Package Classes (0.1.14)

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

A pager for iterating through list_replay_results requests.

This class thinly wraps an initial ListReplayResultsResponse object, and provides an __aiter__ method to iterate through its replay_results field.

If there are more pages, the __aiter__ method will make additional ListReplayResults requests and continue to iterate through the replay_results field on the corresponding responses.

All the usual ListReplayResultsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_replay_results requests.

This class thinly wraps an initial ListReplayResultsResponse object, and provides an __iter__ method to iterate through its replay_results field.

If there are more pages, the __iter__ method will make additional ListReplayResults requests and continue to iterate through the replay_results field on the corresponding responses.

All the usual ListReplayResultsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Whether a principal has a permission for a resource.

A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.

How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.

    -  The principal had access under the current policies
       (`GRANTED`), but their access after the proposed
       changes is `UNKNOWN`.

    -  The principal's access under the current policies is
       `UNKNOWN`, but they will not have access after the
       proposed changes (`NOT_GRANTED`).
ACCESS_MAYBE_GAINED (6):
    This result can occur for the following reasons:

    -  The principal did not have access under the current
       policies (`NOT_GRANTED`), but their access after the
       proposed changes is `UNKNOWN`.

    -  The principal's access under the current policies is
       `UNKNOWN`, but they will have access after the proposed
       changes (`GRANTED`).

Information about the principal, resource, and permission to check.

Details about how a binding in a policy affects a principal's ability to use a permission.

Details about whether the binding includes the principal.

Whether the binding includes the principal.

    -  A principal is included directly if that principal is
       listed in the binding.
    -  A principal is included indirectly if that principal is
       in a Google group or Google Workspace domain that is
       listed in the binding.
MEMBERSHIP_NOT_INCLUDED (2):
    The binding does not include the principal.
MEMBERSHIP_UNKNOWN_INFO_DENIED (3):
    The user who created the
    <xref uid="google.cloud.policysimulator.v1.Replay">Replay</xref> is not
    allowed to access the binding.
MEMBERSHIP_UNKNOWN_UNSUPPORTED (4):
    The principal is an unsupported type. Only
    Google Accounts and service accounts are
    supported.

The abstract base class for a message.

Whether a role includes a specific permission.

Request message for Simulator.CreateReplay.

Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.

Details about how a specific IAM Policy][google.iam.v1.Policy] contributed to the access check.

Request message for Simulator.GetReplay.

The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.

Request message for Simulator.ListReplayResults.

Response message for Simulator.ListReplayResults.

A resource describing a Replay, or simulation.

Summary statistics about the replayed log entries.

The current state of the Replay.

The configuration used for a Replay.

The source of the logs to use for a Replay.

The abstract base class for a message.

The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.

Metadata about a Replay operation.

The result of replaying a single access tuple against a simulated state.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

API documentation for policysimulator_v1.services.simulator.pagers module.