Package com.google.cloud.policysimulator.v1

Interface BindingExplanationOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    BindingExplanation, BindingExplanation.Builder
    public interface BindingExplanationOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Detail

      • getAccessValue

        int getAccessValue()
         Required. Indicates whether _this binding_ provides the specified
 permission to the specified principal for the specified resource.

 This field does _not_ indicate whether the principal actually has the
 permission for the resource. There might be another binding that overrides
 this binding. To determine whether the principal actually has the
 permission, use the `access` field in the
 [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
        .google.cloud.policysimulator.v1.AccessState access = 1 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        The enum numeric value on the wire for access.

      • getAccess

        AccessState getAccess()
         Required. Indicates whether _this binding_ provides the specified
 permission to the specified principal for the specified resource.

 This field does _not_ indicate whether the principal actually has the
 permission for the resource. There might be another binding that overrides
 this binding. To determine whether the principal actually has the
 permission, use the `access` field in the
 [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
        .google.cloud.policysimulator.v1.AccessState access = 1 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        The access.

      • getRole

        String getRole()
         The role that this binding grants. For example,
 `roles/compute.serviceAgent`.

 For a complete list of predefined IAM roles, as well as the permissions in
 each role, see https://cloud.google.com/iam/help/roles/reference.
        string role = 2;
        Returns:
        The role.

      • getRoleBytes

        com.google.protobuf.ByteString getRoleBytes()
         The role that this binding grants. For example,
 `roles/compute.serviceAgent`.

 For a complete list of predefined IAM roles, as well as the permissions in
 each role, see https://cloud.google.com/iam/help/roles/reference.
        string role = 2;
        Returns:
        The bytes for role.

      • getRolePermissionValue

        int getRolePermissionValue()
         Indicates whether the role granted by this binding contains the specified
 permission.
        .google.cloud.policysimulator.v1.BindingExplanation.RolePermission role_permission = 3;
        Returns:
        The enum numeric value on the wire for rolePermission.

      • getRolePermission

        BindingExplanation.RolePermission getRolePermission()
         Indicates whether the role granted by this binding contains the specified
 permission.
        .google.cloud.policysimulator.v1.BindingExplanation.RolePermission role_permission = 3;
        Returns:
        The rolePermission.

      • getRolePermissionRelevanceValue

        int getRolePermissionRelevanceValue()
         The relevance of the permission's existence, or nonexistence, in the role
 to the overall determination for the entire policy.
        .google.cloud.policysimulator.v1.HeuristicRelevance role_permission_relevance = 4;
        Returns:
        The enum numeric value on the wire for rolePermissionRelevance.

      • getRolePermissionRelevance

        HeuristicRelevance getRolePermissionRelevance()
         The relevance of the permission's existence, or nonexistence, in the role
 to the overall determination for the entire policy.
        .google.cloud.policysimulator.v1.HeuristicRelevance role_permission_relevance = 4;
        Returns:
        The rolePermissionRelevance.

      • getMembershipsCount

        int getMembershipsCount()
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

      • containsMemberships

        boolean containsMemberships​(String key)
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

      • getMembershipsMap

        Map<String,​BindingExplanation.AnnotatedMembership> getMembershipsMap()
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

      • getMembershipsOrDefault

        BindingExplanation.AnnotatedMembership getMembershipsOrDefault​(String key,
                                                               BindingExplanation.AnnotatedMembership defaultValue)
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

      • getMembershipsOrThrow

        BindingExplanation.AnnotatedMembership getMembershipsOrThrow​(String key)
         Indicates whether each principal in the binding includes the principal
 specified in the request, either directly or indirectly. Each key
 identifies a principal in the binding, and each value indicates whether the
 principal in the binding includes the principal in the request.

 For example, suppose that a binding includes the following principals:

 * `user:alice@example.com`
 * `group:product-eng@example.com`

 The principal in the replayed access tuple is `user:bob@example.com`. This
 user is a principal of the group `group:product-eng@example.com`.

 For the first principal in the binding, the key is
 `user:alice@example.com`, and the `membership` field in the value is set to
 `MEMBERSHIP_NOT_INCLUDED`.

 For the second principal in the binding, the key is
 `group:product-eng@example.com`, and the `membership` field in the value is
 set to `MEMBERSHIP_INCLUDED`.
        map<string, .google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

      • getRelevanceValue

        int getRelevanceValue()
         The relevance of this binding to the overall determination for the entire
 policy.
        .google.cloud.policysimulator.v1.HeuristicRelevance relevance = 6;
        Returns:
        The enum numeric value on the wire for relevance.

      • getRelevance

        HeuristicRelevance getRelevance()
         The relevance of this binding to the overall determination for the entire
 policy.
        .google.cloud.policysimulator.v1.HeuristicRelevance relevance = 6;
        Returns:
        The relevance.

      • hasCondition

        boolean hasCondition()
         A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/docs/conditions-overview.
        .google.type.Expr condition = 7;
        Returns:
        Whether the condition field is set.

      • getCondition

        com.google.type.Expr getCondition()
         A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/docs/conditions-overview.
        .google.type.Expr condition = 7;
        Returns:
        The condition.

      • getConditionOrBuilder

        com.google.type.ExprOrBuilder getConditionOrBuilder()
         A condition expression that prevents this binding from granting access
 unless the expression evaluates to `true`.

 To learn about IAM Conditions, see
 https://cloud.google.com/iam/docs/conditions-overview.
        .google.type.Expr condition = 7;