com.google.cloud.policysimulator.v1

Interface BindingExplanationOrBuilder

All Superinterfaces:

com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder

All Known Implementing Classes:

BindingExplanation, BindingExplanation.Builder

public interface BindingExplanationOrBuilder
extends com.google.protobuf.MessageOrBuilder

Method Summary

Modifier and Type	Method and Description
boolean	containsMemberships(String key) Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly.
AccessState	getAccess() Required.
int	getAccessValue() Required.
com.google.type.Expr	getCondition() A condition expression that prevents this binding from granting access unless the expression evaluates to `true`.
com.google.type.ExprOrBuilder	getConditionOrBuilder() A condition expression that prevents this binding from granting access unless the expression evaluates to `true`.
Map<String,BindingExplanation.AnnotatedMembership>	getMemberships() Deprecated.
int	getMembershipsCount() Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly.
Map<String,BindingExplanation.AnnotatedMembership>	getMembershipsMap() Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly.
BindingExplanation.AnnotatedMembership	getMembershipsOrDefault(String key, BindingExplanation.AnnotatedMembership defaultValue) Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly.
BindingExplanation.AnnotatedMembership	getMembershipsOrThrow(String key) Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly.
HeuristicRelevance	getRelevance() The relevance of this binding to the overall determination for the entire policy.
int	getRelevanceValue() The relevance of this binding to the overall determination for the entire policy.
String	getRole() The role that this binding grants.
com.google.protobuf.ByteString	getRoleBytes() The role that this binding grants.
BindingExplanation.RolePermission	getRolePermission() Indicates whether the role granted by this binding contains the specified permission.
HeuristicRelevance	getRolePermissionRelevance() The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.
int	getRolePermissionRelevanceValue() The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.
int	getRolePermissionValue() Indicates whether the role granted by this binding contains the specified permission.
boolean	hasCondition() A condition expression that prevents this binding from granting access unless the expression evaluates to `true`.

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

isInitialized

Method Detail

getAccessValue

int getAccessValue()

 Required. Indicates whether _this binding_ provides the specified
 permission to the specified principal for the specified resource.

 This field does _not_ indicate whether the principal actually has the
 permission for the resource. There might be another binding that overrides
 this binding. To determine whether the principal actually has the
 permission, use the `access` field in the
 [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
 

.google.cloud.policysimulator.v1.AccessState access = 1 [(.google.api.field_behavior) = REQUIRED];

Returns:

The enum numeric value on the wire for access.

getAccess

AccessState getAccess()

 Required. Indicates whether _this binding_ provides the specified
 permission to the specified principal for the specified resource.

 This field does _not_ indicate whether the principal actually has the
 permission for the resource. There might be another binding that overrides
 this binding. To determine whether the principal actually has the
 permission, use the `access` field in the
 [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
 

.google.cloud.policysimulator.v1.AccessState access = 1 [(.google.api.field_behavior) = REQUIRED];

Returns:

The access.

getRole

String getRole()

 The role that this binding grants. For example,
 `roles/compute.serviceAgent`.

 For a complete list of predefined IAM roles, as well as the permissions in
 each role, see https://cloud.google.com/iam/help/roles/reference.
 

string role = 2;

Returns:

The role.

getRoleBytes

com.google.protobuf.ByteString getRoleBytes()

 The role that this binding grants. For example,
 `roles/compute.serviceAgent`.

 For a complete list of predefined IAM roles, as well as the permissions in
 each role, see https://cloud.google.com/iam/help/roles/reference.
 

string role = 2;

Returns:

The bytes for role.

getRolePermissionValue

int getRolePermissionValue()

 Indicates whether the role granted by this binding contains the specified
 permission.
 

.google.cloud.policysimulator.v1.BindingExplanation.RolePermission role_permission = 3;

Returns:

The enum numeric value on the wire for rolePermission.

getRolePermission

BindingExplanation.RolePermission getRolePermission()

 Indicates whether the role granted by this binding contains the specified
 permission.
 

.google.cloud.policysimulator.v1.BindingExplanation.RolePermission role_permission = 3;

Returns:

The rolePermission.

getRolePermissionRelevanceValue

int getRolePermissionRelevanceValue()

 The relevance of the permission's existence, or nonexistence, in the role
 to the overall determination for the entire policy.
 

.google.cloud.policysimulator.v1.HeuristicRelevance role_permission_relevance = 4;

Returns:

The enum numeric value on the wire for rolePermissionRelevance.

getRolePermissionRelevance

HeuristicRelevance getRolePermissionRelevance()

 The relevance of the permission's existence, or nonexistence, in the role
 to the overall determination for the entire policy.
 

.google.cloud.policysimulator.v1.HeuristicRelevance role_permission_relevance = 4;

Returns:

The rolePermissionRelevance.

getMembershipsCount

int getMembershipsCount()

 Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
 

map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

containsMemberships

boolean containsMemberships(String key)

 Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
 

map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

getMemberships

@Deprecated
Map<String,BindingExplanation.AnnotatedMembership> getMemberships()

Deprecated.

Use getMembershipsMap() instead.

getMembershipsMap

Map<String,BindingExplanation.AnnotatedMembership> getMembershipsMap()

 Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
 

map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

getMembershipsOrDefault

BindingExplanation.AnnotatedMembership getMembershipsOrDefault(String key,
                                                               BindingExplanation.AnnotatedMembership defaultValue)

 Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
 

map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

getMembershipsOrThrow

BindingExplanation.AnnotatedMembership getMembershipsOrThrow(String key)

 Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
 

map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

getRelevanceValue

int getRelevanceValue()

 The relevance of this binding to the overall determination for the entire
 policy.
 

.google.cloud.policysimulator.v1.HeuristicRelevance relevance = 6;

Returns:

The enum numeric value on the wire for relevance.

getRelevance

HeuristicRelevance getRelevance()

 The relevance of this binding to the overall determination for the entire
 policy.
 

.google.cloud.policysimulator.v1.HeuristicRelevance relevance = 6;

Returns:

The relevance.

hasCondition

boolean hasCondition()

 A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/docs/conditions-overview.
 

.google.type.Expr condition = 7;

Returns:

Whether the condition field is set.

getCondition

com.google.type.Expr getCondition()

 A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/docs/conditions-overview.
 

.google.type.Expr condition = 7;

Returns:

The condition.

getConditionOrBuilder

com.google.type.ExprOrBuilder getConditionOrBuilder()

 A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/docs/conditions-overview.
 

.google.type.Expr condition = 7;