Class: Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/policytroubleshooter_v3/classes.rb,
lib/google/apis/policytroubleshooter_v3/representations.rb,
lib/google/apis/policytroubleshooter_v3/representations.rb

Overview

Details about how a role binding in an allow policy affects a principal's ability to use a permission.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation

Returns a new instance of GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation.



166
167
168
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 166

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allow_access_stateString

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource. This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse. Corresponds to the JSON property allowAccessState

Returns:

  • (String) 


95
96
97
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 95

def allow_access_state
  @allow_access_state
end

#combined_membershipGoogle::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership

Details about whether the role binding includes the principal. Corresponds to the JSON property combinedMembership

Returns:



100
101
102
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 100

def combined_membership
  @combined_membership
end

#conditionGoogle::Apis::PolicytroubleshooterV3::GoogleTypeExpr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: " Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example ( Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. Corresponds to the JSON property condition

Returns:



119
120
121
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 119

def condition
  @condition
end

#condition_explanationGoogle::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3ConditionExplanation

Explanation for how a condition affects a principal's access Corresponds to the JSON property conditionExplanation

Returns:



124
125
126
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 124

def condition_explanation
  @condition_explanation
end

#membershipsHash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership>

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request. For example, suppose that a role binding includes the following principals: * user:alice@example.com * group:product-eng@example.com You want to troubleshoot access for user:bob@ example.com. This user is a member of the group group:product-eng@example. com. For the first principal in the role binding, the key is user:alice@ example.com, and the membership field in the value is set to NOT_INCLUDED. For the second principal in the role binding, the key is group:product-eng@ example.com, and the membership field in the value is set to INCLUDED. Corresponds to the JSON property memberships

Returns:



139
140
141
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 139

def memberships
  @memberships
end

#relevanceString

The relevance of this role binding to the overall determination for the entire policy. Corresponds to the JSON property relevance

Returns:

  • (String) 


145
146
147
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 145

def relevance
  @relevance
end

#roleString

The role that this role binding grants. For example, roles/compute.admin. For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference. Corresponds to the JSON property role

Returns:

  • (String) 


152
153
154
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 152

def role
  @role
end

#role_permissionString

Indicates whether the role granted by this role binding contains the specified permission. Corresponds to the JSON property rolePermission

Returns:

  • (String) 


158
159
160
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 158

def role_permission
  @role_permission
end

#role_permission_relevanceString

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy. Corresponds to the JSON property rolePermissionRelevance

Returns:

  • (String) 


164
165
166
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 164

def role_permission_relevance
  @role_permission_relevance
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



171
172
173
174
175
176
177
178
179
180
181
 
# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 171

def update!(**args)
  @allow_access_state = args[:allow_access_state] if args.key?(:allow_access_state)
  @combined_membership = args[:combined_membership] if args.key?(:combined_membership)
  @condition = args[:condition] if args.key?(:condition)
  @condition_explanation = args[:condition_explanation] if args.key?(:condition_explanation)
  @memberships = args[:memberships] if args.key?(:memberships)
  @relevance = args[:relevance] if args.key?(:relevance)
  @role = args[:role] if args.key?(:role)
  @role_permission = args[:role_permission] if args.key?(:role_permission)
  @role_permission_relevance = args[:role_permission_relevance] if args.key?(:role_permission_relevance)
end