Package cloud.google.com/go/policysimulator/apiv1/policysimulatorpb (v0.3.6)

var (
	AccessState_name = map[int32]string{
		0: "ACCESS_STATE_UNSPECIFIED",
		1: "GRANTED",
		2: "NOT_GRANTED",
		3: "UNKNOWN_CONDITIONAL",
		4: "UNKNOWN_INFO_DENIED",
	}
	AccessState_value = map[string]int32{
		"ACCESS_STATE_UNSPECIFIED": 0,
		"GRANTED":                  1,
		"NOT_GRANTED":              2,
		"UNKNOWN_CONDITIONAL":      3,
		"UNKNOWN_INFO_DENIED":      4,
	}
)

var (
	HeuristicRelevance_name = map[int32]string{
		0: "HEURISTIC_RELEVANCE_UNSPECIFIED",
		1: "NORMAL",
		2: "HIGH",
	}
	HeuristicRelevance_value = map[string]int32{
		"HEURISTIC_RELEVANCE_UNSPECIFIED": 0,
		"NORMAL":                          1,
		"HIGH":                            2,
	}
)

var (
	BindingExplanation_RolePermission_name = map[int32]string{
		0: "ROLE_PERMISSION_UNSPECIFIED",
		1: "ROLE_PERMISSION_INCLUDED",
		2: "ROLE_PERMISSION_NOT_INCLUDED",
		3: "ROLE_PERMISSION_UNKNOWN_INFO_DENIED",
	}
	BindingExplanation_RolePermission_value = map[string]int32{
		"ROLE_PERMISSION_UNSPECIFIED":         0,
		"ROLE_PERMISSION_INCLUDED":            1,
		"ROLE_PERMISSION_NOT_INCLUDED":        2,
		"ROLE_PERMISSION_UNKNOWN_INFO_DENIED": 3,
	}
)

var (
	BindingExplanation_Membership_name = map[int32]string{
		0: "MEMBERSHIP_UNSPECIFIED",
		1: "MEMBERSHIP_INCLUDED",
		2: "MEMBERSHIP_NOT_INCLUDED",
		3: "MEMBERSHIP_UNKNOWN_INFO_DENIED",
		4: "MEMBERSHIP_UNKNOWN_UNSUPPORTED",
	}
	BindingExplanation_Membership_value = map[string]int32{
		"MEMBERSHIP_UNSPECIFIED":         0,
		"MEMBERSHIP_INCLUDED":            1,
		"MEMBERSHIP_NOT_INCLUDED":        2,
		"MEMBERSHIP_UNKNOWN_INFO_DENIED": 3,
		"MEMBERSHIP_UNKNOWN_UNSUPPORTED": 4,
	}
)

var (
	Replay_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "PENDING",
		2: "RUNNING",
		3: "SUCCEEDED",
		4: "FAILED",
	}
	Replay_State_value = map[string]int32{
		"STATE_UNSPECIFIED": 0,
		"PENDING":           1,
		"RUNNING":           2,
		"SUCCEEDED":         3,
		"FAILED":            4,
	}
)

var (
	ReplayConfig_LogSource_name = map[int32]string{
		0: "LOG_SOURCE_UNSPECIFIED",
		1: "RECENT_ACCESSES",
	}
	ReplayConfig_LogSource_value = map[string]int32{
		"LOG_SOURCE_UNSPECIFIED": 0,
		"RECENT_ACCESSES":        1,
	}
)

var (
	AccessStateDiff_AccessChangeType_name = map[int32]string{
		0: "ACCESS_CHANGE_TYPE_UNSPECIFIED",
		1: "NO_CHANGE",
		2: "UNKNOWN_CHANGE",
		3: "ACCESS_REVOKED",
		4: "ACCESS_GAINED",
		5: "ACCESS_MAYBE_REVOKED",
		6: "ACCESS_MAYBE_GAINED",
	}
	AccessStateDiff_AccessChangeType_value = map[string]int32{
		"ACCESS_CHANGE_TYPE_UNSPECIFIED": 0,
		"NO_CHANGE":                      1,
		"UNKNOWN_CHANGE":                 2,
		"ACCESS_REVOKED":                 3,
		"ACCESS_GAINED":                  4,
		"ACCESS_MAYBE_REVOKED":           5,
		"ACCESS_MAYBE_GAINED":            6,
	}
)

var File_google_cloud_policysimulator_v1_explanations_proto protoreflect.FileDescriptor

var File_google_cloud_policysimulator_v1_simulator_proto protoreflect.FileDescriptor

func RegisterSimulatorServer(s *grpc.Server, srv SimulatorServer)

type AccessState int32

const (
	// Default value. This value is unused.
	AccessState_ACCESS_STATE_UNSPECIFIED AccessState = 0
	// The principal has the permission.
	AccessState_GRANTED AccessState = 1
	// The principal does not have the permission.
	AccessState_NOT_GRANTED AccessState = 2
	// The principal has the permission only if a condition expression evaluates
	// to `true`.
	AccessState_UNKNOWN_CONDITIONAL AccessState = 3
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to all of the policies that Policy Simulator needs to evaluate.
	AccessState_UNKNOWN_INFO_DENIED AccessState = 4
)

func (AccessState) Descriptor() protoreflect.EnumDescriptor

func (x AccessState) Enum() *AccessState

func (AccessState) EnumDescriptor() ([]byte, []int)

func (x AccessState) Number() protoreflect.EnumNumber

func (x AccessState) String() string

func (AccessState) Type() protoreflect.EnumType

type AccessStateDiff struct {

	// The results of evaluating the access tuple under the current (baseline)
	// policies.
	//
	// If the [AccessState][google.cloud.policysimulator.v1.AccessState] couldn't
	// be fully evaluated, this field explains why.
	Baseline *ExplainedAccess `protobuf:"bytes,1,opt,name=baseline,proto3" json:"baseline,omitempty"`
	// The results of evaluating the access tuple under the proposed (simulated)
	// policies.
	//
	// If the AccessState couldn't be fully evaluated, this field explains why.
	Simulated *ExplainedAccess `protobuf:"bytes,2,opt,name=simulated,proto3" json:"simulated,omitempty"`
	// How the principal's access, specified in the AccessState field, changed
	// between the current (baseline) policies and proposed (simulated) policies.
	AccessChange AccessStateDiff_AccessChangeType `protobuf:"varint,3,opt,name=access_change,json=accessChange,proto3,enum=google.cloud.policysimulator.v1.AccessStateDiff_AccessChangeType" json:"access_change,omitempty"`
	// contains filtered or unexported fields
}

func (*AccessStateDiff) Descriptor() ([]byte, []int)

func (x *AccessStateDiff) GetAccessChange() AccessStateDiff_AccessChangeType

func (x *AccessStateDiff) GetBaseline() *ExplainedAccess

func (x *AccessStateDiff) GetSimulated() *ExplainedAccess

func (*AccessStateDiff) ProtoMessage()

func (x *AccessStateDiff) ProtoReflect() protoreflect.Message

func (x *AccessStateDiff) Reset()

func (x *AccessStateDiff) String() string

type AccessStateDiff_AccessChangeType int32

const (
	// Default value. This value is unused.
	AccessStateDiff_ACCESS_CHANGE_TYPE_UNSPECIFIED AccessStateDiff_AccessChangeType = 0
	// The principal's access did not change.
	// This includes the case where both baseline and simulated are UNKNOWN,
	// but the unknown information is equivalent.
	AccessStateDiff_NO_CHANGE AccessStateDiff_AccessChangeType = 1
	// The principal's access under both the current policies and the proposed
	// policies is `UNKNOWN`, but the unknown information differs between them.
	AccessStateDiff_UNKNOWN_CHANGE AccessStateDiff_AccessChangeType = 2
	// The principal had access under the current policies (`GRANTED`), but will
	// no longer have access after the proposed changes (`NOT_GRANTED`).
	AccessStateDiff_ACCESS_REVOKED AccessStateDiff_AccessChangeType = 3
	// The principal did not have access under the current policies
	// (`NOT_GRANTED`), but will have access after the proposed changes
	// (`GRANTED`).
	AccessStateDiff_ACCESS_GAINED AccessStateDiff_AccessChangeType = 4
	// This result can occur for the following reasons:
	//
	//   - The principal had access under the current policies (`GRANTED`), but
	//     their access after the proposed changes is `UNKNOWN`.
	//
	// * The principal's access under the current policies is `UNKNOWN`, but
	// they
	//
	//	will not have access after the proposed changes (`NOT_GRANTED`).
	AccessStateDiff_ACCESS_MAYBE_REVOKED AccessStateDiff_AccessChangeType = 5
	// This result can occur for the following reasons:
	//
	//   - The principal did not have access under the current policies
	//     (`NOT_GRANTED`), but their access after the proposed changes is
	//     `UNKNOWN`.
	//
	// * The principal's access under the current policies is `UNKNOWN`, but
	// they will have access after the proposed changes (`GRANTED`).
	AccessStateDiff_ACCESS_MAYBE_GAINED AccessStateDiff_AccessChangeType = 6
)

func (AccessStateDiff_AccessChangeType) Descriptor() protoreflect.EnumDescriptor

func (x AccessStateDiff_AccessChangeType) Enum() *AccessStateDiff_AccessChangeType

func (AccessStateDiff_AccessChangeType) EnumDescriptor() ([]byte, []int)

func (x AccessStateDiff_AccessChangeType) Number() protoreflect.EnumNumber

func (x AccessStateDiff_AccessChangeType) String() string

func (AccessStateDiff_AccessChangeType) Type() protoreflect.EnumType

type AccessTuple struct {

	// Required. The principal whose access you want to check, in the form of
	// the email address that represents that principal. For example,
	// `alice@example.com` or
	// `my-service-account@my-project.iam.gserviceaccount.com`.
	//
	// The principal must be a Google Account or a service account. Other types of
	// principals are not supported.
	Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"`
	// Required. The full resource name that identifies the resource. For example,
	// `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
	//
	// For examples of full resource names for Google Cloud services, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// Required. The IAM permission to check for the specified principal and
	// resource.
	//
	// For a complete list of IAM permissions, see
	// https://cloud.google.com/iam/help/permissions/reference.
	//
	// For a complete list of predefined IAM roles and the permissions in each
	// role, see https://cloud.google.com/iam/help/roles/reference.
	Permission string `protobuf:"bytes,3,opt,name=permission,proto3" json:"permission,omitempty"`
	// contains filtered or unexported fields
}

func (*AccessTuple) Descriptor() ([]byte, []int)

func (x *AccessTuple) GetFullResourceName() string

func (x *AccessTuple) GetPermission() string

func (x *AccessTuple) GetPrincipal() string

func (*AccessTuple) ProtoMessage()

func (x *AccessTuple) ProtoReflect() protoreflect.Message

func (x *AccessTuple) Reset()

func (x *AccessTuple) String() string

type BindingExplanation struct {

	// Required. Indicates whether _this binding_ provides the specified
	// permission to the specified principal for the specified resource.
	//
	// This field does _not_ indicate whether the principal actually has the
	// permission for the resource. There might be another binding that overrides
	// this binding. To determine whether the principal actually has the
	// permission, use the `access` field in the
	// [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
	Access AccessState `protobuf:"varint,1,opt,name=access,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access,omitempty"`
	// The role that this binding grants. For example,
	// `roles/compute.serviceAgent`.
	//
	// For a complete list of predefined IAM roles, as well as the permissions in
	// each role, see https://cloud.google.com/iam/help/roles/reference.
	Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	// Indicates whether the role granted by this binding contains the specified
	// permission.
	RolePermission BindingExplanation_RolePermission `protobuf:"varint,3,opt,name=role_permission,json=rolePermission,proto3,enum=google.cloud.policysimulator.v1.BindingExplanation_RolePermission" json:"role_permission,omitempty"`
	// The relevance of the permission's existence, or nonexistence, in the role
	// to the overall determination for the entire policy.
	RolePermissionRelevance HeuristicRelevance `protobuf:"varint,4,opt,name=role_permission_relevance,json=rolePermissionRelevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"role_permission_relevance,omitempty"`
	// Indicates whether each principal in the binding includes the principal
	// specified in the request, either directly or indirectly. Each key
	// identifies a principal in the binding, and each value indicates whether the
	// principal in the binding includes the principal in the request.
	//
	// For example, suppose that a binding includes the following principals:
	//
	// * `user:alice@example.com`
	// * `group:product-eng@example.com`
	//
	// The principal in the replayed access tuple is `user:bob@example.com`. This
	// user is a principal of the group `group:product-eng@example.com`.
	//
	// For the first principal in the binding, the key is
	// `user:alice@example.com`, and the `membership` field in the value is set to
	// `MEMBERSHIP_NOT_INCLUDED`.
	//
	// For the second principal in the binding, the key is
	// `group:product-eng@example.com`, and the `membership` field in the value is
	// set to `MEMBERSHIP_INCLUDED`.
	Memberships map[string]*BindingExplanation_AnnotatedMembership `protobuf:"bytes,5,rep,name=memberships,proto3" json:"memberships,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
	// The relevance of this binding to the overall determination for the entire
	// policy.
	Relevance HeuristicRelevance `protobuf:"varint,6,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
	// A condition expression that prevents this binding from granting access
	// unless the expression evaluates to `true`.
	//
	// To learn about IAM Conditions, see
	// https://cloud.google.com/iam/docs/conditions-overview.
	Condition *expr.Expr `protobuf:"bytes,7,opt,name=condition,proto3" json:"condition,omitempty"`
	// contains filtered or unexported fields
}

func (*BindingExplanation) Descriptor() ([]byte, []int)

func (x *BindingExplanation) GetAccess() AccessState

func (x *BindingExplanation) GetCondition() *expr.Expr

func (x *BindingExplanation) GetMemberships() map[string]*BindingExplanation_AnnotatedMembership

func (x *BindingExplanation) GetRelevance() HeuristicRelevance

func (x *BindingExplanation) GetRole() string

func (x *BindingExplanation) GetRolePermission() BindingExplanation_RolePermission

func (x *BindingExplanation) GetRolePermissionRelevance() HeuristicRelevance

func (*BindingExplanation) ProtoMessage()

func (x *BindingExplanation) ProtoReflect() protoreflect.Message

func (x *BindingExplanation) Reset()

func (x *BindingExplanation) String() string

type BindingExplanation_AnnotatedMembership struct {

	// Indicates whether the binding includes the principal.
	Membership BindingExplanation_Membership `protobuf:"varint,1,opt,name=membership,proto3,enum=google.cloud.policysimulator.v1.BindingExplanation_Membership" json:"membership,omitempty"`
	// The relevance of the principal's status to the overall determination for
	// the binding.
	Relevance HeuristicRelevance `protobuf:"varint,2,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
	// contains filtered or unexported fields
}

func (*BindingExplanation_AnnotatedMembership) Descriptor() ([]byte, []int)

func (x *BindingExplanation_AnnotatedMembership) GetMembership() BindingExplanation_Membership

func (x *BindingExplanation_AnnotatedMembership) GetRelevance() HeuristicRelevance

func (*BindingExplanation_AnnotatedMembership) ProtoMessage()

func (x *BindingExplanation_AnnotatedMembership) ProtoReflect() protoreflect.Message

func (x *BindingExplanation_AnnotatedMembership) Reset()

func (x *BindingExplanation_AnnotatedMembership) String() string

type BindingExplanation_Membership int32

const (
	// Default value. This value is unused.
	BindingExplanation_MEMBERSHIP_UNSPECIFIED BindingExplanation_Membership = 0
	// The binding includes the principal. The principal can be included
	// directly or indirectly. For example:
	//
	//   - A principal is included directly if that principal is listed in the
	//     binding.
	//   - A principal is included indirectly if that principal is in a Google
	//     group or Google Workspace domain that is listed in the binding.
	BindingExplanation_MEMBERSHIP_INCLUDED BindingExplanation_Membership = 1
	// The binding does not include the principal.
	BindingExplanation_MEMBERSHIP_NOT_INCLUDED BindingExplanation_Membership = 2
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] is not
	// allowed to access the binding.
	BindingExplanation_MEMBERSHIP_UNKNOWN_INFO_DENIED BindingExplanation_Membership = 3
	// The principal is an unsupported type. Only Google Accounts and service
	// accounts are supported.
	BindingExplanation_MEMBERSHIP_UNKNOWN_UNSUPPORTED BindingExplanation_Membership = 4
)

func (BindingExplanation_Membership) Descriptor() protoreflect.EnumDescriptor

func (x BindingExplanation_Membership) Enum() *BindingExplanation_Membership

func (BindingExplanation_Membership) EnumDescriptor() ([]byte, []int)

func (x BindingExplanation_Membership) Number() protoreflect.EnumNumber

func (x BindingExplanation_Membership) String() string

func (BindingExplanation_Membership) Type() protoreflect.EnumType

type BindingExplanation_RolePermission int32

const (
	// Default value. This value is unused.
	BindingExplanation_ROLE_PERMISSION_UNSPECIFIED BindingExplanation_RolePermission = 0
	// The permission is included in the role.
	BindingExplanation_ROLE_PERMISSION_INCLUDED BindingExplanation_RolePermission = 1
	// The permission is not included in the role.
	BindingExplanation_ROLE_PERMISSION_NOT_INCLUDED BindingExplanation_RolePermission = 2
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] is not
	// allowed to access the binding.
	BindingExplanation_ROLE_PERMISSION_UNKNOWN_INFO_DENIED BindingExplanation_RolePermission = 3
)

func (BindingExplanation_RolePermission) Descriptor() protoreflect.EnumDescriptor

func (x BindingExplanation_RolePermission) Enum() *BindingExplanation_RolePermission

func (BindingExplanation_RolePermission) EnumDescriptor() ([]byte, []int)

func (x BindingExplanation_RolePermission) Number() protoreflect.EnumNumber

func (x BindingExplanation_RolePermission) String() string

func (BindingExplanation_RolePermission) Type() protoreflect.EnumType

type CreateReplayRequest struct {

	// Required. The parent resource where this
	// [Replay][google.cloud.policysimulator.v1.Replay] will be created. This
	// resource must be a project, folder, or organization with a location.
	//
	// Example: `projects/my-example-project/locations/global`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The [Replay][google.cloud.policysimulator.v1.Replay] to create.
	// Set `Replay.ReplayConfig` to configure the replay.
	Replay *Replay `protobuf:"bytes,2,opt,name=replay,proto3" json:"replay,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateReplayRequest) Descriptor() ([]byte, []int)

func (x *CreateReplayRequest) GetParent() string

func (x *CreateReplayRequest) GetReplay() *Replay

func (*CreateReplayRequest) ProtoMessage()

func (x *CreateReplayRequest) ProtoReflect() protoreflect.Message

func (x *CreateReplayRequest) Reset()

func (x *CreateReplayRequest) String() string

type ExplainedAccess struct {

	// Whether the principal in the access tuple has permission to access the
	// resource in the access tuple under the given policies.
	AccessState AccessState `protobuf:"varint,1,opt,name=access_state,json=accessState,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access_state,omitempty"`
	// If the [AccessState][google.cloud.policysimulator.v1.AccessState] is
	// `UNKNOWN`, this field contains the policies that led to that result.
	//
	// If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
	// omitted.
	Policies []*ExplainedPolicy `protobuf:"bytes,2,rep,name=policies,proto3" json:"policies,omitempty"`
	// If the [AccessState][google.cloud.policysimulator.v1.AccessState] is
	// `UNKNOWN`, this field contains a list of errors explaining why the result
	// is `UNKNOWN`.
	//
	// If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
	// omitted.
	Errors []*status.Status `protobuf:"bytes,3,rep,name=errors,proto3" json:"errors,omitempty"`
	// contains filtered or unexported fields
}

func (*ExplainedAccess) Descriptor() ([]byte, []int)

func (x *ExplainedAccess) GetAccessState() AccessState

func (x *ExplainedAccess) GetErrors() []*status.Status

func (x *ExplainedAccess) GetPolicies() []*ExplainedPolicy

func (*ExplainedAccess) ProtoMessage()

func (x *ExplainedAccess) ProtoReflect() protoreflect.Message

func (x *ExplainedAccess) Reset()

func (x *ExplainedAccess) String() string

type ExplainedPolicy struct {

	// Indicates whether _this policy_ provides the specified permission to the
	// specified principal for the specified resource.
	//
	// This field does _not_ indicate whether the principal actually has the
	// permission for the resource. There might be another policy that overrides
	// this policy. To determine whether the principal actually has the
	// permission, use the `access` field in the
	// [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
	Access AccessState `protobuf:"varint,1,opt,name=access,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access,omitempty"`
	// The full resource name that identifies the resource. For example,
	// `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
	//
	// If the user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to the policy, this field is omitted.
	//
	// For examples of full resource names for Google Cloud services, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// The IAM policy attached to the resource.
	//
	// If the user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to the policy, this field is empty.
	Policy *iampb.Policy `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"`
	// Details about how each binding in the policy affects the principal's
	// ability, or inability, to use the permission for the resource.
	//
	// If the user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to the policy, this field is omitted.
	BindingExplanations []*BindingExplanation `protobuf:"bytes,4,rep,name=binding_explanations,json=bindingExplanations,proto3" json:"binding_explanations,omitempty"`
	// The relevance of this policy to the overall determination in the
	// [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
	//
	// If the user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to the policy, this field is omitted.
	Relevance HeuristicRelevance `protobuf:"varint,5,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
	// contains filtered or unexported fields
}

func (*ExplainedPolicy) Descriptor() ([]byte, []int)

func (x *ExplainedPolicy) GetAccess() AccessState

func (x *ExplainedPolicy) GetBindingExplanations() []*BindingExplanation

func (x *ExplainedPolicy) GetFullResourceName() string

func (x *ExplainedPolicy) GetPolicy() *iampb.Policy

func (x *ExplainedPolicy) GetRelevance() HeuristicRelevance

func (*ExplainedPolicy) ProtoMessage()

func (x *ExplainedPolicy) ProtoReflect() protoreflect.Message

func (x *ExplainedPolicy) Reset()

func (x *ExplainedPolicy) String() string

type GetReplayRequest struct {

	// Required. The name of the [Replay][google.cloud.policysimulator.v1.Replay]
	// to retrieve, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the `Replay`.
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*GetReplayRequest) Descriptor() ([]byte, []int)

func (x *GetReplayRequest) GetName() string

func (*GetReplayRequest) ProtoMessage()

func (x *GetReplayRequest) ProtoReflect() protoreflect.Message

func (x *GetReplayRequest) Reset()

func (x *GetReplayRequest) String() string

type HeuristicRelevance int32

const (
	// Default value. This value is unused.
	HeuristicRelevance_HEURISTIC_RELEVANCE_UNSPECIFIED HeuristicRelevance = 0
	// The data point has a limited effect on the result. Changing the data point
	// is unlikely to affect the overall determination.
	HeuristicRelevance_NORMAL HeuristicRelevance = 1
	// The data point has a strong effect on the result. Changing the data point
	// is likely to affect the overall determination.
	HeuristicRelevance_HIGH HeuristicRelevance = 2
)

func (HeuristicRelevance) Descriptor() protoreflect.EnumDescriptor

func (x HeuristicRelevance) Enum() *HeuristicRelevance

func (HeuristicRelevance) EnumDescriptor() ([]byte, []int)

func (x HeuristicRelevance) Number() protoreflect.EnumNumber

func (x HeuristicRelevance) String() string

func (HeuristicRelevance) Type() protoreflect.EnumType

type ListReplayResultsRequest struct {

	// Required. The [Replay][google.cloud.policysimulator.v1.Replay] whose
	// results are listed, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`
	//
	// Example:
	// `projects/my-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// The maximum number of
	// [ReplayResult][google.cloud.policysimulator.v1.ReplayResult] objects to
	// return. Defaults to 5000.
	//
	// The maximum value is 5000; values above 5000 are rounded down to 5000.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// A page token, received from a previous
	// [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults]
	// call. Provide this token to retrieve the next page of results.
	//
	// When paginating, all other parameters provided to
	// [Simulator.ListReplayResults[] must match the call that provided the page
	// token.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

func (*ListReplayResultsRequest) Descriptor() ([]byte, []int)

func (x *ListReplayResultsRequest) GetPageSize() int32

func (x *ListReplayResultsRequest) GetPageToken() string

func (x *ListReplayResultsRequest) GetParent() string

func (*ListReplayResultsRequest) ProtoMessage()

func (x *ListReplayResultsRequest) ProtoReflect() protoreflect.Message

func (x *ListReplayResultsRequest) Reset()

func (x *ListReplayResultsRequest) String() string

type ListReplayResultsResponse struct {

	// The results of running a [Replay][google.cloud.policysimulator.v1.Replay].
	ReplayResults []*ReplayResult `protobuf:"bytes,1,rep,name=replay_results,json=replayResults,proto3" json:"replay_results,omitempty"`
	// A token that you can use to retrieve the next page of
	// [ReplayResult][google.cloud.policysimulator.v1.ReplayResult] objects. If
	// this field is omitted, there are no subsequent pages.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

func (*ListReplayResultsResponse) Descriptor() ([]byte, []int)

func (x *ListReplayResultsResponse) GetNextPageToken() string

func (x *ListReplayResultsResponse) GetReplayResults() []*ReplayResult

func (*ListReplayResultsResponse) ProtoMessage()

func (x *ListReplayResultsResponse) ProtoReflect() protoreflect.Message

func (x *ListReplayResultsResponse) Reset()

func (x *ListReplayResultsResponse) String() string

type Replay struct {

	// Output only. The resource name of the `Replay`, which has the following
	// format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the Replay.
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The current state of the `Replay`.
	State Replay_State `protobuf:"varint,2,opt,name=state,proto3,enum=google.cloud.policysimulator.v1.Replay_State" json:"state,omitempty"`
	// Required. The configuration used for the `Replay`.
	Config *ReplayConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
	// Output only. Summary statistics about the replayed log entries.
	ResultsSummary *Replay_ResultsSummary `protobuf:"bytes,5,opt,name=results_summary,json=resultsSummary,proto3" json:"results_summary,omitempty"`
	// contains filtered or unexported fields
}

func (*Replay) Descriptor() ([]byte, []int)

func (x *Replay) GetConfig() *ReplayConfig

func (x *Replay) GetName() string

func (x *Replay) GetResultsSummary() *Replay_ResultsSummary

func (x *Replay) GetState() Replay_State

func (*Replay) ProtoMessage()

func (x *Replay) ProtoReflect() protoreflect.Message

func (x *Replay) Reset()

func (x *Replay) String() string

type ReplayConfig struct {

	// A mapping of the resources that you want to simulate policies for and the
	// policies that you want to simulate.
	//
	// Keys are the full resource names for the resources. For example,
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	// For examples of full resource names for Google Cloud services, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
	//
	// Values are [Policy][google.iam.v1.Policy] objects representing the policies
	// that you want to simulate.
	//
	// Replays automatically take into account any IAM policies inherited through
	// the resource hierarchy, and any policies set on descendant resources. You
	// do not need to include these policies in the policy overlay.
	PolicyOverlay map[string]*iampb.Policy `protobuf:"bytes,1,rep,name=policy_overlay,json=policyOverlay,proto3" json:"policy_overlay,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
	// The logs to use as input for the
	// [Replay][google.cloud.policysimulator.v1.Replay].
	LogSource ReplayConfig_LogSource `protobuf:"varint,2,opt,name=log_source,json=logSource,proto3,enum=google.cloud.policysimulator.v1.ReplayConfig_LogSource" json:"log_source,omitempty"`
	// contains filtered or unexported fields
}

func (*ReplayConfig) Descriptor() ([]byte, []int)

func (x *ReplayConfig) GetLogSource() ReplayConfig_LogSource

func (x *ReplayConfig) GetPolicyOverlay() map[string]*iampb.Policy

func (*ReplayConfig) ProtoMessage()

func (x *ReplayConfig) ProtoReflect() protoreflect.Message

func (x *ReplayConfig) Reset()

func (x *ReplayConfig) String() string

type ReplayConfig_LogSource int32

const (
	// An unspecified log source.
	// If the log source is unspecified, the
	// [Replay][google.cloud.policysimulator.v1.Replay] defaults to using
	// `RECENT_ACCESSES`.
	ReplayConfig_LOG_SOURCE_UNSPECIFIED ReplayConfig_LogSource = 0
	// All access logs from the last 90 days. These logs may not include logs
	// from the most recent 7 days.
	ReplayConfig_RECENT_ACCESSES ReplayConfig_LogSource = 1
)

func (ReplayConfig_LogSource) Descriptor() protoreflect.EnumDescriptor

func (x ReplayConfig_LogSource) Enum() *ReplayConfig_LogSource

func (ReplayConfig_LogSource) EnumDescriptor() ([]byte, []int)

func (x ReplayConfig_LogSource) Number() protoreflect.EnumNumber

func (x ReplayConfig_LogSource) String() string

func (ReplayConfig_LogSource) Type() protoreflect.EnumType

type ReplayDiff struct {

	// A summary and comparison of the principal's access under the current
	// (baseline) policies and the proposed (simulated) policies for a single
	// access tuple.
	//
	// The evaluation of the principal's access is reported in the
	// [AccessState][google.cloud.policysimulator.v1.AccessState] field.
	AccessDiff *AccessStateDiff `protobuf:"bytes,2,opt,name=access_diff,json=accessDiff,proto3" json:"access_diff,omitempty"`
	// contains filtered or unexported fields
}

func (*ReplayDiff) Descriptor() ([]byte, []int)

func (x *ReplayDiff) GetAccessDiff() *AccessStateDiff

func (*ReplayDiff) ProtoMessage()

func (x *ReplayDiff) ProtoReflect() protoreflect.Message

func (x *ReplayDiff) Reset()

func (x *ReplayDiff) String() string

type ReplayOperationMetadata struct {

	// Time when the request was received.
	StartTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"`
	// contains filtered or unexported fields
}

func (*ReplayOperationMetadata) Descriptor() ([]byte, []int)

func (x *ReplayOperationMetadata) GetStartTime() *timestamppb.Timestamp

func (*ReplayOperationMetadata) ProtoMessage()

func (x *ReplayOperationMetadata) ProtoReflect() protoreflect.Message

func (x *ReplayOperationMetadata) Reset()

func (x *ReplayOperationMetadata) String() string

type ReplayResult struct {

	// The result of replaying the access tuple.
	//
	// Types that are assignable to Result:
	//
	//	*ReplayResult_Diff
	//	*ReplayResult_Error
	Result isReplayResult_Result `protobuf_oneof:"result"`
	// The resource name of the `ReplayResult`, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}/results/{replay-result-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the [Replay][google.cloud.policysimulator.v1.Replay].
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36/results/1234`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The [Replay][google.cloud.policysimulator.v1.Replay] that the access tuple
	// was included in.
	Parent string `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
	// The access tuple that was replayed. This field includes information about
	// the principal, resource, and permission that were involved in the access
	// attempt.
	AccessTuple *AccessTuple `protobuf:"bytes,3,opt,name=access_tuple,json=accessTuple,proto3" json:"access_tuple,omitempty"`
	// The latest date this access tuple was seen in the logs.
	LastSeenDate *date.Date `protobuf:"bytes,4,opt,name=last_seen_date,json=lastSeenDate,proto3" json:"last_seen_date,omitempty"`
	// contains filtered or unexported fields
}

func (*ReplayResult) Descriptor() ([]byte, []int)

func (x *ReplayResult) GetAccessTuple() *AccessTuple

func (x *ReplayResult) GetDiff() *ReplayDiff

func (x *ReplayResult) GetError() *status.Status

func (x *ReplayResult) GetLastSeenDate() *date.Date

func (x *ReplayResult) GetName() string

func (x *ReplayResult) GetParent() string

func (m *ReplayResult) GetResult() isReplayResult_Result

func (*ReplayResult) ProtoMessage()

func (x *ReplayResult) ProtoReflect() protoreflect.Message

func (x *ReplayResult) Reset()

func (x *ReplayResult) String() string

type ReplayResult_Diff struct {
	// The difference between the principal's access under the current
	// (baseline) policies and the principal's access under the proposed
	// (simulated) policies.
	//
	// This field is only included for access tuples that were successfully
	// replayed and had different results under the current policies and the
	// proposed policies.
	Diff *ReplayDiff `protobuf:"bytes,5,opt,name=diff,proto3,oneof"`
}

type ReplayResult_Error struct {
	// The error that caused the access tuple replay to fail.
	//
	// This field is only included for access tuples that were not replayed
	// successfully.
	Error *status.Status `protobuf:"bytes,6,opt,name=error,proto3,oneof"`
}

type Replay_ResultsSummary struct {

	// The total number of log entries replayed.
	LogCount int32 `protobuf:"varint,1,opt,name=log_count,json=logCount,proto3" json:"log_count,omitempty"`
	// The number of replayed log entries with no difference between
	// baseline and simulated policies.
	UnchangedCount int32 `protobuf:"varint,2,opt,name=unchanged_count,json=unchangedCount,proto3" json:"unchanged_count,omitempty"`
	// The number of replayed log entries with a difference between baseline and
	// simulated policies.
	DifferenceCount int32 `protobuf:"varint,3,opt,name=difference_count,json=differenceCount,proto3" json:"difference_count,omitempty"`
	// The number of log entries that could not be replayed.
	ErrorCount int32 `protobuf:"varint,4,opt,name=error_count,json=errorCount,proto3" json:"error_count,omitempty"`
	// The date of the oldest log entry replayed.
	OldestDate *date.Date `protobuf:"bytes,5,opt,name=oldest_date,json=oldestDate,proto3" json:"oldest_date,omitempty"`
	// The date of the newest log entry replayed.
	NewestDate *date.Date `protobuf:"bytes,6,opt,name=newest_date,json=newestDate,proto3" json:"newest_date,omitempty"`
	// contains filtered or unexported fields
}

func (*Replay_ResultsSummary) Descriptor() ([]byte, []int)

func (x *Replay_ResultsSummary) GetDifferenceCount() int32

func (x *Replay_ResultsSummary) GetErrorCount() int32

func (x *Replay_ResultsSummary) GetLogCount() int32

func (x *Replay_ResultsSummary) GetNewestDate() *date.Date

func (x *Replay_ResultsSummary) GetOldestDate() *date.Date

func (x *Replay_ResultsSummary) GetUnchangedCount() int32

func (*Replay_ResultsSummary) ProtoMessage()

func (x *Replay_ResultsSummary) ProtoReflect() protoreflect.Message

func (x *Replay_ResultsSummary) Reset()

func (x *Replay_ResultsSummary) String() string

type Replay_State int32

const (
	// Default value. This value is unused.
	Replay_STATE_UNSPECIFIED Replay_State = 0
	// The `Replay` has not started yet.
	Replay_PENDING Replay_State = 1
	// The `Replay` is currently running.
	Replay_RUNNING Replay_State = 2
	// The `Replay` has successfully completed.
	Replay_SUCCEEDED Replay_State = 3
	// The `Replay` has finished with an error.
	Replay_FAILED Replay_State = 4
)

func (Replay_State) Descriptor() protoreflect.EnumDescriptor

func (x Replay_State) Enum() *Replay_State

func (Replay_State) EnumDescriptor() ([]byte, []int)

func (x Replay_State) Number() protoreflect.EnumNumber

func (x Replay_State) String() string

func (Replay_State) Type() protoreflect.EnumType

type SimulatorClient interface {
	// Gets the specified [Replay][google.cloud.policysimulator.v1.Replay]. Each
	// `Replay` is available for at least 7 days.
	GetReplay(ctx context.Context, in *GetReplayRequest, opts ...grpc.CallOption) (*Replay, error)
	// Creates and starts a [Replay][google.cloud.policysimulator.v1.Replay] using
	// the given [ReplayConfig][google.cloud.policysimulator.v1.ReplayConfig].
	CreateReplay(ctx context.Context, in *CreateReplayRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Lists the results of running a
	// [Replay][google.cloud.policysimulator.v1.Replay].
	ListReplayResults(ctx context.Context, in *ListReplayResultsRequest, opts ...grpc.CallOption) (*ListReplayResultsResponse, error)
}

func NewSimulatorClient(cc grpc.ClientConnInterface) SimulatorClient

type SimulatorServer interface {
	// Gets the specified [Replay][google.cloud.policysimulator.v1.Replay]. Each
	// `Replay` is available for at least 7 days.
	GetReplay(context.Context, *GetReplayRequest) (*Replay, error)
	// Creates and starts a [Replay][google.cloud.policysimulator.v1.Replay] using
	// the given [ReplayConfig][google.cloud.policysimulator.v1.ReplayConfig].
	CreateReplay(context.Context, *CreateReplayRequest) (*longrunningpb.Operation, error)
	// Lists the results of running a
	// [Replay][google.cloud.policysimulator.v1.Replay].
	ListReplayResults(context.Context, *ListReplayResultsRequest) (*ListReplayResultsResponse, error)
}

type UnimplementedSimulatorServer struct {
}

func (*UnimplementedSimulatorServer) CreateReplay(context.Context, *CreateReplayRequest) (*longrunningpb.Operation, error)

func (*UnimplementedSimulatorServer) GetReplay(context.Context, *GetReplayRequest) (*Replay, error)

func (*UnimplementedSimulatorServer) ListReplayResults(context.Context, *ListReplayResultsRequest) (*ListReplayResultsResponse, error)