Package Classes (0.1.15)

Violations Preview API service for OrgPolicy.

An OrgPolicyViolationsPreview is a preview of the violations that will exist as soon as a proposed OrgPolicy change is submitted. To create an OrgPolicyViolationsPreview, the API user specifies the changes they wish to make and requests the generation of a preview via [GenerateViolationsPreview][]. the OrgPolicy Simulator service then scans the API user's currently existing resources to determine these resources violate the newly set OrgPolicy.

Violations Preview API service for OrgPolicy.

An OrgPolicyViolationsPreview is a preview of the violations that will exist as soon as a proposed OrgPolicy change is submitted. To create an OrgPolicyViolationsPreview, the API user specifies the changes they wish to make and requests the generation of a preview via [GenerateViolationsPreview][]. the OrgPolicy Simulator service then scans the API user's currently existing resources to determine these resources violate the newly set OrgPolicy.

A pager for iterating through list_org_policy_violations requests.

This class thinly wraps an initial ListOrgPolicyViolationsResponse object, and provides an __aiter__ method to iterate through its org_policy_violations field.

If there are more pages, the __aiter__ method will make additional ListOrgPolicyViolations requests and continue to iterate through the org_policy_violations field on the corresponding responses.

All the usual ListOrgPolicyViolationsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_org_policy_violations requests.

This class thinly wraps an initial ListOrgPolicyViolationsResponse object, and provides an __iter__ method to iterate through its org_policy_violations field.

If there are more pages, the __iter__ method will make additional ListOrgPolicyViolations requests and continue to iterate through the org_policy_violations field on the corresponding responses.

All the usual ListOrgPolicyViolationsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_org_policy_violations_previews requests.

This class thinly wraps an initial ListOrgPolicyViolationsPreviewsResponse object, and provides an __aiter__ method to iterate through its org_policy_violations_previews field.

If there are more pages, the __aiter__ method will make additional ListOrgPolicyViolationsPreviews requests and continue to iterate through the org_policy_violations_previews field on the corresponding responses.

All the usual ListOrgPolicyViolationsPreviewsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_org_policy_violations_previews requests.

This class thinly wraps an initial ListOrgPolicyViolationsPreviewsResponse object, and provides an __iter__ method to iterate through its org_policy_violations_previews field.

If there are more pages, the __iter__ method will make additional ListOrgPolicyViolationsPreviews requests and continue to iterate through the org_policy_violations_previews field on the corresponding responses.

All the usual ListOrgPolicyViolationsPreviewsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

A pager for iterating through list_replay_results requests.

This class thinly wraps an initial ListReplayResultsResponse object, and provides an __aiter__ method to iterate through its replay_results field.

If there are more pages, the __aiter__ method will make additional ListReplayResults requests and continue to iterate through the replay_results field on the corresponding responses.

All the usual ListReplayResultsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_replay_results requests.

This class thinly wraps an initial ListReplayResultsResponse object, and provides an __iter__ method to iterate through its replay_results field.

If there are more pages, the __iter__ method will make additional ListReplayResults requests and continue to iterate through the replay_results field on the corresponding responses.

All the usual ListReplayResultsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Whether a principal has a permission for a resource.

A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.

How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.

    -  The principal had access under the current policies
       (`GRANTED`), but their access after the proposed
       changes is `UNKNOWN`.

    -  The principal's access under the current policies is
       `UNKNOWN`, but they will not have access after the
       proposed changes (`NOT_GRANTED`).
ACCESS_MAYBE_GAINED (6):
    This result can occur for the following reasons:

    -  The principal did not have access under the current
       policies (`NOT_GRANTED`), but their access after the
       proposed changes is `UNKNOWN`.

    -  The principal's access under the current policies is
       `UNKNOWN`, but they will have access after the proposed
       changes (`GRANTED`).

Information about the principal, resource, and permission to check.

Details about how a binding in a policy affects a principal's ability to use a permission.

Details about whether the binding includes the principal.

Whether the binding includes the principal.

    -  A principal is included directly if that principal is
       listed in the binding.
    -  A principal is included indirectly if that principal is
       in a Google group or Google Workspace domain that is
       listed in the binding.
MEMBERSHIP_NOT_INCLUDED (2):
    The binding does not include the principal.
MEMBERSHIP_UNKNOWN_INFO_DENIED (3):
    The user who created the
    <xref uid="google.cloud.policysimulator.v1.Replay">Replay</xref> is not
    allowed to access the binding.
MEMBERSHIP_UNKNOWN_UNSUPPORTED (4):
    The principal is an unsupported type. Only
    Google Accounts and service accounts are
    supported.

The abstract base class for a message.

Whether a role includes a specific permission.

CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.

CreateOrgPolicyViolationsPreviewRequest is the request message for OrgPolicyViolationsPreviewService.CreateOrgPolicyViolationsPreview.

Request message for Simulator.CreateReplay.

Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.

Details about how a specific IAM Policy][google.iam.v1.Policy] contributed to the access check.

GetOrgPolicyViolationsPreviewRequest is the request message for OrgPolicyViolationsPreviewService.GetOrgPolicyViolationsPreview.

Request message for Simulator.GetReplay.

The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.

ListOrgPolicyViolationsPreviewsRequest is the request message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews.

ListOrgPolicyViolationsPreviewsResponse is the response message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews.

ListOrgPolicyViolationsRequest is the request message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolations.

ListOrgPolicyViolationsResponse is the response message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolations

Request message for Simulator.ListReplayResults.

Response message for Simulator.ListReplayResults.

The proposed changes to OrgPolicy.

A change to an OrgPolicy custom constraint.

A change to an OrgPolicy.

OrgPolicyViolation is a resource representing a single resource violating a single OrgPolicy constraint.

OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made.

The list of violations are modeled as child resources and retrieved via a [ListOrgPolicyViolations][] API call. There are potentially more [OrgPolicyViolations][] than could fit in an embedded field. Thus, the use of a child resource instead of a field.

A summary of the state of all resources scanned for compliance with the changed OrgPolicy.

The current state of an OrgPolicyViolationsPreview.

A resource describing a Replay, or simulation.

Summary statistics about the replayed log entries.

The current state of the Replay.

The configuration used for a Replay.

The source of the logs to use for a Replay.

The abstract base class for a message.

The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.

Metadata about a Replay operation.

The result of replaying a single access tuple against a simulated state.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

ResourceContext provides the context we know about a resource. It is similar in concept to google.cloud.asset.v1.Resource, but focuses on the information specifically used by Simulator.

API documentation for policysimulator_v1.services.org_policy_violations_preview_service.pagers module.

API documentation for policysimulator_v1.services.simulator.pagers module.