837
+ # Update properties of this object
838
+ def update!(**args)
839
+ @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
840
+ @bindings = args[:bindings] if args.key?(:bindings)
841
+ @etag = args[:etag] if args.key?(:etag)
842
+ @version = args[:version] if args.key?(:version)
843
+ end
844
+ end
845
+
846
+ # The response message for Operations.ListOperations.
847
+ class GoogleLongrunningListOperationsResponse
848
+ include Google::Apis::Core::Hashable
849
+
850
+ # The standard List next-page token.
851
+ # Corresponds to the JSON property `nextPageToken`
852
+ # @return [String]
853
+ attr_accessor :next_page_token
854
+
855
+ # A list of operations that matches the specified filter in the request.
856
+ # Corresponds to the JSON property `operations`
857
+ # @return [Array<Google::Apis::PolicysimulatorV1beta1::GoogleLongrunningOperation>]
858
+ attr_accessor :operations
859
+
860
+ def initialize(**args)
861
+ update!(**args)
862
+ end
863
+
864
+ # Update properties of this object
865
+ def update!(**args)
866
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
867
+ @operations = args[:operations] if args.key?(:operations)
868
+ end
869
+ end
870
+
871
+ # This resource represents a long-running operation that is the result of a
872
+ # network API call.
873
+ class GoogleLongrunningOperation
874
+ include Google::Apis::Core::Hashable
875
+
876
+ # If the value is `false`, it means the operation is still in progress. If `true`
877
+ # , the operation is completed, and either `error` or `response` is available.
878
+ # Corresponds to the JSON property `done`
879
+ # @return [Boolean]
880
+ attr_accessor :done
881
+ alias_method :done?, :done
882
+
883
+ # The `Status` type defines a logical error model that is suitable for different
884
+ # programming environments, including REST APIs and RPC APIs. It is used by [
885
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
886
+ # data: error code, error message, and error details. You can find out more
887
+ # about this error model and how to work with it in the [API Design Guide](https:
888
+ # //cloud.google.com/apis/design/errors).
889
+ # Corresponds to the JSON property `error`
890
+ # @return [Google::Apis::PolicysimulatorV1beta1::GoogleRpcStatus]
891
+ attr_accessor :error
892
+
893
+ # Service-specific metadata associated with the operation. It typically contains
894
+ # progress information and common metadata such as create time. Some services
895
+ # might not provide such metadata. Any method that returns a long-running
896
+ # operation should document the metadata type, if any.
897
+ # Corresponds to the JSON property `metadata`
898
+ # @return [Hash<String,Object>]
899
+ attr_accessor :metadata
900
+
901
+ # The server-assigned name, which is only unique within the same service that
902
+ # originally returns it. If you use the default HTTP mapping, the `name` should
903
+ # be a resource name ending with `operations/`unique_id``.
904
+ # Corresponds to the JSON property `name`
905
+ # @return [String]
906
+ attr_accessor :name
907
+
908
+ # The normal response of the operation in case of success. If the original
909
+ # method returns no data on success, such as `Delete`, the response is `google.
910
+ # protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`,
911
+ # the response should be the resource. For other methods, the response should
912
+ # have the type `XxxResponse`, where `Xxx` is the original method name. For
913
+ # example, if the original method name is `TakeSnapshot()`, the inferred
914
+ # response type is `TakeSnapshotResponse`.
915
+ # Corresponds to the JSON property `response`
916
+ # @return [Hash<String,Object>]
917
+ attr_accessor :response
918
+
919
+ def initialize(**args)
920
+ update!(**args)
921
+ end
922
+
923
+ # Update properties of this object
924
+ def update!(**args)
925
+ @done = args[:done] if args.key?(:done)
926
+ @error = args[:error] if args.key?(:error)
927
+ @metadata = args[:metadata] if args.key?(:metadata)
928
+ @name = args[:name] if args.key?(:name)
929
+ @response = args[:response] if args.key?(:response)
930
+ end
931
+ end
932
+
933
+ # The `Status` type defines a logical error model that is suitable for different
934
+ # programming environments, including REST APIs and RPC APIs. It is used by [
935
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
936
+ # data: error code, error message, and error details. You can find out more
937
+ # about this error model and how to work with it in the [API Design Guide](https:
938
+ # //cloud.google.com/apis/design/errors).
939
+ class GoogleRpcStatus
940
+ include Google::Apis::Core::Hashable
941
+
942
+ # The status code, which should be an enum value of google.rpc.Code.
943
+ # Corresponds to the JSON property `code`
944
+ # @return [Fixnum]
945
+ attr_accessor :code
946
+
947
+ # A list of messages that carry the error details. There is a common set of
948
+ # message types for APIs to use.
949
+ # Corresponds to the JSON property `details`
950
+ # @return [Array<Hash<String,Object>>]
951
+ attr_accessor :details
952
+
953
+ # A developer-facing error message, which should be in English. Any user-facing
954
+ # error message should be localized and sent in the google.rpc.Status.details
955
+ # field, or localized by the client.
956
+ # Corresponds to the JSON property `message`
957
+ # @return [String]
958
+ attr_accessor :message
959
+
960
+ def initialize(**args)
961
+ update!(**args)
962
+ end
963
+
964
+ # Update properties of this object
965
+ def update!(**args)
966
+ @code = args[:code] if args.key?(:code)
967
+ @details = args[:details] if args.key?(:details)
968
+ @message = args[:message] if args.key?(:message)
969
+ end
970
+ end
971
+
972
+ # Represents a whole or partial calendar date, such as a birthday. The time of
973
+ # day and time zone are either specified elsewhere or are insignificant. The
974
+ # date is relative to the Gregorian Calendar. This can represent one of the
975
+ # following: * A full date, with non-zero year, month, and day values * A month
976
+ # and day value, with a zero year, such as an anniversary * A year on its own,
977
+ # with zero month and day values * A year and month value, with a zero day, such
978
+ # as a credit card expiration date Related types are google.type.TimeOfDay and `
979
+ # google.protobuf.Timestamp`.
980
+ class GoogleTypeDate
981
+ include Google::Apis::Core::Hashable
982
+
983
+ # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to
984
+ # specify a year by itself or a year and month where the day isn't significant.
985
+ # Corresponds to the JSON property `day`
986
+ # @return [Fixnum]
987
+ attr_accessor :day
988
+
989
+ # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month
990
+ # and day.
991
+ # Corresponds to the JSON property `month`
992
+ # @return [Fixnum]
993
+ attr_accessor :month
994
+
995
+ # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a
996
+ # year.
997
+ # Corresponds to the JSON property `year`
998
+ # @return [Fixnum]
999
+ attr_accessor :year
1000
+
1001
+ def initialize(**args)
1002
+ update!(**args)
1003
+ end
1004
+
1005
+ # Update properties of this object
1006
+ def update!(**args)
1007
+ @day = args[:day] if args.key?(:day)
1008
+ @month = args[:month] if args.key?(:month)
1009
+ @year = args[:year] if args.key?(:year)
1010
+ end
1011
+ end
1012
+
1013
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
1014
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
1015
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
1016
+ # "Summary size limit" description: "Determines if a summary is less than 100
1017
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
1018
+ # Requestor is owner" description: "Determines if requestor is the document
1019
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
1020
+ # Logic): title: "Public documents" description: "Determine whether the document
1021
+ # should be publicly visible" expression: "document.type != 'private' &&
1022
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
1023
+ # string" description: "Create a notification string with a timestamp."
1024
+ # expression: "'New message received at ' + string(document.create_time)" The
1025
+ # exact variables and functions that may be referenced within an expression are
1026
+ # determined by the service that evaluates it. See the service documentation for
1027
+ # additional information.
1028
+ class GoogleTypeExpr
1029
+ include Google::Apis::Core::Hashable
1030
+
1031
+ # Optional. Description of the expression. This is a longer text which describes
1032
+ # the expression, e.g. when hovered over it in a UI.
1033
+ # Corresponds to the JSON property `description`
1034
+ # @return [String]
1035
+ attr_accessor :description
1036
+
1037
+ # Textual representation of an expression in Common Expression Language syntax.
1038
+ # Corresponds to the JSON property `expression`
1039
+ # @return [String]
1040
+ attr_accessor :expression
1041
+
1042
+ # Optional. String indicating the location of the expression for error reporting,
1043
+ # e.g. a file name and a position in the file.
1044
+ # Corresponds to the JSON property `location`
1045
+ # @return [String]
1046
+ attr_accessor :location
1047
+
1048
+ # Optional. Title for the expression, i.e. a short string describing its purpose.
1049
+ # This can be used e.g. in UIs which allow to enter the expression.
1050
+ # Corresponds to the JSON property `title`
1051
+ # @return [String]
1052
+ attr_accessor :title
1053
+
1054
+ def initialize(**args)
1055
+ update!(**args)
1056
+ end
1057
+
1058
+ # Update properties of this object
1059
+ def update!(**args)
1060
+ @description = args[:description] if args.key?(:description)
1061
+ @expression = args[:expression] if args.key?(:expression)
1062
+ @location = args[:location] if args.key?(:location)
1063
+ @title = args[:title] if args.key?(:title)
1064
+ end
1065
+ end
1066
+ end
1067
+ end
1068
+ end