Namespace Google.Apis.PolicySimulator.v1.Data
Classes
GoogleCloudOrgpolicyV2AlternatePolicySpec
Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
GoogleCloudOrgpolicyV2CustomConstraint
A custom constraint defined by customers which can only be applied to the given resource types and organization. By creating a custom constraint, customers can apply policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement.
GoogleCloudOrgpolicyV2Policy
Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.
GoogleCloudOrgpolicyV2PolicySpec
Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.
GoogleCloudOrgpolicyV2PolicySpecPolicyRule
A rule used to express this policy.
GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues
A message that holds specific allowed and denied values. This message can define specific values and subtrees of
the Resource Manager resource hierarchy (Organizations
, Folders
, Projects
) that are allowed or denied.
This is achieved by using the under:
and optional is:
prefixes. The under:
prefix is used to denote
resource subtree values. The is:
prefix is used to denote specific values, and is required only if the value
contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must
be in one of the following formats: - projects/
(for example, projects/tokyo-rain-123
) - folders/
(for
example, folders/1234
) - organizations/
(for example, organizations/1234
) The supports_under
field of
the associated Constraint
defines whether ancestry prefixes can be used.
GoogleCloudPolicysimulatorV1AccessStateDiff
A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.
GoogleCloudPolicysimulatorV1AccessTuple
Information about the principal, resource, and permission to check.
GoogleCloudPolicysimulatorV1BindingExplanation
Details about how a binding in a policy affects a principal's ability to use a permission.
GoogleCloudPolicysimulatorV1BindingExplanationAnnotatedMembership
Details about whether the binding includes the principal.
GoogleCloudPolicysimulatorV1ExplainedAccess
Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.
GoogleCloudPolicysimulatorV1ExplainedPolicy
Details about how a specific IAM Policy contributed to the access check.
GoogleCloudPolicysimulatorV1ListReplayResultsResponse
Response message for Simulator.ListReplayResults.
GoogleCloudPolicysimulatorV1Replay
A resource describing a Replay
, or simulation.
GoogleCloudPolicysimulatorV1ReplayConfig
The configuration used for a Replay.
GoogleCloudPolicysimulatorV1ReplayDiff
The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.
GoogleCloudPolicysimulatorV1ReplayOperationMetadata
Metadata about a Replay operation.
GoogleCloudPolicysimulatorV1ReplayResult
The result of replaying a single access tuple against a simulated state.
GoogleCloudPolicysimulatorV1ReplayResultsSummary
Summary statistics about the replayed log entries.
GoogleCloudPolicysimulatorV1alphaCreateOrgPolicyViolationsPreviewOperationMetadata
CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.
GoogleCloudPolicysimulatorV1alphaGenerateOrgPolicyViolationsPreviewOperationMetadata
GenerateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.
GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlay
The proposed changes to OrgPolicy.
GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlayCustomConstraintOverlay
A change to an OrgPolicy custom constraint.
GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlayPolicyOverlay
A change to an OrgPolicy.
GoogleCloudPolicysimulatorV1alphaOrgPolicyViolationsPreview
OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made. The list of violations are modeled as child resources and retrieved via a ListOrgPolicyViolations API call. There are potentially more OrgPolicyViolations than could fit in an embedded field. Thus, the use of a child resource instead of a field.
GoogleCloudPolicysimulatorV1alphaOrgPolicyViolationsPreviewResourceCounts
A summary of the state of all resources scanned for compliance with the changed OrgPolicy.
GoogleCloudPolicysimulatorV1betaCreateOrgPolicyViolationsPreviewOperationMetadata
CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.
GoogleCloudPolicysimulatorV1betaGenerateOrgPolicyViolationsPreviewOperationMetadata
GenerateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.
GoogleCloudPolicysimulatorV1betaOrgPolicyOverlay
The proposed changes to OrgPolicy.
GoogleCloudPolicysimulatorV1betaOrgPolicyOverlayCustomConstraintOverlay
A change to an OrgPolicy custom constraint.
GoogleCloudPolicysimulatorV1betaOrgPolicyOverlayPolicyOverlay
A change to an OrgPolicy.
GoogleCloudPolicysimulatorV1betaOrgPolicyViolationsPreview
OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made. The list of violations are modeled as child resources and retrieved via a ListOrgPolicyViolations API call. There are potentially more OrgPolicyViolations than could fit in an embedded field. Thus, the use of a child resource instead of a field.
GoogleCloudPolicysimulatorV1betaOrgPolicyViolationsPreviewResourceCounts
A summary of the state of all resources scanned for compliance with the changed OrgPolicy.
GoogleIamV1AuditConfig
Specifies the audit configuration for a service. The configuration determines which permission types are logged,
and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If
there are AuditConfigs for both allServices
and a specific service, the union of the two AuditConfigs is used
for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each
AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service":
"allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ]
}, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com",
"audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [
"user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
logging. It also exempts jose@example.com
from DATA_READ logging, and aliya@example.com
from DATA_WRITE
logging.
GoogleIamV1AuditLogConfig
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
GoogleIamV1Binding
Associates members
, or principals, with a role
.
GoogleIamV1Policy
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A
Policy
is a collection of bindings
. A binding
binds one or more members
, or principals, to a single
role
. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A
role
is a named list of permissions; each role
can be an IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition
, which is a logical
expression that allows access to a resource only if the expression evaluates to true
. A condition can add
constraints based on attributes of the request, the resource, or both. To learn which resources support
conditions in their IAM policies, see the IAM
documentation. JSON example:
{
"bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com",
"group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] },
{ "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": {
"title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time
< timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }
YAML example:
bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com -
serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin -
members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable
access description: Does not grant access after Sep 2020 expression: request.time <
timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3
For a description of IAM and its features, see the IAM documentation.
GoogleLongrunningListOperationsResponse
The response message for Operations.ListOperations.
GoogleLongrunningOperation
This resource represents a long-running operation that is the result of a network API call.
GoogleRpcStatus
The Status
type defines a logical error model that is suitable for different programming environments,
including REST APIs and RPC APIs. It is used by gRPC. Each Status
message contains
three pieces of data: error code, error message, and error details. You can find out more about this error model
and how to work with it in the API Design Guide.
GoogleTypeDate
Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp
GoogleTypeExpr
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.