Class: Google::Apis::PolicytroubleshooterV1beta::GoogleCloudPolicytroubleshooterV1betaExplainedPolicy
- Inherits:
-
Object
- Object
- Google::Apis::PolicytroubleshooterV1beta::GoogleCloudPolicytroubleshooterV1betaExplainedPolicy
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/policytroubleshooter_v1beta/classes.rb,
generated/google/apis/policytroubleshooter_v1beta/representations.rb,
generated/google/apis/policytroubleshooter_v1beta/representations.rb
Overview
Details about how a specific IAM Policy contributed to the access check.
Instance Attribute Summary collapse
-
#access ⇒ String
Indicates whether this policy provides the specified permission to the specified member for the specified resource.
-
#binding_explanations ⇒ Array<Google::Apis::PolicytroubleshooterV1beta::GoogleCloudPolicytroubleshooterV1betaBindingExplanation>
Details about how each binding in the policy affects the member's ability, or inability, to use the permission for the resource.
-
#full_resource_name ⇒ String
The full resource name that identifies the resource.
-
#policy ⇒ Google::Apis::PolicytroubleshooterV1beta::GoogleIamV1Policy
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
-
#relevance ⇒ String
The relevance of this policy to the overall determination in the TroubleshootIamPolicyResponse.
Instance Method Summary collapse
-
#initialize(**args) ⇒ GoogleCloudPolicytroubleshooterV1betaExplainedPolicy
constructor
A new instance of GoogleCloudPolicytroubleshooterV1betaExplainedPolicy.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Core::JsonObjectSupport
Methods included from Core::Hashable
Constructor Details
#initialize(**args) ⇒ GoogleCloudPolicytroubleshooterV1betaExplainedPolicy
Returns a new instance of GoogleCloudPolicytroubleshooterV1betaExplainedPolicy.
302 303 304 |
# File 'generated/google/apis/policytroubleshooter_v1beta/classes.rb', line 302 def initialize(**args) update!(**args) end |
Instance Attribute Details
#access ⇒ String
Indicates whether this policy provides the specified permission to the
specified member for the specified resource.
This field does not indicate whether the member actually has the
permission for the resource. There might be another policy that overrides
this policy. To determine whether the member actually has the permission,
use the access
field in the
TroubleshootIamPolicyResponse.
Corresponds to the JSON property access
213 214 215 |
# File 'generated/google/apis/policytroubleshooter_v1beta/classes.rb', line 213 def access @access end |
#binding_explanations ⇒ Array<Google::Apis::PolicytroubleshooterV1beta::GoogleCloudPolicytroubleshooterV1betaBindingExplanation>
Details about how each binding in the policy affects the member's ability,
or inability, to use the permission for the resource.
If the sender of the request does not have access to the policy, this field
is omitted.
Corresponds to the JSON property bindingExplanations
221 222 223 |
# File 'generated/google/apis/policytroubleshooter_v1beta/classes.rb', line 221 def binding_explanations @binding_explanations end |
#full_resource_name ⇒ String
The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-
instance
.
If the sender of the request does not have access to the policy, this field
is omitted.
For examples of full resource names for Google Cloud services, see
https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
Corresponds to the JSON property fullResourceName
232 233 234 |
# File 'generated/google/apis/policytroubleshooter_v1beta/classes.rb', line 232 def full_resource_name @full_resource_name end |
#policy ⇒ Google::Apis::PolicytroubleshooterV1beta::GoogleIamV1Policy
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy
is a collection of bindings
. A binding
binds one or more
members
to a single role
. Members can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of
permissions; each role
can be an IAM predefined role or a user-created
custom role.
Optionally, a binding
can specify a condition
, which is a logical
expression that allows access to a resource only if the expression evaluates
to true
. A condition can add constraints based on attributes of the
request, the resource, or both.
JSON example:
"bindings": [
"role": "roles/resourcemanager.organizationAdmin",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com"
]
,
"role": "roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"condition":
"title": "expirable access",
"description": "Does not grant access after Sep 2020",
"expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')
",
],
"etag": "BwWWja0YfJA=",
"version": 3
YAML example:
bindings:
- members:
- user:mike@example.com
- group:admins@example.com
- domain:google.com
- serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin
- members:
- user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
- etag: BwWWja0YfJA=
- version: 3
For a description of IAM and its features, see the
IAM documentation.
Corresponds to the JSON property
policy
292 293 294 |
# File 'generated/google/apis/policytroubleshooter_v1beta/classes.rb', line 292 def policy @policy end |
#relevance ⇒ String
The relevance of this policy to the overall determination in the
TroubleshootIamPolicyResponse.
If the sender of the request does not have access to the policy, this field
is omitted.
Corresponds to the JSON property relevance
300 301 302 |
# File 'generated/google/apis/policytroubleshooter_v1beta/classes.rb', line 300 def relevance @relevance end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
307 308 309 310 311 312 313 |
# File 'generated/google/apis/policytroubleshooter_v1beta/classes.rb', line 307 def update!(**args) @access = args[:access] if args.key?(:access) @binding_explanations = args[:binding_explanations] if args.key?(:binding_explanations) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) @policy = args[:policy] if args.key?(:policy) @relevance = args[:relevance] if args.key?(:relevance) end |