Class: Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation

Inherits:

Object

• Object
• Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/policytroubleshooter_v3/classes.rb,
lib/google/apis/policytroubleshooter_v3/representations.rb,
lib/google/apis/policytroubleshooter_v3/representations.rb

Overview

Details about how a deny rule in a deny policy affects a principal's ability to use a permission.

Instance Attribute Summary

• #combined_denied_permission ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching

  Details about whether the permission in the request is denied by the deny rule.

• #combined_denied_principal ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching

  Details about whether the principal in the request is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

• #combined_exception_permission ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching

  Details about whether the permission in the request is denied by the deny rule.

• #combined_exception_principal ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching

  Details about whether the principal in the request is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

• #condition ⇒ Google::Apis::PolicytroubleshooterV3::GoogleTypeExpr

  Represents a textual expression in the Common Expression Language (CEL) syntax.

• #condition_explanation ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3ConditionExplanation

  Explanation for how a condition affects a principal's access Corresponds to the JSON property conditionExplanation.

• #denied_permissions ⇒ Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching>

  Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

• #denied_principals ⇒ Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching>

  Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

• #deny_access_state ⇒ String

  Required.

• #exception_permissions ⇒ Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching>

  Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

• #exception_principals ⇒ Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching>

  Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

• #relevance ⇒ String

  The relevance of this role binding to the overall determination for the entire policy.

Instance Method Summary

• #initialize(**args) ⇒ GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation constructor

  A new instance of GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation

Returns a new instance of GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation.

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 669

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#combined_denied_permission ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching

Details about whether the permission in the request is denied by the deny rule. Corresponds to the JSON property combinedDeniedPermission

Returns:

• (Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 574

def combined_denied_permission
  @combined_denied_permission
end

#combined_denied_principal ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching

Details about whether the principal in the request is listed as a denied principal in the deny rule, either directly or through membership in a principal set. Corresponds to the JSON property combinedDeniedPrincipal

Returns:

• (Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 581

def combined_denied_principal
  @combined_denied_principal
end

#combined_exception_permission ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching

Details about whether the permission in the request is denied by the deny rule. Corresponds to the JSON property combinedExceptionPermission

Returns:

• (Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 586

def combined_exception_permission
  @combined_exception_permission
end

#combined_exception_principal ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching

Details about whether the principal in the request is listed as a denied principal in the deny rule, either directly or through membership in a principal set. Corresponds to the JSON property combinedExceptionPrincipal

Returns:

• (Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 593

def combined_exception_principal
  @combined_exception_principal
end

#condition ⇒ Google::Apis::PolicytroubleshooterV3::GoogleTypeExpr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: " Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example ( Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. Corresponds to the JSON property condition

Returns:

• (Google::Apis::PolicytroubleshooterV3::GoogleTypeExpr)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 612

def condition
  @condition
end

#condition_explanation ⇒ Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3ConditionExplanation

Explanation for how a condition affects a principal's access Corresponds to the JSON property conditionExplanation

Returns:

• (Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3ConditionExplanation)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 617

def condition_explanation
  @condition_explanation
end

#denied_permissions ⇒ Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching>

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request. Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request. Corresponds to the JSON property deniedPermissions

Returns:

• (Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching>)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 625

def denied_permissions
  @denied_permissions
end

#denied_principals ⇒ Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching>

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set. Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request. Corresponds to the JSON property deniedPrincipals

Returns:

• (Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching>)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 634

def denied_principals
  @denied_principals
end

#deny_access_state ⇒ String

Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource. This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse. Corresponds to the JSON property denyAccessState

Returns:

• (String)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 644

def deny_access_state
  @deny_access_state
end

#exception_permissions ⇒ Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching>

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request. Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request. Corresponds to the JSON property exceptionPermissions

Returns:

• (Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching>)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 652

def exception_permissions
  @exception_permissions
end

#exception_principals ⇒ Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching>

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set. Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request. Corresponds to the JSON property exceptionPrincipals

Returns:

• (Hash<String,Google::Apis::PolicytroubleshooterV3::GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching>)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 661

def exception_principals
  @exception_principals
end

#relevance ⇒ String

The relevance of this role binding to the overall determination for the entire policy. Corresponds to the JSON property relevance

Returns:

• (String)

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 667

def relevance
  @relevance
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/policytroubleshooter_v3/classes.rb', line 674

def update!(**args)
  @combined_denied_permission = args[:combined_denied_permission] if args.key?(:combined_denied_permission)
  @combined_denied_principal = args[:combined_denied_principal] if args.key?(:combined_denied_principal)
  @combined_exception_permission = args[:combined_exception_permission] if args.key?(:combined_exception_permission)
  @combined_exception_principal = args[:combined_exception_principal] if args.key?(:combined_exception_principal)
  @condition = args[:condition] if args.key?(:condition)
  @condition_explanation = args[:condition_explanation] if args.key?(:condition_explanation)
  @denied_permissions = args[:denied_permissions] if args.key?(:denied_permissions)
  @denied_principals = args[:denied_principals] if args.key?(:denied_principals)
  @deny_access_state = args[:deny_access_state] if args.key?(:deny_access_state)
  @exception_permissions = args[:exception_permissions] if args.key?(:exception_permissions)
  @exception_principals = args[:exception_principals] if args.key?(:exception_principals)
  @relevance = args[:relevance] if args.key?(:relevance)
end