google-cloud-policy_simulator-v1 0.a → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +12 -0
- data/AUTHENTICATION.md +149 -0
- data/README.md +144 -8
- data/lib/google/cloud/policy_simulator/v1/rest.rb +37 -0
- data/lib/google/cloud/policy_simulator/v1/simulator/client.rb +660 -0
- data/lib/google/cloud/policy_simulator/v1/simulator/credentials.rb +47 -0
- data/lib/google/cloud/policy_simulator/v1/simulator/operations.rb +770 -0
- data/lib/google/cloud/policy_simulator/v1/simulator/paths.rb +91 -0
- data/lib/google/cloud/policy_simulator/v1/simulator/rest/client.rb +560 -0
- data/lib/google/cloud/policy_simulator/v1/simulator/rest/operations.rb +837 -0
- data/lib/google/cloud/policy_simulator/v1/simulator/rest/service_stub.rb +270 -0
- data/lib/google/cloud/policy_simulator/v1/simulator/rest.rb +64 -0
- data/lib/google/cloud/policy_simulator/v1/simulator.rb +67 -0
- data/lib/google/cloud/policy_simulator/v1/version.rb +7 -2
- data/lib/google/cloud/policy_simulator/v1.rb +45 -0
- data/lib/google/cloud/policysimulator/v1/explanations_pb.rb +55 -0
- data/lib/google/cloud/policysimulator/v1/simulator_pb.rb +72 -0
- data/lib/google/cloud/policysimulator/v1/simulator_services_pb.rb +63 -0
- data/lib/google-cloud-policy_simulator-v1.rb +21 -0
- data/proto_docs/README.md +4 -0
- data/proto_docs/google/api/client.rb +381 -0
- data/proto_docs/google/api/field_behavior.rb +71 -0
- data/proto_docs/google/api/launch_stage.rb +71 -0
- data/proto_docs/google/api/resource.rb +222 -0
- data/proto_docs/google/cloud/policysimulator/v1/explanations.rb +277 -0
- data/proto_docs/google/cloud/policysimulator/v1/simulator.rb +396 -0
- data/proto_docs/google/iam/v1/policy.rb +426 -0
- data/proto_docs/google/longrunning/operations.rb +164 -0
- data/proto_docs/google/protobuf/any.rb +144 -0
- data/proto_docs/google/protobuf/duration.rb +98 -0
- data/proto_docs/google/protobuf/empty.rb +34 -0
- data/proto_docs/google/protobuf/timestamp.rb +127 -0
- data/proto_docs/google/rpc/status.rb +48 -0
- data/proto_docs/google/type/date.rb +53 -0
- data/proto_docs/google/type/expr.rb +75 -0
- metadata +215 -12
@@ -0,0 +1,222 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2023 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Api
|
22
|
+
# A simple descriptor of a resource type.
|
23
|
+
#
|
24
|
+
# ResourceDescriptor annotates a resource message (either by means of a
|
25
|
+
# protobuf annotation or use in the service config), and associates the
|
26
|
+
# resource's schema, the resource type, and the pattern of the resource name.
|
27
|
+
#
|
28
|
+
# Example:
|
29
|
+
#
|
30
|
+
# message Topic {
|
31
|
+
# // Indicates this message defines a resource schema.
|
32
|
+
# // Declares the resource type in the format of {service}/{kind}.
|
33
|
+
# // For Kubernetes resources, the format is {api group}/{kind}.
|
34
|
+
# option (google.api.resource) = {
|
35
|
+
# type: "pubsub.googleapis.com/Topic"
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
37
|
+
# };
|
38
|
+
# }
|
39
|
+
#
|
40
|
+
# The ResourceDescriptor Yaml config will look like:
|
41
|
+
#
|
42
|
+
# resources:
|
43
|
+
# - type: "pubsub.googleapis.com/Topic"
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
45
|
+
#
|
46
|
+
# Sometimes, resources have multiple patterns, typically because they can
|
47
|
+
# live under multiple parents.
|
48
|
+
#
|
49
|
+
# Example:
|
50
|
+
#
|
51
|
+
# message LogEntry {
|
52
|
+
# option (google.api.resource) = {
|
53
|
+
# type: "logging.googleapis.com/LogEntry"
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
58
|
+
# };
|
59
|
+
# }
|
60
|
+
#
|
61
|
+
# The ResourceDescriptor Yaml config will look like:
|
62
|
+
#
|
63
|
+
# resources:
|
64
|
+
# - type: 'logging.googleapis.com/LogEntry'
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
69
|
+
# @!attribute [rw] type
|
70
|
+
# @return [::String]
|
71
|
+
# The resource type. It must be in the format of
|
72
|
+
# \\{service_name}/\\{resource_type_kind}. The `resource_type_kind` must be
|
73
|
+
# singular and must not include version numbers.
|
74
|
+
#
|
75
|
+
# Example: `storage.googleapis.com/Bucket`
|
76
|
+
#
|
77
|
+
# The value of the resource_type_kind must follow the regular expression
|
78
|
+
# /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and
|
79
|
+
# should use PascalCase (UpperCamelCase). The maximum number of
|
80
|
+
# characters allowed for the `resource_type_kind` is 100.
|
81
|
+
# @!attribute [rw] pattern
|
82
|
+
# @return [::Array<::String>]
|
83
|
+
# Optional. The relative resource name pattern associated with this resource
|
84
|
+
# type. The DNS prefix of the full resource name shouldn't be specified here.
|
85
|
+
#
|
86
|
+
# The path pattern must follow the syntax, which aligns with HTTP binding
|
87
|
+
# syntax:
|
88
|
+
#
|
89
|
+
# Template = Segment { "/" Segment } ;
|
90
|
+
# Segment = LITERAL | Variable ;
|
91
|
+
# Variable = "{" LITERAL "}" ;
|
92
|
+
#
|
93
|
+
# Examples:
|
94
|
+
#
|
95
|
+
# - "projects/\\{project}/topics/\\{topic}"
|
96
|
+
# - "projects/\\{project}/knowledgeBases/\\{knowledge_base}"
|
97
|
+
#
|
98
|
+
# The components in braces correspond to the IDs for each resource in the
|
99
|
+
# hierarchy. It is expected that, if multiple patterns are provided,
|
100
|
+
# the same component name (e.g. "project") refers to IDs of the same
|
101
|
+
# type of resource.
|
102
|
+
# @!attribute [rw] name_field
|
103
|
+
# @return [::String]
|
104
|
+
# Optional. The field on the resource that designates the resource name
|
105
|
+
# field. If omitted, this is assumed to be "name".
|
106
|
+
# @!attribute [rw] history
|
107
|
+
# @return [::Google::Api::ResourceDescriptor::History]
|
108
|
+
# Optional. The historical or future-looking state of the resource pattern.
|
109
|
+
#
|
110
|
+
# Example:
|
111
|
+
#
|
112
|
+
# // The InspectTemplate message originally only supported resource
|
113
|
+
# // names with organization, and project was added later.
|
114
|
+
# message InspectTemplate {
|
115
|
+
# option (google.api.resource) = {
|
116
|
+
# type: "dlp.googleapis.com/InspectTemplate"
|
117
|
+
# pattern:
|
118
|
+
# "organizations/{organization}/inspectTemplates/{inspect_template}"
|
119
|
+
# pattern: "projects/{project}/inspectTemplates/{inspect_template}"
|
120
|
+
# history: ORIGINALLY_SINGLE_PATTERN
|
121
|
+
# };
|
122
|
+
# }
|
123
|
+
# @!attribute [rw] plural
|
124
|
+
# @return [::String]
|
125
|
+
# The plural name used in the resource name and permission names, such as
|
126
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
127
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
128
|
+
# concept of the `plural` field in k8s CRD spec
|
129
|
+
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
130
|
+
#
|
131
|
+
# Note: The plural form is required even for singleton resources. See
|
132
|
+
# https://aip.dev/156
|
133
|
+
# @!attribute [rw] singular
|
134
|
+
# @return [::String]
|
135
|
+
# The same concept of the `singular` field in k8s CRD spec
|
136
|
+
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
137
|
+
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
138
|
+
# @!attribute [rw] style
|
139
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
140
|
+
# Style flag(s) for this resource.
|
141
|
+
# These indicate that a resource is expected to conform to a given
|
142
|
+
# style. See the specific style flags for additional information.
|
143
|
+
class ResourceDescriptor
|
144
|
+
include ::Google::Protobuf::MessageExts
|
145
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
146
|
+
|
147
|
+
# A description of the historical or future-looking state of the
|
148
|
+
# resource pattern.
|
149
|
+
module History
|
150
|
+
# The "unset" value.
|
151
|
+
HISTORY_UNSPECIFIED = 0
|
152
|
+
|
153
|
+
# The resource originally had one pattern and launched as such, and
|
154
|
+
# additional patterns were added later.
|
155
|
+
ORIGINALLY_SINGLE_PATTERN = 1
|
156
|
+
|
157
|
+
# The resource has one pattern, but the API owner expects to add more
|
158
|
+
# later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents
|
159
|
+
# that from being necessary once there are multiple patterns.)
|
160
|
+
FUTURE_MULTI_PATTERN = 2
|
161
|
+
end
|
162
|
+
|
163
|
+
# A flag representing a specific style that a resource claims to conform to.
|
164
|
+
module Style
|
165
|
+
# The unspecified value. Do not use.
|
166
|
+
STYLE_UNSPECIFIED = 0
|
167
|
+
|
168
|
+
# This resource is intended to be "declarative-friendly".
|
169
|
+
#
|
170
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
171
|
+
# setting this to true communicates to tools that this resource should
|
172
|
+
# adhere to declarative-friendly expectations.
|
173
|
+
#
|
174
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
175
|
+
# additional checks.
|
176
|
+
DECLARATIVE_FRIENDLY = 1
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
# Defines a proto annotation that describes a string field that refers to
|
181
|
+
# an API resource.
|
182
|
+
# @!attribute [rw] type
|
183
|
+
# @return [::String]
|
184
|
+
# The resource type that the annotated field references.
|
185
|
+
#
|
186
|
+
# Example:
|
187
|
+
#
|
188
|
+
# message Subscription {
|
189
|
+
# string topic = 2 [(google.api.resource_reference) = {
|
190
|
+
# type: "pubsub.googleapis.com/Topic"
|
191
|
+
# }];
|
192
|
+
# }
|
193
|
+
#
|
194
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
195
|
+
# APIs use the special value * in their resource reference.
|
196
|
+
#
|
197
|
+
# Example:
|
198
|
+
#
|
199
|
+
# message GetIamPolicyRequest {
|
200
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
201
|
+
# type: "*"
|
202
|
+
# }];
|
203
|
+
# }
|
204
|
+
# @!attribute [rw] child_type
|
205
|
+
# @return [::String]
|
206
|
+
# The resource type of a child collection that the annotated field
|
207
|
+
# references. This is useful for annotating the `parent` field that
|
208
|
+
# doesn't have a fixed resource type.
|
209
|
+
#
|
210
|
+
# Example:
|
211
|
+
#
|
212
|
+
# message ListLogEntriesRequest {
|
213
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
214
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
215
|
+
# };
|
216
|
+
# }
|
217
|
+
class ResourceReference
|
218
|
+
include ::Google::Protobuf::MessageExts
|
219
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
220
|
+
end
|
221
|
+
end
|
222
|
+
end
|
@@ -0,0 +1,277 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2023 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module PolicySimulator
|
23
|
+
module V1
|
24
|
+
# Information about the principal, resource, and permission to check.
|
25
|
+
# @!attribute [rw] principal
|
26
|
+
# @return [::String]
|
27
|
+
# Required. The principal whose access you want to check, in the form of
|
28
|
+
# the email address that represents that principal. For example,
|
29
|
+
# `alice@example.com` or
|
30
|
+
# `my-service-account@my-project.iam.gserviceaccount.com`.
|
31
|
+
#
|
32
|
+
# The principal must be a Google Account or a service account. Other types of
|
33
|
+
# principals are not supported.
|
34
|
+
# @!attribute [rw] full_resource_name
|
35
|
+
# @return [::String]
|
36
|
+
# Required. The full resource name that identifies the resource. For example,
|
37
|
+
# `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
|
38
|
+
#
|
39
|
+
# For examples of full resource names for Google Cloud services, see
|
40
|
+
# https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
|
41
|
+
# @!attribute [rw] permission
|
42
|
+
# @return [::String]
|
43
|
+
# Required. The IAM permission to check for the specified principal and
|
44
|
+
# resource.
|
45
|
+
#
|
46
|
+
# For a complete list of IAM permissions, see
|
47
|
+
# https://cloud.google.com/iam/help/permissions/reference.
|
48
|
+
#
|
49
|
+
# For a complete list of predefined IAM roles and the permissions in each
|
50
|
+
# role, see https://cloud.google.com/iam/help/roles/reference.
|
51
|
+
class AccessTuple
|
52
|
+
include ::Google::Protobuf::MessageExts
|
53
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
54
|
+
end
|
55
|
+
|
56
|
+
# Details about how a specific IAM {::Google::Iam::V1::Policy Policy} contributed
|
57
|
+
# to the access check.
|
58
|
+
# @!attribute [rw] access
|
59
|
+
# @return [::Google::Cloud::PolicySimulator::V1::AccessState]
|
60
|
+
# Indicates whether _this policy_ provides the specified permission to the
|
61
|
+
# specified principal for the specified resource.
|
62
|
+
#
|
63
|
+
# This field does _not_ indicate whether the principal actually has the
|
64
|
+
# permission for the resource. There might be another policy that overrides
|
65
|
+
# this policy. To determine whether the principal actually has the
|
66
|
+
# permission, use the `access` field in the
|
67
|
+
# [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
|
68
|
+
# @!attribute [rw] full_resource_name
|
69
|
+
# @return [::String]
|
70
|
+
# The full resource name that identifies the resource. For example,
|
71
|
+
# `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
|
72
|
+
#
|
73
|
+
# If the user who created the
|
74
|
+
# {::Google::Cloud::PolicySimulator::V1::Replay Replay} does not have
|
75
|
+
# access to the policy, this field is omitted.
|
76
|
+
#
|
77
|
+
# For examples of full resource names for Google Cloud services, see
|
78
|
+
# https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
|
79
|
+
# @!attribute [rw] policy
|
80
|
+
# @return [::Google::Iam::V1::Policy]
|
81
|
+
# The IAM policy attached to the resource.
|
82
|
+
#
|
83
|
+
# If the user who created the
|
84
|
+
# {::Google::Cloud::PolicySimulator::V1::Replay Replay} does not have
|
85
|
+
# access to the policy, this field is empty.
|
86
|
+
# @!attribute [rw] binding_explanations
|
87
|
+
# @return [::Array<::Google::Cloud::PolicySimulator::V1::BindingExplanation>]
|
88
|
+
# Details about how each binding in the policy affects the principal's
|
89
|
+
# ability, or inability, to use the permission for the resource.
|
90
|
+
#
|
91
|
+
# If the user who created the
|
92
|
+
# {::Google::Cloud::PolicySimulator::V1::Replay Replay} does not have
|
93
|
+
# access to the policy, this field is omitted.
|
94
|
+
# @!attribute [rw] relevance
|
95
|
+
# @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance]
|
96
|
+
# The relevance of this policy to the overall determination in the
|
97
|
+
# [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
|
98
|
+
#
|
99
|
+
# If the user who created the
|
100
|
+
# {::Google::Cloud::PolicySimulator::V1::Replay Replay} does not have
|
101
|
+
# access to the policy, this field is omitted.
|
102
|
+
class ExplainedPolicy
|
103
|
+
include ::Google::Protobuf::MessageExts
|
104
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
105
|
+
end
|
106
|
+
|
107
|
+
# Details about how a binding in a policy affects a principal's ability to use
|
108
|
+
# a permission.
|
109
|
+
# @!attribute [rw] access
|
110
|
+
# @return [::Google::Cloud::PolicySimulator::V1::AccessState]
|
111
|
+
# Required. Indicates whether _this binding_ provides the specified
|
112
|
+
# permission to the specified principal for the specified resource.
|
113
|
+
#
|
114
|
+
# This field does _not_ indicate whether the principal actually has the
|
115
|
+
# permission for the resource. There might be another binding that overrides
|
116
|
+
# this binding. To determine whether the principal actually has the
|
117
|
+
# permission, use the `access` field in the
|
118
|
+
# [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
|
119
|
+
# @!attribute [rw] role
|
120
|
+
# @return [::String]
|
121
|
+
# The role that this binding grants. For example,
|
122
|
+
# `roles/compute.serviceAgent`.
|
123
|
+
#
|
124
|
+
# For a complete list of predefined IAM roles, as well as the permissions in
|
125
|
+
# each role, see https://cloud.google.com/iam/help/roles/reference.
|
126
|
+
# @!attribute [rw] role_permission
|
127
|
+
# @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::RolePermission]
|
128
|
+
# Indicates whether the role granted by this binding contains the specified
|
129
|
+
# permission.
|
130
|
+
# @!attribute [rw] role_permission_relevance
|
131
|
+
# @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance]
|
132
|
+
# The relevance of the permission's existence, or nonexistence, in the role
|
133
|
+
# to the overall determination for the entire policy.
|
134
|
+
# @!attribute [rw] memberships
|
135
|
+
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership}]
|
136
|
+
# Indicates whether each principal in the binding includes the principal
|
137
|
+
# specified in the request, either directly or indirectly. Each key
|
138
|
+
# identifies a principal in the binding, and each value indicates whether the
|
139
|
+
# principal in the binding includes the principal in the request.
|
140
|
+
#
|
141
|
+
# For example, suppose that a binding includes the following principals:
|
142
|
+
#
|
143
|
+
# * `user:alice@example.com`
|
144
|
+
# * `group:product-eng@example.com`
|
145
|
+
#
|
146
|
+
# The principal in the replayed access tuple is `user:bob@example.com`. This
|
147
|
+
# user is a principal of the group `group:product-eng@example.com`.
|
148
|
+
#
|
149
|
+
# For the first principal in the binding, the key is
|
150
|
+
# `user:alice@example.com`, and the `membership` field in the value is set to
|
151
|
+
# `MEMBERSHIP_NOT_INCLUDED`.
|
152
|
+
#
|
153
|
+
# For the second principal in the binding, the key is
|
154
|
+
# `group:product-eng@example.com`, and the `membership` field in the value is
|
155
|
+
# set to `MEMBERSHIP_INCLUDED`.
|
156
|
+
# @!attribute [rw] relevance
|
157
|
+
# @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance]
|
158
|
+
# The relevance of this binding to the overall determination for the entire
|
159
|
+
# policy.
|
160
|
+
# @!attribute [rw] condition
|
161
|
+
# @return [::Google::Type::Expr]
|
162
|
+
# A condition expression that prevents this binding from granting access
|
163
|
+
# unless the expression evaluates to `true`.
|
164
|
+
#
|
165
|
+
# To learn about IAM Conditions, see
|
166
|
+
# https://cloud.google.com/iam/docs/conditions-overview.
|
167
|
+
class BindingExplanation
|
168
|
+
include ::Google::Protobuf::MessageExts
|
169
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
170
|
+
|
171
|
+
# Details about whether the binding includes the principal.
|
172
|
+
# @!attribute [rw] membership
|
173
|
+
# @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::Membership]
|
174
|
+
# Indicates whether the binding includes the principal.
|
175
|
+
# @!attribute [rw] relevance
|
176
|
+
# @return [::Google::Cloud::PolicySimulator::V1::HeuristicRelevance]
|
177
|
+
# The relevance of the principal's status to the overall determination for
|
178
|
+
# the binding.
|
179
|
+
class AnnotatedMembership
|
180
|
+
include ::Google::Protobuf::MessageExts
|
181
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
182
|
+
end
|
183
|
+
|
184
|
+
# @!attribute [rw] key
|
185
|
+
# @return [::String]
|
186
|
+
# @!attribute [rw] value
|
187
|
+
# @return [::Google::Cloud::PolicySimulator::V1::BindingExplanation::AnnotatedMembership]
|
188
|
+
class MembershipsEntry
|
189
|
+
include ::Google::Protobuf::MessageExts
|
190
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
191
|
+
end
|
192
|
+
|
193
|
+
# Whether a role includes a specific permission.
|
194
|
+
module RolePermission
|
195
|
+
# Default value. This value is unused.
|
196
|
+
ROLE_PERMISSION_UNSPECIFIED = 0
|
197
|
+
|
198
|
+
# The permission is included in the role.
|
199
|
+
ROLE_PERMISSION_INCLUDED = 1
|
200
|
+
|
201
|
+
# The permission is not included in the role.
|
202
|
+
ROLE_PERMISSION_NOT_INCLUDED = 2
|
203
|
+
|
204
|
+
# The user who created the
|
205
|
+
# {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not
|
206
|
+
# allowed to access the binding.
|
207
|
+
ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3
|
208
|
+
end
|
209
|
+
|
210
|
+
# Whether the binding includes the principal.
|
211
|
+
module Membership
|
212
|
+
# Default value. This value is unused.
|
213
|
+
MEMBERSHIP_UNSPECIFIED = 0
|
214
|
+
|
215
|
+
# The binding includes the principal. The principal can be included
|
216
|
+
# directly or indirectly. For example:
|
217
|
+
#
|
218
|
+
# * A principal is included directly if that principal is listed in the
|
219
|
+
# binding.
|
220
|
+
# * A principal is included indirectly if that principal is in a Google
|
221
|
+
# group or Google Workspace domain that is listed in the binding.
|
222
|
+
MEMBERSHIP_INCLUDED = 1
|
223
|
+
|
224
|
+
# The binding does not include the principal.
|
225
|
+
MEMBERSHIP_NOT_INCLUDED = 2
|
226
|
+
|
227
|
+
# The user who created the
|
228
|
+
# {::Google::Cloud::PolicySimulator::V1::Replay Replay} is not
|
229
|
+
# allowed to access the binding.
|
230
|
+
MEMBERSHIP_UNKNOWN_INFO_DENIED = 3
|
231
|
+
|
232
|
+
# The principal is an unsupported type. Only Google Accounts and service
|
233
|
+
# accounts are supported.
|
234
|
+
MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4
|
235
|
+
end
|
236
|
+
end
|
237
|
+
|
238
|
+
# Whether a principal has a permission for a resource.
|
239
|
+
module AccessState
|
240
|
+
# Default value. This value is unused.
|
241
|
+
ACCESS_STATE_UNSPECIFIED = 0
|
242
|
+
|
243
|
+
# The principal has the permission.
|
244
|
+
GRANTED = 1
|
245
|
+
|
246
|
+
# The principal does not have the permission.
|
247
|
+
NOT_GRANTED = 2
|
248
|
+
|
249
|
+
# The principal has the permission only if a condition expression evaluates
|
250
|
+
# to `true`.
|
251
|
+
UNKNOWN_CONDITIONAL = 3
|
252
|
+
|
253
|
+
# The user who created the
|
254
|
+
# {::Google::Cloud::PolicySimulator::V1::Replay Replay} does not have
|
255
|
+
# access to all of the policies that Policy Simulator needs to evaluate.
|
256
|
+
UNKNOWN_INFO_DENIED = 4
|
257
|
+
end
|
258
|
+
|
259
|
+
# The extent to which a single data point, such as the existence of a binding
|
260
|
+
# or whether a binding includes a specific principal, contributes to an overall
|
261
|
+
# determination.
|
262
|
+
module HeuristicRelevance
|
263
|
+
# Default value. This value is unused.
|
264
|
+
HEURISTIC_RELEVANCE_UNSPECIFIED = 0
|
265
|
+
|
266
|
+
# The data point has a limited effect on the result. Changing the data point
|
267
|
+
# is unlikely to affect the overall determination.
|
268
|
+
NORMAL = 1
|
269
|
+
|
270
|
+
# The data point has a strong effect on the result. Changing the data point
|
271
|
+
# is likely to affect the overall determination.
|
272
|
+
HIGH = 2
|
273
|
+
end
|
274
|
+
end
|
275
|
+
end
|
276
|
+
end
|
277
|
+
end
|