Policy Simulator v1 API - Namespace Google.Cloud.PolicySimulator.V1 (1.3.0)

A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.

Container for nested types declared in the AccessStateDiff message type.

Information about the principal, resource, and permission to check.

Details about how a binding in a policy affects a principal's ability to use a permission.

Container for nested types declared in the BindingExplanation message type.

Details about whether the binding includes the principal.

CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.

CreateOrgPolicyViolationsPreviewRequest is the request message for [OrgPolicyViolationsPreviewService.CreateOrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.CreateOrgPolicyViolationsPreview].

Request message for [Simulator.CreateReplay][google.cloud.policysimulator.v1.Simulator.CreateReplay].

Details about how a set of policies, listed in [ExplainedPolicy][google.cloud.policysimulator.v1.ExplainedPolicy], resulted in a certain [AccessState][google.cloud.policysimulator.v1.AccessState] when replaying an access tuple.

Details about how a specific IAM [Policy][google.iam.v1.Policy] contributed to the access check.

Resource name for the FolderLocation resource.

GetOrgPolicyViolationsPreviewRequest is the request message for [OrgPolicyViolationsPreviewService.GetOrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.GetOrgPolicyViolationsPreview].

Request message for [Simulator.GetReplay][google.cloud.policysimulator.v1.Simulator.GetReplay].

ListOrgPolicyViolationsPreviewsRequest is the request message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews].

ListOrgPolicyViolationsPreviewsResponse is the response message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews].

ListOrgPolicyViolationsRequest is the request message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolations][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolations].

ListOrgPolicyViolationsResponse is the response message for [OrgPolicyViolationsPreviewService.ListOrgPolicyViolations][google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService.ListOrgPolicyViolations]

Request message for [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults].

Response message for [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults].

The proposed changes to OrgPolicy.

Container for nested types declared in the OrgPolicyOverlay message type.

A change to an OrgPolicy custom constraint.

A change to an OrgPolicy.

OrgPolicyViolation is a resource representing a single resource violating a single OrgPolicy constraint.

Resource name for the OrgPolicyViolation resource.

OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made.

The list of violations are modeled as child resources and retrieved via a [ListOrgPolicyViolations][] API call. There are potentially more [OrgPolicyViolations][] than could fit in an embedded field. Thus, the use of a child resource instead of a field.

Container for nested types declared in the OrgPolicyViolationsPreview message type.

A summary of the state of all resources scanned for compliance with the changed OrgPolicy.

Resource name for the OrgPolicyViolationsPreview resource.

Violations Preview API service for OrgPolicy.

An [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview] is a preview of the violations that will exist as soon as a proposed OrgPolicy change is submitted. To create an [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview], the API user specifies the changes they wish to make and requests the generation of a preview via [GenerateViolationsPreview][]. the OrgPolicy Simulator service then scans the API user's currently existing resources to determine these resources violate the newly set OrgPolicy.

Base class for server-side implementations of OrgPolicyViolationsPreviewService

Client for OrgPolicyViolationsPreviewService

OrgPolicyViolationsPreviewService client wrapper, for convenient use.

Builder class for OrgPolicyViolationsPreviewServiceClient to provide simple configuration of credentials, endpoint etc.

OrgPolicyViolationsPreviewService client wrapper implementation, for convenient use.

Settings for OrgPolicyViolationsPreviewServiceClient instances.

Resource name for the OrganizationLocation resource.

A resource describing a Replay, or simulation.

Container for nested types declared in the Replay message type.

Summary statistics about the replayed log entries.

The configuration used for a [Replay][google.cloud.policysimulator.v1.Replay].

Container for nested types declared in the ReplayConfig message type.

The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.

Resource name for the Replay resource.

Metadata about a Replay operation.

The result of replaying a single access tuple against a simulated state.

Resource name for the ReplayResult resource.

ResourceContext provides the context we know about a resource. It is similar in concept to google.cloud.asset.v1.Resource, but focuses on the information specifically used by Simulator.

Policy Simulator API service.

Policy Simulator is a collection of endpoints for creating, running, and viewing a [Replay][google.cloud.policysimulator.v1.Replay]. A [Replay][google.cloud.policysimulator.v1.Replay] is a type of simulation that lets you see how your principals' access to resources might change if you changed your IAM policy.

During a [Replay][google.cloud.policysimulator.v1.Replay], Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your principals' access might change under the proposed policy.

Base class for server-side implementations of Simulator

Client for Simulator

Simulator client wrapper, for convenient use.

Builder class for SimulatorClient to provide simple configuration of credentials, endpoint etc.

Simulator client wrapper implementation, for convenient use.

Settings for SimulatorClient instances.

Whether a principal has a permission for a resource.

How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.

Whether the binding includes the principal.

Whether a role includes a specific permission.

The possible contents of FolderLocationName.

The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.

The possible contents of OrgPolicyViolationName.

The possible contents of OrgPolicyViolationsPreviewName.

The possible contents of OrganizationLocationName.

The current state of an [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].

The current state of the [Replay][google.cloud.policysimulator.v1.Replay].

The source of the logs to use for a [Replay][google.cloud.policysimulator.v1.Replay].

The possible contents of ReplayName.

Enum of possible cases for the "result" oneof.

The possible contents of ReplayResultName.