Package Classes (0.1.11)

Summary of entries of Classes for policysimulator.

Classes

SimulatorAsyncClient

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

SimulatorClient

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

ListReplayResultsAsyncPager

A pager for iterating through list_replay_results requests.

This class thinly wraps an initial ListReplayResultsResponse object, and provides an __aiter__ method to iterate through its replay_results field.

If there are more pages, the __aiter__ method will make additional ListReplayResults requests and continue to iterate through the replay_results field on the corresponding responses.

All the usual ListReplayResultsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListReplayResultsPager

A pager for iterating through list_replay_results requests.

This class thinly wraps an initial ListReplayResultsResponse object, and provides an __iter__ method to iterate through its replay_results field.

If there are more pages, the __iter__ method will make additional ListReplayResults requests and continue to iterate through the replay_results field on the corresponding responses.

All the usual ListReplayResultsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

AccessState

Whether a principal has a permission for a resource.

AccessStateDiff

A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.

AccessChangeType

How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.

    -  The principal had access under the current policies
       (`GRANTED`), but their access after the proposed
       changes is `UNKNOWN`.

    -  The principal's access under the current policies is
       `UNKNOWN`, but they will not have access after the
       proposed changes (`NOT_GRANTED`).
ACCESS_MAYBE_GAINED (6):
    This result can occur for the following reasons:

    -  The principal did not have access under the current
       policies (`NOT_GRANTED`), but their access after the
       proposed changes is `UNKNOWN`.

    -  The principal's access under the current policies is
       `UNKNOWN`, but they will have access after the proposed
       changes (`GRANTED`).

AccessTuple

Information about the principal, resource, and permission to check.

BindingExplanation

Details about how a binding in a policy affects a principal's ability to use a permission.

AnnotatedMembership

Details about whether the binding includes the principal.

Membership

Whether the binding includes the principal.

    -  A principal is included directly if that principal is
       listed in the binding.
    -  A principal is included indirectly if that principal is
       in a Google group or Google Workspace domain that is
       listed in the binding.
MEMBERSHIP_NOT_INCLUDED (2):
    The binding does not include the principal.
MEMBERSHIP_UNKNOWN_INFO_DENIED (3):
    The user who created the
    <xref uid="google.cloud.policysimulator.v1.Replay">Replay</xref> is not
    allowed to access the binding.
MEMBERSHIP_UNKNOWN_UNSUPPORTED (4):
    The principal is an unsupported type. Only
    Google Accounts and service accounts are
    supported.

MembershipsEntry

The abstract base class for a message.

RolePermission

Whether a role includes a specific permission.

CreateReplayRequest

Request message for Simulator.CreateReplay.

ExplainedAccess

Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.

ExplainedPolicy

Details about how a specific IAM Policy][google.iam.v1.Policy] contributed to the access check.

GetReplayRequest

Request message for Simulator.GetReplay.

HeuristicRelevance

The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.

ListReplayResultsRequest

Request message for Simulator.ListReplayResults.

ListReplayResultsResponse

Response message for Simulator.ListReplayResults.

Replay

A resource describing a Replay, or simulation.

ResultsSummary

Summary statistics about the replayed log entries.

State

The current state of the Replay.

ReplayConfig

The configuration used for a Replay.

LogSource

The source of the logs to use for a Replay.

PolicyOverlayEntry

The abstract base class for a message.

ReplayDiff

The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.

ReplayOperationMetadata

Metadata about a Replay operation.

ReplayResult

The result of replaying a single access tuple against a simulated state.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Modules

pagers

API documentation for policysimulator_v1.services.simulator.pagers module.