Package Classes (0.1.15)

Summary of entries of Classes for policysimulator.

Classes

OrgPolicyViolationsPreviewServiceAsyncClient

Violations Preview API service for OrgPolicy.

An OrgPolicyViolationsPreview is a preview of the violations that will exist as soon as a proposed OrgPolicy change is submitted. To create an OrgPolicyViolationsPreview, the API user specifies the changes they wish to make and requests the generation of a preview via [GenerateViolationsPreview][]. the OrgPolicy Simulator service then scans the API user's currently existing resources to determine these resources violate the newly set OrgPolicy.

OrgPolicyViolationsPreviewServiceClient

Violations Preview API service for OrgPolicy.

An OrgPolicyViolationsPreview is a preview of the violations that will exist as soon as a proposed OrgPolicy change is submitted. To create an OrgPolicyViolationsPreview, the API user specifies the changes they wish to make and requests the generation of a preview via [GenerateViolationsPreview][]. the OrgPolicy Simulator service then scans the API user's currently existing resources to determine these resources violate the newly set OrgPolicy.

ListOrgPolicyViolationsAsyncPager

A pager for iterating through list_org_policy_violations requests.

This class thinly wraps an initial ListOrgPolicyViolationsResponse object, and provides an __aiter__ method to iterate through its org_policy_violations field.

If there are more pages, the __aiter__ method will make additional ListOrgPolicyViolations requests and continue to iterate through the org_policy_violations field on the corresponding responses.

All the usual ListOrgPolicyViolationsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListOrgPolicyViolationsPager

A pager for iterating through list_org_policy_violations requests.

This class thinly wraps an initial ListOrgPolicyViolationsResponse object, and provides an __iter__ method to iterate through its org_policy_violations field.

If there are more pages, the __iter__ method will make additional ListOrgPolicyViolations requests and continue to iterate through the org_policy_violations field on the corresponding responses.

All the usual ListOrgPolicyViolationsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListOrgPolicyViolationsPreviewsAsyncPager

A pager for iterating through list_org_policy_violations_previews requests.

This class thinly wraps an initial ListOrgPolicyViolationsPreviewsResponse object, and provides an __aiter__ method to iterate through its org_policy_violations_previews field.

If there are more pages, the __aiter__ method will make additional ListOrgPolicyViolationsPreviews requests and continue to iterate through the org_policy_violations_previews field on the corresponding responses.

All the usual ListOrgPolicyViolationsPreviewsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListOrgPolicyViolationsPreviewsPager

A pager for iterating through list_org_policy_violations_previews requests.

This class thinly wraps an initial ListOrgPolicyViolationsPreviewsResponse object, and provides an __iter__ method to iterate through its org_policy_violations_previews field.

If there are more pages, the __iter__ method will make additional ListOrgPolicyViolationsPreviews requests and continue to iterate through the org_policy_violations_previews field on the corresponding responses.

All the usual ListOrgPolicyViolationsPreviewsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

SimulatorAsyncClient

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

SimulatorClient

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

ListReplayResultsAsyncPager

A pager for iterating through list_replay_results requests.

This class thinly wraps an initial ListReplayResultsResponse object, and provides an __aiter__ method to iterate through its replay_results field.

If there are more pages, the __aiter__ method will make additional ListReplayResults requests and continue to iterate through the replay_results field on the corresponding responses.

All the usual ListReplayResultsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListReplayResultsPager

A pager for iterating through list_replay_results requests.

This class thinly wraps an initial ListReplayResultsResponse object, and provides an __iter__ method to iterate through its replay_results field.

If there are more pages, the __iter__ method will make additional ListReplayResults requests and continue to iterate through the replay_results field on the corresponding responses.

All the usual ListReplayResultsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

AccessState

Whether a principal has a permission for a resource.

AccessStateDiff

A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.

AccessChangeType

How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.

    -  The principal had access under the current policies
       (`GRANTED`), but their access after the proposed
       changes is `UNKNOWN`.

    -  The principal's access under the current policies is
       `UNKNOWN`, but they will not have access after the
       proposed changes (`NOT_GRANTED`).
ACCESS_MAYBE_GAINED (6):
    This result can occur for the following reasons:

    -  The principal did not have access under the current
       policies (`NOT_GRANTED`), but their access after the
       proposed changes is `UNKNOWN`.

    -  The principal's access under the current policies is
       `UNKNOWN`, but they will have access after the proposed
       changes (`GRANTED`).

AccessTuple

Information about the principal, resource, and permission to check.

BindingExplanation

Details about how a binding in a policy affects a principal's ability to use a permission.

AnnotatedMembership

Details about whether the binding includes the principal.

Membership

Whether the binding includes the principal.

    -  A principal is included directly if that principal is
       listed in the binding.
    -  A principal is included indirectly if that principal is
       in a Google group or Google Workspace domain that is
       listed in the binding.
MEMBERSHIP_NOT_INCLUDED (2):
    The binding does not include the principal.
MEMBERSHIP_UNKNOWN_INFO_DENIED (3):
    The user who created the
    <xref uid="google.cloud.policysimulator.v1.Replay">Replay</xref> is not
    allowed to access the binding.
MEMBERSHIP_UNKNOWN_UNSUPPORTED (4):
    The principal is an unsupported type. Only
    Google Accounts and service accounts are
    supported.

MembershipsEntry

The abstract base class for a message.

RolePermission

Whether a role includes a specific permission.

CreateOrgPolicyViolationsPreviewOperationMetadata

CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.

CreateOrgPolicyViolationsPreviewRequest

CreateOrgPolicyViolationsPreviewRequest is the request message for OrgPolicyViolationsPreviewService.CreateOrgPolicyViolationsPreview.

CreateReplayRequest

Request message for Simulator.CreateReplay.

ExplainedAccess

Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.

ExplainedPolicy

Details about how a specific IAM Policy][google.iam.v1.Policy] contributed to the access check.

GetOrgPolicyViolationsPreviewRequest

GetOrgPolicyViolationsPreviewRequest is the request message for OrgPolicyViolationsPreviewService.GetOrgPolicyViolationsPreview.

GetReplayRequest

Request message for Simulator.GetReplay.

HeuristicRelevance

The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.

ListOrgPolicyViolationsPreviewsRequest

ListOrgPolicyViolationsPreviewsRequest is the request message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews.

ListOrgPolicyViolationsPreviewsResponse

ListOrgPolicyViolationsPreviewsResponse is the response message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews.

ListOrgPolicyViolationsRequest

ListOrgPolicyViolationsRequest is the request message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolations.

ListOrgPolicyViolationsResponse

ListOrgPolicyViolationsResponse is the response message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolations

ListReplayResultsRequest

Request message for Simulator.ListReplayResults.

ListReplayResultsResponse

Response message for Simulator.ListReplayResults.

OrgPolicyOverlay

The proposed changes to OrgPolicy.

CustomConstraintOverlay

A change to an OrgPolicy custom constraint.

PolicyOverlay

A change to an OrgPolicy.

OrgPolicyViolation

OrgPolicyViolation is a resource representing a single resource violating a single OrgPolicy constraint.

OrgPolicyViolationsPreview

OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made.

The list of violations are modeled as child resources and retrieved via a [ListOrgPolicyViolations][] API call. There are potentially more [OrgPolicyViolations][] than could fit in an embedded field. Thus, the use of a child resource instead of a field.

ResourceCounts

A summary of the state of all resources scanned for compliance with the changed OrgPolicy.

PreviewState

The current state of an OrgPolicyViolationsPreview.

Replay

A resource describing a Replay, or simulation.

ResultsSummary

Summary statistics about the replayed log entries.

State

The current state of the Replay.

ReplayConfig

The configuration used for a Replay.

LogSource

The source of the logs to use for a Replay.

PolicyOverlayEntry

The abstract base class for a message.

ReplayDiff

The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.

ReplayOperationMetadata

Metadata about a Replay operation.

ReplayResult

The result of replaying a single access tuple against a simulated state.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

ResourceContext

ResourceContext provides the context we know about a resource. It is similar in concept to google.cloud.asset.v1.Resource, but focuses on the information specifically used by Simulator.

Modules

pagers

API documentation for policysimulator_v1.services.org_policy_violations_preview_service.pagers module.

pagers

API documentation for policysimulator_v1.services.simulator.pagers module.