Google Cloud Policy Troubleshooter Iam V3 Client - Class AccessTuple (0.2.7)

Reference documentation and code samples for the Google Cloud Policy Troubleshooter Iam V3 Client class AccessTuple.

Information about the principal, resource, and permission to check.

Generated from protobuf message google.cloud.policytroubleshooter.iam.v3.AccessTuple

Namespace

Google \ Cloud \ PolicyTroubleshooter \ Iam \ V3

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ principal string

Required. The email address of the principal whose access you want to check. For example, alice@example.com or my-service-account@my-project.iam.gserviceaccount.com. The principal must be a Google Account or a service account. Other types of principals are not supported.

↳ full_resource_name string

Required. The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

↳ permission string

Required. The IAM permission to check for, either in the v1 permission format or the v2 permission format. For a complete list of IAM permissions in the v1 format, see https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the v2 format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete list of predefined IAM roles and the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

↳ permission_fqdn string

Output only. The permission that Policy Troubleshooter checked for, in the v2 format.

↳ condition_context ConditionContext

Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.

getPrincipal

Required. The email address of the principal whose access you want to check. For example, alice@example.com or my-service-account@my-project.iam.gserviceaccount.com.

The principal must be a Google Account or a service account. Other types of principals are not supported.

Returns
Type Description
string

setPrincipal

Required. The email address of the principal whose access you want to check. For example, alice@example.com or my-service-account@my-project.iam.gserviceaccount.com.

The principal must be a Google Account or a service account. Other types of principals are not supported.

Parameter
Name Description
var string
Returns
Type Description
$this

getFullResourceName

Required. The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Returns
Type Description
string

setFullResourceName

Required. The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Parameter
Name Description
var string
Returns
Type Description
$this

getPermission

Required. The IAM permission to check for, either in the v1 permission format or the v2 permission format.

For a complete list of IAM permissions in the v1 format, see https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the v2 format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete list of predefined IAM roles and the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

Returns
Type Description
string

setPermission

Required. The IAM permission to check for, either in the v1 permission format or the v2 permission format.

For a complete list of IAM permissions in the v1 format, see https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the v2 format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete list of predefined IAM roles and the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

Parameter
Name Description
var string
Returns
Type Description
$this

getPermissionFqdn

Output only. The permission that Policy Troubleshooter checked for, in the v2 format.

Returns
Type Description
string

setPermissionFqdn

Output only. The permission that Policy Troubleshooter checked for, in the v2 format.

Parameter
Name Description
var string
Returns
Type Description
$this

getConditionContext

Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.

Returns
Type Description
ConditionContext|null

hasConditionContext

clearConditionContext

setConditionContext

Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.

Parameter
Name Description
var ConditionContext
Returns
Type Description
$this