google-cloud-policy_simulator-v1 0.a → 0.1.0

data/proto_docs/google/cloud/policysimulator/v1/simulator.rb

@@ -0,0 +1,396 @@
+# frozen_string_literal: true
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module PolicySimulator
+      module V1
+        # A resource describing a `Replay`, or simulation.
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. The resource name of the `Replay`, which has the following
+        #     format:
+        #
+        #     `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
+        #     where `{resource-id}` is the ID of the project, folder, or organization
+        #     that owns the Replay.
+        #
+        #     Example:
+        #     `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
+        # @!attribute [r] state
+        #   @return [::Google::Cloud::PolicySimulator::V1::Replay::State]
+        #     Output only. The current state of the `Replay`.
+        # @!attribute [rw] config
+        #   @return [::Google::Cloud::PolicySimulator::V1::ReplayConfig]
+        #     Required. The configuration used for the `Replay`.
+        # @!attribute [r] results_summary
+        #   @return [::Google::Cloud::PolicySimulator::V1::Replay::ResultsSummary]
+        #     Output only. Summary statistics about the replayed log entries.
+        class Replay
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Summary statistics about the replayed log entries.
+          # @!attribute [rw] log_count
+          #   @return [::Integer]
+          #     The total number of log entries replayed.
+          # @!attribute [rw] unchanged_count
+          #   @return [::Integer]
+          #     The number of replayed log entries with no difference between
+          #     baseline and simulated policies.
+          # @!attribute [rw] difference_count
+          #   @return [::Integer]
+          #     The number of replayed log entries with a difference between baseline and
+          #     simulated policies.
+          # @!attribute [rw] error_count
+          #   @return [::Integer]
+          #     The number of log entries that could not be replayed.
+          # @!attribute [rw] oldest_date
+          #   @return [::Google::Type::Date]
+          #     The date of the oldest log entry replayed.
+          # @!attribute [rw] newest_date
+          #   @return [::Google::Type::Date]
+          #     The date of the newest log entry replayed.
+          class ResultsSummary
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # The current state of the {::Google::Cloud::PolicySimulator::V1::Replay Replay}.
+          module State
+            # Default value. This value is unused.
+            STATE_UNSPECIFIED = 0
+
+            # The `Replay` has not started yet.
+            PENDING = 1
+
+            # The `Replay` is currently running.
+            RUNNING = 2
+
+            # The `Replay` has successfully completed.
+            SUCCEEDED = 3
+
+            # The `Replay` has finished with an error.
+            FAILED = 4
+          end
+        end
+
+        # The result of replaying a single access tuple against a simulated state.
+        # @!attribute [rw] diff
+        #   @return [::Google::Cloud::PolicySimulator::V1::ReplayDiff]
+        #     The difference between the principal's access under the current
+        #     (baseline) policies and the principal's access under the proposed
+        #     (simulated) policies.
+        #
+        #     This field is only included for access tuples that were successfully
+        #     replayed and had different results under the current policies and the
+        #     proposed policies.
+        # @!attribute [rw] error
+        #   @return [::Google::Rpc::Status]
+        #     The error that caused the access tuple replay to fail.
+        #
+        #     This field is only included for access tuples that were not replayed
+        #     successfully.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The resource name of the `ReplayResult`, in the following format:
+        #
+        #     `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}/results/{replay-result-id}`,
+        #     where `{resource-id}` is the ID of the project, folder, or organization
+        #     that owns the {::Google::Cloud::PolicySimulator::V1::Replay Replay}.
+        #
+        #     Example:
+        #     `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36/results/1234`
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     The {::Google::Cloud::PolicySimulator::V1::Replay Replay} that the access tuple
+        #     was included in.
+        # @!attribute [rw] access_tuple
+        #   @return [::Google::Cloud::PolicySimulator::V1::AccessTuple]
+        #     The access tuple that was replayed. This field includes information about
+        #     the principal, resource, and permission that were involved in the access
+        #     attempt.
+        # @!attribute [rw] last_seen_date
+        #   @return [::Google::Type::Date]
+        #     The latest date this access tuple was seen in the logs.
+        class ReplayResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for
+        # {::Google::Cloud::PolicySimulator::V1::Simulator::Client#create_replay Simulator.CreateReplay}.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The parent resource where this
+        #     {::Google::Cloud::PolicySimulator::V1::Replay Replay} will be created. This
+        #     resource must be a project, folder, or organization with a location.
+        #
+        #     Example: `projects/my-example-project/locations/global`
+        # @!attribute [rw] replay
+        #   @return [::Google::Cloud::PolicySimulator::V1::Replay]
+        #     Required. The {::Google::Cloud::PolicySimulator::V1::Replay Replay} to create.
+        #     Set `Replay.ReplayConfig` to configure the replay.
+        class CreateReplayRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Metadata about a Replay operation.
+        # @!attribute [rw] start_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Time when the request was received.
+        class ReplayOperationMetadata
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for
+        # {::Google::Cloud::PolicySimulator::V1::Simulator::Client#get_replay Simulator.GetReplay}.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the {::Google::Cloud::PolicySimulator::V1::Replay Replay}
+        #     to retrieve, in the following format:
+        #
+        #     `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
+        #     where `{resource-id}` is the ID of the project, folder, or organization
+        #     that owns the `Replay`.
+        #
+        #     Example:
+        #     `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
+        class GetReplayRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for
+        # {::Google::Cloud::PolicySimulator::V1::Simulator::Client#list_replay_results Simulator.ListReplayResults}.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The {::Google::Cloud::PolicySimulator::V1::Replay Replay} whose
+        #     results are listed, in the following format:
+        #
+        #     `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`
+        #
+        #     Example:
+        #     `projects/my-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of
+        #     {::Google::Cloud::PolicySimulator::V1::ReplayResult ReplayResult} objects to
+        #     return. Defaults to 5000.
+        #
+        #     The maximum value is 5000; values above 5000 are rounded down to 5000.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A page token, received from a previous
+        #     {::Google::Cloud::PolicySimulator::V1::Simulator::Client#list_replay_results Simulator.ListReplayResults}
+        #     call. Provide this token to retrieve the next page of results.
+        #
+        #     When paginating, all other parameters provided to
+        #     [Simulator.ListReplayResults[] must match the call that provided the page
+        #     token.
+        class ListReplayResultsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for
+        # {::Google::Cloud::PolicySimulator::V1::Simulator::Client#list_replay_results Simulator.ListReplayResults}.
+        # @!attribute [rw] replay_results
+        #   @return [::Array<::Google::Cloud::PolicySimulator::V1::ReplayResult>]
+        #     The results of running a {::Google::Cloud::PolicySimulator::V1::Replay Replay}.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     A token that you can use to retrieve the next page of
+        #     {::Google::Cloud::PolicySimulator::V1::ReplayResult ReplayResult} objects. If
+        #     this field is omitted, there are no subsequent pages.
+        class ListReplayResultsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The configuration used for a
+        # {::Google::Cloud::PolicySimulator::V1::Replay Replay}.
+        # @!attribute [rw] policy_overlay
+        #   @return [::Google::Protobuf::Map{::String => ::Google::Iam::V1::Policy}]
+        #     A mapping of the resources that you want to simulate policies for and the
+        #     policies that you want to simulate.
+        #
+        #     Keys are the full resource names for the resources. For example,
+        #     `//cloudresourcemanager.googleapis.com/projects/my-project`.
+        #     For examples of full resource names for Google Cloud services, see
+        #     https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+        #
+        #     Values are {::Google::Iam::V1::Policy Policy} objects representing the policies
+        #     that you want to simulate.
+        #
+        #     Replays automatically take into account any IAM policies inherited through
+        #     the resource hierarchy, and any policies set on descendant resources. You
+        #     do not need to include these policies in the policy overlay.
+        # @!attribute [rw] log_source
+        #   @return [::Google::Cloud::PolicySimulator::V1::ReplayConfig::LogSource]
+        #     The logs to use as input for the
+        #     {::Google::Cloud::PolicySimulator::V1::Replay Replay}.
+        class ReplayConfig
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::Google::Iam::V1::Policy]
+          class PolicyOverlayEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # The source of the logs to use for a
+          # {::Google::Cloud::PolicySimulator::V1::Replay Replay}.
+          module LogSource
+            # An unspecified log source.
+            # If the log source is unspecified, the
+            # {::Google::Cloud::PolicySimulator::V1::Replay Replay} defaults to using
+            # `RECENT_ACCESSES`.
+            LOG_SOURCE_UNSPECIFIED = 0
+
+            # All access logs from the last 90 days. These logs may not include logs
+            # from the most recent 7 days.
+            RECENT_ACCESSES = 1
+          end
+        end
+
+        # The difference between the results of evaluating an access tuple under
+        # the current (baseline) policies and under the proposed (simulated) policies.
+        # This difference explains how a principal's access could change if the
+        # proposed policies were applied.
+        # @!attribute [rw] access_diff
+        #   @return [::Google::Cloud::PolicySimulator::V1::AccessStateDiff]
+        #     A summary and comparison of the principal's access under the current
+        #     (baseline) policies and the proposed (simulated) policies for a single
+        #     access tuple.
+        #
+        #     The evaluation of the principal's access is reported in the
+        #     {::Google::Cloud::PolicySimulator::V1::AccessState AccessState} field.
+        class ReplayDiff
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A summary and comparison of the principal's access under the current
+        # (baseline) policies and the proposed (simulated) policies for a single
+        # access tuple.
+        # @!attribute [rw] baseline
+        #   @return [::Google::Cloud::PolicySimulator::V1::ExplainedAccess]
+        #     The results of evaluating the access tuple under the current (baseline)
+        #     policies.
+        #
+        #     If the {::Google::Cloud::PolicySimulator::V1::AccessState AccessState} couldn't
+        #     be fully evaluated, this field explains why.
+        # @!attribute [rw] simulated
+        #   @return [::Google::Cloud::PolicySimulator::V1::ExplainedAccess]
+        #     The results of evaluating the access tuple under the proposed (simulated)
+        #     policies.
+        #
+        #     If the AccessState couldn't be fully evaluated, this field explains why.
+        # @!attribute [rw] access_change
+        #   @return [::Google::Cloud::PolicySimulator::V1::AccessStateDiff::AccessChangeType]
+        #     How the principal's access, specified in the AccessState field, changed
+        #     between the current (baseline) policies and proposed (simulated) policies.
+        class AccessStateDiff
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # How the principal's access, specified in the AccessState field, changed
+          # between the current (baseline) policies and proposed (simulated) policies.
+          module AccessChangeType
+            # Default value. This value is unused.
+            ACCESS_CHANGE_TYPE_UNSPECIFIED = 0
+
+            # The principal's access did not change.
+            # This includes the case where both baseline and simulated are UNKNOWN,
+            # but the unknown information is equivalent.
+            NO_CHANGE = 1
+
+            # The principal's access under both the current policies and the proposed
+            # policies is `UNKNOWN`, but the unknown information differs between them.
+            UNKNOWN_CHANGE = 2
+
+            # The principal had access under the current policies (`GRANTED`), but will
+            # no longer have access after the proposed changes (`NOT_GRANTED`).
+            ACCESS_REVOKED = 3
+
+            # The principal did not have access under the current policies
+            # (`NOT_GRANTED`), but will have access after the proposed changes
+            # (`GRANTED`).
+            ACCESS_GAINED = 4
+
+            # This result can occur for the following reasons:
+            #
+            # * The principal had access under the current policies (`GRANTED`), but
+            #   their access after the proposed changes is `UNKNOWN`.
+            #
+            # * The principal's access under the current policies is `UNKNOWN`, but
+            # they
+            #   will not have access after the proposed changes (`NOT_GRANTED`).
+            ACCESS_MAYBE_REVOKED = 5
+
+            # This result can occur for the following reasons:
+            #
+            # * The principal did not have access under the current policies
+            #   (`NOT_GRANTED`), but their access after the proposed changes is
+            #   `UNKNOWN`.
+            #
+            # * The principal's access under the current policies is `UNKNOWN`, but
+            # they will have access after the proposed changes (`GRANTED`).
+            ACCESS_MAYBE_GAINED = 6
+          end
+        end
+
+        # Details about how a set of policies, listed in
+        # {::Google::Cloud::PolicySimulator::V1::ExplainedPolicy ExplainedPolicy}, resulted
+        # in a certain {::Google::Cloud::PolicySimulator::V1::AccessState AccessState} when
+        # replaying an access tuple.
+        # @!attribute [rw] access_state
+        #   @return [::Google::Cloud::PolicySimulator::V1::AccessState]
+        #     Whether the principal in the access tuple has permission to access the
+        #     resource in the access tuple under the given policies.
+        # @!attribute [rw] policies
+        #   @return [::Array<::Google::Cloud::PolicySimulator::V1::ExplainedPolicy>]
+        #     If the {::Google::Cloud::PolicySimulator::V1::AccessState AccessState} is
+        #     `UNKNOWN`, this field contains the policies that led to that result.
+        #
+        #     If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
+        #     omitted.
+        # @!attribute [rw] errors
+        #   @return [::Array<::Google::Rpc::Status>]
+        #     If the {::Google::Cloud::PolicySimulator::V1::AccessState AccessState} is
+        #     `UNKNOWN`, this field contains a list of errors explaining why the result
+        #     is `UNKNOWN`.
+        #
+        #     If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
+        #     omitted.
+        class ExplainedAccess
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end