Package cloud.google.com/go/policysimulator/apiv1/policysimulatorpb (v0.4.0)

Variables

AccessState_name, AccessState_value

var (
	AccessState_name = map[int32]string{
		0: "ACCESS_STATE_UNSPECIFIED",
		1: "GRANTED",
		2: "NOT_GRANTED",
		3: "UNKNOWN_CONDITIONAL",
		4: "UNKNOWN_INFO_DENIED",
	}
	AccessState_value = map[string]int32{
		"ACCESS_STATE_UNSPECIFIED": 0,
		"GRANTED":                  1,
		"NOT_GRANTED":              2,
		"UNKNOWN_CONDITIONAL":      3,
		"UNKNOWN_INFO_DENIED":      4,
	}
)

Enum value maps for AccessState.

HeuristicRelevance_name, HeuristicRelevance_value

var (
	HeuristicRelevance_name = map[int32]string{
		0: "HEURISTIC_RELEVANCE_UNSPECIFIED",
		1: "NORMAL",
		2: "HIGH",
	}
	HeuristicRelevance_value = map[string]int32{
		"HEURISTIC_RELEVANCE_UNSPECIFIED": 0,
		"NORMAL":                          1,
		"HIGH":                            2,
	}
)

Enum value maps for HeuristicRelevance.

BindingExplanation_RolePermission_name, BindingExplanation_RolePermission_value

var (
	BindingExplanation_RolePermission_name = map[int32]string{
		0: "ROLE_PERMISSION_UNSPECIFIED",
		1: "ROLE_PERMISSION_INCLUDED",
		2: "ROLE_PERMISSION_NOT_INCLUDED",
		3: "ROLE_PERMISSION_UNKNOWN_INFO_DENIED",
	}
	BindingExplanation_RolePermission_value = map[string]int32{
		"ROLE_PERMISSION_UNSPECIFIED":         0,
		"ROLE_PERMISSION_INCLUDED":            1,
		"ROLE_PERMISSION_NOT_INCLUDED":        2,
		"ROLE_PERMISSION_UNKNOWN_INFO_DENIED": 3,
	}
)

Enum value maps for BindingExplanation_RolePermission.

BindingExplanation_Membership_name, BindingExplanation_Membership_value

var (
	BindingExplanation_Membership_name = map[int32]string{
		0: "MEMBERSHIP_UNSPECIFIED",
		1: "MEMBERSHIP_INCLUDED",
		2: "MEMBERSHIP_NOT_INCLUDED",
		3: "MEMBERSHIP_UNKNOWN_INFO_DENIED",
		4: "MEMBERSHIP_UNKNOWN_UNSUPPORTED",
	}
	BindingExplanation_Membership_value = map[string]int32{
		"MEMBERSHIP_UNSPECIFIED":         0,
		"MEMBERSHIP_INCLUDED":            1,
		"MEMBERSHIP_NOT_INCLUDED":        2,
		"MEMBERSHIP_UNKNOWN_INFO_DENIED": 3,
		"MEMBERSHIP_UNKNOWN_UNSUPPORTED": 4,
	}
)

Enum value maps for BindingExplanation_Membership.

PreviewState_name, PreviewState_value

var (
	PreviewState_name = map[int32]string{
		0: "PREVIEW_STATE_UNSPECIFIED",
		1: "PREVIEW_PENDING",
		2: "PREVIEW_RUNNING",
		3: "PREVIEW_SUCCEEDED",
		4: "PREVIEW_FAILED",
	}
	PreviewState_value = map[string]int32{
		"PREVIEW_STATE_UNSPECIFIED": 0,
		"PREVIEW_PENDING":           1,
		"PREVIEW_RUNNING":           2,
		"PREVIEW_SUCCEEDED":         3,
		"PREVIEW_FAILED":            4,
	}
)

Enum value maps for PreviewState.

Replay_State_name, Replay_State_value

var (
	Replay_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "PENDING",
		2: "RUNNING",
		3: "SUCCEEDED",
		4: "FAILED",
	}
	Replay_State_value = map[string]int32{
		"STATE_UNSPECIFIED": 0,
		"PENDING":           1,
		"RUNNING":           2,
		"SUCCEEDED":         3,
		"FAILED":            4,
	}
)

Enum value maps for Replay_State.

ReplayConfig_LogSource_name, ReplayConfig_LogSource_value

var (
	ReplayConfig_LogSource_name = map[int32]string{
		0: "LOG_SOURCE_UNSPECIFIED",
		1: "RECENT_ACCESSES",
	}
	ReplayConfig_LogSource_value = map[string]int32{
		"LOG_SOURCE_UNSPECIFIED": 0,
		"RECENT_ACCESSES":        1,
	}
)

Enum value maps for ReplayConfig_LogSource.

AccessStateDiff_AccessChangeType_name, AccessStateDiff_AccessChangeType_value

var (
	AccessStateDiff_AccessChangeType_name = map[int32]string{
		0: "ACCESS_CHANGE_TYPE_UNSPECIFIED",
		1: "NO_CHANGE",
		2: "UNKNOWN_CHANGE",
		3: "ACCESS_REVOKED",
		4: "ACCESS_GAINED",
		5: "ACCESS_MAYBE_REVOKED",
		6: "ACCESS_MAYBE_GAINED",
	}
	AccessStateDiff_AccessChangeType_value = map[string]int32{
		"ACCESS_CHANGE_TYPE_UNSPECIFIED": 0,
		"NO_CHANGE":                      1,
		"UNKNOWN_CHANGE":                 2,
		"ACCESS_REVOKED":                 3,
		"ACCESS_GAINED":                  4,
		"ACCESS_MAYBE_REVOKED":           5,
		"ACCESS_MAYBE_GAINED":            6,
	}
)

Enum value maps for AccessStateDiff_AccessChangeType.

File_google_cloud_policysimulator_v1_explanations_proto

var File_google_cloud_policysimulator_v1_explanations_proto protoreflect.FileDescriptor

File_google_cloud_policysimulator_v1_orgpolicy_proto

var File_google_cloud_policysimulator_v1_orgpolicy_proto protoreflect.FileDescriptor

File_google_cloud_policysimulator_v1_simulator_proto

var File_google_cloud_policysimulator_v1_simulator_proto protoreflect.FileDescriptor

Functions

func RegisterOrgPolicyViolationsPreviewServiceServer

func RegisterOrgPolicyViolationsPreviewServiceServer(s *grpc.Server, srv OrgPolicyViolationsPreviewServiceServer)

func RegisterSimulatorServer

func RegisterSimulatorServer(s *grpc.Server, srv SimulatorServer)

AccessState

type AccessState int32

Whether a principal has a permission for a resource.

AccessState_ACCESS_STATE_UNSPECIFIED, AccessState_GRANTED, AccessState_NOT_GRANTED, AccessState_UNKNOWN_CONDITIONAL, AccessState_UNKNOWN_INFO_DENIED

const (
	// Default value. This value is unused.
	AccessState_ACCESS_STATE_UNSPECIFIED AccessState = 0
	// The principal has the permission.
	AccessState_GRANTED AccessState = 1
	// The principal does not have the permission.
	AccessState_NOT_GRANTED AccessState = 2
	// The principal has the permission only if a condition expression evaluates
	// to `true`.
	AccessState_UNKNOWN_CONDITIONAL AccessState = 3
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to all of the policies that Policy Simulator needs to evaluate.
	AccessState_UNKNOWN_INFO_DENIED AccessState = 4
)

func (AccessState) Descriptor

func (AccessState) Enum

func (x AccessState) Enum() *AccessState

func (AccessState) EnumDescriptor

func (AccessState) EnumDescriptor() ([]byte, []int)

Deprecated: Use AccessState.Descriptor instead.

func (AccessState) Number

func (x AccessState) Number() protoreflect.EnumNumber

func (AccessState) String

func (x AccessState) String() string

func (AccessState) Type

AccessStateDiff

type AccessStateDiff struct {

	// The results of evaluating the access tuple under the current (baseline)
	// policies.
	//
	// If the [AccessState][google.cloud.policysimulator.v1.AccessState] couldn't
	// be fully evaluated, this field explains why.
	Baseline *ExplainedAccess `protobuf:"bytes,1,opt,name=baseline,proto3" json:"baseline,omitempty"`
	// The results of evaluating the access tuple under the proposed (simulated)
	// policies.
	//
	// If the AccessState couldn't be fully evaluated, this field explains why.
	Simulated *ExplainedAccess `protobuf:"bytes,2,opt,name=simulated,proto3" json:"simulated,omitempty"`
	// How the principal's access, specified in the AccessState field, changed
	// between the current (baseline) policies and proposed (simulated) policies.
	AccessChange AccessStateDiff_AccessChangeType `protobuf:"varint,3,opt,name=access_change,json=accessChange,proto3,enum=google.cloud.policysimulator.v1.AccessStateDiff_AccessChangeType" json:"access_change,omitempty"`
	// contains filtered or unexported fields
}

A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.

func (*AccessStateDiff) Descriptor

func (*AccessStateDiff) Descriptor() ([]byte, []int)

Deprecated: Use AccessStateDiff.ProtoReflect.Descriptor instead.

func (*AccessStateDiff) GetAccessChange

func (*AccessStateDiff) GetBaseline

func (x *AccessStateDiff) GetBaseline() *ExplainedAccess

func (*AccessStateDiff) GetSimulated

func (x *AccessStateDiff) GetSimulated() *ExplainedAccess

func (*AccessStateDiff) ProtoMessage

func (*AccessStateDiff) ProtoMessage()

func (*AccessStateDiff) ProtoReflect

func (x *AccessStateDiff) ProtoReflect() protoreflect.Message

func (*AccessStateDiff) Reset

func (x *AccessStateDiff) Reset()

func (*AccessStateDiff) String

func (x *AccessStateDiff) String() string

AccessStateDiff_AccessChangeType

type AccessStateDiff_AccessChangeType int32

How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.

AccessStateDiff_ACCESS_CHANGE_TYPE_UNSPECIFIED, AccessStateDiff_NO_CHANGE, AccessStateDiff_UNKNOWN_CHANGE, AccessStateDiff_ACCESS_REVOKED, AccessStateDiff_ACCESS_GAINED, AccessStateDiff_ACCESS_MAYBE_REVOKED, AccessStateDiff_ACCESS_MAYBE_GAINED

const (
	// Default value. This value is unused.
	AccessStateDiff_ACCESS_CHANGE_TYPE_UNSPECIFIED AccessStateDiff_AccessChangeType = 0
	// The principal's access did not change.
	// This includes the case where both baseline and simulated are UNKNOWN,
	// but the unknown information is equivalent.
	AccessStateDiff_NO_CHANGE AccessStateDiff_AccessChangeType = 1
	// The principal's access under both the current policies and the proposed
	// policies is `UNKNOWN`, but the unknown information differs between them.
	AccessStateDiff_UNKNOWN_CHANGE AccessStateDiff_AccessChangeType = 2
	// The principal had access under the current policies (`GRANTED`), but will
	// no longer have access after the proposed changes (`NOT_GRANTED`).
	AccessStateDiff_ACCESS_REVOKED AccessStateDiff_AccessChangeType = 3
	// The principal did not have access under the current policies
	// (`NOT_GRANTED`), but will have access after the proposed changes
	// (`GRANTED`).
	AccessStateDiff_ACCESS_GAINED AccessStateDiff_AccessChangeType = 4
	// This result can occur for the following reasons:
	//
	//   - The principal had access under the current policies (`GRANTED`), but
	//     their access after the proposed changes is `UNKNOWN`.
	//
	// * The principal's access under the current policies is `UNKNOWN`, but
	// they
	//
	//	will not have access after the proposed changes (`NOT_GRANTED`).
	AccessStateDiff_ACCESS_MAYBE_REVOKED AccessStateDiff_AccessChangeType = 5
	// This result can occur for the following reasons:
	//
	//   - The principal did not have access under the current policies
	//     (`NOT_GRANTED`), but their access after the proposed changes is
	//     `UNKNOWN`.
	//
	// * The principal's access under the current policies is `UNKNOWN`, but
	// they will have access after the proposed changes (`GRANTED`).
	AccessStateDiff_ACCESS_MAYBE_GAINED AccessStateDiff_AccessChangeType = 6
)

func (AccessStateDiff_AccessChangeType) Descriptor

func (AccessStateDiff_AccessChangeType) Enum

func (AccessStateDiff_AccessChangeType) EnumDescriptor

func (AccessStateDiff_AccessChangeType) EnumDescriptor() ([]byte, []int)

Deprecated: Use AccessStateDiff_AccessChangeType.Descriptor instead.

func (AccessStateDiff_AccessChangeType) Number

func (AccessStateDiff_AccessChangeType) String

func (AccessStateDiff_AccessChangeType) Type

AccessTuple

type AccessTuple struct {

	// Required. The principal whose access you want to check, in the form of
	// the email address that represents that principal. For example,
	// `alice@example.com` or
	// `my-service-account@my-project.iam.gserviceaccount.com`.
	//
	// The principal must be a Google Account or a service account. Other types of
	// principals are not supported.
	Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"`
	// Required. The full resource name that identifies the resource. For example,
	// `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
	//
	// For examples of full resource names for Google Cloud services, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// Required. The IAM permission to check for the specified principal and
	// resource.
	//
	// For a complete list of IAM permissions, see
	// https://cloud.google.com/iam/help/permissions/reference.
	//
	// For a complete list of predefined IAM roles and the permissions in each
	// role, see https://cloud.google.com/iam/help/roles/reference.
	Permission string `protobuf:"bytes,3,opt,name=permission,proto3" json:"permission,omitempty"`
	// contains filtered or unexported fields
}

Information about the principal, resource, and permission to check.

func (*AccessTuple) Descriptor

func (*AccessTuple) Descriptor() ([]byte, []int)

Deprecated: Use AccessTuple.ProtoReflect.Descriptor instead.

func (*AccessTuple) GetFullResourceName

func (x *AccessTuple) GetFullResourceName() string

func (*AccessTuple) GetPermission

func (x *AccessTuple) GetPermission() string

func (*AccessTuple) GetPrincipal

func (x *AccessTuple) GetPrincipal() string

func (*AccessTuple) ProtoMessage

func (*AccessTuple) ProtoMessage()

func (*AccessTuple) ProtoReflect

func (x *AccessTuple) ProtoReflect() protoreflect.Message

func (*AccessTuple) Reset

func (x *AccessTuple) Reset()

func (*AccessTuple) String

func (x *AccessTuple) String() string

BindingExplanation

type BindingExplanation struct {

	// Required. Indicates whether _this binding_ provides the specified
	// permission to the specified principal for the specified resource.
	//
	// This field does _not_ indicate whether the principal actually has the
	// permission for the resource. There might be another binding that overrides
	// this binding. To determine whether the principal actually has the
	// permission, use the `access` field in the
	// [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.v3.TroubleshootIamPolicyResponse].
	Access AccessState `protobuf:"varint,1,opt,name=access,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access,omitempty"`
	// The role that this binding grants. For example,
	// `roles/compute.serviceAgent`.
	//
	// For a complete list of predefined IAM roles, as well as the permissions in
	// each role, see https://cloud.google.com/iam/help/roles/reference.
	Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	// Indicates whether the role granted by this binding contains the specified
	// permission.
	RolePermission BindingExplanation_RolePermission `protobuf:"varint,3,opt,name=role_permission,json=rolePermission,proto3,enum=google.cloud.policysimulator.v1.BindingExplanation_RolePermission" json:"role_permission,omitempty"`
	// The relevance of the permission's existence, or nonexistence, in the role
	// to the overall determination for the entire policy.
	RolePermissionRelevance HeuristicRelevance `protobuf:"varint,4,opt,name=role_permission_relevance,json=rolePermissionRelevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"role_permission_relevance,omitempty"`
	// Indicates whether each principal in the binding includes the principal
	// specified in the request, either directly or indirectly. Each key
	// identifies a principal in the binding, and each value indicates whether the
	// principal in the binding includes the principal in the request.
	//
	// For example, suppose that a binding includes the following principals:
	//
	// * `user:alice@example.com`
	// * `group:product-eng@example.com`
	//
	// The principal in the replayed access tuple is `user:bob@example.com`. This
	// user is a principal of the group `group:product-eng@example.com`.
	//
	// For the first principal in the binding, the key is
	// `user:alice@example.com`, and the `membership` field in the value is set to
	// `MEMBERSHIP_NOT_INCLUDED`.
	//
	// For the second principal in the binding, the key is
	// `group:product-eng@example.com`, and the `membership` field in the value is
	// set to `MEMBERSHIP_INCLUDED`.
	Memberships map[string]*BindingExplanation_AnnotatedMembership `protobuf:"bytes,5,rep,name=memberships,proto3" json:"memberships,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
	// The relevance of this binding to the overall determination for the entire
	// policy.
	Relevance HeuristicRelevance `protobuf:"varint,6,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
	// A condition expression that prevents this binding from granting access
	// unless the expression evaluates to `true`.
	//
	// To learn about IAM Conditions, see
	// https://cloud.google.com/iam/docs/conditions-overview.
	Condition *expr.Expr `protobuf:"bytes,7,opt,name=condition,proto3" json:"condition,omitempty"`
	// contains filtered or unexported fields
}

Details about how a binding in a policy affects a principal's ability to use a permission.

func (*BindingExplanation) Descriptor

func (*BindingExplanation) Descriptor() ([]byte, []int)

Deprecated: Use BindingExplanation.ProtoReflect.Descriptor instead.

func (*BindingExplanation) GetAccess

func (x *BindingExplanation) GetAccess() AccessState

func (*BindingExplanation) GetCondition

func (x *BindingExplanation) GetCondition() *expr.Expr

func (*BindingExplanation) GetMemberships

func (*BindingExplanation) GetRelevance

func (x *BindingExplanation) GetRelevance() HeuristicRelevance

func (*BindingExplanation) GetRole

func (x *BindingExplanation) GetRole() string

func (*BindingExplanation) GetRolePermission

func (*BindingExplanation) GetRolePermissionRelevance

func (x *BindingExplanation) GetRolePermissionRelevance() HeuristicRelevance

func (*BindingExplanation) ProtoMessage

func (*BindingExplanation) ProtoMessage()

func (*BindingExplanation) ProtoReflect

func (x *BindingExplanation) ProtoReflect() protoreflect.Message

func (*BindingExplanation) Reset

func (x *BindingExplanation) Reset()

func (*BindingExplanation) String

func (x *BindingExplanation) String() string

BindingExplanation_AnnotatedMembership

type BindingExplanation_AnnotatedMembership struct {

	// Indicates whether the binding includes the principal.
	Membership BindingExplanation_Membership `protobuf:"varint,1,opt,name=membership,proto3,enum=google.cloud.policysimulator.v1.BindingExplanation_Membership" json:"membership,omitempty"`
	// The relevance of the principal's status to the overall determination for
	// the binding.
	Relevance HeuristicRelevance `protobuf:"varint,2,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
	// contains filtered or unexported fields
}

Details about whether the binding includes the principal.

func (*BindingExplanation_AnnotatedMembership) Descriptor

func (*BindingExplanation_AnnotatedMembership) Descriptor() ([]byte, []int)

Deprecated: Use BindingExplanation_AnnotatedMembership.ProtoReflect.Descriptor instead.

func (*BindingExplanation_AnnotatedMembership) GetMembership

func (*BindingExplanation_AnnotatedMembership) GetRelevance

func (*BindingExplanation_AnnotatedMembership) ProtoMessage

func (*BindingExplanation_AnnotatedMembership) ProtoReflect

func (*BindingExplanation_AnnotatedMembership) Reset

func (*BindingExplanation_AnnotatedMembership) String

BindingExplanation_Membership

type BindingExplanation_Membership int32

Whether the binding includes the principal.

BindingExplanation_MEMBERSHIP_UNSPECIFIED, BindingExplanation_MEMBERSHIP_INCLUDED, BindingExplanation_MEMBERSHIP_NOT_INCLUDED, BindingExplanation_MEMBERSHIP_UNKNOWN_INFO_DENIED, BindingExplanation_MEMBERSHIP_UNKNOWN_UNSUPPORTED

const (
	// Default value. This value is unused.
	BindingExplanation_MEMBERSHIP_UNSPECIFIED BindingExplanation_Membership = 0
	// The binding includes the principal. The principal can be included
	// directly or indirectly. For example:
	//
	//   - A principal is included directly if that principal is listed in the
	//     binding.
	//   - A principal is included indirectly if that principal is in a Google
	//     group or Google Workspace domain that is listed in the binding.
	BindingExplanation_MEMBERSHIP_INCLUDED BindingExplanation_Membership = 1
	// The binding does not include the principal.
	BindingExplanation_MEMBERSHIP_NOT_INCLUDED BindingExplanation_Membership = 2
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] is not
	// allowed to access the binding.
	BindingExplanation_MEMBERSHIP_UNKNOWN_INFO_DENIED BindingExplanation_Membership = 3
	// The principal is an unsupported type. Only Google Accounts and service
	// accounts are supported.
	BindingExplanation_MEMBERSHIP_UNKNOWN_UNSUPPORTED BindingExplanation_Membership = 4
)

func (BindingExplanation_Membership) Descriptor

func (BindingExplanation_Membership) Enum

func (BindingExplanation_Membership) EnumDescriptor

func (BindingExplanation_Membership) EnumDescriptor() ([]byte, []int)

Deprecated: Use BindingExplanation_Membership.Descriptor instead.

func (BindingExplanation_Membership) Number

func (BindingExplanation_Membership) String

func (BindingExplanation_Membership) Type

BindingExplanation_RolePermission

type BindingExplanation_RolePermission int32

Whether a role includes a specific permission.

BindingExplanation_ROLE_PERMISSION_UNSPECIFIED, BindingExplanation_ROLE_PERMISSION_INCLUDED, BindingExplanation_ROLE_PERMISSION_NOT_INCLUDED, BindingExplanation_ROLE_PERMISSION_UNKNOWN_INFO_DENIED

const (
	// Default value. This value is unused.
	BindingExplanation_ROLE_PERMISSION_UNSPECIFIED BindingExplanation_RolePermission = 0
	// The permission is included in the role.
	BindingExplanation_ROLE_PERMISSION_INCLUDED BindingExplanation_RolePermission = 1
	// The permission is not included in the role.
	BindingExplanation_ROLE_PERMISSION_NOT_INCLUDED BindingExplanation_RolePermission = 2
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] is not
	// allowed to access the binding.
	BindingExplanation_ROLE_PERMISSION_UNKNOWN_INFO_DENIED BindingExplanation_RolePermission = 3
)

func (BindingExplanation_RolePermission) Descriptor

func (BindingExplanation_RolePermission) Enum

func (BindingExplanation_RolePermission) EnumDescriptor

func (BindingExplanation_RolePermission) EnumDescriptor() ([]byte, []int)

Deprecated: Use BindingExplanation_RolePermission.Descriptor instead.

func (BindingExplanation_RolePermission) Number

func (BindingExplanation_RolePermission) String

func (BindingExplanation_RolePermission) Type

CreateOrgPolicyViolationsPreviewOperationMetadata

type CreateOrgPolicyViolationsPreviewOperationMetadata struct {

	// Time when the request was received.
	RequestTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=request_time,json=requestTime,proto3" json:"request_time,omitempty"`
	// Time when the request started processing, i.e., when the state was set to
	// RUNNING.
	StartTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"`
	// Output only. The current state of the operation.
	State PreviewState `protobuf:"varint,3,opt,name=state,proto3,enum=google.cloud.policysimulator.v1.PreviewState" json:"state,omitempty"`
	// Total number of resources that need scanning.
	// Should equal resource_scanned + resources_pending
	ResourcesFound int32 `protobuf:"varint,4,opt,name=resources_found,json=resourcesFound,proto3" json:"resources_found,omitempty"`
	// Number of resources already scanned.
	ResourcesScanned int32 `protobuf:"varint,5,opt,name=resources_scanned,json=resourcesScanned,proto3" json:"resources_scanned,omitempty"`
	// Number of resources still to scan.
	ResourcesPending int32 `protobuf:"varint,6,opt,name=resources_pending,json=resourcesPending,proto3" json:"resources_pending,omitempty"`
	// contains filtered or unexported fields
}

CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) Descriptor

Deprecated: Use CreateOrgPolicyViolationsPreviewOperationMetadata.ProtoReflect.Descriptor instead.

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetRequestTime

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesFound

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesPending

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetResourcesScanned

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetStartTime

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) GetState

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) ProtoMessage

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) ProtoReflect

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) Reset

func (*CreateOrgPolicyViolationsPreviewOperationMetadata) String

CreateOrgPolicyViolationsPreviewRequest

type CreateOrgPolicyViolationsPreviewRequest struct {

	// Required. The organization under which this
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// will be created.
	//
	// Example: `organizations/my-example-org/locations/global`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// to generate.
	OrgPolicyViolationsPreview *OrgPolicyViolationsPreview `protobuf:"bytes,2,opt,name=org_policy_violations_preview,json=orgPolicyViolationsPreview,proto3" json:"org_policy_violations_preview,omitempty"`
	// Optional. An optional user-specified ID for the
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
	// If not provided, a random ID will be generated.
	OrgPolicyViolationsPreviewId string `protobuf:"bytes,3,opt,name=org_policy_violations_preview_id,json=orgPolicyViolationsPreviewId,proto3" json:"org_policy_violations_preview_id,omitempty"`
	// contains filtered or unexported fields
}

CreateOrgPolicyViolationsPreviewRequest is the request message for [OrgPolicyViolationsPreviewService.CreateOrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.CreateOrgPolicyViolationsPreview].

func (*CreateOrgPolicyViolationsPreviewRequest) Descriptor

func (*CreateOrgPolicyViolationsPreviewRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateOrgPolicyViolationsPreviewRequest.ProtoReflect.Descriptor instead.

func (*CreateOrgPolicyViolationsPreviewRequest) GetOrgPolicyViolationsPreview

func (x *CreateOrgPolicyViolationsPreviewRequest) GetOrgPolicyViolationsPreview() *OrgPolicyViolationsPreview

func (*CreateOrgPolicyViolationsPreviewRequest) GetOrgPolicyViolationsPreviewId

func (x *CreateOrgPolicyViolationsPreviewRequest) GetOrgPolicyViolationsPreviewId() string

func (*CreateOrgPolicyViolationsPreviewRequest) GetParent

func (*CreateOrgPolicyViolationsPreviewRequest) ProtoMessage

func (*CreateOrgPolicyViolationsPreviewRequest) ProtoReflect

func (*CreateOrgPolicyViolationsPreviewRequest) Reset

func (*CreateOrgPolicyViolationsPreviewRequest) String

CreateReplayRequest

type CreateReplayRequest struct {

	// Required. The parent resource where this
	// [Replay][google.cloud.policysimulator.v1.Replay] will be created. This
	// resource must be a project, folder, or organization with a location.
	//
	// Example: `projects/my-example-project/locations/global`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The [Replay][google.cloud.policysimulator.v1.Replay] to create.
	// Set `Replay.ReplayConfig` to configure the replay.
	Replay *Replay `protobuf:"bytes,2,opt,name=replay,proto3" json:"replay,omitempty"`
	// contains filtered or unexported fields
}

Request message for [Simulator.CreateReplay][google.cloud.policysimulator.v1.Simulator.CreateReplay].

func (*CreateReplayRequest) Descriptor

func (*CreateReplayRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateReplayRequest.ProtoReflect.Descriptor instead.

func (*CreateReplayRequest) GetParent

func (x *CreateReplayRequest) GetParent() string

func (*CreateReplayRequest) GetReplay

func (x *CreateReplayRequest) GetReplay() *Replay

func (*CreateReplayRequest) ProtoMessage

func (*CreateReplayRequest) ProtoMessage()

func (*CreateReplayRequest) ProtoReflect

func (x *CreateReplayRequest) ProtoReflect() protoreflect.Message

func (*CreateReplayRequest) Reset

func (x *CreateReplayRequest) Reset()

func (*CreateReplayRequest) String

func (x *CreateReplayRequest) String() string

ExplainedAccess

type ExplainedAccess struct {

	// Whether the principal in the access tuple has permission to access the
	// resource in the access tuple under the given policies.
	AccessState AccessState `protobuf:"varint,1,opt,name=access_state,json=accessState,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access_state,omitempty"`
	// If the [AccessState][google.cloud.policysimulator.v1.AccessState] is
	// `UNKNOWN`, this field contains the policies that led to that result.
	//
	// If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
	// omitted.
	Policies []*ExplainedPolicy `protobuf:"bytes,2,rep,name=policies,proto3" json:"policies,omitempty"`
	// If the [AccessState][google.cloud.policysimulator.v1.AccessState] is
	// `UNKNOWN`, this field contains a list of errors explaining why the result
	// is `UNKNOWN`.
	//
	// If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is
	// omitted.
	Errors []*status.Status `protobuf:"bytes,3,rep,name=errors,proto3" json:"errors,omitempty"`
	// contains filtered or unexported fields
}

Details about how a set of policies, listed in [ExplainedPolicy][google.cloud.policysimulator.v1.ExplainedPolicy], resulted in a certain [AccessState][google.cloud.policysimulator.v1.AccessState] when replaying an access tuple.

func (*ExplainedAccess) Descriptor

func (*ExplainedAccess) Descriptor() ([]byte, []int)

Deprecated: Use ExplainedAccess.ProtoReflect.Descriptor instead.

func (*ExplainedAccess) GetAccessState

func (x *ExplainedAccess) GetAccessState() AccessState

func (*ExplainedAccess) GetErrors

func (x *ExplainedAccess) GetErrors() []*status.Status

func (*ExplainedAccess) GetPolicies

func (x *ExplainedAccess) GetPolicies() []*ExplainedPolicy

func (*ExplainedAccess) ProtoMessage

func (*ExplainedAccess) ProtoMessage()

func (*ExplainedAccess) ProtoReflect

func (x *ExplainedAccess) ProtoReflect() protoreflect.Message

func (*ExplainedAccess) Reset

func (x *ExplainedAccess) Reset()

func (*ExplainedAccess) String

func (x *ExplainedAccess) String() string

ExplainedPolicy

type ExplainedPolicy struct {

	// Indicates whether _this policy_ provides the specified permission to the
	// specified principal for the specified resource.
	//
	// This field does _not_ indicate whether the principal actually has the
	// permission for the resource. There might be another policy that overrides
	// this policy. To determine whether the principal actually has the
	// permission, use the `access` field in the
	// [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.v3.TroubleshootIamPolicyResponse].
	Access AccessState `protobuf:"varint,1,opt,name=access,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access,omitempty"`
	// The full resource name that identifies the resource. For example,
	// `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
	//
	// If the user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to the policy, this field is omitted.
	//
	// For examples of full resource names for Google Cloud services, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// The IAM policy attached to the resource.
	//
	// If the user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to the policy, this field is empty.
	Policy *iampb.Policy `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"`
	// Details about how each binding in the policy affects the principal's
	// ability, or inability, to use the permission for the resource.
	//
	// If the user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to the policy, this field is omitted.
	BindingExplanations []*BindingExplanation `protobuf:"bytes,4,rep,name=binding_explanations,json=bindingExplanations,proto3" json:"binding_explanations,omitempty"`
	// The relevance of this policy to the overall determination in the
	// [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.v3.TroubleshootIamPolicyResponse].
	//
	// If the user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to the policy, this field is omitted.
	Relevance HeuristicRelevance `protobuf:"varint,5,opt,name=relevance,proto3,enum=google.cloud.policysimulator.v1.HeuristicRelevance" json:"relevance,omitempty"`
	// contains filtered or unexported fields
}

Details about how a specific IAM [Policy][google.iam.v1.Policy] contributed to the access check.

func (*ExplainedPolicy) Descriptor

func (*ExplainedPolicy) Descriptor() ([]byte, []int)

Deprecated: Use ExplainedPolicy.ProtoReflect.Descriptor instead.

func (*ExplainedPolicy) GetAccess

func (x *ExplainedPolicy) GetAccess() AccessState

func (*ExplainedPolicy) GetBindingExplanations

func (x *ExplainedPolicy) GetBindingExplanations() []*BindingExplanation

func (*ExplainedPolicy) GetFullResourceName

func (x *ExplainedPolicy) GetFullResourceName() string

func (*ExplainedPolicy) GetPolicy

func (x *ExplainedPolicy) GetPolicy() *iampb.Policy

func (*ExplainedPolicy) GetRelevance

func (x *ExplainedPolicy) GetRelevance() HeuristicRelevance

func (*ExplainedPolicy) ProtoMessage

func (*ExplainedPolicy) ProtoMessage()

func (*ExplainedPolicy) ProtoReflect

func (x *ExplainedPolicy) ProtoReflect() protoreflect.Message

func (*ExplainedPolicy) Reset

func (x *ExplainedPolicy) Reset()

func (*ExplainedPolicy) String

func (x *ExplainedPolicy) String() string

GetOrgPolicyViolationsPreviewRequest

type GetOrgPolicyViolationsPreviewRequest struct {

	// Required. The name of the OrgPolicyViolationsPreview to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

GetOrgPolicyViolationsPreviewRequest is the request message for [OrgPolicyViolationsPreviewService.GetOrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.GetOrgPolicyViolationsPreview].

func (*GetOrgPolicyViolationsPreviewRequest) Descriptor

func (*GetOrgPolicyViolationsPreviewRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetOrgPolicyViolationsPreviewRequest.ProtoReflect.Descriptor instead.

func (*GetOrgPolicyViolationsPreviewRequest) GetName

func (*GetOrgPolicyViolationsPreviewRequest) ProtoMessage

func (*GetOrgPolicyViolationsPreviewRequest) ProtoMessage()

func (*GetOrgPolicyViolationsPreviewRequest) ProtoReflect

func (*GetOrgPolicyViolationsPreviewRequest) Reset

func (*GetOrgPolicyViolationsPreviewRequest) String

GetReplayRequest

type GetReplayRequest struct {

	// Required. The name of the [Replay][google.cloud.policysimulator.v1.Replay]
	// to retrieve, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the `Replay`.
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [Simulator.GetReplay][google.cloud.policysimulator.v1.Simulator.GetReplay].

func (*GetReplayRequest) Descriptor

func (*GetReplayRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetReplayRequest.ProtoReflect.Descriptor instead.

func (*GetReplayRequest) GetName

func (x *GetReplayRequest) GetName() string

func (*GetReplayRequest) ProtoMessage

func (*GetReplayRequest) ProtoMessage()

func (*GetReplayRequest) ProtoReflect

func (x *GetReplayRequest) ProtoReflect() protoreflect.Message

func (*GetReplayRequest) Reset

func (x *GetReplayRequest) Reset()

func (*GetReplayRequest) String

func (x *GetReplayRequest) String() string

HeuristicRelevance

type HeuristicRelevance int32

The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.

HeuristicRelevance_HEURISTIC_RELEVANCE_UNSPECIFIED, HeuristicRelevance_NORMAL, HeuristicRelevance_HIGH

const (
	// Default value. This value is unused.
	HeuristicRelevance_HEURISTIC_RELEVANCE_UNSPECIFIED HeuristicRelevance = 0
	// The data point has a limited effect on the result. Changing the data point
	// is unlikely to affect the overall determination.
	HeuristicRelevance_NORMAL HeuristicRelevance = 1
	// The data point has a strong effect on the result. Changing the data point
	// is likely to affect the overall determination.
	HeuristicRelevance_HIGH HeuristicRelevance = 2
)

func (HeuristicRelevance) Descriptor

func (HeuristicRelevance) Enum

func (HeuristicRelevance) EnumDescriptor

func (HeuristicRelevance) EnumDescriptor() ([]byte, []int)

Deprecated: Use HeuristicRelevance.Descriptor instead.

func (HeuristicRelevance) Number

func (HeuristicRelevance) String

func (x HeuristicRelevance) String() string

func (HeuristicRelevance) Type

ListOrgPolicyViolationsPreviewsRequest

type ListOrgPolicyViolationsPreviewsRequest struct {

	// Required. The parent the violations are scoped to.
	// Format:
	// `organizations/{organization}/locations/{location}`
	//
	// Example: `organizations/my-example-org/locations/global`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. The maximum number of items to return. The service may return
	// fewer than this value. If unspecified, at most 5 items will be returned.
	// The maximum value is 10; values above 10 will be coerced to 10.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. A page token, received from a previous call. Provide this to
	// retrieve the subsequent page.
	//
	// When paginating, all other parameters must match the call that provided the
	// page token.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

ListOrgPolicyViolationsPreviewsRequest is the request message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews].

func (*ListOrgPolicyViolationsPreviewsRequest) Descriptor

func (*ListOrgPolicyViolationsPreviewsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListOrgPolicyViolationsPreviewsRequest.ProtoReflect.Descriptor instead.

func (*ListOrgPolicyViolationsPreviewsRequest) GetPageSize

func (*ListOrgPolicyViolationsPreviewsRequest) GetPageToken

func (*ListOrgPolicyViolationsPreviewsRequest) GetParent

func (*ListOrgPolicyViolationsPreviewsRequest) ProtoMessage

func (*ListOrgPolicyViolationsPreviewsRequest) ProtoReflect

func (*ListOrgPolicyViolationsPreviewsRequest) Reset

func (*ListOrgPolicyViolationsPreviewsRequest) String

ListOrgPolicyViolationsPreviewsResponse

type ListOrgPolicyViolationsPreviewsResponse struct {

	// The list of OrgPolicyViolationsPreview
	OrgPolicyViolationsPreviews []*OrgPolicyViolationsPreview `protobuf:"bytes,1,rep,name=org_policy_violations_previews,json=orgPolicyViolationsPreviews,proto3" json:"org_policy_violations_previews,omitempty"`
	// A token that you can use to retrieve the next page of results.
	// If this field is omitted, there are no subsequent pages.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

ListOrgPolicyViolationsPreviewsResponse is the response message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews].

func (*ListOrgPolicyViolationsPreviewsResponse) Descriptor

func (*ListOrgPolicyViolationsPreviewsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListOrgPolicyViolationsPreviewsResponse.ProtoReflect.Descriptor instead.

func (*ListOrgPolicyViolationsPreviewsResponse) GetNextPageToken

func (x *ListOrgPolicyViolationsPreviewsResponse) GetNextPageToken() string

func (*ListOrgPolicyViolationsPreviewsResponse) GetOrgPolicyViolationsPreviews

func (x *ListOrgPolicyViolationsPreviewsResponse) GetOrgPolicyViolationsPreviews() []*OrgPolicyViolationsPreview

func (*ListOrgPolicyViolationsPreviewsResponse) ProtoMessage

func (*ListOrgPolicyViolationsPreviewsResponse) ProtoReflect

func (*ListOrgPolicyViolationsPreviewsResponse) Reset

func (*ListOrgPolicyViolationsPreviewsResponse) String

ListOrgPolicyViolationsRequest

type ListOrgPolicyViolationsRequest struct {

	// Required. The OrgPolicyViolationsPreview to get OrgPolicyViolations from.
	// Format:
	// organizations/{organization}/locations/{location}/orgPolicyViolationsPreviews/{orgPolicyViolationsPreview}
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. The maximum number of items to return. The service may return
	// fewer than this value. If unspecified, at most 1000 items will be returned.
	// The maximum value is 1000; values above 1000 will be coerced to 1000.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. A page token, received from a previous call. Provide this to
	// retrieve the subsequent page.
	//
	// When paginating, all other parameters must match the call that provided the
	// page token.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

ListOrgPolicyViolationsRequest is the request message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolations][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolations].

func (*ListOrgPolicyViolationsRequest) Descriptor

func (*ListOrgPolicyViolationsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListOrgPolicyViolationsRequest.ProtoReflect.Descriptor instead.

func (*ListOrgPolicyViolationsRequest) GetPageSize

func (x *ListOrgPolicyViolationsRequest) GetPageSize() int32

func (*ListOrgPolicyViolationsRequest) GetPageToken

func (x *ListOrgPolicyViolationsRequest) GetPageToken() string

func (*ListOrgPolicyViolationsRequest) GetParent

func (x *ListOrgPolicyViolationsRequest) GetParent() string

func (*ListOrgPolicyViolationsRequest) ProtoMessage

func (*ListOrgPolicyViolationsRequest) ProtoMessage()

func (*ListOrgPolicyViolationsRequest) ProtoReflect

func (*ListOrgPolicyViolationsRequest) Reset

func (x *ListOrgPolicyViolationsRequest) Reset()

func (*ListOrgPolicyViolationsRequest) String

ListOrgPolicyViolationsResponse

type ListOrgPolicyViolationsResponse struct {

	// The list of OrgPolicyViolations
	OrgPolicyViolations []*OrgPolicyViolation `protobuf:"bytes,1,rep,name=org_policy_violations,json=orgPolicyViolations,proto3" json:"org_policy_violations,omitempty"`
	// A token that you can use to retrieve the next page of results.
	// If this field is omitted, there are no subsequent pages.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

ListOrgPolicyViolationsResponse is the response message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolations][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolations]

func (*ListOrgPolicyViolationsResponse) Descriptor

func (*ListOrgPolicyViolationsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListOrgPolicyViolationsResponse.ProtoReflect.Descriptor instead.

func (*ListOrgPolicyViolationsResponse) GetNextPageToken

func (x *ListOrgPolicyViolationsResponse) GetNextPageToken() string

func (*ListOrgPolicyViolationsResponse) GetOrgPolicyViolations

func (x *ListOrgPolicyViolationsResponse) GetOrgPolicyViolations() []*OrgPolicyViolation

func (*ListOrgPolicyViolationsResponse) ProtoMessage

func (*ListOrgPolicyViolationsResponse) ProtoMessage()

func (*ListOrgPolicyViolationsResponse) ProtoReflect

func (*ListOrgPolicyViolationsResponse) Reset

func (*ListOrgPolicyViolationsResponse) String

ListReplayResultsRequest

type ListReplayResultsRequest struct {

	// Required. The [Replay][google.cloud.policysimulator.v1.Replay] whose
	// results are listed, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`
	//
	// Example:
	// `projects/my-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// The maximum number of
	// [ReplayResult][google.cloud.policysimulator.v1.ReplayResult] objects to
	// return. Defaults to 5000.
	//
	// The maximum value is 5000; values above 5000 are rounded down to 5000.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// A page token, received from a previous
	// [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults]
	// call. Provide this token to retrieve the next page of results.
	//
	// When paginating, all other parameters provided to
	// [Simulator.ListReplayResults[] must match the call that provided the page
	// token.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

Request message for [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults].

func (*ListReplayResultsRequest) Descriptor

func (*ListReplayResultsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListReplayResultsRequest.ProtoReflect.Descriptor instead.

func (*ListReplayResultsRequest) GetPageSize

func (x *ListReplayResultsRequest) GetPageSize() int32

func (*ListReplayResultsRequest) GetPageToken

func (x *ListReplayResultsRequest) GetPageToken() string

func (*ListReplayResultsRequest) GetParent

func (x *ListReplayResultsRequest) GetParent() string

func (*ListReplayResultsRequest) ProtoMessage

func (*ListReplayResultsRequest) ProtoMessage()

func (*ListReplayResultsRequest) ProtoReflect

func (x *ListReplayResultsRequest) ProtoReflect() protoreflect.Message

func (*ListReplayResultsRequest) Reset

func (x *ListReplayResultsRequest) Reset()

func (*ListReplayResultsRequest) String

func (x *ListReplayResultsRequest) String() string

ListReplayResultsResponse

type ListReplayResultsResponse struct {

	// The results of running a [Replay][google.cloud.policysimulator.v1.Replay].
	ReplayResults []*ReplayResult `protobuf:"bytes,1,rep,name=replay_results,json=replayResults,proto3" json:"replay_results,omitempty"`
	// A token that you can use to retrieve the next page of
	// [ReplayResult][google.cloud.policysimulator.v1.ReplayResult] objects. If
	// this field is omitted, there are no subsequent pages.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

Response message for [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults].

func (*ListReplayResultsResponse) Descriptor

func (*ListReplayResultsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListReplayResultsResponse.ProtoReflect.Descriptor instead.

func (*ListReplayResultsResponse) GetNextPageToken

func (x *ListReplayResultsResponse) GetNextPageToken() string

func (*ListReplayResultsResponse) GetReplayResults

func (x *ListReplayResultsResponse) GetReplayResults() []*ReplayResult

func (*ListReplayResultsResponse) ProtoMessage

func (*ListReplayResultsResponse) ProtoMessage()

func (*ListReplayResultsResponse) ProtoReflect

func (*ListReplayResultsResponse) Reset

func (x *ListReplayResultsResponse) Reset()

func (*ListReplayResultsResponse) String

func (x *ListReplayResultsResponse) String() string

OrgPolicyOverlay

type OrgPolicyOverlay struct {

	// Optional. The OrgPolicy changes to preview violations for.
	//
	// Any existing OrgPolicies with the same name will be overridden
	// in the simulation. That is, violations will be determined as if all
	// policies in the overlay were created or updated.
	Policies []*OrgPolicyOverlay_PolicyOverlay `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
	// Optional. The OrgPolicy CustomConstraint changes to preview violations for.
	//
	// Any existing CustomConstraints with the same name will be overridden
	// in the simulation. That is, violations will be determined as if all
	// custom constraints in the overlay were instantiated.
	//
	// Only a single custom_constraint is supported in the overlay at a time.
	// For evaluating multiple constraints, multiple
	// `GenerateOrgPolicyViolationsPreview` requests are made, where each request
	// evaluates a single constraint.
	CustomConstraints []*OrgPolicyOverlay_CustomConstraintOverlay `protobuf:"bytes,2,rep,name=custom_constraints,json=customConstraints,proto3" json:"custom_constraints,omitempty"`
	// contains filtered or unexported fields
}

The proposed changes to OrgPolicy.

func (*OrgPolicyOverlay) Descriptor

func (*OrgPolicyOverlay) Descriptor() ([]byte, []int)

Deprecated: Use OrgPolicyOverlay.ProtoReflect.Descriptor instead.

func (*OrgPolicyOverlay) GetCustomConstraints

func (x *OrgPolicyOverlay) GetCustomConstraints() []*OrgPolicyOverlay_CustomConstraintOverlay

func (*OrgPolicyOverlay) GetPolicies

func (*OrgPolicyOverlay) ProtoMessage

func (*OrgPolicyOverlay) ProtoMessage()

func (*OrgPolicyOverlay) ProtoReflect

func (x *OrgPolicyOverlay) ProtoReflect() protoreflect.Message

func (*OrgPolicyOverlay) Reset

func (x *OrgPolicyOverlay) Reset()

func (*OrgPolicyOverlay) String

func (x *OrgPolicyOverlay) String() string

OrgPolicyOverlay_CustomConstraintOverlay

type OrgPolicyOverlay_CustomConstraintOverlay struct {

	// Optional. Resource the constraint is attached to.
	// Example: "organization/987654"
	CustomConstraintParent string `protobuf:"bytes,1,opt,name=custom_constraint_parent,json=customConstraintParent,proto3" json:"custom_constraint_parent,omitempty"`
	// Optional. The new or updated custom constraint.
	CustomConstraint *orgpolicypb.CustomConstraint `protobuf:"bytes,2,opt,name=custom_constraint,json=customConstraint,proto3" json:"custom_constraint,omitempty"`
	// contains filtered or unexported fields
}

A change to an OrgPolicy custom constraint.

func (*OrgPolicyOverlay_CustomConstraintOverlay) Descriptor

func (*OrgPolicyOverlay_CustomConstraintOverlay) Descriptor() ([]byte, []int)

Deprecated: Use OrgPolicyOverlay_CustomConstraintOverlay.ProtoReflect.Descriptor instead.

func (*OrgPolicyOverlay_CustomConstraintOverlay) GetCustomConstraint

func (*OrgPolicyOverlay_CustomConstraintOverlay) GetCustomConstraintParent

func (x *OrgPolicyOverlay_CustomConstraintOverlay) GetCustomConstraintParent() string

func (*OrgPolicyOverlay_CustomConstraintOverlay) ProtoMessage

func (*OrgPolicyOverlay_CustomConstraintOverlay) ProtoReflect

func (*OrgPolicyOverlay_CustomConstraintOverlay) Reset

func (*OrgPolicyOverlay_CustomConstraintOverlay) String

OrgPolicyOverlay_PolicyOverlay

type OrgPolicyOverlay_PolicyOverlay struct {

	// Optional. The parent of the policy we are attaching to.
	// Example: "projects/123456"
	PolicyParent string `protobuf:"bytes,1,opt,name=policy_parent,json=policyParent,proto3" json:"policy_parent,omitempty"`
	// Optional. The new or updated OrgPolicy.
	Policy *orgpolicypb.Policy `protobuf:"bytes,2,opt,name=policy,proto3" json:"policy,omitempty"`
	// contains filtered or unexported fields
}

A change to an OrgPolicy.

func (*OrgPolicyOverlay_PolicyOverlay) Descriptor

func (*OrgPolicyOverlay_PolicyOverlay) Descriptor() ([]byte, []int)

Deprecated: Use OrgPolicyOverlay_PolicyOverlay.ProtoReflect.Descriptor instead.

func (*OrgPolicyOverlay_PolicyOverlay) GetPolicy

func (*OrgPolicyOverlay_PolicyOverlay) GetPolicyParent

func (x *OrgPolicyOverlay_PolicyOverlay) GetPolicyParent() string

func (*OrgPolicyOverlay_PolicyOverlay) ProtoMessage

func (*OrgPolicyOverlay_PolicyOverlay) ProtoMessage()

func (*OrgPolicyOverlay_PolicyOverlay) ProtoReflect

func (*OrgPolicyOverlay_PolicyOverlay) Reset

func (x *OrgPolicyOverlay_PolicyOverlay) Reset()

func (*OrgPolicyOverlay_PolicyOverlay) String

OrgPolicyViolation

type OrgPolicyViolation struct {

	// The name of the `OrgPolicyViolation`. Example:
	// organizations/my-example-org/locations/global/orgPolicyViolationsPreviews/506a5f7f/orgPolicyViolations/38ce`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The resource violating the constraint.
	Resource *ResourceContext `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
	// The custom constraint being violated.
	CustomConstraint *orgpolicypb.CustomConstraint `protobuf:"bytes,3,opt,name=custom_constraint,json=customConstraint,proto3" json:"custom_constraint,omitempty"`
	// Any error encountered during the evaluation.
	Error *status.Status `protobuf:"bytes,4,opt,name=error,proto3" json:"error,omitempty"`
	// contains filtered or unexported fields
}

OrgPolicyViolation is a resource representing a single resource violating a single OrgPolicy constraint.

func (*OrgPolicyViolation) Descriptor

func (*OrgPolicyViolation) Descriptor() ([]byte, []int)

Deprecated: Use OrgPolicyViolation.ProtoReflect.Descriptor instead.

func (*OrgPolicyViolation) GetCustomConstraint

func (x *OrgPolicyViolation) GetCustomConstraint() *orgpolicypb.CustomConstraint

func (*OrgPolicyViolation) GetError

func (x *OrgPolicyViolation) GetError() *status.Status

func (*OrgPolicyViolation) GetName

func (x *OrgPolicyViolation) GetName() string

func (*OrgPolicyViolation) GetResource

func (x *OrgPolicyViolation) GetResource() *ResourceContext

func (*OrgPolicyViolation) ProtoMessage

func (*OrgPolicyViolation) ProtoMessage()

func (*OrgPolicyViolation) ProtoReflect

func (x *OrgPolicyViolation) ProtoReflect() protoreflect.Message

func (*OrgPolicyViolation) Reset

func (x *OrgPolicyViolation) Reset()

func (*OrgPolicyViolation) String

func (x *OrgPolicyViolation) String() string

OrgPolicyViolationsPreview

type OrgPolicyViolationsPreview struct {

	// Output only. The resource name of the `OrgPolicyViolationsPreview`. It has
	// the following format:
	//
	// `organizations/{organization}/locations/{location}/orgPolicyViolationsPreviews/{orgPolicyViolationsPreview}`
	//
	// Example:
	// `organizations/my-example-org/locations/global/orgPolicyViolationsPreviews/506a5f7f`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The state of the `OrgPolicyViolationsPreview`.
	State PreviewState `protobuf:"varint,2,opt,name=state,proto3,enum=google.cloud.policysimulator.v1.PreviewState" json:"state,omitempty"`
	// Required. The proposed changes we are previewing violations for.
	Overlay *OrgPolicyOverlay `protobuf:"bytes,3,opt,name=overlay,proto3" json:"overlay,omitempty"`
	// Output only. The number of [OrgPolicyViolations][] in this
	// `OrgPolicyViolationsPreview`. This count may differ from
	// `resource_summary.noncompliant_count` because each
	// [OrgPolicyViolation][google.cloud.policysimulator.v1.OrgPolicyViolation] is
	// specific to a resource **and** constraint. If there are multiple
	// constraints being evaluated (i.e. multiple policies in the overlay), a
	// single resource may violate multiple constraints.
	ViolationsCount int32 `protobuf:"varint,4,opt,name=violations_count,json=violationsCount,proto3" json:"violations_count,omitempty"`
	// Output only. A summary of the state of all resources scanned for compliance
	// with the changed OrgPolicy.
	ResourceCounts *OrgPolicyViolationsPreview_ResourceCounts `protobuf:"bytes,5,opt,name=resource_counts,json=resourceCounts,proto3" json:"resource_counts,omitempty"`
	// Output only. The names of the constraints against which all
	// `OrgPolicyViolations` were evaluated.
	//
	// If `OrgPolicyOverlay` only contains `PolicyOverlay` then it contains
	// the name of the configured custom constraint, applicable to the specified
	// policies. Otherwise it contains the name of the constraint specified in
	// `CustomConstraintOverlay`.
	//
	// Format:
	// `organizations/{organization_id}/customConstraints/{custom_constraint_id}`
	//
	// Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms`
	CustomConstraints []string `protobuf:"bytes,6,rep,name=custom_constraints,json=customConstraints,proto3" json:"custom_constraints,omitempty"`
	// Output only. Time when this `OrgPolicyViolationsPreview` was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// contains filtered or unexported fields
}

OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made.

The list of violations are modeled as child resources and retrieved via a [ListOrgPolicyViolations][] API call. There are potentially more [OrgPolicyViolations][] than could fit in an embedded field. Thus, the use of a child resource instead of a field.

func (*OrgPolicyViolationsPreview) Descriptor

func (*OrgPolicyViolationsPreview) Descriptor() ([]byte, []int)

Deprecated: Use OrgPolicyViolationsPreview.ProtoReflect.Descriptor instead.

func (*OrgPolicyViolationsPreview) GetCreateTime

func (x *OrgPolicyViolationsPreview) GetCreateTime() *timestamppb.Timestamp

func (*OrgPolicyViolationsPreview) GetCustomConstraints

func (x *OrgPolicyViolationsPreview) GetCustomConstraints() []string

func (*OrgPolicyViolationsPreview) GetName

func (x *OrgPolicyViolationsPreview) GetName() string

func (*OrgPolicyViolationsPreview) GetOverlay

func (*OrgPolicyViolationsPreview) GetResourceCounts

func (*OrgPolicyViolationsPreview) GetState

func (*OrgPolicyViolationsPreview) GetViolationsCount

func (x *OrgPolicyViolationsPreview) GetViolationsCount() int32

func (*OrgPolicyViolationsPreview) ProtoMessage

func (*OrgPolicyViolationsPreview) ProtoMessage()

func (*OrgPolicyViolationsPreview) ProtoReflect

func (*OrgPolicyViolationsPreview) Reset

func (x *OrgPolicyViolationsPreview) Reset()

func (*OrgPolicyViolationsPreview) String

func (x *OrgPolicyViolationsPreview) String() string

OrgPolicyViolationsPreviewServiceClient

type OrgPolicyViolationsPreviewServiceClient interface {
	// ListOrgPolicyViolationsPreviews lists each
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// in an organization. Each
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// is available for at least 7 days.
	ListOrgPolicyViolationsPreviews(ctx context.Context, in *ListOrgPolicyViolationsPreviewsRequest, opts ...grpc.CallOption) (*ListOrgPolicyViolationsPreviewsResponse, error)
	// GetOrgPolicyViolationsPreview gets the specified
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
	// Each
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// is available for at least 7 days.
	GetOrgPolicyViolationsPreview(ctx context.Context, in *GetOrgPolicyViolationsPreviewRequest, opts ...grpc.CallOption) (*OrgPolicyViolationsPreview, error)
	// CreateOrgPolicyViolationsPreview creates an
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// for the proposed changes in the provided
	// [OrgPolicyViolationsPreview.OrgPolicyOverlay][]. The changes to OrgPolicy
	// are specified by this `OrgPolicyOverlay`. The resources to scan are
	// inferred from these specified changes.
	CreateOrgPolicyViolationsPreview(ctx context.Context, in *CreateOrgPolicyViolationsPreviewRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// ListOrgPolicyViolations lists the [OrgPolicyViolations][] that are present
	// in an
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
	ListOrgPolicyViolations(ctx context.Context, in *ListOrgPolicyViolationsRequest, opts ...grpc.CallOption) (*ListOrgPolicyViolationsResponse, error)
}

OrgPolicyViolationsPreviewServiceClient is the client API for OrgPolicyViolationsPreviewService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewOrgPolicyViolationsPreviewServiceClient

func NewOrgPolicyViolationsPreviewServiceClient(cc grpc.ClientConnInterface) OrgPolicyViolationsPreviewServiceClient

OrgPolicyViolationsPreviewServiceServer

type OrgPolicyViolationsPreviewServiceServer interface {
	// ListOrgPolicyViolationsPreviews lists each
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// in an organization. Each
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// is available for at least 7 days.
	ListOrgPolicyViolationsPreviews(context.Context, *ListOrgPolicyViolationsPreviewsRequest) (*ListOrgPolicyViolationsPreviewsResponse, error)
	// GetOrgPolicyViolationsPreview gets the specified
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
	// Each
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// is available for at least 7 days.
	GetOrgPolicyViolationsPreview(context.Context, *GetOrgPolicyViolationsPreviewRequest) (*OrgPolicyViolationsPreview, error)
	// CreateOrgPolicyViolationsPreview creates an
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// for the proposed changes in the provided
	// [OrgPolicyViolationsPreview.OrgPolicyOverlay][]. The changes to OrgPolicy
	// are specified by this `OrgPolicyOverlay`. The resources to scan are
	// inferred from these specified changes.
	CreateOrgPolicyViolationsPreview(context.Context, *CreateOrgPolicyViolationsPreviewRequest) (*longrunningpb.Operation, error)
	// ListOrgPolicyViolations lists the [OrgPolicyViolations][] that are present
	// in an
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
	ListOrgPolicyViolations(context.Context, *ListOrgPolicyViolationsRequest) (*ListOrgPolicyViolationsResponse, error)
}

OrgPolicyViolationsPreviewServiceServer is the server API for OrgPolicyViolationsPreviewService service.

OrgPolicyViolationsPreview_ResourceCounts

type OrgPolicyViolationsPreview_ResourceCounts struct {

	// Output only. Number of resources checked for compliance.
	//
	// Must equal:  unenforced + noncompliant + compliant + error
	Scanned int32 `protobuf:"varint,1,opt,name=scanned,proto3" json:"scanned,omitempty"`
	// Output only. Number of scanned resources with at least one violation.
	Noncompliant int32 `protobuf:"varint,2,opt,name=noncompliant,proto3" json:"noncompliant,omitempty"`
	// Output only. Number of scanned resources with zero violations.
	Compliant int32 `protobuf:"varint,3,opt,name=compliant,proto3" json:"compliant,omitempty"`
	// Output only. Number of resources where the constraint was not enforced,
	// i.e. the Policy set `enforced: false` for that resource.
	Unenforced int32 `protobuf:"varint,4,opt,name=unenforced,proto3" json:"unenforced,omitempty"`
	// Output only. Number of resources that returned an error when scanned.
	Errors int32 `protobuf:"varint,5,opt,name=errors,proto3" json:"errors,omitempty"`
	// contains filtered or unexported fields
}

A summary of the state of all resources scanned for compliance with the changed OrgPolicy.

func (*OrgPolicyViolationsPreview_ResourceCounts) Descriptor

func (*OrgPolicyViolationsPreview_ResourceCounts) Descriptor() ([]byte, []int)

Deprecated: Use OrgPolicyViolationsPreview_ResourceCounts.ProtoReflect.Descriptor instead.

func (*OrgPolicyViolationsPreview_ResourceCounts) GetCompliant

func (*OrgPolicyViolationsPreview_ResourceCounts) GetErrors

func (*OrgPolicyViolationsPreview_ResourceCounts) GetNoncompliant

func (x *OrgPolicyViolationsPreview_ResourceCounts) GetNoncompliant() int32

func (*OrgPolicyViolationsPreview_ResourceCounts) GetScanned

func (*OrgPolicyViolationsPreview_ResourceCounts) GetUnenforced

func (*OrgPolicyViolationsPreview_ResourceCounts) ProtoMessage

func (*OrgPolicyViolationsPreview_ResourceCounts) ProtoReflect

func (*OrgPolicyViolationsPreview_ResourceCounts) Reset

func (*OrgPolicyViolationsPreview_ResourceCounts) String

PreviewState

type PreviewState int32

The current state of an [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].

PreviewState_PREVIEW_STATE_UNSPECIFIED, PreviewState_PREVIEW_PENDING, PreviewState_PREVIEW_RUNNING, PreviewState_PREVIEW_SUCCEEDED, PreviewState_PREVIEW_FAILED

const (
	// The state is unspecified.
	PreviewState_PREVIEW_STATE_UNSPECIFIED PreviewState = 0
	// The
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// has not been created yet.
	PreviewState_PREVIEW_PENDING PreviewState = 1
	// The
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// is currently being created.
	PreviewState_PREVIEW_RUNNING PreviewState = 2
	// The
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// creation finished successfully.
	PreviewState_PREVIEW_SUCCEEDED PreviewState = 3
	// The
	// [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
	// creation failed with an error.
	PreviewState_PREVIEW_FAILED PreviewState = 4
)

func (PreviewState) Descriptor

func (PreviewState) Enum

func (x PreviewState) Enum() *PreviewState

func (PreviewState) EnumDescriptor

func (PreviewState) EnumDescriptor() ([]byte, []int)

Deprecated: Use PreviewState.Descriptor instead.

func (PreviewState) Number

func (PreviewState) String

func (x PreviewState) String() string

func (PreviewState) Type

Replay

type Replay struct {

	// Output only. The resource name of the `Replay`, which has the following
	// format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the Replay.
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The current state of the `Replay`.
	State Replay_State `protobuf:"varint,2,opt,name=state,proto3,enum=google.cloud.policysimulator.v1.Replay_State" json:"state,omitempty"`
	// Required. The configuration used for the `Replay`.
	Config *ReplayConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
	// Output only. Summary statistics about the replayed log entries.
	ResultsSummary *Replay_ResultsSummary `protobuf:"bytes,5,opt,name=results_summary,json=resultsSummary,proto3" json:"results_summary,omitempty"`
	// contains filtered or unexported fields
}

A resource describing a Replay, or simulation.

func (*Replay) Descriptor

func (*Replay) Descriptor() ([]byte, []int)

Deprecated: Use Replay.ProtoReflect.Descriptor instead.

func (*Replay) GetConfig

func (x *Replay) GetConfig() *ReplayConfig

func (*Replay) GetName

func (x *Replay) GetName() string

func (*Replay) GetResultsSummary

func (x *Replay) GetResultsSummary() *Replay_ResultsSummary

func (*Replay) GetState

func (x *Replay) GetState() Replay_State

func (*Replay) ProtoMessage

func (*Replay) ProtoMessage()

func (*Replay) ProtoReflect

func (x *Replay) ProtoReflect() protoreflect.Message

func (*Replay) Reset

func (x *Replay) Reset()

func (*Replay) String

func (x *Replay) String() string

ReplayConfig

type ReplayConfig struct {

	// A mapping of the resources that you want to simulate policies for and the
	// policies that you want to simulate.
	//
	// Keys are the full resource names for the resources. For example,
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	// For examples of full resource names for Google Cloud services, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
	//
	// Values are [Policy][google.iam.v1.Policy] objects representing the policies
	// that you want to simulate.
	//
	// Replays automatically take into account any IAM policies inherited through
	// the resource hierarchy, and any policies set on descendant resources. You
	// do not need to include these policies in the policy overlay.
	PolicyOverlay map[string]*iampb.Policy `protobuf:"bytes,1,rep,name=policy_overlay,json=policyOverlay,proto3" json:"policy_overlay,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
	// The logs to use as input for the
	// [Replay][google.cloud.policysimulator.v1.Replay].
	LogSource ReplayConfig_LogSource `protobuf:"varint,2,opt,name=log_source,json=logSource,proto3,enum=google.cloud.policysimulator.v1.ReplayConfig_LogSource" json:"log_source,omitempty"`
	// contains filtered or unexported fields
}

The configuration used for a [Replay][google.cloud.policysimulator.v1.Replay].

func (*ReplayConfig) Descriptor

func (*ReplayConfig) Descriptor() ([]byte, []int)

Deprecated: Use ReplayConfig.ProtoReflect.Descriptor instead.

func (*ReplayConfig) GetLogSource

func (x *ReplayConfig) GetLogSource() ReplayConfig_LogSource

func (*ReplayConfig) GetPolicyOverlay

func (x *ReplayConfig) GetPolicyOverlay() map[string]*iampb.Policy

func (*ReplayConfig) ProtoMessage

func (*ReplayConfig) ProtoMessage()

func (*ReplayConfig) ProtoReflect

func (x *ReplayConfig) ProtoReflect() protoreflect.Message

func (*ReplayConfig) Reset

func (x *ReplayConfig) Reset()

func (*ReplayConfig) String

func (x *ReplayConfig) String() string

ReplayConfig_LogSource

type ReplayConfig_LogSource int32

The source of the logs to use for a [Replay][google.cloud.policysimulator.v1.Replay].

ReplayConfig_LOG_SOURCE_UNSPECIFIED, ReplayConfig_RECENT_ACCESSES

const (
	// An unspecified log source.
	// If the log source is unspecified, the
	// [Replay][google.cloud.policysimulator.v1.Replay] defaults to using
	// `RECENT_ACCESSES`.
	ReplayConfig_LOG_SOURCE_UNSPECIFIED ReplayConfig_LogSource = 0
	// All access logs from the last 90 days. These logs may not include logs
	// from the most recent 7 days.
	ReplayConfig_RECENT_ACCESSES ReplayConfig_LogSource = 1
)

func (ReplayConfig_LogSource) Descriptor

func (ReplayConfig_LogSource) Enum

func (ReplayConfig_LogSource) EnumDescriptor

func (ReplayConfig_LogSource) EnumDescriptor() ([]byte, []int)

Deprecated: Use ReplayConfig_LogSource.Descriptor instead.

func (ReplayConfig_LogSource) Number

func (ReplayConfig_LogSource) String

func (x ReplayConfig_LogSource) String() string

func (ReplayConfig_LogSource) Type

ReplayDiff

type ReplayDiff struct {

	// A summary and comparison of the principal's access under the current
	// (baseline) policies and the proposed (simulated) policies for a single
	// access tuple.
	//
	// The evaluation of the principal's access is reported in the
	// [AccessState][google.cloud.policysimulator.v1.AccessState] field.
	AccessDiff *AccessStateDiff `protobuf:"bytes,2,opt,name=access_diff,json=accessDiff,proto3" json:"access_diff,omitempty"`
	// contains filtered or unexported fields
}

The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.

func (*ReplayDiff) Descriptor

func (*ReplayDiff) Descriptor() ([]byte, []int)

Deprecated: Use ReplayDiff.ProtoReflect.Descriptor instead.

func (*ReplayDiff) GetAccessDiff

func (x *ReplayDiff) GetAccessDiff() *AccessStateDiff

func (*ReplayDiff) ProtoMessage

func (*ReplayDiff) ProtoMessage()

func (*ReplayDiff) ProtoReflect

func (x *ReplayDiff) ProtoReflect() protoreflect.Message

func (*ReplayDiff) Reset

func (x *ReplayDiff) Reset()

func (*ReplayDiff) String

func (x *ReplayDiff) String() string

ReplayOperationMetadata

type ReplayOperationMetadata struct {

	// Time when the request was received.
	StartTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"`
	// contains filtered or unexported fields
}

Metadata about a Replay operation.

func (*ReplayOperationMetadata) Descriptor

func (*ReplayOperationMetadata) Descriptor() ([]byte, []int)

Deprecated: Use ReplayOperationMetadata.ProtoReflect.Descriptor instead.

func (*ReplayOperationMetadata) GetStartTime

func (x *ReplayOperationMetadata) GetStartTime() *timestamppb.Timestamp

func (*ReplayOperationMetadata) ProtoMessage

func (*ReplayOperationMetadata) ProtoMessage()

func (*ReplayOperationMetadata) ProtoReflect

func (x *ReplayOperationMetadata) ProtoReflect() protoreflect.Message

func (*ReplayOperationMetadata) Reset

func (x *ReplayOperationMetadata) Reset()

func (*ReplayOperationMetadata) String

func (x *ReplayOperationMetadata) String() string

ReplayResult

type ReplayResult struct {

	// The result of replaying the access tuple.
	//
	// Types that are assignable to Result:
	//
	//	*ReplayResult_Diff
	//	*ReplayResult_Error
	Result isReplayResult_Result `protobuf_oneof:"result"`
	// The resource name of the `ReplayResult`, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}/results/{replay-result-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the [Replay][google.cloud.policysimulator.v1.Replay].
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36/results/1234`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The [Replay][google.cloud.policysimulator.v1.Replay] that the access tuple
	// was included in.
	Parent string `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
	// The access tuple that was replayed. This field includes information about
	// the principal, resource, and permission that were involved in the access
	// attempt.
	AccessTuple *AccessTuple `protobuf:"bytes,3,opt,name=access_tuple,json=accessTuple,proto3" json:"access_tuple,omitempty"`
	// The latest date this access tuple was seen in the logs.
	LastSeenDate *date.Date `protobuf:"bytes,4,opt,name=last_seen_date,json=lastSeenDate,proto3" json:"last_seen_date,omitempty"`
	// contains filtered or unexported fields
}

The result of replaying a single access tuple against a simulated state.

func (*ReplayResult) Descriptor

func (*ReplayResult) Descriptor() ([]byte, []int)

Deprecated: Use ReplayResult.ProtoReflect.Descriptor instead.

func (*ReplayResult) GetAccessTuple

func (x *ReplayResult) GetAccessTuple() *AccessTuple

func (*ReplayResult) GetDiff

func (x *ReplayResult) GetDiff() *ReplayDiff

func (*ReplayResult) GetError

func (x *ReplayResult) GetError() *status.Status

func (*ReplayResult) GetLastSeenDate

func (x *ReplayResult) GetLastSeenDate() *date.Date

func (*ReplayResult) GetName

func (x *ReplayResult) GetName() string

func (*ReplayResult) GetParent

func (x *ReplayResult) GetParent() string

func (*ReplayResult) GetResult

func (m *ReplayResult) GetResult() isReplayResult_Result

func (*ReplayResult) ProtoMessage

func (*ReplayResult) ProtoMessage()

func (*ReplayResult) ProtoReflect

func (x *ReplayResult) ProtoReflect() protoreflect.Message

func (*ReplayResult) Reset

func (x *ReplayResult) Reset()

func (*ReplayResult) String

func (x *ReplayResult) String() string

ReplayResult_Diff

type ReplayResult_Diff struct {
	// The difference between the principal's access under the current
	// (baseline) policies and the principal's access under the proposed
	// (simulated) policies.
	//
	// This field is only included for access tuples that were successfully
	// replayed and had different results under the current policies and the
	// proposed policies.
	Diff *ReplayDiff `protobuf:"bytes,5,opt,name=diff,proto3,oneof"`
}

ReplayResult_Error

type ReplayResult_Error struct {
	// The error that caused the access tuple replay to fail.
	//
	// This field is only included for access tuples that were not replayed
	// successfully.
	Error *status.Status `protobuf:"bytes,6,opt,name=error,proto3,oneof"`
}

Replay_ResultsSummary

type Replay_ResultsSummary struct {

	// The total number of log entries replayed.
	LogCount int32 `protobuf:"varint,1,opt,name=log_count,json=logCount,proto3" json:"log_count,omitempty"`
	// The number of replayed log entries with no difference between
	// baseline and simulated policies.
	UnchangedCount int32 `protobuf:"varint,2,opt,name=unchanged_count,json=unchangedCount,proto3" json:"unchanged_count,omitempty"`
	// The number of replayed log entries with a difference between baseline and
	// simulated policies.
	DifferenceCount int32 `protobuf:"varint,3,opt,name=difference_count,json=differenceCount,proto3" json:"difference_count,omitempty"`
	// The number of log entries that could not be replayed.
	ErrorCount int32 `protobuf:"varint,4,opt,name=error_count,json=errorCount,proto3" json:"error_count,omitempty"`
	// The date of the oldest log entry replayed.
	OldestDate *date.Date `protobuf:"bytes,5,opt,name=oldest_date,json=oldestDate,proto3" json:"oldest_date,omitempty"`
	// The date of the newest log entry replayed.
	NewestDate *date.Date `protobuf:"bytes,6,opt,name=newest_date,json=newestDate,proto3" json:"newest_date,omitempty"`
	// contains filtered or unexported fields
}

Summary statistics about the replayed log entries.

func (*Replay_ResultsSummary) Descriptor

func (*Replay_ResultsSummary) Descriptor() ([]byte, []int)

Deprecated: Use Replay_ResultsSummary.ProtoReflect.Descriptor instead.

func (*Replay_ResultsSummary) GetDifferenceCount

func (x *Replay_ResultsSummary) GetDifferenceCount() int32

func (*Replay_ResultsSummary) GetErrorCount

func (x *Replay_ResultsSummary) GetErrorCount() int32

func (*Replay_ResultsSummary) GetLogCount

func (x *Replay_ResultsSummary) GetLogCount() int32

func (*Replay_ResultsSummary) GetNewestDate

func (x *Replay_ResultsSummary) GetNewestDate() *date.Date

func (*Replay_ResultsSummary) GetOldestDate

func (x *Replay_ResultsSummary) GetOldestDate() *date.Date

func (*Replay_ResultsSummary) GetUnchangedCount

func (x *Replay_ResultsSummary) GetUnchangedCount() int32

func (*Replay_ResultsSummary) ProtoMessage

func (*Replay_ResultsSummary) ProtoMessage()

func (*Replay_ResultsSummary) ProtoReflect

func (x *Replay_ResultsSummary) ProtoReflect() protoreflect.Message

func (*Replay_ResultsSummary) Reset

func (x *Replay_ResultsSummary) Reset()

func (*Replay_ResultsSummary) String

func (x *Replay_ResultsSummary) String() string

Replay_State

type Replay_State int32

The current state of the [Replay][google.cloud.policysimulator.v1.Replay].

Replay_STATE_UNSPECIFIED, Replay_PENDING, Replay_RUNNING, Replay_SUCCEEDED, Replay_FAILED

const (
	// Default value. This value is unused.
	Replay_STATE_UNSPECIFIED Replay_State = 0
	// The `Replay` has not started yet.
	Replay_PENDING Replay_State = 1
	// The `Replay` is currently running.
	Replay_RUNNING Replay_State = 2
	// The `Replay` has successfully completed.
	Replay_SUCCEEDED Replay_State = 3
	// The `Replay` has finished with an error.
	Replay_FAILED Replay_State = 4
)

func (Replay_State) Descriptor

func (Replay_State) Enum

func (x Replay_State) Enum() *Replay_State

func (Replay_State) EnumDescriptor

func (Replay_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use Replay_State.Descriptor instead.

func (Replay_State) Number

func (Replay_State) String

func (x Replay_State) String() string

func (Replay_State) Type

ResourceContext

type ResourceContext struct {

	// The full name of the resource. Example:
	// `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
	//
	// See [Resource
	// names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
	// for more information.
	Resource string `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
	// The asset type of the resource as defined by CAIS.
	//
	// Example: `compute.googleapis.com/Firewall`
	//
	// See [Supported asset
	// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
	// for more information.
	AssetType string `protobuf:"bytes,2,opt,name=asset_type,json=assetType,proto3" json:"asset_type,omitempty"`
	// The ancestry path of the resource in Google Cloud [resource
	// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
	// represented as a list of relative resource names. An ancestry path starts
	// with the closest ancestor in the hierarchy and ends at root. If the
	// resource is a project, folder, or organization, the ancestry path starts
	// from the resource itself.
	//
	// Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
	Ancestors []string `protobuf:"bytes,3,rep,name=ancestors,proto3" json:"ancestors,omitempty"`
	// contains filtered or unexported fields
}

ResourceContext provides the context we know about a resource. It is similar in concept to google.cloud.asset.v1.Resource, but focuses on the information specifically used by Simulator.

func (*ResourceContext) Descriptor

func (*ResourceContext) Descriptor() ([]byte, []int)

Deprecated: Use ResourceContext.ProtoReflect.Descriptor instead.

func (*ResourceContext) GetAncestors

func (x *ResourceContext) GetAncestors() []string

func (*ResourceContext) GetAssetType

func (x *ResourceContext) GetAssetType() string

func (*ResourceContext) GetResource

func (x *ResourceContext) GetResource() string

func (*ResourceContext) ProtoMessage

func (*ResourceContext) ProtoMessage()

func (*ResourceContext) ProtoReflect

func (x *ResourceContext) ProtoReflect() protoreflect.Message

func (*ResourceContext) Reset

func (x *ResourceContext) Reset()

func (*ResourceContext) String

func (x *ResourceContext) String() string

SimulatorClient

type SimulatorClient interface {
	// Gets the specified [Replay][google.cloud.policysimulator.v1.Replay]. Each
	// `Replay` is available for at least 7 days.
	GetReplay(ctx context.Context, in *GetReplayRequest, opts ...grpc.CallOption) (*Replay, error)
	// Creates and starts a [Replay][google.cloud.policysimulator.v1.Replay] using
	// the given [ReplayConfig][google.cloud.policysimulator.v1.ReplayConfig].
	CreateReplay(ctx context.Context, in *CreateReplayRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Lists the results of running a
	// [Replay][google.cloud.policysimulator.v1.Replay].
	ListReplayResults(ctx context.Context, in *ListReplayResultsRequest, opts ...grpc.CallOption) (*ListReplayResultsResponse, error)
}

SimulatorClient is the client API for Simulator service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewSimulatorClient

func NewSimulatorClient(cc grpc.ClientConnInterface) SimulatorClient

SimulatorServer

type SimulatorServer interface {
	// Gets the specified [Replay][google.cloud.policysimulator.v1.Replay]. Each
	// `Replay` is available for at least 7 days.
	GetReplay(context.Context, *GetReplayRequest) (*Replay, error)
	// Creates and starts a [Replay][google.cloud.policysimulator.v1.Replay] using
	// the given [ReplayConfig][google.cloud.policysimulator.v1.ReplayConfig].
	CreateReplay(context.Context, *CreateReplayRequest) (*longrunningpb.Operation, error)
	// Lists the results of running a
	// [Replay][google.cloud.policysimulator.v1.Replay].
	ListReplayResults(context.Context, *ListReplayResultsRequest) (*ListReplayResultsResponse, error)
}

SimulatorServer is the server API for Simulator service.

UnimplementedOrgPolicyViolationsPreviewServiceServer

type UnimplementedOrgPolicyViolationsPreviewServiceServer struct {
}

UnimplementedOrgPolicyViolationsPreviewServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedOrgPolicyViolationsPreviewServiceServer) CreateOrgPolicyViolationsPreview

func (*UnimplementedOrgPolicyViolationsPreviewServiceServer) GetOrgPolicyViolationsPreview

func (*UnimplementedOrgPolicyViolationsPreviewServiceServer) ListOrgPolicyViolations

func (*UnimplementedOrgPolicyViolationsPreviewServiceServer) ListOrgPolicyViolationsPreviews

UnimplementedSimulatorServer

type UnimplementedSimulatorServer struct {
}

UnimplementedSimulatorServer can be embedded to have forward compatible implementations.

func (*UnimplementedSimulatorServer) CreateReplay

func (*UnimplementedSimulatorServer) GetReplay

func (*UnimplementedSimulatorServer) ListReplayResults