Package google.cloud.policytroubleshooter.v1

Class Explanations.BindingExplanation

  • All Implemented Interfaces:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Explanations.BindingExplanationOrBuilder, Serializable
    Enclosing class:
    Explanations
    public static final class Explanations.BindingExplanation
extends com.google.protobuf.GeneratedMessageV3
implements Explanations.BindingExplanationOrBuilder
     Details about how a binding in a policy affects a principal's ability to use
 a permission.
    Protobuf type google.cloud.policytroubleshooter.v1.BindingExplanation
    See Also:
    Serialized Form

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetMapField

        protected com.google.protobuf.MapField internalGetMapField​(int number)
        Overrides:
        internalGetMapField in class com.google.protobuf.GeneratedMessageV3

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getAccessValue

        public int getAccessValue()
         Required. Indicates whether _this binding_ provides the specified
 permission to the specified principal for the specified resource.

 This field does _not_ indicate whether the principal actually has the
 permission for the resource. There might be another binding that overrides
 this binding. To determine whether the principal actually has the
 permission, use the `access` field in the
 [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
        .google.cloud.policytroubleshooter.v1.AccessState access = 1 [(.google.api.field_behavior) = REQUIRED];
        Specified by:
        getAccessValue in interface Explanations.BindingExplanationOrBuilder
        Returns:
        The enum numeric value on the wire for access.

      • getAccess

        public Explanations.AccessState getAccess()
         Required. Indicates whether _this binding_ provides the specified
 permission to the specified principal for the specified resource.

 This field does _not_ indicate whether the principal actually has the
 permission for the resource. There might be another binding that overrides
 this binding. To determine whether the principal actually has the
 permission, use the `access` field in the
 [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
        .google.cloud.policytroubleshooter.v1.AccessState access = 1 [(.google.api.field_behavior) = REQUIRED];
        Specified by:
        getAccess in interface Explanations.BindingExplanationOrBuilder
        Returns:
        The access.

      • getRole

        public String getRole()
         The role that this binding grants. For example,
 `roles/compute.serviceAgent`.

 For a complete list of predefined IAM roles, as well as the permissions in
 each role, see https://cloud.google.com/iam/help/roles/reference.
        string role = 2;
        Specified by:
        getRole in interface Explanations.BindingExplanationOrBuilder
        Returns:
        The role.

      • getRoleBytes

        public com.google.protobuf.ByteString getRoleBytes()
         The role that this binding grants. For example,
 `roles/compute.serviceAgent`.

 For a complete list of predefined IAM roles, as well as the permissions in
 each role, see https://cloud.google.com/iam/help/roles/reference.
        string role = 2;
        Specified by:
        getRoleBytes in interface Explanations.BindingExplanationOrBuilder
        Returns:
        The bytes for role.

      • getRolePermissionValue

        public int getRolePermissionValue()
         Indicates whether the role granted by this binding contains the specified
 permission.
        .google.cloud.policytroubleshooter.v1.BindingExplanation.RolePermission role_permission = 3;
        Specified by:
        getRolePermissionValue in interface Explanations.BindingExplanationOrBuilder
        Returns:
        The enum numeric value on the wire for rolePermission.

      • getRolePermissionRelevanceValue

        public int getRolePermissionRelevanceValue()
         The relevance of the permission's existence, or nonexistence, in the role
 to the overall determination for the entire policy.
        .google.cloud.policytroubleshooter.v1.HeuristicRelevance role_permission_relevance = 4;
        Specified by:
        getRolePermissionRelevanceValue in interface Explanations.BindingExplanationOrBuilder
        Returns:
        The enum numeric value on the wire for rolePermissionRelevance.

      • getMembershipsCount

        public int getMembershipsCount()
        Description copied from interface: Explanations.BindingExplanationOrBuilder
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 You want to troubleshoot access for `user:bob@example.com`. This user is a
 principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;
        Specified by:
        getMembershipsCount in interface Explanations.BindingExplanationOrBuilder

      • containsMemberships

        public boolean containsMemberships​(String key)
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 You want to troubleshoot access for `user:bob@example.com`. This user is a
 principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;
        Specified by:
        containsMemberships in interface Explanations.BindingExplanationOrBuilder

      • getMembershipsMap

        public Map<String,​Explanations.BindingExplanation.AnnotatedMembership> getMembershipsMap()
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 You want to troubleshoot access for `user:bob@example.com`. This user is a
 principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;
        Specified by:
        getMembershipsMap in interface Explanations.BindingExplanationOrBuilder

      • getMembershipsOrDefault

        public Explanations.BindingExplanation.AnnotatedMembership getMembershipsOrDefault​(String key,
                                                                                   Explanations.BindingExplanation.AnnotatedMembership defaultValue)
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 You want to troubleshoot access for `user:bob@example.com`. This user is a
 principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;
        Specified by:
        getMembershipsOrDefault in interface Explanations.BindingExplanationOrBuilder

      • getMembershipsOrThrow

        public Explanations.BindingExplanation.AnnotatedMembership getMembershipsOrThrow​(String key)
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 You want to troubleshoot access for `user:bob@example.com`. This user is a
 principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;
        Specified by:
        getMembershipsOrThrow in interface Explanations.BindingExplanationOrBuilder

      • getRelevanceValue

        public int getRelevanceValue()
         The relevance of this binding to the overall determination for the entire
 policy.
        .google.cloud.policytroubleshooter.v1.HeuristicRelevance relevance = 6;
        Specified by:
        getRelevanceValue in interface Explanations.BindingExplanationOrBuilder
        Returns:
        The enum numeric value on the wire for relevance.

      • hasCondition

        public boolean hasCondition()
         A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/help/conditions/overview.
        .google.type.Expr condition = 7;
        Specified by:
        hasCondition in interface Explanations.BindingExplanationOrBuilder
        Returns:
        Whether the condition field is set.

      • getCondition

        public com.google.type.Expr getCondition()
         A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/help/conditions/overview.
        .google.type.Expr condition = 7;
        Specified by:
        getCondition in interface Explanations.BindingExplanationOrBuilder
        Returns:
        The condition.

      • getConditionOrBuilder

        public com.google.type.ExprOrBuilder getConditionOrBuilder()
         A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/help/conditions/overview.
        .google.type.Expr condition = 7;
        Specified by:
        getConditionOrBuilder in interface Explanations.BindingExplanationOrBuilder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static Explanations.BindingExplanation parseFrom​(ByteBuffer data)
                                                 throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Explanations.BindingExplanation parseFrom​(ByteBuffer data,
                                                        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                 throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Explanations.BindingExplanation parseFrom​(com.google.protobuf.ByteString data)
                                                 throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Explanations.BindingExplanation parseFrom​(com.google.protobuf.ByteString data,
                                                        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                 throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Explanations.BindingExplanation parseFrom​(byte[] data)
                                                 throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Explanations.BindingExplanation parseFrom​(byte[] data,
                                                        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                 throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • newBuilderForType

        public Explanations.BindingExplanation.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public Explanations.BindingExplanation.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected Explanations.BindingExplanation.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getParserForType

        public com.google.protobuf.Parser<Explanations.BindingExplanation> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public Explanations.BindingExplanation getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder