Class: Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation

Inherits:

Object

• Object
• Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/policytroubleshooter/v1/explanations.rb

Overview

Details about how a binding in a policy affects a principal's ability to use a permission.

Defined Under Namespace

Modules: Membership, RolePermission Classes: AnnotatedMembership, MembershipsEntry

Instance Attribute Summary

• #access ⇒ ::Google::Cloud::PolicyTroubleshooter::V1::AccessState

  Required.

• #condition ⇒ ::Google::Type::Expr

  A condition expression that prevents this binding from granting access unless the expression evaluates to true.

• #memberships ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}

  Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly.

• #relevance ⇒ ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance

  The relevance of this binding to the overall determination for the entire policy.

• #role ⇒ ::String

  The role that this binding grants.

• #role_permission ⇒ ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission

  Indicates whether the role granted by this binding contains the specified permission.

• #role_permission_relevance ⇒ ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance

  The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

Instance Attribute Details

#access ⇒ ::Google::Cloud::PolicyTroubleshooter::V1::AccessState

# File 'proto_docs/google/cloud/policytroubleshooter/v1/explanations.rb', line 163

class BindingExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the binding includes the principal.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::Membership]
  #     Indicates whether the binding includes the principal.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the binding.
  class AnnotatedMembership
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership]
  class MembershipsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Whether a role includes a specific permission.
  module RolePermission
    # Default value. This value is unused.
    ROLE_PERMISSION_UNSPECIFIED = 0

    # The permission is included in the role.
    ROLE_PERMISSION_INCLUDED = 1

    # The permission is not included in the role.
    ROLE_PERMISSION_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3
  end

  # Whether the binding includes the principal.
  module Membership
    # Default value. This value is unused.
    MEMBERSHIP_UNSPECIFIED = 0

    # The binding includes the principal. The principal can be included
    # directly or indirectly. For example:
    #
    # * A principal is included directly if that principal is listed in the
    #   binding.
    # * A principal is included indirectly if that principal is in a Google
    #   group or Google Workspace domain that is listed in the binding.
    MEMBERSHIP_INCLUDED = 1

    # The binding does not include the principal.
    MEMBERSHIP_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    MEMBERSHIP_UNKNOWN_INFO_DENIED = 3

    # The principal is an unsupported type. Only Google Accounts and service
    # accounts are supported.
    MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4
  end
end

#condition ⇒ ::Google::Type::Expr

# File 'proto_docs/google/cloud/policytroubleshooter/v1/explanations.rb', line 163

class BindingExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the binding includes the principal.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::Membership]
  #     Indicates whether the binding includes the principal.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the binding.
  class AnnotatedMembership
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership]
  class MembershipsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Whether a role includes a specific permission.
  module RolePermission
    # Default value. This value is unused.
    ROLE_PERMISSION_UNSPECIFIED = 0

    # The permission is included in the role.
    ROLE_PERMISSION_INCLUDED = 1

    # The permission is not included in the role.
    ROLE_PERMISSION_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3
  end

  # Whether the binding includes the principal.
  module Membership
    # Default value. This value is unused.
    MEMBERSHIP_UNSPECIFIED = 0

    # The binding includes the principal. The principal can be included
    # directly or indirectly. For example:
    #
    # * A principal is included directly if that principal is listed in the
    #   binding.
    # * A principal is included indirectly if that principal is in a Google
    #   group or Google Workspace domain that is listed in the binding.
    MEMBERSHIP_INCLUDED = 1

    # The binding does not include the principal.
    MEMBERSHIP_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    MEMBERSHIP_UNKNOWN_INFO_DENIED = 3

    # The principal is an unsupported type. Only Google Accounts and service
    # accounts are supported.
    MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4
  end
end

#memberships ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}

# File 'proto_docs/google/cloud/policytroubleshooter/v1/explanations.rb', line 163

class BindingExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the binding includes the principal.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::Membership]
  #     Indicates whether the binding includes the principal.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the binding.
  class AnnotatedMembership
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership]
  class MembershipsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Whether a role includes a specific permission.
  module RolePermission
    # Default value. This value is unused.
    ROLE_PERMISSION_UNSPECIFIED = 0

    # The permission is included in the role.
    ROLE_PERMISSION_INCLUDED = 1

    # The permission is not included in the role.
    ROLE_PERMISSION_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3
  end

  # Whether the binding includes the principal.
  module Membership
    # Default value. This value is unused.
    MEMBERSHIP_UNSPECIFIED = 0

    # The binding includes the principal. The principal can be included
    # directly or indirectly. For example:
    #
    # * A principal is included directly if that principal is listed in the
    #   binding.
    # * A principal is included indirectly if that principal is in a Google
    #   group or Google Workspace domain that is listed in the binding.
    MEMBERSHIP_INCLUDED = 1

    # The binding does not include the principal.
    MEMBERSHIP_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    MEMBERSHIP_UNKNOWN_INFO_DENIED = 3

    # The principal is an unsupported type. Only Google Accounts and service
    # accounts are supported.
    MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4
  end
end

#relevance ⇒ ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance

# File 'proto_docs/google/cloud/policytroubleshooter/v1/explanations.rb', line 163

class BindingExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the binding includes the principal.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::Membership]
  #     Indicates whether the binding includes the principal.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the binding.
  class AnnotatedMembership
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership]
  class MembershipsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Whether a role includes a specific permission.
  module RolePermission
    # Default value. This value is unused.
    ROLE_PERMISSION_UNSPECIFIED = 0

    # The permission is included in the role.
    ROLE_PERMISSION_INCLUDED = 1

    # The permission is not included in the role.
    ROLE_PERMISSION_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3
  end

  # Whether the binding includes the principal.
  module Membership
    # Default value. This value is unused.
    MEMBERSHIP_UNSPECIFIED = 0

    # The binding includes the principal. The principal can be included
    # directly or indirectly. For example:
    #
    # * A principal is included directly if that principal is listed in the
    #   binding.
    # * A principal is included indirectly if that principal is in a Google
    #   group or Google Workspace domain that is listed in the binding.
    MEMBERSHIP_INCLUDED = 1

    # The binding does not include the principal.
    MEMBERSHIP_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    MEMBERSHIP_UNKNOWN_INFO_DENIED = 3

    # The principal is an unsupported type. Only Google Accounts and service
    # accounts are supported.
    MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4
  end
end

#role ⇒ ::String

# File 'proto_docs/google/cloud/policytroubleshooter/v1/explanations.rb', line 163

class BindingExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the binding includes the principal.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::Membership]
  #     Indicates whether the binding includes the principal.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the binding.
  class AnnotatedMembership
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership]
  class MembershipsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Whether a role includes a specific permission.
  module RolePermission
    # Default value. This value is unused.
    ROLE_PERMISSION_UNSPECIFIED = 0

    # The permission is included in the role.
    ROLE_PERMISSION_INCLUDED = 1

    # The permission is not included in the role.
    ROLE_PERMISSION_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3
  end

  # Whether the binding includes the principal.
  module Membership
    # Default value. This value is unused.
    MEMBERSHIP_UNSPECIFIED = 0

    # The binding includes the principal. The principal can be included
    # directly or indirectly. For example:
    #
    # * A principal is included directly if that principal is listed in the
    #   binding.
    # * A principal is included indirectly if that principal is in a Google
    #   group or Google Workspace domain that is listed in the binding.
    MEMBERSHIP_INCLUDED = 1

    # The binding does not include the principal.
    MEMBERSHIP_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    MEMBERSHIP_UNKNOWN_INFO_DENIED = 3

    # The principal is an unsupported type. Only Google Accounts and service
    # accounts are supported.
    MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4
  end
end

#role_permission ⇒ ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission

# File 'proto_docs/google/cloud/policytroubleshooter/v1/explanations.rb', line 163

class BindingExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the binding includes the principal.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::Membership]
  #     Indicates whether the binding includes the principal.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the binding.
  class AnnotatedMembership
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership]
  class MembershipsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Whether a role includes a specific permission.
  module RolePermission
    # Default value. This value is unused.
    ROLE_PERMISSION_UNSPECIFIED = 0

    # The permission is included in the role.
    ROLE_PERMISSION_INCLUDED = 1

    # The permission is not included in the role.
    ROLE_PERMISSION_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3
  end

  # Whether the binding includes the principal.
  module Membership
    # Default value. This value is unused.
    MEMBERSHIP_UNSPECIFIED = 0

    # The binding includes the principal. The principal can be included
    # directly or indirectly. For example:
    #
    # * A principal is included directly if that principal is listed in the
    #   binding.
    # * A principal is included indirectly if that principal is in a Google
    #   group or Google Workspace domain that is listed in the binding.
    MEMBERSHIP_INCLUDED = 1

    # The binding does not include the principal.
    MEMBERSHIP_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    MEMBERSHIP_UNKNOWN_INFO_DENIED = 3

    # The principal is an unsupported type. Only Google Accounts and service
    # accounts are supported.
    MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4
  end
end

#role_permission_relevance ⇒ ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance

# File 'proto_docs/google/cloud/policytroubleshooter/v1/explanations.rb', line 163

class BindingExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the binding includes the principal.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::Membership]
  #     Indicates whether the binding includes the principal.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the binding.
  class AnnotatedMembership
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership]
  class MembershipsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Whether a role includes a specific permission.
  module RolePermission
    # Default value. This value is unused.
    ROLE_PERMISSION_UNSPECIFIED = 0

    # The permission is included in the role.
    ROLE_PERMISSION_INCLUDED = 1

    # The permission is not included in the role.
    ROLE_PERMISSION_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3
  end

  # Whether the binding includes the principal.
  module Membership
    # Default value. This value is unused.
    MEMBERSHIP_UNSPECIFIED = 0

    # The binding includes the principal. The principal can be included
    # directly or indirectly. For example:
    #
    # * A principal is included directly if that principal is listed in the
    #   binding.
    # * A principal is included indirectly if that principal is in a Google
    #   group or Google Workspace domain that is listed in the binding.
    MEMBERSHIP_INCLUDED = 1

    # The binding does not include the principal.
    MEMBERSHIP_NOT_INCLUDED = 2

    # The sender of the request is not allowed to access the binding.
    MEMBERSHIP_UNKNOWN_INFO_DENIED = 3

    # The principal is an unsupported type. Only Google Accounts and service
    # accounts are supported.
    MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4
  end
end