public final class AllowBindingExplanation extends GeneratedMessageV3 implements AllowBindingExplanationOrBuilder
Details about how a role binding in an allow policy affects a principal's
ability to use a permission.
Protobuf type google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation
Inherited Members
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT)
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT,int)
com.google.protobuf.GeneratedMessageV3.<T>emptyList(java.lang.Class<T>)
com.google.protobuf.GeneratedMessageV3.internalGetMapFieldReflection(int)
Static Fields
ALLOW_ACCESS_STATE_FIELD_NUMBER
public static final int ALLOW_ACCESS_STATE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
COMBINED_MEMBERSHIP_FIELD_NUMBER
public static final int COMBINED_MEMBERSHIP_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
CONDITION_EXPLANATION_FIELD_NUMBER
public static final int CONDITION_EXPLANATION_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
CONDITION_FIELD_NUMBER
public static final int CONDITION_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
MEMBERSHIPS_FIELD_NUMBER
public static final int MEMBERSHIPS_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
RELEVANCE_FIELD_NUMBER
public static final int RELEVANCE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
ROLE_FIELD_NUMBER
public static final int ROLE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
ROLE_PERMISSION_FIELD_NUMBER
public static final int ROLE_PERMISSION_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
ROLE_PERMISSION_RELEVANCE_FIELD_NUMBER
public static final int ROLE_PERMISSION_RELEVANCE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
Static Methods
getDefaultInstance()
public static AllowBindingExplanation getDefaultInstance()
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
newBuilder()
public static AllowBindingExplanation.Builder newBuilder()
newBuilder(AllowBindingExplanation prototype)
public static AllowBindingExplanation.Builder newBuilder(AllowBindingExplanation prototype)
public static AllowBindingExplanation parseDelimitedFrom(InputStream input)
public static AllowBindingExplanation parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(byte[] data)
public static AllowBindingExplanation parseFrom(byte[] data)
Parameter |
---|
Name | Description |
data | byte[]
|
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static AllowBindingExplanation parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteString data)
public static AllowBindingExplanation parseFrom(ByteString data)
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static AllowBindingExplanation parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static AllowBindingExplanation parseFrom(CodedInputStream input)
public static AllowBindingExplanation parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public static AllowBindingExplanation parseFrom(InputStream input)
public static AllowBindingExplanation parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteBuffer data)
public static AllowBindingExplanation parseFrom(ByteBuffer data)
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static AllowBindingExplanation parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
parser()
public static Parser<AllowBindingExplanation> parser()
Methods
containsMemberships(String key)
public boolean containsMemberships(String key)
Indicates whether each role binding includes the principal specified in the
request, either directly or indirectly. Each key identifies a principal in
the role binding, and each value indicates whether the principal in the
role binding includes the principal in the request.
For example, suppose that a role binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access for user:bob@example.com
. This user is a
member of the group group:product-eng@example.com
.
For the first principal in the role binding, the key is
user:alice@example.com
, and the membership
field in the value is set to
NOT_INCLUDED
.
For the second principal in the role binding, the key is
group:product-eng@example.com
, and the membership
field in the value is
set to INCLUDED
.
map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;
Parameter |
---|
Name | Description |
key | String
|
equals(Object obj)
public boolean equals(Object obj)
Parameter |
---|
Name | Description |
obj | Object
|
Overrides
getAllowAccessState()
public AllowAccessState getAllowAccessState()
Required. Indicates whether this role binding gives the specified
permission to the specified principal on the specified resource.
This field does not indicate whether the principal actually has the
permission on the resource. There might be another role binding that
overrides this role binding. To determine whether the principal actually
has the permission, use the overall_access_state
field in the
TroubleshootIamPolicyResponse.
.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];
getAllowAccessStateValue()
public int getAllowAccessStateValue()
Required. Indicates whether this role binding gives the specified
permission to the specified principal on the specified resource.
This field does not indicate whether the principal actually has the
permission on the resource. There might be another role binding that
overrides this role binding. To determine whether the principal actually
has the permission, use the overall_access_state
field in the
TroubleshootIamPolicyResponse.
.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];
Returns |
---|
Type | Description |
int | The enum numeric value on the wire for allowAccessState.
|
getCombinedMembership()
public AllowBindingExplanation.AnnotatedAllowMembership getCombinedMembership()
The combined result of all memberships. Indicates if the principal is
included in any role binding, either directly or indirectly.
.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;
getCombinedMembershipOrBuilder()
public AllowBindingExplanation.AnnotatedAllowMembershipOrBuilder getCombinedMembershipOrBuilder()
The combined result of all memberships. Indicates if the principal is
included in any role binding, either directly or indirectly.
.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;
getCondition()
public Expr getCondition()
Returns |
---|
Type | Description |
com.google.type.Expr | The condition.
|
getConditionExplanation()
public ConditionExplanation getConditionExplanation()
Condition evaluation state for this role binding.
.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;
getConditionExplanationOrBuilder()
public ConditionExplanationOrBuilder getConditionExplanationOrBuilder()
Condition evaluation state for this role binding.
.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;
getConditionOrBuilder()
public ExprOrBuilder getConditionOrBuilder()
Returns |
---|
Type | Description |
com.google.type.ExprOrBuilder | |
getDefaultInstanceForType()
public AllowBindingExplanation getDefaultInstanceForType()
getMemberships() (deprecated)
public Map<String,AllowBindingExplanation.AnnotatedAllowMembership> getMemberships()
getMembershipsCount()
public int getMembershipsCount()
Indicates whether each role binding includes the principal specified in the
request, either directly or indirectly. Each key identifies a principal in
the role binding, and each value indicates whether the principal in the
role binding includes the principal in the request.
For example, suppose that a role binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access for user:bob@example.com
. This user is a
member of the group group:product-eng@example.com
.
For the first principal in the role binding, the key is
user:alice@example.com
, and the membership
field in the value is set to
NOT_INCLUDED
.
For the second principal in the role binding, the key is
group:product-eng@example.com
, and the membership
field in the value is
set to INCLUDED
.
map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;
Returns |
---|
Type | Description |
int | |
getMembershipsMap()
public Map<String,AllowBindingExplanation.AnnotatedAllowMembership> getMembershipsMap()
Indicates whether each role binding includes the principal specified in the
request, either directly or indirectly. Each key identifies a principal in
the role binding, and each value indicates whether the principal in the
role binding includes the principal in the request.
For example, suppose that a role binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access for user:bob@example.com
. This user is a
member of the group group:product-eng@example.com
.
For the first principal in the role binding, the key is
user:alice@example.com
, and the membership
field in the value is set to
NOT_INCLUDED
.
For the second principal in the role binding, the key is
group:product-eng@example.com
, and the membership
field in the value is
set to INCLUDED
.
map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;
getMembershipsOrDefault(String key, AllowBindingExplanation.AnnotatedAllowMembership defaultValue)
public AllowBindingExplanation.AnnotatedAllowMembership getMembershipsOrDefault(String key, AllowBindingExplanation.AnnotatedAllowMembership defaultValue)
Indicates whether each role binding includes the principal specified in the
request, either directly or indirectly. Each key identifies a principal in
the role binding, and each value indicates whether the principal in the
role binding includes the principal in the request.
For example, suppose that a role binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access for user:bob@example.com
. This user is a
member of the group group:product-eng@example.com
.
For the first principal in the role binding, the key is
user:alice@example.com
, and the membership
field in the value is set to
NOT_INCLUDED
.
For the second principal in the role binding, the key is
group:product-eng@example.com
, and the membership
field in the value is
set to INCLUDED
.
map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;
getMembershipsOrThrow(String key)
public AllowBindingExplanation.AnnotatedAllowMembership getMembershipsOrThrow(String key)
Indicates whether each role binding includes the principal specified in the
request, either directly or indirectly. Each key identifies a principal in
the role binding, and each value indicates whether the principal in the
role binding includes the principal in the request.
For example, suppose that a role binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access for user:bob@example.com
. This user is a
member of the group group:product-eng@example.com
.
For the first principal in the role binding, the key is
user:alice@example.com
, and the membership
field in the value is set to
NOT_INCLUDED
.
For the second principal in the role binding, the key is
group:product-eng@example.com
, and the membership
field in the value is
set to INCLUDED
.
map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;
Parameter |
---|
Name | Description |
key | String
|
getParserForType()
public Parser<AllowBindingExplanation> getParserForType()
Overrides
getRelevance()
public HeuristicRelevance getRelevance()
The relevance of this role binding to the overall determination for the
entire policy.
.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;
getRelevanceValue()
public int getRelevanceValue()
The relevance of this role binding to the overall determination for the
entire policy.
.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;
Returns |
---|
Type | Description |
int | The enum numeric value on the wire for relevance.
|
getRole()
Returns |
---|
Type | Description |
String | The role.
|
getRoleBytes()
public ByteString getRoleBytes()
Returns |
---|
Type | Description |
ByteString | The bytes for role.
|
getRolePermission()
public RolePermissionInclusionState getRolePermission()
Indicates whether the role granted by this role binding contains the
specified permission.
.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;
getRolePermissionRelevance()
public HeuristicRelevance getRolePermissionRelevance()
The relevance of the permission's existence, or nonexistence, in the role
to the overall determination for the entire policy.
.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;
getRolePermissionRelevanceValue()
public int getRolePermissionRelevanceValue()
The relevance of the permission's existence, or nonexistence, in the role
to the overall determination for the entire policy.
.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;
Returns |
---|
Type | Description |
int | The enum numeric value on the wire for rolePermissionRelevance.
|
getRolePermissionValue()
public int getRolePermissionValue()
Indicates whether the role granted by this role binding contains the
specified permission.
.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;
Returns |
---|
Type | Description |
int | The enum numeric value on the wire for rolePermission.
|
getSerializedSize()
public int getSerializedSize()
Returns |
---|
Type | Description |
int | |
Overrides
hasCombinedMembership()
public boolean hasCombinedMembership()
The combined result of all memberships. Indicates if the principal is
included in any role binding, either directly or indirectly.
.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;
Returns |
---|
Type | Description |
boolean | Whether the combinedMembership field is set.
|
hasCondition()
public boolean hasCondition()
Returns |
---|
Type | Description |
boolean | Whether the condition field is set.
|
hasConditionExplanation()
public boolean hasConditionExplanation()
Condition evaluation state for this role binding.
.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;
Returns |
---|
Type | Description |
boolean | Whether the conditionExplanation field is set.
|
hashCode()
Returns |
---|
Type | Description |
int | |
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Overrides
internalGetMapFieldReflection(int number)
protected MapFieldReflectionAccessor internalGetMapFieldReflection(int number)
Parameter |
---|
Name | Description |
number | int
|
Returns |
---|
Type | Description |
com.google.protobuf.MapFieldReflectionAccessor | |
Overrides
com.google.protobuf.GeneratedMessageV3.internalGetMapFieldReflection(int)
isInitialized()
public final boolean isInitialized()
Overrides
newBuilderForType()
public AllowBindingExplanation.Builder newBuilderForType()
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected AllowBindingExplanation.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Overrides
toBuilder()
public AllowBindingExplanation.Builder toBuilder()
writeTo(CodedOutputStream output)
public void writeTo(CodedOutputStream output)
Overrides