Package Classes (0.1.10)

Summary of entries of Classes for policytroubleshooter-iam.

Classes

PolicyTroubleshooterAsyncClient

IAM Policy Troubleshooter service.

This service helps you troubleshoot access issues for Google Cloud resources.

PolicyTroubleshooterClient

IAM Policy Troubleshooter service.

This service helps you troubleshoot access issues for Google Cloud resources.

AccessTuple

Information about the principal, resource, and permission to check.

AllowAccessState

Whether IAM allow policies gives the principal the permission.

AllowBindingExplanation

Details about how a role binding in an allow policy affects a principal's ability to use a permission.

AnnotatedAllowMembership

Details about whether the role binding includes the principal.

MembershipsEntry

The abstract base class for a message.

AllowPolicyExplanation

Details about how the relevant IAM allow policies affect the final access state.

ConditionContext

Additional context for troubleshooting conditional role bindings and deny rules.

EffectiveTag

A tag that applies to a resource during policy evaluation. Tags can be either directly bound to a resource or inherited from its ancestor. EffectiveTag contains the name and namespaced_name of the tag value and tag key, with additional fields of inherited to indicate the inheritance status of the effective tag.

Peer

This message defines attributes for a node that handles a network request. The node can be either a service or an application that sends, forwards, or receives the request. Service peers should fill in principal and labels as appropriate.

Request

This message defines attributes for an HTTP request. If the actual request is not an HTTP request, the runtime system should try to map the actual request to an equivalent HTTP request.

Resource

Core attributes for a resource. A resource is an addressable (named) entity provided by the destination service. For example, a Compute Engine instance.

ConditionExplanation

Explanation for how a condition affects a principal's access

EvaluationState

Evaluated state of a condition expression.

DenyAccessState

Whether IAM deny policies deny the principal the permission.

DenyPolicyExplanation

Details about how the relevant IAM deny policies affect the final access state.

DenyRuleExplanation

Details about how a deny rule in a deny policy affects a principal's ability to use a permission.

AnnotatedDenyPrincipalMatching

Details about whether the principal in the request is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

AnnotatedPermissionMatching

Details about whether the permission in the request is denied by the deny rule.

DeniedPermissionsEntry

The abstract base class for a message.

DeniedPrincipalsEntry

The abstract base class for a message.

ExceptionPermissionsEntry

The abstract base class for a message.

ExceptionPrincipalsEntry

The abstract base class for a message.

ExplainedAllowPolicy

Details about how a specific IAM allow policy contributed to the final access state.

ExplainedDenyPolicy

Details about how a specific IAM deny policy Policy][google.iam.v2.Policy] contributed to the access check.

ExplainedDenyResource

Details about how a specific resource contributed to the deny policy evaluation.

HeuristicRelevance

The extent to which a single data point contributes to an overall determination.

MembershipMatchingState

Whether the principal in the request matches the principal in the policy.

    -  A principal is included directly if that principal is
       listed in the role binding.
    -  A principal is included indirectly if that principal is
       in a Google group, Google Workspace account, or Cloud
       Identity domain that is listed in the policy.
MEMBERSHIP_NOT_MATCHED (2):
    The principal in the request doesn't match
    the principal in the policy.
MEMBERSHIP_UNKNOWN_INFO (3):
    The principal in the policy is a group or
    domain, and the sender of the request doesn't
    have permission to view whether the principal in
    the request is a member of the group or domain.
MEMBERSHIP_UNKNOWN_UNSUPPORTED (4):
    The principal is an unsupported type.

PermissionPatternMatchingState

Whether the permission in the request matches the permission in the policy.

RolePermissionInclusionState

Whether a role includes a specific permission.

TroubleshootIamPolicyRequest

Request for TroubleshootIamPolicy.

TroubleshootIamPolicyResponse

Response for TroubleshootIamPolicy.

OverallAccessState

Whether the principal has the permission on the resource.