Class: Google::Apis::PolicytroubleshooterV1::GoogleCloudPolicytroubleshooterV1ExplainedPolicy
- Inherits:
-
Object
- Object
- Google::Apis::PolicytroubleshooterV1::GoogleCloudPolicytroubleshooterV1ExplainedPolicy
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/policytroubleshooter_v1/classes.rb,
generated/google/apis/policytroubleshooter_v1/representations.rb,
generated/google/apis/policytroubleshooter_v1/representations.rb
Overview
Details about how a specific IAM Policy contributed to the access check.
Instance Attribute Summary collapse
-
#access ⇒ String
Indicates whether this policy provides the specified permission to the specified member for the specified resource.
-
#binding_explanations ⇒ Array<Google::Apis::PolicytroubleshooterV1::GoogleCloudPolicytroubleshooterV1BindingExplanation>
Details about how each binding in the policy affects the member's ability, or inability, to use the permission for the resource.
-
#full_resource_name ⇒ String
The full resource name that identifies the resource.
-
#policy ⇒ Google::Apis::PolicytroubleshooterV1::GoogleIamV1Policy
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
-
#relevance ⇒ String
The relevance of this policy to the overall determination in the TroubleshootIamPolicyResponse.
Instance Method Summary collapse
-
#initialize(**args) ⇒ GoogleCloudPolicytroubleshooterV1ExplainedPolicy
constructor
A new instance of GoogleCloudPolicytroubleshooterV1ExplainedPolicy.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Core::JsonObjectSupport
Methods included from Core::Hashable
Constructor Details
#initialize(**args) ⇒ GoogleCloudPolicytroubleshooterV1ExplainedPolicy
Returns a new instance of GoogleCloudPolicytroubleshooterV1ExplainedPolicy.
303 304 305 |
# File 'generated/google/apis/policytroubleshooter_v1/classes.rb', line 303 def initialize(**args) update!(**args) end |
Instance Attribute Details
#access ⇒ String
Indicates whether this policy provides the specified permission to the
specified member for the specified resource.
This field does not indicate whether the member actually has the
permission for the resource. There might be another policy that overrides
this policy. To determine whether the member actually has the permission,
use the access
field in the
TroubleshootIamPolicyResponse.
Corresponds to the JSON property access
214 215 216 |
# File 'generated/google/apis/policytroubleshooter_v1/classes.rb', line 214 def access @access end |
#binding_explanations ⇒ Array<Google::Apis::PolicytroubleshooterV1::GoogleCloudPolicytroubleshooterV1BindingExplanation>
Details about how each binding in the policy affects the member's ability,
or inability, to use the permission for the resource.
If the sender of the request does not have access to the policy, this field
is omitted.
Corresponds to the JSON property bindingExplanations
222 223 224 |
# File 'generated/google/apis/policytroubleshooter_v1/classes.rb', line 222 def binding_explanations @binding_explanations end |
#full_resource_name ⇒ String
The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-
instance
.
If the sender of the request does not have access to the policy, this field
is omitted.
For examples of full resource names for Google Cloud services, see
https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
Corresponds to the JSON property fullResourceName
233 234 235 |
# File 'generated/google/apis/policytroubleshooter_v1/classes.rb', line 233 def full_resource_name @full_resource_name end |
#policy ⇒ Google::Apis::PolicytroubleshooterV1::GoogleIamV1Policy
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy
is a collection of bindings
. A binding
binds one or more
members
to a single role
. Members can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of
permissions; each role
can be an IAM predefined role or a user-created
custom role.
Optionally, a binding
can specify a condition
, which is a logical
expression that allows access to a resource only if the expression evaluates
to true
. A condition can add constraints based on attributes of the
request, the resource, or both.
JSON example:
"bindings": [
"role": "roles/resourcemanager.organizationAdmin",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com"
]
,
"role": "roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"condition":
"title": "expirable access",
"description": "Does not grant access after Sep 2020",
"expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')
",
],
"etag": "BwWWja0YfJA=",
"version": 3
YAML example:
bindings:
- members:
- user:mike@example.com
- group:admins@example.com
- domain:google.com
- serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin
- members:
- user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
- etag: BwWWja0YfJA=
- version: 3
For a description of IAM and its features, see the
IAM documentation.
Corresponds to the JSON property
policy
293 294 295 |
# File 'generated/google/apis/policytroubleshooter_v1/classes.rb', line 293 def policy @policy end |
#relevance ⇒ String
The relevance of this policy to the overall determination in the
TroubleshootIamPolicyResponse.
If the sender of the request does not have access to the policy, this field
is omitted.
Corresponds to the JSON property relevance
301 302 303 |
# File 'generated/google/apis/policytroubleshooter_v1/classes.rb', line 301 def relevance @relevance end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
308 309 310 311 312 313 314 |
# File 'generated/google/apis/policytroubleshooter_v1/classes.rb', line 308 def update!(**args) @access = args[:access] if args.key?(:access) @binding_explanations = args[:binding_explanations] if args.key?(:binding_explanations) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) @policy = args[:policy] if args.key?(:policy) @relevance = args[:relevance] if args.key?(:relevance) end |