Constants
OrgPolicyViolationsPreviewService_ListOrgPolicyViolationsPreviews_FullMethodName, OrgPolicyViolationsPreviewService_GetOrgPolicyViolationsPreview_FullMethodName, OrgPolicyViolationsPreviewService_CreateOrgPolicyViolationsPreview_FullMethodName, OrgPolicyViolationsPreviewService_ListOrgPolicyViolations_FullMethodName
const (
OrgPolicyViolationsPreviewService_ListOrgPolicyViolationsPreviews_FullMethodName = "/google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService/ListOrgPolicyViolationsPreviews"
OrgPolicyViolationsPreviewService_GetOrgPolicyViolationsPreview_FullMethodName = "/google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService/GetOrgPolicyViolationsPreview"
OrgPolicyViolationsPreviewService_CreateOrgPolicyViolationsPreview_FullMethodName = "/google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService/CreateOrgPolicyViolationsPreview"
OrgPolicyViolationsPreviewService_ListOrgPolicyViolations_FullMethodName = "/google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService/ListOrgPolicyViolations"
)
Simulator_GetReplay_FullMethodName, Simulator_CreateReplay_FullMethodName, Simulator_ListReplayResults_FullMethodName
const (
Simulator_GetReplay_FullMethodName = "/google.cloud.policysimulator.v1.Simulator/GetReplay"
Simulator_CreateReplay_FullMethodName = "/google.cloud.policysimulator.v1.Simulator/CreateReplay"
Simulator_ListReplayResults_FullMethodName = "/google.cloud.policysimulator.v1.Simulator/ListReplayResults"
)
Variables
AccessState_name, AccessState_value
var (
AccessState_name = map[int32]string{
0: "ACCESS_STATE_UNSPECIFIED",
1: "GRANTED",
2: "NOT_GRANTED",
3: "UNKNOWN_CONDITIONAL",
4: "UNKNOWN_INFO_DENIED",
}
AccessState_value = map[string]int32{
"ACCESS_STATE_UNSPECIFIED": 0,
"GRANTED": 1,
"NOT_GRANTED": 2,
"UNKNOWN_CONDITIONAL": 3,
"UNKNOWN_INFO_DENIED": 4,
}
)
Enum value maps for AccessState.
HeuristicRelevance_name, HeuristicRelevance_value
var (
HeuristicRelevance_name = map[int32]string{
0: "HEURISTIC_RELEVANCE_UNSPECIFIED",
1: "NORMAL",
2: "HIGH",
}
HeuristicRelevance_value = map[string]int32{
"HEURISTIC_RELEVANCE_UNSPECIFIED": 0,
"NORMAL": 1,
"HIGH": 2,
}
)
Enum value maps for HeuristicRelevance.
BindingExplanation_RolePermission_name, BindingExplanation_RolePermission_value
var (
BindingExplanation_RolePermission_name = map[int32]string{
0: "ROLE_PERMISSION_UNSPECIFIED",
1: "ROLE_PERMISSION_INCLUDED",
2: "ROLE_PERMISSION_NOT_INCLUDED",
3: "ROLE_PERMISSION_UNKNOWN_INFO_DENIED",
}
BindingExplanation_RolePermission_value = map[string]int32{
"ROLE_PERMISSION_UNSPECIFIED": 0,
"ROLE_PERMISSION_INCLUDED": 1,
"ROLE_PERMISSION_NOT_INCLUDED": 2,
"ROLE_PERMISSION_UNKNOWN_INFO_DENIED": 3,
}
)
Enum value maps for BindingExplanation_RolePermission.
BindingExplanation_Membership_name, BindingExplanation_Membership_value
var (
BindingExplanation_Membership_name = map[int32]string{
0: "MEMBERSHIP_UNSPECIFIED",
1: "MEMBERSHIP_INCLUDED",
2: "MEMBERSHIP_NOT_INCLUDED",
3: "MEMBERSHIP_UNKNOWN_INFO_DENIED",
4: "MEMBERSHIP_UNKNOWN_UNSUPPORTED",
}
BindingExplanation_Membership_value = map[string]int32{
"MEMBERSHIP_UNSPECIFIED": 0,
"MEMBERSHIP_INCLUDED": 1,
"MEMBERSHIP_NOT_INCLUDED": 2,
"MEMBERSHIP_UNKNOWN_INFO_DENIED": 3,
"MEMBERSHIP_UNKNOWN_UNSUPPORTED": 4,
}
)
Enum value maps for BindingExplanation_Membership.
PreviewState_name, PreviewState_value
var (
PreviewState_name = map[int32]string{
0: "PREVIEW_STATE_UNSPECIFIED",
1: "PREVIEW_PENDING",
2: "PREVIEW_RUNNING",
3: "PREVIEW_SUCCEEDED",
4: "PREVIEW_FAILED",
}
PreviewState_value = map[string]int32{
"PREVIEW_STATE_UNSPECIFIED": 0,
"PREVIEW_PENDING": 1,
"PREVIEW_RUNNING": 2,
"PREVIEW_SUCCEEDED": 3,
"PREVIEW_FAILED": 4,
}
)
Enum value maps for PreviewState.
Replay_State_name, Replay_State_value
var (
Replay_State_name = map[int32]string{
0: "STATE_UNSPECIFIED",
1: "PENDING",
2: "RUNNING",
3: "SUCCEEDED",
4: "FAILED",
}
Replay_State_value = map[string]int32{
"STATE_UNSPECIFIED": 0,
"PENDING": 1,
"RUNNING": 2,
"SUCCEEDED": 3,
"FAILED": 4,
}
)
Enum value maps for Replay_State.
ReplayConfig_LogSource_name, ReplayConfig_LogSource_value
var (
ReplayConfig_LogSource_name = map[int32]string{
0: "LOG_SOURCE_UNSPECIFIED",
1: "RECENT_ACCESSES",
}
ReplayConfig_LogSource_value = map[string]int32{
"LOG_SOURCE_UNSPECIFIED": 0,
"RECENT_ACCESSES": 1,
}
)
Enum value maps for ReplayConfig_LogSource.
AccessStateDiff_AccessChangeType_name, AccessStateDiff_AccessChangeType_value
var (
AccessStateDiff_AccessChangeType_name = map[int32]string{
0: "ACCESS_CHANGE_TYPE_UNSPECIFIED",
1: "NO_CHANGE",
2: "UNKNOWN_CHANGE",
3: "ACCESS_REVOKED",
4: "ACCESS_GAINED",
5: "ACCESS_MAYBE_REVOKED",
6: "ACCESS_MAYBE_GAINED",
}
AccessStateDiff_AccessChangeType_value = map[string]int32{
"ACCESS_CHANGE_TYPE_UNSPECIFIED": 0,
"NO_CHANGE": 1,
"UNKNOWN_CHANGE": 2,
"ACCESS_REVOKED": 3,
"ACCESS_GAINED": 4,
"ACCESS_MAYBE_REVOKED": 5,
"ACCESS_MAYBE_GAINED": 6,
}
)
Enum value maps for AccessStateDiff_AccessChangeType.
File_google_cloud_policysimulator_v1_explanations_proto
var File_google_cloud_policysimulator_v1_explanations_proto protoreflect.FileDescriptor
File_google_cloud_policysimulator_v1_orgpolicy_proto
var File_google_cloud_policysimulator_v1_orgpolicy_proto protoreflect.FileDescriptor
File_google_cloud_policysimulator_v1_simulator_proto
var File_google_cloud_policysimulator_v1_simulator_proto protoreflect.FileDescriptor
OrgPolicyViolationsPreviewService_ServiceDesc
var OrgPolicyViolationsPreviewService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService",
HandlerType: (*OrgPolicyViolationsPreviewServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "ListOrgPolicyViolationsPreviews",
Handler: _OrgPolicyViolationsPreviewService_ListOrgPolicyViolationsPreviews_Handler,
},
{
MethodName: "GetOrgPolicyViolationsPreview",
Handler: _OrgPolicyViolationsPreviewService_GetOrgPolicyViolationsPreview_Handler,
},
{
MethodName: "CreateOrgPolicyViolationsPreview",
Handler: _OrgPolicyViolationsPreviewService_CreateOrgPolicyViolationsPreview_Handler,
},
{
MethodName: "ListOrgPolicyViolations",
Handler: _OrgPolicyViolationsPreviewService_ListOrgPolicyViolations_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "google/cloud/policysimulator/v1/orgpolicy.proto",
}
OrgPolicyViolationsPreviewService_ServiceDesc is the grpc.ServiceDesc for OrgPolicyViolationsPreviewService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
Simulator_ServiceDesc
var Simulator_ServiceDesc = grpc.ServiceDesc{
ServiceName: "google.cloud.policysimulator.v1.Simulator",
HandlerType: (*SimulatorServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "GetReplay",
Handler: _Simulator_GetReplay_Handler,
},
{
MethodName: "CreateReplay",
Handler: _Simulator_CreateReplay_Handler,
},
{
MethodName: "ListReplayResults",
Handler: _Simulator_ListReplayResults_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "google/cloud/policysimulator/v1/simulator.proto",
}
Simulator_ServiceDesc is the grpc.ServiceDesc for Simulator service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
Functions
func RegisterOrgPolicyViolationsPreviewServiceServer
func RegisterOrgPolicyViolationsPreviewServiceServer(s grpc.ServiceRegistrar, srv OrgPolicyViolationsPreviewServiceServer)
func RegisterSimulatorServer
func RegisterSimulatorServer(s grpc.ServiceRegistrar, srv SimulatorServer)
AccessState
type AccessState int32
Whether a principal has a permission for a resource.
AccessState_ACCESS_STATE_UNSPECIFIED, AccessState_GRANTED, AccessState_NOT_GRANTED, AccessState_UNKNOWN_CONDITIONAL, AccessState_UNKNOWN_INFO_DENIED
const (
// Default value. This value is unused.
AccessState_ACCESS_STATE_UNSPECIFIED AccessState = 0
// The principal has the permission.
AccessState_GRANTED AccessState = 1
// The principal does not have the permission.
AccessState_NOT_GRANTED AccessState = 2
// The principal has the permission only if a condition expression evaluates
// to `true`.
AccessState_UNKNOWN_CONDITIONAL AccessState = 3
// The user who created the
// [Replay][google.cloud.policysimulator.v1.Replay] does not have
// access to all of the policies that Policy Simulator needs to evaluate.
AccessState_UNKNOWN_INFO_DENIED AccessState = 4
)
func (AccessState) Descriptor
func (AccessState) Descriptor() protoreflect.EnumDescriptor
func (AccessState) Enum
func (x AccessState) Enum() *AccessState
func (AccessState) EnumDescriptor
func (AccessState) EnumDescriptor() ([]byte, []int)
Deprecated: Use AccessState.Descriptor instead.
func (AccessState) Number
func (x AccessState) Number() protoreflect.EnumNumber
func (AccessState) String
func (x AccessState) String() string
func (AccessState) Type
func (AccessState) Type() protoreflect.EnumType
AccessStateDiff
type AccessStateDiff struct {
// The results of evaluating the access tuple under the current (baseline)
// policies.
//
// If the [AccessState][google.cloud.policysimulator.v1.AccessState] couldn't
// be fully evaluated, this field explains why.
Baseline *ExplainedAccess `protobuf:"bytes,1,opt,name=baseline,proto3" json:"baseline,omitempty"`
// The results of evaluating the access tuple under the proposed (simulated)
// policies.
//
// If the AccessState couldn't be fully evaluated, this field explains why.
Simulated *ExplainedAccess `protobuf:"bytes,2,opt,name=simulated,proto3" json:"simulated,omitempty"`
// How the principal's access, specified in the AccessState field, changed
// between the current (baseline) policies and proposed (simulated) policies.
AccessChange AccessStateDiff_AccessChangeType `protobuf:"varint,3,opt,name=access_change,json=accessChange,proto3,enum=google.cloud.policysimulator.v1.AccessStateDiff_AccessChangeType" json:"access_change,omitempty"`
// contains filtered or unexported fields
}
A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.
func (*AccessStateDiff) Descriptor
func (*AccessStateDiff) Descriptor() ([]byte, []int)
Deprecated: Use AccessStateDiff.ProtoReflect.Descriptor instead.
func (*AccessStateDiff) GetAccessChange
func (x *AccessStateDiff) GetAccessChange() AccessStateDiff_AccessChangeType
func (*AccessStateDiff) GetBaseline
func (x *AccessStateDiff) GetBaseline() *ExplainedAccess
func (*AccessStateDiff) GetSimulated
func (x *AccessStateDiff) GetSimulated() *ExplainedAccess
func (*AccessStateDiff) ProtoMessage
func (*AccessStateDiff) ProtoMessage()
func (*AccessStateDiff) ProtoReflect
func (x *AccessStateDiff) ProtoReflect() protoreflect.Message
func (*AccessStateDiff) Reset
func (x *AccessStateDiff) Reset()
func (*AccessStateDiff) String
func (x *AccessStateDiff) String() string
AccessStateDiff_AccessChangeType
type AccessStateDiff_AccessChangeType int32
How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.
AccessStateDiff_ACCESS_CHANGE_TYPE_UNSPECIFIED, AccessStateDiff_NO_CHANGE, AccessStateDiff_UNKNOWN_CHANGE, AccessStateDiff_ACCESS_REVOKED, AccessStateDiff_ACCESS_GAINED, AccessStateDiff_ACCESS_MAYBE_REVOKED, AccessStateDiff_ACCESS_MAYBE_GAINED
const (
// Default value. This value is unused.
AccessStateDiff_ACCESS_CHANGE_TYPE_UNSPECIFIED AccessStateDiff_AccessChangeType = 0
// The principal's access did not change.
// This includes the case where both baseline and simulated are UNKNOWN,
// but the unknown information is equivalent.
AccessStateDiff_NO_CHANGE AccessStateDiff_AccessChangeType = 1
// The principal's access under both the current policies and the proposed
// policies is `UNKNOWN`, but the unknown information differs between them.
AccessStateDiff_UNKNOWN_CHANGE AccessStateDiff_AccessChangeType = 2
// The principal had access under the current policies (`GRANTED`), but will
// no longer have access after the proposed changes (`NOT_GRANTED`).
AccessStateDiff_ACCESS_REVOKED AccessStateDiff_AccessChangeType = 3
// The principal did not have access under the current policies
// (`NOT_GRANTED`), but will have access after the proposed changes
// (`GRANTED`).
AccessStateDiff_ACCESS_GAINED AccessStateDiff_AccessChangeType = 4
// This result can occur for the following reasons:
//
// - The principal had access under the current policies (`GRANTED`), but
// their access after the proposed changes is `UNKNOWN`.
//
// * The principal's access under the current policies is `UNKNOWN`, but
// they
//
// will not have access after the proposed changes (`NOT_GRANTED`).
AccessStateDiff_ACCESS_MAYBE_REVOKED AccessStateDiff_AccessChangeType = 5
// This result can occur for the following reasons:
//
// - The principal did not have access under the current policies
// (`NOT_GRANTED`), but their access after the proposed changes is
// `UNKNOWN`.
//
// * The principal's access under the current policies is `UNKNOWN`, but
// they will have access after the proposed changes (`GRANTED`).
AccessStateDiff_ACCESS_MAYBE_GAINED AccessStateDiff_AccessChangeType = 6
)
func (AccessStateDiff_AccessChangeType) Descriptor
func (AccessStateDiff_AccessChangeType) Descriptor() protoreflect.EnumDescriptor
func (AccessStateDiff_AccessChangeType) Enum
func (x AccessStateDiff_AccessChangeType) Enum() *AccessStateDiff_AccessChangeType
func (AccessStateDiff_AccessChangeType) EnumDescriptor
func (AccessStateDiff_AccessChangeType) EnumDescriptor() ([]byte, []int)
Deprecated: Use AccessStateDiff_AccessChangeType.Descriptor instead.
func (AccessStateDiff_AccessChangeType) Number
func (x AccessStateDiff_AccessChangeType) Number() protoreflect.EnumNumber
func (AccessStateDiff_AccessChangeType) String
func (x AccessStateDiff_AccessChangeType) String() string
func (AccessStateDiff_AccessChangeType) Type
func (AccessStateDiff_AccessChangeType) Type() protoreflect.EnumType
AccessTuple
type AccessTuple struct {
// Required. The principal whose access you want to check, in the form of
// the email address that represents that principal. For example,
// `alice@example.com` or
// `my-service-account@my-project.iam.gserviceaccount.com`.
//
// The principal must be a Google Account or a service account. Other types of
// principals are not supported.
Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"`
// Required. The full resource name that identifies the resource. For example,
// `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
//
// For examples of full resource names for Google Cloud services, see
// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
// Required. The IAM permission to check for the specified principal and
// resource.
//
// For a complete list of IAM permissions, see
// https://cloud.google.com/iam/help/permissions/reference.
//
// For a complete list of predefined IAM roles and the permissions in each
// role, see https://cloud.google.com/iam/help/roles/reference.
Permission string `protobuf:"bytes,3,opt,name=permission,proto3" json:"permission,omitempty"`
// contains filtered or unexported fields
}
Information about the principal, resource, and permission to check.
func (*AccessTuple) Descriptor
func (*AccessTuple) Descriptor() ([]byte, []int)
Deprecated: Use AccessTuple.ProtoReflect.Descriptor instead.
func (*AccessTuple) GetFullResourceName
func (x *AccessTuple) GetFullResourceName() string
func (*AccessTuple) GetPermission
func (x *AccessTuple) GetPermission() string
func (*AccessTuple) GetPrincipal
func (x *AccessTuple) GetPrincipal() string
func (*AccessTuple) ProtoMessage
func (*AccessTuple) ProtoMessage()
func (*AccessTuple) ProtoReflect
func (x *AccessTuple) ProtoReflect() protoreflect.Message
func (*AccessTuple) Reset
func (x *AccessTuple) Reset()
func (*AccessTuple) String
func (x *AccessTuple) String() string
BindingExplanation
type BindingExplanation struct {
// Required. Indicates whether _this binding_ provides the specified
// permission to the specified principal for the specified resource.
//
// This field does _not_ indicate whether the principal actually has the
// permission for the resource. There might be another binding that overrides
// this binding. To determine whether the principal actually has the
// permission, use the `access` field in the
// [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.v3.TroubleshootIamPolicyResponse].
Access AccessState `protobuf:"varint,1,opt,name=access,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access,omitempty"`
// The role that this binding grants. For example,
// `roles/compute.serviceAgent`.
//
// For a complete list of predefined IAM roles, as well as the permissions in
// each role, see https://cloud.google.com/iam/help/roles/reference.
Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
// Indicates whether the role granted by this binding contains the specified
// permission.
RolePermission BindingExplanation_RolePermission `protobuf:"varint,3,opt,name=role_permission,json=rolePermission,proto3,enum=google.cloud.policysimulator.v1.BindingExplanation_RolePermission" json:"role_permission,omitempty"`
// The relevance of the permission's existence, or nonexistence, in the role
// to the overall determination for the entire policy.
RolePermissionRelevance HeuristicRelevance `protobuf:"varint,4,opt,name=role_permission_relevance,json=rolePermissionRelevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"role_permission_relevance,omitempty"`
// Indicates whether each principal in the binding includes the principal
// specified in the request, either directly or indirectly. Each key
// identifies a principal in the binding, and each value indicates whether the
// principal in the binding includes the principal in the request.
//
// For example, suppose that a binding includes the following principals:
//
// * `user:alice@example.com`
// * `group:product-eng@example.com`
//
// The principal in the replayed access tuple is `user:bob@example.com`. This
// user is a principal of the group `group:product-eng@example.com`.
//
// For the first principal in the binding, the key is
// `user:alice@example.com`, and the `membership` field in the value is set to
// `MEMBERSHIP_NOT_INCLUDED`.
//
// For the second principal in the binding, the key is
// `group:product-eng@example.com`, and the `membership` field in the value is
// set to `MEMBERSHIP_INCLUDED`.
Memberships map[string]*BindingExplanation_AnnotatedMembership `protobuf:"bytes,5,rep,name=memberships,proto3" json:"memberships,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// The relevance of this binding to the overall determination for the entire
// policy.
Relevance HeuristicRelevance `protobuf:"varint,6,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
// A condition expression that prevents this binding from granting access
// unless the expression evaluates to `true`.
//
// To learn about IAM Conditions, see
// https://cloud.google.com/iam/docs/conditions-overview.
Condition *expr.Expr `protobuf:"bytes,7,opt,name=condition,proto3" json:"condition,omitempty"`
// contains filtered or unexported fields
}
Details about how a binding in a policy affects a principal's ability to use a permission.
func (*BindingExplanation) Descriptor
func (*BindingExplanation) Descriptor() ([]byte, []int)
Deprecated: Use BindingExplanation.ProtoReflect.Descriptor instead.
func (*BindingExplanation) GetAccess
func (x *BindingExplanation) GetAccess() AccessState
func (*BindingExplanation) GetCondition
func (x *BindingExplanation) GetCondition() *expr.Expr
func (*BindingExplanation) GetMemberships
func (x *BindingExplanation) GetMemberships() map[string]*BindingExplanation_AnnotatedMembership
func (*BindingExplanation) GetRelevance
func (x *BindingExplanation) GetRelevance() HeuristicRelevance
func (*BindingExplanation) GetRole
func (x *BindingExplanation) GetRole() string
func (*BindingExplanation) GetRolePermission
func (x *BindingExplanation) GetRolePermission() BindingExplanation_RolePermission
func (*BindingExplanation) GetRolePermissionRelevance
func (x *BindingExplanation) GetRolePermissionRelevance() HeuristicRelevance
func (*BindingExplanation) ProtoMessage
func (*BindingExplanation) ProtoMessage()
func (*BindingExplanation) ProtoReflect
func (x *BindingExplanation) ProtoReflect() protoreflect.Message
func (*BindingExplanation) Reset
func (x *BindingExplanation) Reset()
func (*BindingExplanation) String
func (x *BindingExplanation) String() string
BindingExplanation_AnnotatedMembership
type BindingExplanation_AnnotatedMembership struct {
// Indicates whether the binding includes the principal.
Membership BindingExplanation_Membership `protobuf:"varint,1,opt,name=membership,proto3,enum=google.cloud.policysimulator.v1.BindingExplanation_Membership" json:"membership,omitempty"`
// The relevance of the principal's status to the overall determination for
// the binding.
Relevance HeuristicRelevance `protobuf:"varint,2,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
// contains filtered or unexported fields
}
Details about whether the binding includes the principal.
func (*BindingExplanation_AnnotatedMembership) Descriptor
func (*BindingExplanation_AnnotatedMembership) Descriptor() ([]byte, []int)
Deprecated: Use BindingExplanation_AnnotatedMembership.ProtoReflect.Descriptor instead.
func (*BindingExplanation_AnnotatedMembership) GetMembership
func (x *BindingExplanation_AnnotatedMembership) GetMembership() BindingExplanation_Membership
func (*BindingExplanation_AnnotatedMembership) GetRelevance
func (x *BindingExplanation_AnnotatedMembership) GetRelevance() HeuristicRelevance
func (*BindingExplanation_AnnotatedMembership) ProtoMessage
func (*BindingExplanation_AnnotatedMembership) ProtoMessage()
func (*BindingExplanation_AnnotatedMembership) ProtoReflect
func (x *BindingExplanation_AnnotatedMembership) ProtoReflect() protoreflect.Message
func (*BindingExplanation_AnnotatedMembership) Reset
func (x *BindingExplanation_AnnotatedMembership) Reset()
func (*BindingExplanation_AnnotatedMembership) String
func (x *BindingExplanation_AnnotatedMembership) String() string
BindingExplanation_Membership
type BindingExplanation_Membership int32
Whether the binding includes the principal.
BindingExplanation_MEMBERSHIP_UNSPECIFIED, BindingExplanation_MEMBERSHIP_INCLUDED, BindingExplanation_MEMBERSHIP_NOT_INCLUDED, BindingExplanation_MEMBERSHIP_UNKNOWN_INFO_DENIED, BindingExplanation_MEMBERSHIP_UNKNOWN_UNSUPPORTED
const (
// Default value. This value is unused.
BindingExplanation_MEMBERSHIP_UNSPECIFIED BindingExplanation_Membership = 0
// The binding includes the principal. The principal can be included
// directly or indirectly. For example:
//
// - A principal is included directly if that principal is listed in the
// binding.
// - A principal is included indirectly if that principal is in a Google
// group or Google Workspace domain that is listed in the binding.
BindingExplanation_MEMBERSHIP_INCLUDED BindingExplanation_Membership = 1
// The binding does not include the principal.
BindingExplanation_MEMBERSHIP_NOT_INCLUDED BindingExplanation_Membership = 2
// The user who created the
// [Replay][google.cloud.policysimulator.v1.Replay] is not
// allowed to access the binding.
BindingExplanation_MEMBERSHIP_UNKNOWN_INFO_DENIED BindingExplanation_Membership = 3
// The principal is an unsupported type. Only Google Accounts and service
// accounts are supported.
BindingExplanation_MEMBERSHIP_UNKNOWN_UNSUPPORTED BindingExplanation_Membership = 4
)
func (BindingExplanation_Membership) Descriptor
func (BindingExplanation_Membership) Descriptor() protoreflect.EnumDescriptor
func (BindingExplanation_Membership) Enum
func (x BindingExplanation_Membership) Enum() *BindingExplanation_Membership
func (BindingExplanation_Membership) EnumDescriptor
func (BindingExplanation_Membership) EnumDescriptor() ([]byte, []int)
Deprecated: Use BindingExplanation_Membership.Descriptor instead.
func (BindingExplanation_Membership) Number
func (x BindingExplanation_Membership) Number() protoreflect.EnumNumber
func (BindingExplanation_Membership) String
func (x BindingExplanation_Membership) String() string
func (BindingExplanation_Membership) Type
func (BindingExplanation_Membership) Type() protoreflect.EnumType
BindingExplanation_RolePermission
type BindingExplanation_RolePermission int32
Whether a role includes a specific permission.
BindingExplanation_ROLE_PERMISSION_UNSPECIFIED, BindingExplanation_ROLE_PERMISSION_INCLUDED, BindingExplanation_ROLE_PERMISSION_NOT_INCLUDED, BindingExplanation_ROLE_PERMISSION_UNKNOWN_INFO_DENIED
const (
// Default value. This value is unused.
BindingExplanation_ROLE_PERMISSION_UNSPECIFIED BindingExplanation_RolePermission = 0
// The permission is included in the role.
BindingExplanation_ROLE_PERMISSION_INCLUDED BindingExplanation_RolePermission = 1
// The permission is not included in the role.
BindingExplanation_ROLE_PERMISSION_NOT_INCLUDED BindingExplanation_RolePermission = 2
// The user who created the
// [Replay][google.cloud.policysimulator.v1.Replay] is not
// allowed to access the binding.
BindingExplanation_ROLE_PERMISSION_UNKNOWN_INFO_DENIED BindingExplanation_RolePermission = 3
)
func (BindingExplanation_RolePermission) Descriptor
func (BindingExplanation_RolePermission) Descriptor() protoreflect.EnumDescriptor
func (BindingExplanation_RolePermission) Enum
func (x BindingExplanation_RolePermission) Enum() *BindingExplanation_RolePermission
func (BindingExplanation_RolePermission) EnumDescriptor
func (BindingExplanation_RolePermission) EnumDescriptor() ([]byte, []int)
Deprecated: Use BindingExplanation_RolePermission.Descriptor instead.
func (BindingExplanation_RolePermission) Number
func (x BindingExplanation_RolePermission) Number() protoreflect.EnumNumber
func (BindingExplanation_RolePermission) String
func (x BindingExplanation_RolePermission) String() string
func (BindingExplanation_RolePermission) Type
func (BindingExplanation_RolePermission) Type() protoreflect.EnumType
CreateOrgPolicyViolationsPreviewOperationMetadata
type CreateOrgPolicyViolationsPreviewOperationMetadata struct {
// Time when the request was received.
RequestTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=request_time,json=requestTime,proto3" json:"request_time,omitempty"`
// Time when the request started processing, i.e., when the state was set to
// RUNNING.
StartTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"`
// Output only. The current state of the operation.
State PreviewState `protobuf:"varint,3,opt,name=state,proto3,enum=google.cloud.policysimulator.v1.PreviewState" json:"state,omitempty"`
// Total number of resources that need scanning.
// Should equal resource_scanned + resources_pending
ResourcesFound int32 `protobuf:"varint,4,opt,name=resources_found,json=resourcesFound,proto3" json:"resources_found,omitempty"`
// Number of resources already scanned.
ResourcesScanned int32 `protobuf:"varint,5,opt,name=resources_scanned,json=resourcesScanned,proto3" json:"resources_scanned,omitempty"`
// Number of resources still to scan.
ResourcesPending int32 `protobuf:"varint,6,opt,name=resources_pending,json=resourcesPending,proto3" json:"resources_pending,omitempty"`
// contains filtered or unexported fields
}
CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) Descriptor
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) Descriptor() ([]byte, []int)
Deprecated: Use CreateOrgPolicyViolationsPreviewOperationMetadata.ProtoReflect.Descriptor instead.
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetRequestTime
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) GetRequestTime() *timestamppb.Timestamp
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesFound
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesFound() int32
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesPending
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesPending() int32
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesScanned
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesScanned() int32
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetStartTime
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) GetStartTime() *timestamppb.Timestamp
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetState
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) GetState() PreviewState
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) ProtoMessage
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) ProtoMessage()
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) ProtoReflect
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) ProtoReflect() protoreflect.Message
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) Reset
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) Reset()
func (*CreateOrgPolicyViolationsPreviewOperationMetadata) String
func (x *CreateOrgPolicyViolationsPreviewOperationMetadata) String() string
CreateOrgPolicyViolationsPreviewRequest
type CreateOrgPolicyViolationsPreviewRequest struct {
// Required. The organization under which this
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// will be created.
//
// Example: `organizations/my-example-org/locations/global`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// to generate.
OrgPolicyViolationsPreview *OrgPolicyViolationsPreview `protobuf:"bytes,2,opt,name=org_policy_violations_preview,json=orgPolicyViolationsPreview,proto3" json:"org_policy_violations_preview,omitempty"`
// Optional. An optional user-specified ID for the
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
// If not provided, a random ID will be generated.
OrgPolicyViolationsPreviewId string `protobuf:"bytes,3,opt,name=org_policy_violations_preview_id,json=orgPolicyViolationsPreviewId,proto3" json:"org_policy_violations_preview_id,omitempty"`
// contains filtered or unexported fields
}
CreateOrgPolicyViolationsPreviewRequest is the request message for [OrgPolicyViolationsPreviewService.CreateOrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.CreateOrgPolicyViolationsPreview].
func (*CreateOrgPolicyViolationsPreviewRequest) Descriptor
func (*CreateOrgPolicyViolationsPreviewRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateOrgPolicyViolationsPreviewRequest.ProtoReflect.Descriptor instead.
func (*CreateOrgPolicyViolationsPreviewRequest) GetOrgPolicyViolationsPreview
func (x *CreateOrgPolicyViolationsPreviewRequest) GetOrgPolicyViolationsPreview() *OrgPolicyViolationsPreview
func (*CreateOrgPolicyViolationsPreviewRequest) GetOrgPolicyViolationsPreviewId
func (x *CreateOrgPolicyViolationsPreviewRequest) GetOrgPolicyViolationsPreviewId() string
func (*CreateOrgPolicyViolationsPreviewRequest) GetParent
func (x *CreateOrgPolicyViolationsPreviewRequest) GetParent() string
func (*CreateOrgPolicyViolationsPreviewRequest) ProtoMessage
func (*CreateOrgPolicyViolationsPreviewRequest) ProtoMessage()
func (*CreateOrgPolicyViolationsPreviewRequest) ProtoReflect
func (x *CreateOrgPolicyViolationsPreviewRequest) ProtoReflect() protoreflect.Message
func (*CreateOrgPolicyViolationsPreviewRequest) Reset
func (x *CreateOrgPolicyViolationsPreviewRequest) Reset()
func (*CreateOrgPolicyViolationsPreviewRequest) String
func (x *CreateOrgPolicyViolationsPreviewRequest) String() string
CreateReplayRequest
type CreateReplayRequest struct {
// Required. The parent resource where this
// [Replay][google.cloud.policysimulator.v1.Replay] will be created. This
// resource must be a project, folder, or organization with a location.
//
// Example: `projects/my-example-project/locations/global`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The [Replay][google.cloud.policysimulator.v1.Replay] to create.
// Set `Replay.ReplayConfig` to configure the replay.
Replay *Replay `protobuf:"bytes,2,opt,name=replay,proto3" json:"replay,omitempty"`
// contains filtered or unexported fields
}
Request message for [Simulator.CreateReplay][google.cloud.policysimulator.v1.Simulator.CreateReplay].
func (*CreateReplayRequest) Descriptor
func (*CreateReplayRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateReplayRequest.ProtoReflect.Descriptor instead.
func (*CreateReplayRequest) GetParent
func (x *CreateReplayRequest) GetParent() string
func (*CreateReplayRequest) GetReplay
func (x *CreateReplayRequest) GetReplay() *Replay
func (*CreateReplayRequest) ProtoMessage
func (*CreateReplayRequest) ProtoMessage()
func (*CreateReplayRequest) ProtoReflect
func (x *CreateReplayRequest) ProtoReflect() protoreflect.Message
func (*CreateReplayRequest) Reset
func (x *CreateReplayRequest) Reset()
func (*CreateReplayRequest) String
func (x *CreateReplayRequest) String() string
ExplainedAccess
type ExplainedAccess struct {
// Whether the principal in the access tuple has permission to access the
// resource in the access tuple under the given policies.
AccessState AccessState `protobuf:"varint,1,opt,name=access_state,json=accessState,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access_state,omitempty"`
// If the [AccessState][google.cloud.policysimulator.v1.AccessState] is
// `UNKNOWN`, this field contains the policies that led to that result.
//
// If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
// omitted.
Policies []*ExplainedPolicy `protobuf:"bytes,2,rep,name=policies,proto3" json:"policies,omitempty"`
// If the [AccessState][google.cloud.policysimulator.v1.AccessState] is
// `UNKNOWN`, this field contains a list of errors explaining why the result
// is `UNKNOWN`.
//
// If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
// omitted.
Errors []*status.Status `protobuf:"bytes,3,rep,name=errors,proto3" json:"errors,omitempty"`
// contains filtered or unexported fields
}
Details about how a set of policies, listed in [ExplainedPolicy][google.cloud.policysimulator.v1.ExplainedPolicy], resulted in a certain [AccessState][google.cloud.policysimulator.v1.AccessState] when replaying an access tuple.
func (*ExplainedAccess) Descriptor
func (*ExplainedAccess) Descriptor() ([]byte, []int)
Deprecated: Use ExplainedAccess.ProtoReflect.Descriptor instead.
func (*ExplainedAccess) GetAccessState
func (x *ExplainedAccess) GetAccessState() AccessState
func (*ExplainedAccess) GetErrors
func (x *ExplainedAccess) GetErrors() []*status.Status
func (*ExplainedAccess) GetPolicies
func (x *ExplainedAccess) GetPolicies() []*ExplainedPolicy
func (*ExplainedAccess) ProtoMessage
func (*ExplainedAccess) ProtoMessage()
func (*ExplainedAccess) ProtoReflect
func (x *ExplainedAccess) ProtoReflect() protoreflect.Message
func (*ExplainedAccess) Reset
func (x *ExplainedAccess) Reset()
func (*ExplainedAccess) String
func (x *ExplainedAccess) String() string
ExplainedPolicy
type ExplainedPolicy struct {
// Indicates whether _this policy_ provides the specified permission to the
// specified principal for the specified resource.
//
// This field does _not_ indicate whether the principal actually has the
// permission for the resource. There might be another policy that overrides
// this policy. To determine whether the principal actually has the
// permission, use the `access` field in the
// [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.v3.TroubleshootIamPolicyResponse].
Access AccessState `protobuf:"varint,1,opt,name=access,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access,omitempty"`
// The full resource name that identifies the resource. For example,
// `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
//
// If the user who created the
// [Replay][google.cloud.policysimulator.v1.Replay] does not have
// access to the policy, this field is omitted.
//
// For examples of full resource names for Google Cloud services, see
// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
// The IAM policy attached to the resource.
//
// If the user who created the
// [Replay][google.cloud.policysimulator.v1.Replay] does not have
// access to the policy, this field is empty.
Policy *iampb.Policy `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"`
// Details about how each binding in the policy affects the principal's
// ability, or inability, to use the permission for the resource.
//
// If the user who created the
// [Replay][google.cloud.policysimulator.v1.Replay] does not have
// access to the policy, this field is omitted.
BindingExplanations []*BindingExplanation `protobuf:"bytes,4,rep,name=binding_explanations,json=bindingExplanations,proto3" json:"binding_explanations,omitempty"`
// The relevance of this policy to the overall determination in the
// [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.v3.TroubleshootIamPolicyResponse].
//
// If the user who created the
// [Replay][google.cloud.policysimulator.v1.Replay] does not have
// access to the policy, this field is omitted.
Relevance HeuristicRelevance `protobuf:"varint,5,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
// contains filtered or unexported fields
}
Details about how a specific IAM [Policy][google.iam.v1.Policy] contributed to the access check.
func (*ExplainedPolicy) Descriptor
func (*ExplainedPolicy) Descriptor() ([]byte, []int)
Deprecated: Use ExplainedPolicy.ProtoReflect.Descriptor instead.
func (*ExplainedPolicy) GetAccess
func (x *ExplainedPolicy) GetAccess() AccessState
func (*ExplainedPolicy) GetBindingExplanations
func (x *ExplainedPolicy) GetBindingExplanations() []*BindingExplanation
func (*ExplainedPolicy) GetFullResourceName
func (x *ExplainedPolicy) GetFullResourceName() string
func (*ExplainedPolicy) GetPolicy
func (x *ExplainedPolicy) GetPolicy() *iampb.Policy
func (*ExplainedPolicy) GetRelevance
func (x *ExplainedPolicy) GetRelevance() HeuristicRelevance
func (*ExplainedPolicy) ProtoMessage
func (*ExplainedPolicy) ProtoMessage()
func (*ExplainedPolicy) ProtoReflect
func (x *ExplainedPolicy) ProtoReflect() protoreflect.Message
func (*ExplainedPolicy) Reset
func (x *ExplainedPolicy) Reset()
func (*ExplainedPolicy) String
func (x *ExplainedPolicy) String() string
GetOrgPolicyViolationsPreviewRequest
type GetOrgPolicyViolationsPreviewRequest struct {
// Required. The name of the OrgPolicyViolationsPreview to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
GetOrgPolicyViolationsPreviewRequest is the request message for [OrgPolicyViolationsPreviewService.GetOrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.GetOrgPolicyViolationsPreview].
func (*GetOrgPolicyViolationsPreviewRequest) Descriptor
func (*GetOrgPolicyViolationsPreviewRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetOrgPolicyViolationsPreviewRequest.ProtoReflect.Descriptor instead.
func (*GetOrgPolicyViolationsPreviewRequest) GetName
func (x *GetOrgPolicyViolationsPreviewRequest) GetName() string
func (*GetOrgPolicyViolationsPreviewRequest) ProtoMessage
func (*GetOrgPolicyViolationsPreviewRequest) ProtoMessage()
func (*GetOrgPolicyViolationsPreviewRequest) ProtoReflect
func (x *GetOrgPolicyViolationsPreviewRequest) ProtoReflect() protoreflect.Message
func (*GetOrgPolicyViolationsPreviewRequest) Reset
func (x *GetOrgPolicyViolationsPreviewRequest) Reset()
func (*GetOrgPolicyViolationsPreviewRequest) String
func (x *GetOrgPolicyViolationsPreviewRequest) String() string
GetReplayRequest
type GetReplayRequest struct {
// Required. The name of the [Replay][google.cloud.policysimulator.v1.Replay]
// to retrieve, in the following format:
//
// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
// where `{resource-id}` is the ID of the project, folder, or organization
// that owns the `Replay`.
//
// Example:
// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [Simulator.GetReplay][google.cloud.policysimulator.v1.Simulator.GetReplay].
func (*GetReplayRequest) Descriptor
func (*GetReplayRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetReplayRequest.ProtoReflect.Descriptor instead.
func (*GetReplayRequest) GetName
func (x *GetReplayRequest) GetName() string
func (*GetReplayRequest) ProtoMessage
func (*GetReplayRequest) ProtoMessage()
func (*GetReplayRequest) ProtoReflect
func (x *GetReplayRequest) ProtoReflect() protoreflect.Message
func (*GetReplayRequest) Reset
func (x *GetReplayRequest) Reset()
func (*GetReplayRequest) String
func (x *GetReplayRequest) String() string
HeuristicRelevance
type HeuristicRelevance int32
The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.
HeuristicRelevance_HEURISTIC_RELEVANCE_UNSPECIFIED, HeuristicRelevance_NORMAL, HeuristicRelevance_HIGH
const (
// Default value. This value is unused.
HeuristicRelevance_HEURISTIC_RELEVANCE_UNSPECIFIED HeuristicRelevance = 0
// The data point has a limited effect on the result. Changing the data point
// is unlikely to affect the overall determination.
HeuristicRelevance_NORMAL HeuristicRelevance = 1
// The data point has a strong effect on the result. Changing the data point
// is likely to affect the overall determination.
HeuristicRelevance_HIGH HeuristicRelevance = 2
)
func (HeuristicRelevance) Descriptor
func (HeuristicRelevance) Descriptor() protoreflect.EnumDescriptor
func (HeuristicRelevance) Enum
func (x HeuristicRelevance) Enum() *HeuristicRelevance
func (HeuristicRelevance) EnumDescriptor
func (HeuristicRelevance) EnumDescriptor() ([]byte, []int)
Deprecated: Use HeuristicRelevance.Descriptor instead.
func (HeuristicRelevance) Number
func (x HeuristicRelevance) Number() protoreflect.EnumNumber
func (HeuristicRelevance) String
func (x HeuristicRelevance) String() string
func (HeuristicRelevance) Type
func (HeuristicRelevance) Type() protoreflect.EnumType
ListOrgPolicyViolationsPreviewsRequest
type ListOrgPolicyViolationsPreviewsRequest struct {
// Required. The parent the violations are scoped to.
// Format:
// `organizations/{organization}/locations/{location}`
//
// Example: `organizations/my-example-org/locations/global`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. The maximum number of items to return. The service may return
// fewer than this value. If unspecified, at most 5 items will be returned.
// The maximum value is 10; values above 10 will be coerced to 10.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A page token, received from a previous call. Provide this to
// retrieve the subsequent page.
//
// When paginating, all other parameters must match the call that provided the
// page token.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
ListOrgPolicyViolationsPreviewsRequest is the request message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews].
func (*ListOrgPolicyViolationsPreviewsRequest) Descriptor
func (*ListOrgPolicyViolationsPreviewsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListOrgPolicyViolationsPreviewsRequest.ProtoReflect.Descriptor instead.
func (*ListOrgPolicyViolationsPreviewsRequest) GetPageSize
func (x *ListOrgPolicyViolationsPreviewsRequest) GetPageSize() int32
func (*ListOrgPolicyViolationsPreviewsRequest) GetPageToken
func (x *ListOrgPolicyViolationsPreviewsRequest) GetPageToken() string
func (*ListOrgPolicyViolationsPreviewsRequest) GetParent
func (x *ListOrgPolicyViolationsPreviewsRequest) GetParent() string
func (*ListOrgPolicyViolationsPreviewsRequest) ProtoMessage
func (*ListOrgPolicyViolationsPreviewsRequest) ProtoMessage()
func (*ListOrgPolicyViolationsPreviewsRequest) ProtoReflect
func (x *ListOrgPolicyViolationsPreviewsRequest) ProtoReflect() protoreflect.Message
func (*ListOrgPolicyViolationsPreviewsRequest) Reset
func (x *ListOrgPolicyViolationsPreviewsRequest) Reset()
func (*ListOrgPolicyViolationsPreviewsRequest) String
func (x *ListOrgPolicyViolationsPreviewsRequest) String() string
ListOrgPolicyViolationsPreviewsResponse
type ListOrgPolicyViolationsPreviewsResponse struct {
// The list of OrgPolicyViolationsPreview
OrgPolicyViolationsPreviews []*OrgPolicyViolationsPreview `protobuf:"bytes,1,rep,name=org_policy_violations_previews,json=orgPolicyViolationsPreviews,proto3" json:"org_policy_violations_previews,omitempty"`
// A token that you can use to retrieve the next page of results.
// If this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
ListOrgPolicyViolationsPreviewsResponse is the response message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews].
func (*ListOrgPolicyViolationsPreviewsResponse) Descriptor
func (*ListOrgPolicyViolationsPreviewsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListOrgPolicyViolationsPreviewsResponse.ProtoReflect.Descriptor instead.
func (*ListOrgPolicyViolationsPreviewsResponse) GetNextPageToken
func (x *ListOrgPolicyViolationsPreviewsResponse) GetNextPageToken() string
func (*ListOrgPolicyViolationsPreviewsResponse) GetOrgPolicyViolationsPreviews
func (x *ListOrgPolicyViolationsPreviewsResponse) GetOrgPolicyViolationsPreviews() []*OrgPolicyViolationsPreview
func (*ListOrgPolicyViolationsPreviewsResponse) ProtoMessage
func (*ListOrgPolicyViolationsPreviewsResponse) ProtoMessage()
func (*ListOrgPolicyViolationsPreviewsResponse) ProtoReflect
func (x *ListOrgPolicyViolationsPreviewsResponse) ProtoReflect() protoreflect.Message
func (*ListOrgPolicyViolationsPreviewsResponse) Reset
func (x *ListOrgPolicyViolationsPreviewsResponse) Reset()
func (*ListOrgPolicyViolationsPreviewsResponse) String
func (x *ListOrgPolicyViolationsPreviewsResponse) String() string
ListOrgPolicyViolationsRequest
type ListOrgPolicyViolationsRequest struct {
// Required. The OrgPolicyViolationsPreview to get OrgPolicyViolations from.
// Format:
// organizations/{organization}/locations/{location}/orgPolicyViolationsPreviews/{orgPolicyViolationsPreview}
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. The maximum number of items to return. The service may return
// fewer than this value. If unspecified, at most 1000 items will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A page token, received from a previous call. Provide this to
// retrieve the subsequent page.
//
// When paginating, all other parameters must match the call that provided the
// page token.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
ListOrgPolicyViolationsRequest is the request message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolations][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolations].
func (*ListOrgPolicyViolationsRequest) Descriptor
func (*ListOrgPolicyViolationsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListOrgPolicyViolationsRequest.ProtoReflect.Descriptor instead.
func (*ListOrgPolicyViolationsRequest) GetPageSize
func (x *ListOrgPolicyViolationsRequest) GetPageSize() int32
func (*ListOrgPolicyViolationsRequest) GetPageToken
func (x *ListOrgPolicyViolationsRequest) GetPageToken() string
func (*ListOrgPolicyViolationsRequest) GetParent
func (x *ListOrgPolicyViolationsRequest) GetParent() string
func (*ListOrgPolicyViolationsRequest) ProtoMessage
func (*ListOrgPolicyViolationsRequest) ProtoMessage()
func (*ListOrgPolicyViolationsRequest) ProtoReflect
func (x *ListOrgPolicyViolationsRequest) ProtoReflect() protoreflect.Message
func (*ListOrgPolicyViolationsRequest) Reset
func (x *ListOrgPolicyViolationsRequest) Reset()
func (*ListOrgPolicyViolationsRequest) String
func (x *ListOrgPolicyViolationsRequest) String() string
ListOrgPolicyViolationsResponse
type ListOrgPolicyViolationsResponse struct {
// The list of OrgPolicyViolations
OrgPolicyViolations []*OrgPolicyViolation `protobuf:"bytes,1,rep,name=org_policy_violations,json=orgPolicyViolations,proto3" json:"org_policy_violations,omitempty"`
// A token that you can use to retrieve the next page of results.
// If this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
ListOrgPolicyViolationsResponse is the response message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolations][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolations]
func (*ListOrgPolicyViolationsResponse) Descriptor
func (*ListOrgPolicyViolationsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListOrgPolicyViolationsResponse.ProtoReflect.Descriptor instead.
func (*ListOrgPolicyViolationsResponse) GetNextPageToken
func (x *ListOrgPolicyViolationsResponse) GetNextPageToken() string
func (*ListOrgPolicyViolationsResponse) GetOrgPolicyViolations
func (x *ListOrgPolicyViolationsResponse) GetOrgPolicyViolations() []*OrgPolicyViolation
func (*ListOrgPolicyViolationsResponse) ProtoMessage
func (*ListOrgPolicyViolationsResponse) ProtoMessage()
func (*ListOrgPolicyViolationsResponse) ProtoReflect
func (x *ListOrgPolicyViolationsResponse) ProtoReflect() protoreflect.Message
func (*ListOrgPolicyViolationsResponse) Reset
func (x *ListOrgPolicyViolationsResponse) Reset()
func (*ListOrgPolicyViolationsResponse) String
func (x *ListOrgPolicyViolationsResponse) String() string
ListReplayResultsRequest
type ListReplayResultsRequest struct {
// Required. The [Replay][google.cloud.policysimulator.v1.Replay] whose
// results are listed, in the following format:
//
// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`
//
// Example:
// `projects/my-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// The maximum number of
// [ReplayResult][google.cloud.policysimulator.v1.ReplayResult] objects to
// return. Defaults to 5000.
//
// The maximum value is 5000; values above 5000 are rounded down to 5000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// A page token, received from a previous
// [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults]
// call. Provide this token to retrieve the next page of results.
//
// When paginating, all other parameters provided to
// [Simulator.ListReplayResults[] must match the call that provided the page
// token.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
Request message for [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults].
func (*ListReplayResultsRequest) Descriptor
func (*ListReplayResultsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListReplayResultsRequest.ProtoReflect.Descriptor instead.
func (*ListReplayResultsRequest) GetPageSize
func (x *ListReplayResultsRequest) GetPageSize() int32
func (*ListReplayResultsRequest) GetPageToken
func (x *ListReplayResultsRequest) GetPageToken() string
func (*ListReplayResultsRequest) GetParent
func (x *ListReplayResultsRequest) GetParent() string
func (*ListReplayResultsRequest) ProtoMessage
func (*ListReplayResultsRequest) ProtoMessage()
func (*ListReplayResultsRequest) ProtoReflect
func (x *ListReplayResultsRequest) ProtoReflect() protoreflect.Message
func (*ListReplayResultsRequest) Reset
func (x *ListReplayResultsRequest) Reset()
func (*ListReplayResultsRequest) String
func (x *ListReplayResultsRequest) String() string
ListReplayResultsResponse
type ListReplayResultsResponse struct {
// The results of running a [Replay][google.cloud.policysimulator.v1.Replay].
ReplayResults []*ReplayResult `protobuf:"bytes,1,rep,name=replay_results,json=replayResults,proto3" json:"replay_results,omitempty"`
// A token that you can use to retrieve the next page of
// [ReplayResult][google.cloud.policysimulator.v1.ReplayResult] objects. If
// this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
Response message for [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults].
func (*ListReplayResultsResponse) Descriptor
func (*ListReplayResultsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListReplayResultsResponse.ProtoReflect.Descriptor instead.
func (*ListReplayResultsResponse) GetNextPageToken
func (x *ListReplayResultsResponse) GetNextPageToken() string
func (*ListReplayResultsResponse) GetReplayResults
func (x *ListReplayResultsResponse) GetReplayResults() []*ReplayResult
func (*ListReplayResultsResponse) ProtoMessage
func (*ListReplayResultsResponse) ProtoMessage()
func (*ListReplayResultsResponse) ProtoReflect
func (x *ListReplayResultsResponse) ProtoReflect() protoreflect.Message
func (*ListReplayResultsResponse) Reset
func (x *ListReplayResultsResponse) Reset()
func (*ListReplayResultsResponse) String
func (x *ListReplayResultsResponse) String() string
OrgPolicyOverlay
type OrgPolicyOverlay struct {
// Optional. The OrgPolicy changes to preview violations for.
//
// Any existing OrgPolicies with the same name will be overridden
// in the simulation. That is, violations will be determined as if all
// policies in the overlay were created or updated.
Policies []*OrgPolicyOverlay_PolicyOverlay `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
// Optional. The OrgPolicy CustomConstraint changes to preview violations for.
//
// Any existing CustomConstraints with the same name will be overridden
// in the simulation. That is, violations will be determined as if all
// custom constraints in the overlay were instantiated.
//
// Only a single custom_constraint is supported in the overlay at a time.
// For evaluating multiple constraints, multiple
// `GenerateOrgPolicyViolationsPreview` requests are made, where each request
// evaluates a single constraint.
CustomConstraints []*OrgPolicyOverlay_CustomConstraintOverlay `protobuf:"bytes,2,rep,name=custom_constraints,json=customConstraints,proto3" json:"custom_constraints,omitempty"`
// contains filtered or unexported fields
}
The proposed changes to OrgPolicy.
func (*OrgPolicyOverlay) Descriptor
func (*OrgPolicyOverlay) Descriptor() ([]byte, []int)
Deprecated: Use OrgPolicyOverlay.ProtoReflect.Descriptor instead.
func (*OrgPolicyOverlay) GetCustomConstraints
func (x *OrgPolicyOverlay) GetCustomConstraints() []*OrgPolicyOverlay_CustomConstraintOverlay
func (*OrgPolicyOverlay) GetPolicies
func (x *OrgPolicyOverlay) GetPolicies() []*OrgPolicyOverlay_PolicyOverlay
func (*OrgPolicyOverlay) ProtoMessage
func (*OrgPolicyOverlay) ProtoMessage()
func (*OrgPolicyOverlay) ProtoReflect
func (x *OrgPolicyOverlay) ProtoReflect() protoreflect.Message
func (*OrgPolicyOverlay) Reset
func (x *OrgPolicyOverlay) Reset()
func (*OrgPolicyOverlay) String
func (x *OrgPolicyOverlay) String() string
OrgPolicyOverlay_CustomConstraintOverlay
type OrgPolicyOverlay_CustomConstraintOverlay struct {
// Optional. Resource the constraint is attached to.
// Example: "organization/987654"
CustomConstraintParent string `protobuf:"bytes,1,opt,name=custom_constraint_parent,json=customConstraintParent,proto3" json:"custom_constraint_parent,omitempty"`
// Optional. The new or updated custom constraint.
CustomConstraint *orgpolicypb.CustomConstraint `protobuf:"bytes,2,opt,name=custom_constraint,json=customConstraint,proto3" json:"custom_constraint,omitempty"`
// contains filtered or unexported fields
}
A change to an OrgPolicy custom constraint.
func (*OrgPolicyOverlay_CustomConstraintOverlay) Descriptor
func (*OrgPolicyOverlay_CustomConstraintOverlay) Descriptor() ([]byte, []int)
Deprecated: Use OrgPolicyOverlay_CustomConstraintOverlay.ProtoReflect.Descriptor instead.
func (*OrgPolicyOverlay_CustomConstraintOverlay) GetCustomConstraint
func (x *OrgPolicyOverlay_CustomConstraintOverlay) GetCustomConstraint() *orgpolicypb.CustomConstraint
func (*OrgPolicyOverlay_CustomConstraintOverlay) GetCustomConstraintParent
func (x *OrgPolicyOverlay_CustomConstraintOverlay) GetCustomConstraintParent() string
func (*OrgPolicyOverlay_CustomConstraintOverlay) ProtoMessage
func (*OrgPolicyOverlay_CustomConstraintOverlay) ProtoMessage()
func (*OrgPolicyOverlay_CustomConstraintOverlay) ProtoReflect
func (x *OrgPolicyOverlay_CustomConstraintOverlay) ProtoReflect() protoreflect.Message
func (*OrgPolicyOverlay_CustomConstraintOverlay) Reset
func (x *OrgPolicyOverlay_CustomConstraintOverlay) Reset()
func (*OrgPolicyOverlay_CustomConstraintOverlay) String
func (x *OrgPolicyOverlay_CustomConstraintOverlay) String() string
OrgPolicyOverlay_PolicyOverlay
type OrgPolicyOverlay_PolicyOverlay struct {
// Optional. The parent of the policy we are attaching to.
// Example: "projects/123456"
PolicyParent string `protobuf:"bytes,1,opt,name=policy_parent,json=policyParent,proto3" json:"policy_parent,omitempty"`
// Optional. The new or updated OrgPolicy.
Policy *orgpolicypb.Policy `protobuf:"bytes,2,opt,name=policy,proto3" json:"policy,omitempty"`
// contains filtered or unexported fields
}
A change to an OrgPolicy.
func (*OrgPolicyOverlay_PolicyOverlay) Descriptor
func (*OrgPolicyOverlay_PolicyOverlay) Descriptor() ([]byte, []int)
Deprecated: Use OrgPolicyOverlay_PolicyOverlay.ProtoReflect.Descriptor instead.
func (*OrgPolicyOverlay_PolicyOverlay) GetPolicy
func (x *OrgPolicyOverlay_PolicyOverlay) GetPolicy() *orgpolicypb.Policy
func (*OrgPolicyOverlay_PolicyOverlay) GetPolicyParent
func (x *OrgPolicyOverlay_PolicyOverlay) GetPolicyParent() string
func (*OrgPolicyOverlay_PolicyOverlay) ProtoMessage
func (*OrgPolicyOverlay_PolicyOverlay) ProtoMessage()
func (*OrgPolicyOverlay_PolicyOverlay) ProtoReflect
func (x *OrgPolicyOverlay_PolicyOverlay) ProtoReflect() protoreflect.Message
func (*OrgPolicyOverlay_PolicyOverlay) Reset
func (x *OrgPolicyOverlay_PolicyOverlay) Reset()
func (*OrgPolicyOverlay_PolicyOverlay) String
func (x *OrgPolicyOverlay_PolicyOverlay) String() string
OrgPolicyViolation
type OrgPolicyViolation struct {
// The name of the `OrgPolicyViolation`. Example:
// organizations/my-example-org/locations/global/orgPolicyViolationsPreviews/506a5f7f/orgPolicyViolations/38ce`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The resource violating the constraint.
Resource *ResourceContext `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
// The custom constraint being violated.
CustomConstraint *orgpolicypb.CustomConstraint `protobuf:"bytes,3,opt,name=custom_constraint,json=customConstraint,proto3" json:"custom_constraint,omitempty"`
// Any error encountered during the evaluation.
Error *status.Status `protobuf:"bytes,4,opt,name=error,proto3" json:"error,omitempty"`
// contains filtered or unexported fields
}
OrgPolicyViolation is a resource representing a single resource violating a single OrgPolicy constraint.
func (*OrgPolicyViolation) Descriptor
func (*OrgPolicyViolation) Descriptor() ([]byte, []int)
Deprecated: Use OrgPolicyViolation.ProtoReflect.Descriptor instead.
func (*OrgPolicyViolation) GetCustomConstraint
func (x *OrgPolicyViolation) GetCustomConstraint() *orgpolicypb.CustomConstraint
func (*OrgPolicyViolation) GetError
func (x *OrgPolicyViolation) GetError() *status.Status
func (*OrgPolicyViolation) GetName
func (x *OrgPolicyViolation) GetName() string
func (*OrgPolicyViolation) GetResource
func (x *OrgPolicyViolation) GetResource() *ResourceContext
func (*OrgPolicyViolation) ProtoMessage
func (*OrgPolicyViolation) ProtoMessage()
func (*OrgPolicyViolation) ProtoReflect
func (x *OrgPolicyViolation) ProtoReflect() protoreflect.Message
func (*OrgPolicyViolation) Reset
func (x *OrgPolicyViolation) Reset()
func (*OrgPolicyViolation) String
func (x *OrgPolicyViolation) String() string
OrgPolicyViolationsPreview
type OrgPolicyViolationsPreview struct {
// Output only. The resource name of the `OrgPolicyViolationsPreview`. It has
// the following format:
//
// `organizations/{organization}/locations/{location}/orgPolicyViolationsPreviews/{orgPolicyViolationsPreview}`
//
// Example:
// `organizations/my-example-org/locations/global/orgPolicyViolationsPreviews/506a5f7f`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The state of the `OrgPolicyViolationsPreview`.
State PreviewState `protobuf:"varint,2,opt,name=state,proto3,enum=google.cloud.policysimulator.v1.PreviewState" json:"state,omitempty"`
// Required. The proposed changes we are previewing violations for.
Overlay *OrgPolicyOverlay `protobuf:"bytes,3,opt,name=overlay,proto3" json:"overlay,omitempty"`
// Output only. The number of [OrgPolicyViolations][] in this
// `OrgPolicyViolationsPreview`. This count may differ from
// `resource_summary.noncompliant_count` because each
// [OrgPolicyViolation][google.cloud.policysimulator.v1.OrgPolicyViolation] is
// specific to a resource **and** constraint. If there are multiple
// constraints being evaluated (i.e. multiple policies in the overlay), a
// single resource may violate multiple constraints.
ViolationsCount int32 `protobuf:"varint,4,opt,name=violations_count,json=violationsCount,proto3" json:"violations_count,omitempty"`
// Output only. A summary of the state of all resources scanned for compliance
// with the changed OrgPolicy.
ResourceCounts *OrgPolicyViolationsPreview_ResourceCounts `protobuf:"bytes,5,opt,name=resource_counts,json=resourceCounts,proto3" json:"resource_counts,omitempty"`
// Output only. The names of the constraints against which all
// `OrgPolicyViolations` were evaluated.
//
// If `OrgPolicyOverlay` only contains `PolicyOverlay` then it contains
// the name of the configured custom constraint, applicable to the specified
// policies. Otherwise it contains the name of the constraint specified in
// `CustomConstraintOverlay`.
//
// Format:
// `organizations/{organization_id}/customConstraints/{custom_constraint_id}`
//
// Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms`
CustomConstraints []string `protobuf:"bytes,6,rep,name=custom_constraints,json=customConstraints,proto3" json:"custom_constraints,omitempty"`
// Output only. Time when this `OrgPolicyViolationsPreview` was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// contains filtered or unexported fields
}
OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made.
The list of violations are modeled as child resources and retrieved via a [ListOrgPolicyViolations][] API call. There are potentially more [OrgPolicyViolations][] than could fit in an embedded field. Thus, the use of a child resource instead of a field.
func (*OrgPolicyViolationsPreview) Descriptor
func (*OrgPolicyViolationsPreview) Descriptor() ([]byte, []int)
Deprecated: Use OrgPolicyViolationsPreview.ProtoReflect.Descriptor instead.
func (*OrgPolicyViolationsPreview) GetCreateTime
func (x *OrgPolicyViolationsPreview) GetCreateTime() *timestamppb.Timestamp
func (*OrgPolicyViolationsPreview) GetCustomConstraints
func (x *OrgPolicyViolationsPreview) GetCustomConstraints() []string
func (*OrgPolicyViolationsPreview) GetName
func (x *OrgPolicyViolationsPreview) GetName() string
func (*OrgPolicyViolationsPreview) GetOverlay
func (x *OrgPolicyViolationsPreview) GetOverlay() *OrgPolicyOverlay
func (*OrgPolicyViolationsPreview) GetResourceCounts
func (x *OrgPolicyViolationsPreview) GetResourceCounts() *OrgPolicyViolationsPreview_ResourceCounts
func (*OrgPolicyViolationsPreview) GetState
func (x *OrgPolicyViolationsPreview) GetState() PreviewState
func (*OrgPolicyViolationsPreview) GetViolationsCount
func (x *OrgPolicyViolationsPreview) GetViolationsCount() int32
func (*OrgPolicyViolationsPreview) ProtoMessage
func (*OrgPolicyViolationsPreview) ProtoMessage()
func (*OrgPolicyViolationsPreview) ProtoReflect
func (x *OrgPolicyViolationsPreview) ProtoReflect() protoreflect.Message
func (*OrgPolicyViolationsPreview) Reset
func (x *OrgPolicyViolationsPreview) Reset()
func (*OrgPolicyViolationsPreview) String
func (x *OrgPolicyViolationsPreview) String() string
OrgPolicyViolationsPreviewServiceClient
type OrgPolicyViolationsPreviewServiceClient interface {
// ListOrgPolicyViolationsPreviews lists each
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// in an organization. Each
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// is available for at least 7 days.
ListOrgPolicyViolationsPreviews(ctx context.Context, in *ListOrgPolicyViolationsPreviewsRequest, opts ...grpc.CallOption) (*ListOrgPolicyViolationsPreviewsResponse, error)
// GetOrgPolicyViolationsPreview gets the specified
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
// Each
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// is available for at least 7 days.
GetOrgPolicyViolationsPreview(ctx context.Context, in *GetOrgPolicyViolationsPreviewRequest, opts ...grpc.CallOption) (*OrgPolicyViolationsPreview, error)
// CreateOrgPolicyViolationsPreview creates an
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// for the proposed changes in the provided
// [OrgPolicyViolationsPreview.OrgPolicyOverlay][]. The changes to OrgPolicy
// are specified by this `OrgPolicyOverlay`. The resources to scan are
// inferred from these specified changes.
CreateOrgPolicyViolationsPreview(ctx context.Context, in *CreateOrgPolicyViolationsPreviewRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// ListOrgPolicyViolations lists the [OrgPolicyViolations][] that are present
// in an
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
ListOrgPolicyViolations(ctx context.Context, in *ListOrgPolicyViolationsRequest, opts ...grpc.CallOption) (*ListOrgPolicyViolationsResponse, error)
}
OrgPolicyViolationsPreviewServiceClient is the client API for OrgPolicyViolationsPreviewService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewOrgPolicyViolationsPreviewServiceClient
func NewOrgPolicyViolationsPreviewServiceClient(cc grpc.ClientConnInterface) OrgPolicyViolationsPreviewServiceClient
OrgPolicyViolationsPreviewServiceServer
type OrgPolicyViolationsPreviewServiceServer interface {
// ListOrgPolicyViolationsPreviews lists each
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// in an organization. Each
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// is available for at least 7 days.
ListOrgPolicyViolationsPreviews(context.Context, *ListOrgPolicyViolationsPreviewsRequest) (*ListOrgPolicyViolationsPreviewsResponse, error)
// GetOrgPolicyViolationsPreview gets the specified
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
// Each
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// is available for at least 7 days.
GetOrgPolicyViolationsPreview(context.Context, *GetOrgPolicyViolationsPreviewRequest) (*OrgPolicyViolationsPreview, error)
// CreateOrgPolicyViolationsPreview creates an
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// for the proposed changes in the provided
// [OrgPolicyViolationsPreview.OrgPolicyOverlay][]. The changes to OrgPolicy
// are specified by this `OrgPolicyOverlay`. The resources to scan are
// inferred from these specified changes.
CreateOrgPolicyViolationsPreview(context.Context, *CreateOrgPolicyViolationsPreviewRequest) (*longrunningpb.Operation, error)
// ListOrgPolicyViolations lists the [OrgPolicyViolations][] that are present
// in an
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
ListOrgPolicyViolations(context.Context, *ListOrgPolicyViolationsRequest) (*ListOrgPolicyViolationsResponse, error)
}
OrgPolicyViolationsPreviewServiceServer is the server API for OrgPolicyViolationsPreviewService service. All implementations should embed UnimplementedOrgPolicyViolationsPreviewServiceServer for forward compatibility
OrgPolicyViolationsPreview_ResourceCounts
type OrgPolicyViolationsPreview_ResourceCounts struct {
// Output only. Number of resources checked for compliance.
//
// Must equal: unenforced + noncompliant + compliant + error
Scanned int32 `protobuf:"varint,1,opt,name=scanned,proto3" json:"scanned,omitempty"`
// Output only. Number of scanned resources with at least one violation.
Noncompliant int32 `protobuf:"varint,2,opt,name=noncompliant,proto3" json:"noncompliant,omitempty"`
// Output only. Number of scanned resources with zero violations.
Compliant int32 `protobuf:"varint,3,opt,name=compliant,proto3" json:"compliant,omitempty"`
// Output only. Number of resources where the constraint was not enforced,
// i.e. the Policy set `enforced: false` for that resource.
Unenforced int32 `protobuf:"varint,4,opt,name=unenforced,proto3" json:"unenforced,omitempty"`
// Output only. Number of resources that returned an error when scanned.
Errors int32 `protobuf:"varint,5,opt,name=errors,proto3" json:"errors,omitempty"`
// contains filtered or unexported fields
}
A summary of the state of all resources scanned for compliance with the changed OrgPolicy.
func (*OrgPolicyViolationsPreview_ResourceCounts) Descriptor
func (*OrgPolicyViolationsPreview_ResourceCounts) Descriptor() ([]byte, []int)
Deprecated: Use OrgPolicyViolationsPreview_ResourceCounts.ProtoReflect.Descriptor instead.
func (*OrgPolicyViolationsPreview_ResourceCounts) GetCompliant
func (x *OrgPolicyViolationsPreview_ResourceCounts) GetCompliant() int32
func (*OrgPolicyViolationsPreview_ResourceCounts) GetErrors
func (x *OrgPolicyViolationsPreview_ResourceCounts) GetErrors() int32
func (*OrgPolicyViolationsPreview_ResourceCounts) GetNoncompliant
func (x *OrgPolicyViolationsPreview_ResourceCounts) GetNoncompliant() int32
func (*OrgPolicyViolationsPreview_ResourceCounts) GetScanned
func (x *OrgPolicyViolationsPreview_ResourceCounts) GetScanned() int32
func (*OrgPolicyViolationsPreview_ResourceCounts) GetUnenforced
func (x *OrgPolicyViolationsPreview_ResourceCounts) GetUnenforced() int32
func (*OrgPolicyViolationsPreview_ResourceCounts) ProtoMessage
func (*OrgPolicyViolationsPreview_ResourceCounts) ProtoMessage()
func (*OrgPolicyViolationsPreview_ResourceCounts) ProtoReflect
func (x *OrgPolicyViolationsPreview_ResourceCounts) ProtoReflect() protoreflect.Message
func (*OrgPolicyViolationsPreview_ResourceCounts) Reset
func (x *OrgPolicyViolationsPreview_ResourceCounts) Reset()
func (*OrgPolicyViolationsPreview_ResourceCounts) String
func (x *OrgPolicyViolationsPreview_ResourceCounts) String() string
PreviewState
type PreviewState int32
The current state of an [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
PreviewState_PREVIEW_STATE_UNSPECIFIED, PreviewState_PREVIEW_PENDING, PreviewState_PREVIEW_RUNNING, PreviewState_PREVIEW_SUCCEEDED, PreviewState_PREVIEW_FAILED
const (
// The state is unspecified.
PreviewState_PREVIEW_STATE_UNSPECIFIED PreviewState = 0
// The
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// has not been created yet.
PreviewState_PREVIEW_PENDING PreviewState = 1
// The
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// is currently being created.
PreviewState_PREVIEW_RUNNING PreviewState = 2
// The
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// creation finished successfully.
PreviewState_PREVIEW_SUCCEEDED PreviewState = 3
// The
// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
// creation failed with an error.
PreviewState_PREVIEW_FAILED PreviewState = 4
)
func (PreviewState) Descriptor
func (PreviewState) Descriptor() protoreflect.EnumDescriptor
func (PreviewState) Enum
func (x PreviewState) Enum() *PreviewState
func (PreviewState) EnumDescriptor
func (PreviewState) EnumDescriptor() ([]byte, []int)
Deprecated: Use PreviewState.Descriptor instead.
func (PreviewState) Number
func (x PreviewState) Number() protoreflect.EnumNumber
func (PreviewState) String
func (x PreviewState) String() string
func (PreviewState) Type
func (PreviewState) Type() protoreflect.EnumType
Replay
type Replay struct {
// Output only. The resource name of the `Replay`, which has the following
// format:
//
// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
// where `{resource-id}` is the ID of the project, folder, or organization
// that owns the Replay.
//
// Example:
// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The current state of the `Replay`.
State Replay_State `protobuf:"varint,2,opt,name=state,proto3,enum=google.cloud.policysimulator.v1.Replay_State" json:"state,omitempty"`
// Required. The configuration used for the `Replay`.
Config *ReplayConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
// Output only. Summary statistics about the replayed log entries.
ResultsSummary *Replay_ResultsSummary `protobuf:"bytes,5,opt,name=results_summary,json=resultsSummary,proto3" json:"results_summary,omitempty"`
// contains filtered or unexported fields
}
A resource describing a Replay
, or simulation.
func (*Replay) Descriptor
Deprecated: Use Replay.ProtoReflect.Descriptor instead.
func (*Replay) GetConfig
func (x *Replay) GetConfig() *ReplayConfig
func (*Replay) GetName
func (*Replay) GetResultsSummary
func (x *Replay) GetResultsSummary() *Replay_ResultsSummary
func (*Replay) GetState
func (x *Replay) GetState() Replay_State
func (*Replay) ProtoMessage
func (*Replay) ProtoMessage()
func (*Replay) ProtoReflect
func (x *Replay) ProtoReflect() protoreflect.Message
func (*Replay) Reset
func (x *Replay) Reset()
func (*Replay) String
ReplayConfig
type ReplayConfig struct {
// A mapping of the resources that you want to simulate policies for and the
// policies that you want to simulate.
//
// Keys are the full resource names for the resources. For example,
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
// For examples of full resource names for Google Cloud services, see
// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
//
// Values are [Policy][google.iam.v1.Policy] objects representing the policies
// that you want to simulate.
//
// Replays automatically take into account any IAM policies inherited through
// the resource hierarchy, and any policies set on descendant resources. You
// do not need to include these policies in the policy overlay.
PolicyOverlay map[string]*iampb.Policy `protobuf:"bytes,1,rep,name=policy_overlay,json=policyOverlay,proto3" json:"policy_overlay,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// The logs to use as input for the
// [Replay][google.cloud.policysimulator.v1.Replay].
LogSource ReplayConfig_LogSource `protobuf:"varint,2,opt,name=log_source,json=logSource,proto3,enum=google.cloud.policysimulator.v1.ReplayConfig_LogSource" json:"log_source,omitempty"`
// contains filtered or unexported fields
}
The configuration used for a [Replay][google.cloud.policysimulator.v1.Replay].
func (*ReplayConfig) Descriptor
func (*ReplayConfig) Descriptor() ([]byte, []int)
Deprecated: Use ReplayConfig.ProtoReflect.Descriptor instead.
func (*ReplayConfig) GetLogSource
func (x *ReplayConfig) GetLogSource() ReplayConfig_LogSource
func (*ReplayConfig) GetPolicyOverlay
func (x *ReplayConfig) GetPolicyOverlay() map[string]*iampb.Policy
func (*ReplayConfig) ProtoMessage
func (*ReplayConfig) ProtoMessage()
func (*ReplayConfig) ProtoReflect
func (x *ReplayConfig) ProtoReflect() protoreflect.Message
func (*ReplayConfig) Reset
func (x *ReplayConfig) Reset()
func (*ReplayConfig) String
func (x *ReplayConfig) String() string
ReplayConfig_LogSource
type ReplayConfig_LogSource int32
The source of the logs to use for a [Replay][google.cloud.policysimulator.v1.Replay].
ReplayConfig_LOG_SOURCE_UNSPECIFIED, ReplayConfig_RECENT_ACCESSES
const (
// An unspecified log source.
// If the log source is unspecified, the
// [Replay][google.cloud.policysimulator.v1.Replay] defaults to using
// `RECENT_ACCESSES`.
ReplayConfig_LOG_SOURCE_UNSPECIFIED ReplayConfig_LogSource = 0
// All access logs from the last 90 days. These logs may not include logs
// from the most recent 7 days.
ReplayConfig_RECENT_ACCESSES ReplayConfig_LogSource = 1
)
func (ReplayConfig_LogSource) Descriptor
func (ReplayConfig_LogSource) Descriptor() protoreflect.EnumDescriptor
func (ReplayConfig_LogSource) Enum
func (x ReplayConfig_LogSource) Enum() *ReplayConfig_LogSource
func (ReplayConfig_LogSource) EnumDescriptor
func (ReplayConfig_LogSource) EnumDescriptor() ([]byte, []int)
Deprecated: Use ReplayConfig_LogSource.Descriptor instead.
func (ReplayConfig_LogSource) Number
func (x ReplayConfig_LogSource) Number() protoreflect.EnumNumber
func (ReplayConfig_LogSource) String
func (x ReplayConfig_LogSource) String() string
func (ReplayConfig_LogSource) Type
func (ReplayConfig_LogSource) Type() protoreflect.EnumType
ReplayDiff
type ReplayDiff struct {
// A summary and comparison of the principal's access under the current
// (baseline) policies and the proposed (simulated) policies for a single
// access tuple.
//
// The evaluation of the principal's access is reported in the
// [AccessState][google.cloud.policysimulator.v1.AccessState] field.
AccessDiff *AccessStateDiff `protobuf:"bytes,2,opt,name=access_diff,json=accessDiff,proto3" json:"access_diff,omitempty"`
// contains filtered or unexported fields
}
The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.
func (*ReplayDiff) Descriptor
func (*ReplayDiff) Descriptor() ([]byte, []int)
Deprecated: Use ReplayDiff.ProtoReflect.Descriptor instead.
func (*ReplayDiff) GetAccessDiff
func (x *ReplayDiff) GetAccessDiff() *AccessStateDiff
func (*ReplayDiff) ProtoMessage
func (*ReplayDiff) ProtoMessage()
func (*ReplayDiff) ProtoReflect
func (x *ReplayDiff) ProtoReflect() protoreflect.Message
func (*ReplayDiff) Reset
func (x *ReplayDiff) Reset()
func (*ReplayDiff) String
func (x *ReplayDiff) String() string
ReplayOperationMetadata
type ReplayOperationMetadata struct {
// Time when the request was received.
StartTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"`
// contains filtered or unexported fields
}
Metadata about a Replay operation.
func (*ReplayOperationMetadata) Descriptor
func (*ReplayOperationMetadata) Descriptor() ([]byte, []int)
Deprecated: Use ReplayOperationMetadata.ProtoReflect.Descriptor instead.
func (*ReplayOperationMetadata) GetStartTime
func (x *ReplayOperationMetadata) GetStartTime() *timestamppb.Timestamp
func (*ReplayOperationMetadata) ProtoMessage
func (*ReplayOperationMetadata) ProtoMessage()
func (*ReplayOperationMetadata) ProtoReflect
func (x *ReplayOperationMetadata) ProtoReflect() protoreflect.Message
func (*ReplayOperationMetadata) Reset
func (x *ReplayOperationMetadata) Reset()
func (*ReplayOperationMetadata) String
func (x *ReplayOperationMetadata) String() string
ReplayResult
type ReplayResult struct {
// The result of replaying the access tuple.
//
// Types that are assignable to Result:
//
// *ReplayResult_Diff
// *ReplayResult_Error
Result isReplayResult_Result `protobuf_oneof:"result"`
// The resource name of the `ReplayResult`, in the following format:
//
// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}/results/{replay-result-id}`,
// where `{resource-id}` is the ID of the project, folder, or organization
// that owns the [Replay][google.cloud.policysimulator.v1.Replay].
//
// Example:
// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36/results/1234`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The [Replay][google.cloud.policysimulator.v1.Replay] that the access tuple
// was included in.
Parent string `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
// The access tuple that was replayed. This field includes information about
// the principal, resource, and permission that were involved in the access
// attempt.
AccessTuple *AccessTuple `protobuf:"bytes,3,opt,name=access_tuple,json=accessTuple,proto3" json:"access_tuple,omitempty"`
// The latest date this access tuple was seen in the logs.
LastSeenDate *date.Date `protobuf:"bytes,4,opt,name=last_seen_date,json=lastSeenDate,proto3" json:"last_seen_date,omitempty"`
// contains filtered or unexported fields
}
The result of replaying a single access tuple against a simulated state.
func (*ReplayResult) Descriptor
func (*ReplayResult) Descriptor() ([]byte, []int)
Deprecated: Use ReplayResult.ProtoReflect.Descriptor instead.
func (*ReplayResult) GetAccessTuple
func (x *ReplayResult) GetAccessTuple() *AccessTuple
func (*ReplayResult) GetDiff
func (x *ReplayResult) GetDiff() *ReplayDiff
func (*ReplayResult) GetError
func (x *ReplayResult) GetError() *status.Status
func (*ReplayResult) GetLastSeenDate
func (x *ReplayResult) GetLastSeenDate() *date.Date
func (*ReplayResult) GetName
func (x *ReplayResult) GetName() string
func (*ReplayResult) GetParent
func (x *ReplayResult) GetParent() string
func (*ReplayResult) GetResult
func (m *ReplayResult) GetResult() isReplayResult_Result
func (*ReplayResult) ProtoMessage
func (*ReplayResult) ProtoMessage()
func (*ReplayResult) ProtoReflect
func (x *ReplayResult) ProtoReflect() protoreflect.Message
func (*ReplayResult) Reset
func (x *ReplayResult) Reset()
func (*ReplayResult) String
func (x *ReplayResult) String() string
ReplayResult_Diff
type ReplayResult_Diff struct {
// The difference between the principal's access under the current
// (baseline) policies and the principal's access under the proposed
// (simulated) policies.
//
// This field is only included for access tuples that were successfully
// replayed and had different results under the current policies and the
// proposed policies.
Diff *ReplayDiff `protobuf:"bytes,5,opt,name=diff,proto3,oneof"`
}
ReplayResult_Error
type ReplayResult_Error struct {
// The error that caused the access tuple replay to fail.
//
// This field is only included for access tuples that were not replayed
// successfully.
Error *status.Status `protobuf:"bytes,6,opt,name=error,proto3,oneof"`
}
Replay_ResultsSummary
type Replay_ResultsSummary struct {
// The total number of log entries replayed.
LogCount int32 `protobuf:"varint,1,opt,name=log_count,json=logCount,proto3" json:"log_count,omitempty"`
// The number of replayed log entries with no difference between
// baseline and simulated policies.
UnchangedCount int32 `protobuf:"varint,2,opt,name=unchanged_count,json=unchangedCount,proto3" json:"unchanged_count,omitempty"`
// The number of replayed log entries with a difference between baseline and
// simulated policies.
DifferenceCount int32 `protobuf:"varint,3,opt,name=difference_count,json=differenceCount,proto3" json:"difference_count,omitempty"`
// The number of log entries that could not be replayed.
ErrorCount int32 `protobuf:"varint,4,opt,name=error_count,json=errorCount,proto3" json:"error_count,omitempty"`
// The date of the oldest log entry replayed.
OldestDate *date.Date `protobuf:"bytes,5,opt,name=oldest_date,json=oldestDate,proto3" json:"oldest_date,omitempty"`
// The date of the newest log entry replayed.
NewestDate *date.Date `protobuf:"bytes,6,opt,name=newest_date,json=newestDate,proto3" json:"newest_date,omitempty"`
// contains filtered or unexported fields
}
Summary statistics about the replayed log entries.
func (*Replay_ResultsSummary) Descriptor
func (*Replay_ResultsSummary) Descriptor() ([]byte, []int)
Deprecated: Use Replay_ResultsSummary.ProtoReflect.Descriptor instead.
func (*Replay_ResultsSummary) GetDifferenceCount
func (x *Replay_ResultsSummary) GetDifferenceCount() int32
func (*Replay_ResultsSummary) GetErrorCount
func (x *Replay_ResultsSummary) GetErrorCount() int32
func (*Replay_ResultsSummary) GetLogCount
func (x *Replay_ResultsSummary) GetLogCount() int32
func (*Replay_ResultsSummary) GetNewestDate
func (x *Replay_ResultsSummary) GetNewestDate() *date.Date
func (*Replay_ResultsSummary) GetOldestDate
func (x *Replay_ResultsSummary) GetOldestDate() *date.Date
func (*Replay_ResultsSummary) GetUnchangedCount
func (x *Replay_ResultsSummary) GetUnchangedCount() int32
func (*Replay_ResultsSummary) ProtoMessage
func (*Replay_ResultsSummary) ProtoMessage()
func (*Replay_ResultsSummary) ProtoReflect
func (x *Replay_ResultsSummary) ProtoReflect() protoreflect.Message
func (*Replay_ResultsSummary) Reset
func (x *Replay_ResultsSummary) Reset()
func (*Replay_ResultsSummary) String
func (x *Replay_ResultsSummary) String() string
Replay_State
type Replay_State int32
The current state of the [Replay][google.cloud.policysimulator.v1.Replay].
Replay_STATE_UNSPECIFIED, Replay_PENDING, Replay_RUNNING, Replay_SUCCEEDED, Replay_FAILED
const (
// Default value. This value is unused.
Replay_STATE_UNSPECIFIED Replay_State = 0
// The `Replay` has not started yet.
Replay_PENDING Replay_State = 1
// The `Replay` is currently running.
Replay_RUNNING Replay_State = 2
// The `Replay` has successfully completed.
Replay_SUCCEEDED Replay_State = 3
// The `Replay` has finished with an error.
Replay_FAILED Replay_State = 4
)
func (Replay_State) Descriptor
func (Replay_State) Descriptor() protoreflect.EnumDescriptor
func (Replay_State) Enum
func (x Replay_State) Enum() *Replay_State
func (Replay_State) EnumDescriptor
func (Replay_State) EnumDescriptor() ([]byte, []int)
Deprecated: Use Replay_State.Descriptor instead.
func (Replay_State) Number
func (x Replay_State) Number() protoreflect.EnumNumber
func (Replay_State) String
func (x Replay_State) String() string
func (Replay_State) Type
func (Replay_State) Type() protoreflect.EnumType
ResourceContext
type ResourceContext struct {
// The full name of the resource. Example:
// `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
//
// See [Resource
// names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
// for more information.
Resource string `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
// The asset type of the resource as defined by CAIS.
//
// Example: `compute.googleapis.com/Firewall`
//
// See [Supported asset
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
// for more information.
AssetType string `protobuf:"bytes,2,opt,name=asset_type,json=assetType,proto3" json:"asset_type,omitempty"`
// The ancestry path of the resource in Google Cloud [resource
// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
// represented as a list of relative resource names. An ancestry path starts
// with the closest ancestor in the hierarchy and ends at root. If the
// resource is a project, folder, or organization, the ancestry path starts
// from the resource itself.
//
// Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
Ancestors []string `protobuf:"bytes,3,rep,name=ancestors,proto3" json:"ancestors,omitempty"`
// contains filtered or unexported fields
}
ResourceContext provides the context we know about a resource. It is similar in concept to google.cloud.asset.v1.Resource, but focuses on the information specifically used by Simulator.
func (*ResourceContext) Descriptor
func (*ResourceContext) Descriptor() ([]byte, []int)
Deprecated: Use ResourceContext.ProtoReflect.Descriptor instead.
func (*ResourceContext) GetAncestors
func (x *ResourceContext) GetAncestors() []string
func (*ResourceContext) GetAssetType
func (x *ResourceContext) GetAssetType() string
func (*ResourceContext) GetResource
func (x *ResourceContext) GetResource() string
func (*ResourceContext) ProtoMessage
func (*ResourceContext) ProtoMessage()
func (*ResourceContext) ProtoReflect
func (x *ResourceContext) ProtoReflect() protoreflect.Message
func (*ResourceContext) Reset
func (x *ResourceContext) Reset()
func (*ResourceContext) String
func (x *ResourceContext) String() string
SimulatorClient
type SimulatorClient interface {
// Gets the specified [Replay][google.cloud.policysimulator.v1.Replay]. Each
// `Replay` is available for at least 7 days.
GetReplay(ctx context.Context, in *GetReplayRequest, opts ...grpc.CallOption) (*Replay, error)
// Creates and starts a [Replay][google.cloud.policysimulator.v1.Replay] using
// the given [ReplayConfig][google.cloud.policysimulator.v1.ReplayConfig].
CreateReplay(ctx context.Context, in *CreateReplayRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Lists the results of running a
// [Replay][google.cloud.policysimulator.v1.Replay].
ListReplayResults(ctx context.Context, in *ListReplayResultsRequest, opts ...grpc.CallOption) (*ListReplayResultsResponse, error)
}
SimulatorClient is the client API for Simulator service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewSimulatorClient
func NewSimulatorClient(cc grpc.ClientConnInterface) SimulatorClient
SimulatorServer
type SimulatorServer interface {
// Gets the specified [Replay][google.cloud.policysimulator.v1.Replay]. Each
// `Replay` is available for at least 7 days.
GetReplay(context.Context, *GetReplayRequest) (*Replay, error)
// Creates and starts a [Replay][google.cloud.policysimulator.v1.Replay] using
// the given [ReplayConfig][google.cloud.policysimulator.v1.ReplayConfig].
CreateReplay(context.Context, *CreateReplayRequest) (*longrunningpb.Operation, error)
// Lists the results of running a
// [Replay][google.cloud.policysimulator.v1.Replay].
ListReplayResults(context.Context, *ListReplayResultsRequest) (*ListReplayResultsResponse, error)
}
SimulatorServer is the server API for Simulator service. All implementations should embed UnimplementedSimulatorServer for forward compatibility
UnimplementedOrgPolicyViolationsPreviewServiceServer
type UnimplementedOrgPolicyViolationsPreviewServiceServer struct {
}
UnimplementedOrgPolicyViolationsPreviewServiceServer should be embedded to have forward compatible implementations.
func (UnimplementedOrgPolicyViolationsPreviewServiceServer) CreateOrgPolicyViolationsPreview
func (UnimplementedOrgPolicyViolationsPreviewServiceServer) CreateOrgPolicyViolationsPreview(context.Context, *CreateOrgPolicyViolationsPreviewRequest) (*longrunningpb.Operation, error)
func (UnimplementedOrgPolicyViolationsPreviewServiceServer) GetOrgPolicyViolationsPreview
func (UnimplementedOrgPolicyViolationsPreviewServiceServer) GetOrgPolicyViolationsPreview(context.Context, *GetOrgPolicyViolationsPreviewRequest) (*OrgPolicyViolationsPreview, error)
func (UnimplementedOrgPolicyViolationsPreviewServiceServer) ListOrgPolicyViolations
func (UnimplementedOrgPolicyViolationsPreviewServiceServer) ListOrgPolicyViolations(context.Context, *ListOrgPolicyViolationsRequest) (*ListOrgPolicyViolationsResponse, error)
func (UnimplementedOrgPolicyViolationsPreviewServiceServer) ListOrgPolicyViolationsPreviews
func (UnimplementedOrgPolicyViolationsPreviewServiceServer) ListOrgPolicyViolationsPreviews(context.Context, *ListOrgPolicyViolationsPreviewsRequest) (*ListOrgPolicyViolationsPreviewsResponse, error)
UnimplementedSimulatorServer
type UnimplementedSimulatorServer struct {
}
UnimplementedSimulatorServer should be embedded to have forward compatible implementations.
func (UnimplementedSimulatorServer) CreateReplay
func (UnimplementedSimulatorServer) CreateReplay(context.Context, *CreateReplayRequest) (*longrunningpb.Operation, error)
func (UnimplementedSimulatorServer) GetReplay
func (UnimplementedSimulatorServer) GetReplay(context.Context, *GetReplayRequest) (*Replay, error)
func (UnimplementedSimulatorServer) ListReplayResults
func (UnimplementedSimulatorServer) ListReplayResults(context.Context, *ListReplayResultsRequest) (*ListReplayResultsResponse, error)
UnsafeOrgPolicyViolationsPreviewServiceServer
type UnsafeOrgPolicyViolationsPreviewServiceServer interface {
// contains filtered or unexported methods
}
UnsafeOrgPolicyViolationsPreviewServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to OrgPolicyViolationsPreviewServiceServer will result in compilation errors.
UnsafeSimulatorServer
type UnsafeSimulatorServer interface {
// contains filtered or unexported methods
}
UnsafeSimulatorServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SimulatorServer will result in compilation errors.