A client to Policy Simulator API
The interfaces provided are listed below, along with usage samples.
SimulatorClient
Service Description: Policy Simulator API service.
Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.
During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.
Sample for SimulatorClient:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (SimulatorClient simulatorClient = SimulatorClient.create()) {
ReplayName name =
ReplayName.ofProjectLocationReplayName("[PROJECT]", "[LOCATION]", "[REPLAY]");
Replay response = simulatorClient.getReplay(name);
}
Classes
AccessStateDiff
A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.
Protobuf type google.cloud.policysimulator.v1.AccessStateDiff
AccessStateDiff.Builder
A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.
Protobuf type google.cloud.policysimulator.v1.AccessStateDiff
AccessTuple
Information about the principal, resource, and permission to check.
Protobuf type google.cloud.policysimulator.v1.AccessTuple
AccessTuple.Builder
Information about the principal, resource, and permission to check.
Protobuf type google.cloud.policysimulator.v1.AccessTuple
BindingExplanation
Details about how a binding in a policy affects a principal's ability to use a permission.
Protobuf type google.cloud.policysimulator.v1.BindingExplanation
BindingExplanation.AnnotatedMembership
Details about whether the binding includes the principal.
Protobuf type google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership
BindingExplanation.AnnotatedMembership.Builder
Details about whether the binding includes the principal.
Protobuf type google.cloud.policysimulator.v1.BindingExplanation.AnnotatedMembership
BindingExplanation.Builder
Details about how a binding in a policy affects a principal's ability to use a permission.
Protobuf type google.cloud.policysimulator.v1.BindingExplanation
CreateReplayRequest
Request message for Simulator.CreateReplay.
Protobuf type google.cloud.policysimulator.v1.CreateReplayRequest
CreateReplayRequest.Builder
Request message for Simulator.CreateReplay.
Protobuf type google.cloud.policysimulator.v1.CreateReplayRequest
ExplainedAccess
Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.
Protobuf type google.cloud.policysimulator.v1.ExplainedAccess
ExplainedAccess.Builder
Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.
Protobuf type google.cloud.policysimulator.v1.ExplainedAccess
ExplainedPolicy
Details about how a specific IAM Policy contributed to the access check.
Protobuf type google.cloud.policysimulator.v1.ExplainedPolicy
ExplainedPolicy.Builder
Details about how a specific IAM Policy contributed to the access check.
Protobuf type google.cloud.policysimulator.v1.ExplainedPolicy
ExplanationsProto
GetReplayRequest
Request message for Simulator.GetReplay.
Protobuf type google.cloud.policysimulator.v1.GetReplayRequest
GetReplayRequest.Builder
Request message for Simulator.GetReplay.
Protobuf type google.cloud.policysimulator.v1.GetReplayRequest
ListReplayResultsRequest
Request message for Simulator.ListReplayResults.
Protobuf type google.cloud.policysimulator.v1.ListReplayResultsRequest
ListReplayResultsRequest.Builder
Request message for Simulator.ListReplayResults.
Protobuf type google.cloud.policysimulator.v1.ListReplayResultsRequest
ListReplayResultsResponse
Response message for Simulator.ListReplayResults.
Protobuf type google.cloud.policysimulator.v1.ListReplayResultsResponse
ListReplayResultsResponse.Builder
Response message for Simulator.ListReplayResults.
Protobuf type google.cloud.policysimulator.v1.ListReplayResultsResponse
Replay
A resource describing a Replay, or simulation.
Protobuf type google.cloud.policysimulator.v1.Replay
Replay.Builder
A resource describing a Replay, or simulation.
Protobuf type google.cloud.policysimulator.v1.Replay
Replay.ResultsSummary
Summary statistics about the replayed log entries.
Protobuf type google.cloud.policysimulator.v1.Replay.ResultsSummary
Replay.ResultsSummary.Builder
Summary statistics about the replayed log entries.
Protobuf type google.cloud.policysimulator.v1.Replay.ResultsSummary
ReplayConfig
The configuration used for a Replay.
Protobuf type google.cloud.policysimulator.v1.ReplayConfig
ReplayConfig.Builder
The configuration used for a Replay.
Protobuf type google.cloud.policysimulator.v1.ReplayConfig
ReplayDiff
The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.
Protobuf type google.cloud.policysimulator.v1.ReplayDiff
ReplayDiff.Builder
The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.
Protobuf type google.cloud.policysimulator.v1.ReplayDiff
ReplayName
ReplayName.Builder
Builder for projects/{project}/locations/{location}/replays/{replay}.
ReplayName.FolderLocationReplayBuilder
Builder for folders/{folder}/locations/{location}/replays/{replay}.
ReplayName.OrganizationLocationReplayBuilder
Builder for organizations/{organization}/locations/{location}/replays/{replay}.
ReplayOperationMetadata
Metadata about a Replay operation.
Protobuf type google.cloud.policysimulator.v1.ReplayOperationMetadata
ReplayOperationMetadata.Builder
Metadata about a Replay operation.
Protobuf type google.cloud.policysimulator.v1.ReplayOperationMetadata
ReplayResult
The result of replaying a single access tuple against a simulated state.
Protobuf type google.cloud.policysimulator.v1.ReplayResult
ReplayResult.Builder
The result of replaying a single access tuple against a simulated state.
Protobuf type google.cloud.policysimulator.v1.ReplayResult
SimulatorClient
Service Description: Policy Simulator API service.
Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.
During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (SimulatorClient simulatorClient = SimulatorClient.create()) {
ReplayName name =
ReplayName.ofProjectLocationReplayName("[PROJECT]", "[LOCATION]", "[REPLAY]");
Replay response = simulatorClient.getReplay(name);
}
Note: close() needs to be called on the SimulatorClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
The surface of this class includes several types of Java methods for each of the API's methods:
- A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
- A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
- A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of SimulatorSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
SimulatorSettings simulatorSettings =
SimulatorSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
SimulatorClient simulatorClient = SimulatorClient.create(simulatorSettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
SimulatorSettings simulatorSettings =
SimulatorSettings.newBuilder().setEndpoint(myEndpoint).build();
SimulatorClient simulatorClient = SimulatorClient.create(simulatorSettings);
To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
SimulatorSettings simulatorSettings = SimulatorSettings.newHttpJsonBuilder().build();
SimulatorClient simulatorClient = SimulatorClient.create(simulatorSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
SimulatorClient.ListReplayResultsFixedSizeCollection
SimulatorClient.ListReplayResultsPage
SimulatorClient.ListReplayResultsPagedResponse
SimulatorGrpc
Policy Simulator API service. Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy. During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.
SimulatorGrpc.SimulatorBlockingStub
A stub to allow clients to do synchronous rpc calls to service Simulator.
Policy Simulator API service. Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy. During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.
SimulatorGrpc.SimulatorFutureStub
A stub to allow clients to do ListenableFuture-style rpc calls to service Simulator.
Policy Simulator API service. Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy. During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.
SimulatorGrpc.SimulatorImplBase
Base class for the server implementation of the service Simulator.
Policy Simulator API service. Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy. During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.
SimulatorGrpc.SimulatorStub
A stub to allow clients to do asynchronous rpc calls to service Simulator.
Policy Simulator API service. Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy. During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.
SimulatorProto
SimulatorSettings
Settings class to configure an instance of SimulatorClient.
The default instance has everything set to sensible defaults:
- The default service address (policysimulator.googleapis.com) and default port (443) are used.
- Credentials are acquired automatically through Application Default Credentials.
- Retries are configured for idempotent methods but not for non-idempotent methods.
The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.
For example, to set the total timeout of getReplay to 30 seconds:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
SimulatorSettings.Builder simulatorSettingsBuilder = SimulatorSettings.newBuilder();
simulatorSettingsBuilder
.getReplaySettings()
.setRetrySettings(
simulatorSettingsBuilder
.getReplaySettings()
.getRetrySettings()
.toBuilder()
.setTotalTimeout(Duration.ofSeconds(30))
.build());
SimulatorSettings simulatorSettings = simulatorSettingsBuilder.build();
SimulatorSettings.Builder
Builder for SimulatorSettings.
Interfaces
AccessStateDiffOrBuilder
AccessTupleOrBuilder
BindingExplanation.AnnotatedMembershipOrBuilder
BindingExplanationOrBuilder
CreateReplayRequestOrBuilder
ExplainedAccessOrBuilder
ExplainedPolicyOrBuilder
GetReplayRequestOrBuilder
ListReplayResultsRequestOrBuilder
ListReplayResultsResponseOrBuilder
Replay.ResultsSummaryOrBuilder
ReplayConfigOrBuilder
ReplayDiffOrBuilder
ReplayOperationMetadataOrBuilder
ReplayOrBuilder
ReplayResultOrBuilder
SimulatorGrpc.AsyncService
Policy Simulator API service. Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy. During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.
Enums
AccessState
Whether a principal has a permission for a resource.
Protobuf enum google.cloud.policysimulator.v1.AccessState
AccessStateDiff.AccessChangeType
How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.
Protobuf enum google.cloud.policysimulator.v1.AccessStateDiff.AccessChangeType
BindingExplanation.Membership
Whether the binding includes the principal.
Protobuf enum google.cloud.policysimulator.v1.BindingExplanation.Membership
BindingExplanation.RolePermission
Whether a role includes a specific permission.
Protobuf enum google.cloud.policysimulator.v1.BindingExplanation.RolePermission
HeuristicRelevance
The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.
Protobuf enum google.cloud.policysimulator.v1.HeuristicRelevance
Replay.State
The current state of the Replay.
Protobuf enum google.cloud.policysimulator.v1.Replay.State
ReplayConfig.LogSource
The source of the logs to use for a Replay.
Protobuf enum google.cloud.policysimulator.v1.ReplayConfig.LogSource