Package cloud.google.com/go/policysimulator/apiv1/policysimulatorpb (v0.3.3)

Variables

AccessState_name, AccessState_value

var (
	AccessState_name = map[int32]string{
		0: "ACCESS_STATE_UNSPECIFIED",
		1: "GRANTED",
		2: "NOT_GRANTED",
		3: "UNKNOWN_CONDITIONAL",
		4: "UNKNOWN_INFO_DENIED",
	}
	AccessState_value = map[string]int32{
		"ACCESS_STATE_UNSPECIFIED": 0,
		"GRANTED":                  1,
		"NOT_GRANTED":              2,
		"UNKNOWN_CONDITIONAL":      3,
		"UNKNOWN_INFO_DENIED":      4,
	}
)

Enum value maps for AccessState.

HeuristicRelevance_name, HeuristicRelevance_value

var (
	HeuristicRelevance_name = map[int32]string{
		0: "HEURISTIC_RELEVANCE_UNSPECIFIED",
		1: "NORMAL",
		2: "HIGH",
	}
	HeuristicRelevance_value = map[string]int32{
		"HEURISTIC_RELEVANCE_UNSPECIFIED": 0,
		"NORMAL":                          1,
		"HIGH":                            2,
	}
)

Enum value maps for HeuristicRelevance.

BindingExplanation_RolePermission_name, BindingExplanation_RolePermission_value

var (
	BindingExplanation_RolePermission_name = map[int32]string{
		0: "ROLE_PERMISSION_UNSPECIFIED",
		1: "ROLE_PERMISSION_INCLUDED",
		2: "ROLE_PERMISSION_NOT_INCLUDED",
		3: "ROLE_PERMISSION_UNKNOWN_INFO_DENIED",
	}
	BindingExplanation_RolePermission_value = map[string]int32{
		"ROLE_PERMISSION_UNSPECIFIED":         0,
		"ROLE_PERMISSION_INCLUDED":            1,
		"ROLE_PERMISSION_NOT_INCLUDED":        2,
		"ROLE_PERMISSION_UNKNOWN_INFO_DENIED": 3,
	}
)

Enum value maps for BindingExplanation_RolePermission.

BindingExplanation_Membership_name, BindingExplanation_Membership_value

var (
	BindingExplanation_Membership_name = map[int32]string{
		0: "MEMBERSHIP_UNSPECIFIED",
		1: "MEMBERSHIP_INCLUDED",
		2: "MEMBERSHIP_NOT_INCLUDED",
		3: "MEMBERSHIP_UNKNOWN_INFO_DENIED",
		4: "MEMBERSHIP_UNKNOWN_UNSUPPORTED",
	}
	BindingExplanation_Membership_value = map[string]int32{
		"MEMBERSHIP_UNSPECIFIED":         0,
		"MEMBERSHIP_INCLUDED":            1,
		"MEMBERSHIP_NOT_INCLUDED":        2,
		"MEMBERSHIP_UNKNOWN_INFO_DENIED": 3,
		"MEMBERSHIP_UNKNOWN_UNSUPPORTED": 4,
	}
)

Enum value maps for BindingExplanation_Membership.

Replay_State_name, Replay_State_value

var (
	Replay_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "PENDING",
		2: "RUNNING",
		3: "SUCCEEDED",
		4: "FAILED",
	}
	Replay_State_value = map[string]int32{
		"STATE_UNSPECIFIED": 0,
		"PENDING":           1,
		"RUNNING":           2,
		"SUCCEEDED":         3,
		"FAILED":            4,
	}
)

Enum value maps for Replay_State.

ReplayConfig_LogSource_name, ReplayConfig_LogSource_value

var (
	ReplayConfig_LogSource_name = map[int32]string{
		0: "LOG_SOURCE_UNSPECIFIED",
		1: "RECENT_ACCESSES",
	}
	ReplayConfig_LogSource_value = map[string]int32{
		"LOG_SOURCE_UNSPECIFIED": 0,
		"RECENT_ACCESSES":        1,
	}
)

Enum value maps for ReplayConfig_LogSource.

AccessStateDiff_AccessChangeType_name, AccessStateDiff_AccessChangeType_value

var (
	AccessStateDiff_AccessChangeType_name = map[int32]string{
		0: "ACCESS_CHANGE_TYPE_UNSPECIFIED",
		1: "NO_CHANGE",
		2: "UNKNOWN_CHANGE",
		3: "ACCESS_REVOKED",
		4: "ACCESS_GAINED",
		5: "ACCESS_MAYBE_REVOKED",
		6: "ACCESS_MAYBE_GAINED",
	}
	AccessStateDiff_AccessChangeType_value = map[string]int32{
		"ACCESS_CHANGE_TYPE_UNSPECIFIED": 0,
		"NO_CHANGE":                      1,
		"UNKNOWN_CHANGE":                 2,
		"ACCESS_REVOKED":                 3,
		"ACCESS_GAINED":                  4,
		"ACCESS_MAYBE_REVOKED":           5,
		"ACCESS_MAYBE_GAINED":            6,
	}
)

Enum value maps for AccessStateDiff_AccessChangeType.

File_google_cloud_policysimulator_v1_explanations_proto

var File_google_cloud_policysimulator_v1_explanations_proto protoreflect.FileDescriptor

File_google_cloud_policysimulator_v1_simulator_proto

var File_google_cloud_policysimulator_v1_simulator_proto protoreflect.FileDescriptor

Functions

func RegisterSimulatorServer

func RegisterSimulatorServer(s *grpc.Server, srv SimulatorServer)

AccessState

type AccessState int32

Whether a principal has a permission for a resource.

AccessState_ACCESS_STATE_UNSPECIFIED, AccessState_GRANTED, AccessState_NOT_GRANTED, AccessState_UNKNOWN_CONDITIONAL, AccessState_UNKNOWN_INFO_DENIED

const (
	// Default value. This value is unused.
	AccessState_ACCESS_STATE_UNSPECIFIED AccessState = 0
	// The principal has the permission.
	AccessState_GRANTED AccessState = 1
	// The principal does not have the permission.
	AccessState_NOT_GRANTED AccessState = 2
	// The principal has the permission only if a condition expression evaluates
	// to `true`.
	AccessState_UNKNOWN_CONDITIONAL AccessState = 3
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] does not have
	// access to all of the policies that Policy Simulator needs to evaluate.
	AccessState_UNKNOWN_INFO_DENIED AccessState = 4
)

func (AccessState) Descriptor

func (AccessState) Enum

func (x AccessState) Enum() *AccessState

func (AccessState) EnumDescriptor

func (AccessState) EnumDescriptor() ([]byte, []int)

Deprecated: Use AccessState.Descriptor instead.

func (AccessState) Number

func (x AccessState) Number() protoreflect.EnumNumber

func (AccessState) String

func (x AccessState) String() string

func (AccessState) Type

AccessStateDiff

type AccessStateDiff struct {
	Baseline *ExplainedAccess `protobuf:"bytes,1,opt,name=baseline,proto3" json:"baseline,omitempty"`

	Simulated *ExplainedAccess `protobuf:"bytes,2,opt,name=simulated,proto3" json:"simulated,omitempty"`

	AccessChange AccessStateDiff_AccessChangeType "" /* 168 byte string literal not displayed */

}

A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.

func (*AccessStateDiff) Descriptor

func (*AccessStateDiff) Descriptor() ([]byte, []int)

Deprecated: Use AccessStateDiff.ProtoReflect.Descriptor instead.

func (*AccessStateDiff) GetAccessChange

func (*AccessStateDiff) GetBaseline

func (x *AccessStateDiff) GetBaseline() *ExplainedAccess

func (*AccessStateDiff) GetSimulated

func (x *AccessStateDiff) GetSimulated() *ExplainedAccess

func (*AccessStateDiff) ProtoMessage

func (*AccessStateDiff) ProtoMessage()

func (*AccessStateDiff) ProtoReflect

func (x *AccessStateDiff) ProtoReflect() protoreflect.Message

func (*AccessStateDiff) Reset

func (x *AccessStateDiff) Reset()

func (*AccessStateDiff) String

func (x *AccessStateDiff) String() string

AccessStateDiff_AccessChangeType

type AccessStateDiff_AccessChangeType int32

How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.

AccessStateDiff_ACCESS_CHANGE_TYPE_UNSPECIFIED, AccessStateDiff_NO_CHANGE, AccessStateDiff_UNKNOWN_CHANGE, AccessStateDiff_ACCESS_REVOKED, AccessStateDiff_ACCESS_GAINED, AccessStateDiff_ACCESS_MAYBE_REVOKED, AccessStateDiff_ACCESS_MAYBE_GAINED

const (
	// Default value. This value is unused.
	AccessStateDiff_ACCESS_CHANGE_TYPE_UNSPECIFIED AccessStateDiff_AccessChangeType = 0
	// The principal's access did not change.
	// This includes the case where both baseline and simulated are UNKNOWN,
	// but the unknown information is equivalent.
	AccessStateDiff_NO_CHANGE AccessStateDiff_AccessChangeType = 1
	// The principal's access under both the current policies and the proposed
	// policies is `UNKNOWN`, but the unknown information differs between them.
	AccessStateDiff_UNKNOWN_CHANGE AccessStateDiff_AccessChangeType = 2
	// The principal had access under the current policies (`GRANTED`), but will
	// no longer have access after the proposed changes (`NOT_GRANTED`).
	AccessStateDiff_ACCESS_REVOKED AccessStateDiff_AccessChangeType = 3
	// The principal did not have access under the current policies
	// (`NOT_GRANTED`), but will have access after the proposed changes
	// (`GRANTED`).
	AccessStateDiff_ACCESS_GAINED AccessStateDiff_AccessChangeType = 4
	// This result can occur for the following reasons:
	//
	//   - The principal had access under the current policies (`GRANTED`), but
	//     their access after the proposed changes is `UNKNOWN`.
	//
	// * The principal's access under the current policies is `UNKNOWN`, but
	// they
	//
	//	will not have access after the proposed changes (`NOT_GRANTED`).
	AccessStateDiff_ACCESS_MAYBE_REVOKED AccessStateDiff_AccessChangeType = 5
	// This result can occur for the following reasons:
	//
	//   - The principal did not have access under the current policies
	//     (`NOT_GRANTED`), but their access after the proposed changes is
	//     `UNKNOWN`.
	//
	// * The principal's access under the current policies is `UNKNOWN`, but
	// they will have access after the proposed changes (`GRANTED`).
	AccessStateDiff_ACCESS_MAYBE_GAINED AccessStateDiff_AccessChangeType = 6
)

func (AccessStateDiff_AccessChangeType) Descriptor

func (AccessStateDiff_AccessChangeType) Enum

func (AccessStateDiff_AccessChangeType) EnumDescriptor

func (AccessStateDiff_AccessChangeType) EnumDescriptor() ([]byte, []int)

Deprecated: Use AccessStateDiff_AccessChangeType.Descriptor instead.

func (AccessStateDiff_AccessChangeType) Number

func (AccessStateDiff_AccessChangeType) String

func (AccessStateDiff_AccessChangeType) Type

AccessTuple

type AccessTuple struct {

	// Required. The principal whose access you want to check, in the form of
	// the email address that represents that principal. For example,
	// `alice@example.com` or
	// `my-service-account@my-project.iam.gserviceaccount.com`.
	//
	// The principal must be a Google Account or a service account. Other types of
	// principals are not supported.
	Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"`
	// Required. The full resource name that identifies the resource. For example,
	// `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
	//
	// For examples of full resource names for Google Cloud services, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// Required. The IAM permission to check for the specified principal and
	// resource.
	//
	// For a complete list of IAM permissions, see
	// https://cloud.google.com/iam/help/permissions/reference.
	//
	// For a complete list of predefined IAM roles and the permissions in each
	// role, see https://cloud.google.com/iam/help/roles/reference.
	Permission string `protobuf:"bytes,3,opt,name=permission,proto3" json:"permission,omitempty"`
	// contains filtered or unexported fields
}

Information about the principal, resource, and permission to check.

func (*AccessTuple) Descriptor

func (*AccessTuple) Descriptor() ([]byte, []int)

Deprecated: Use AccessTuple.ProtoReflect.Descriptor instead.

func (*AccessTuple) GetFullResourceName

func (x *AccessTuple) GetFullResourceName() string

func (*AccessTuple) GetPermission

func (x *AccessTuple) GetPermission() string

func (*AccessTuple) GetPrincipal

func (x *AccessTuple) GetPrincipal() string

func (*AccessTuple) ProtoMessage

func (*AccessTuple) ProtoMessage()

func (*AccessTuple) ProtoReflect

func (x *AccessTuple) ProtoReflect() protoreflect.Message

func (*AccessTuple) Reset

func (x *AccessTuple) Reset()

func (*AccessTuple) String

func (x *AccessTuple) String() string

BindingExplanation

type BindingExplanation struct {
	Access AccessState `protobuf:"varint,1,opt,name=access,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access,omitempty"`

	Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`

	RolePermission BindingExplanation_RolePermission "" /* 175 byte string literal not displayed */

	RolePermissionRelevance HeuristicRelevance "" /* 189 byte string literal not displayed */

	Memberships map[string]*BindingExplanation_AnnotatedMembership "" /* 163 byte string literal not displayed */

	Relevance HeuristicRelevance "" /* 128 byte string literal not displayed */

	Condition *expr.Expr `protobuf:"bytes,7,opt,name=condition,proto3" json:"condition,omitempty"`

}

Details about how a binding in a policy affects a principal's ability to use a permission.

func (*BindingExplanation) Descriptor

func (*BindingExplanation) Descriptor() ([]byte, []int)

Deprecated: Use BindingExplanation.ProtoReflect.Descriptor instead.

func (*BindingExplanation) GetAccess

func (x *BindingExplanation) GetAccess() AccessState

func (*BindingExplanation) GetCondition

func (x *BindingExplanation) GetCondition() *expr.Expr

func (*BindingExplanation) GetMemberships

func (*BindingExplanation) GetRelevance

func (x *BindingExplanation) GetRelevance() HeuristicRelevance

func (*BindingExplanation) GetRole

func (x *BindingExplanation) GetRole() string

func (*BindingExplanation) GetRolePermission

func (*BindingExplanation) GetRolePermissionRelevance

func (x *BindingExplanation) GetRolePermissionRelevance() HeuristicRelevance

func (*BindingExplanation) ProtoMessage

func (*BindingExplanation) ProtoMessage()

func (*BindingExplanation) ProtoReflect

func (x *BindingExplanation) ProtoReflect() protoreflect.Message

func (*BindingExplanation) Reset

func (x *BindingExplanation) Reset()

func (*BindingExplanation) String

func (x *BindingExplanation) String() string

BindingExplanation_AnnotatedMembership

type BindingExplanation_AnnotatedMembership struct {
	Membership BindingExplanation_Membership "" /* 141 byte string literal not displayed */

	Relevance HeuristicRelevance "" /* 128 byte string literal not displayed */

}

Details about whether the binding includes the principal.

func (*BindingExplanation_AnnotatedMembership) Descriptor

func (*BindingExplanation_AnnotatedMembership) Descriptor() ([]byte, []int)

Deprecated: Use BindingExplanation_AnnotatedMembership.ProtoReflect.Descriptor instead.

func (*BindingExplanation_AnnotatedMembership) GetMembership

func (*BindingExplanation_AnnotatedMembership) GetRelevance

func (*BindingExplanation_AnnotatedMembership) ProtoMessage

func (*BindingExplanation_AnnotatedMembership) ProtoReflect

func (*BindingExplanation_AnnotatedMembership) Reset

func (*BindingExplanation_AnnotatedMembership) String

BindingExplanation_Membership

type BindingExplanation_Membership int32

Whether the binding includes the principal.

BindingExplanation_MEMBERSHIP_UNSPECIFIED, BindingExplanation_MEMBERSHIP_INCLUDED, BindingExplanation_MEMBERSHIP_NOT_INCLUDED, BindingExplanation_MEMBERSHIP_UNKNOWN_INFO_DENIED, BindingExplanation_MEMBERSHIP_UNKNOWN_UNSUPPORTED

const (
	// Default value. This value is unused.
	BindingExplanation_MEMBERSHIP_UNSPECIFIED BindingExplanation_Membership = 0
	// The binding includes the principal. The principal can be included
	// directly or indirectly. For example:
	//
	//   - A principal is included directly if that principal is listed in the
	//     binding.
	//   - A principal is included indirectly if that principal is in a Google
	//     group or Google Workspace domain that is listed in the binding.
	BindingExplanation_MEMBERSHIP_INCLUDED BindingExplanation_Membership = 1
	// The binding does not include the principal.
	BindingExplanation_MEMBERSHIP_NOT_INCLUDED BindingExplanation_Membership = 2
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] is not
	// allowed to access the binding.
	BindingExplanation_MEMBERSHIP_UNKNOWN_INFO_DENIED BindingExplanation_Membership = 3
	// The principal is an unsupported type. Only Google Accounts and service
	// accounts are supported.
	BindingExplanation_MEMBERSHIP_UNKNOWN_UNSUPPORTED BindingExplanation_Membership = 4
)

func (BindingExplanation_Membership) Descriptor

func (BindingExplanation_Membership) Enum

func (BindingExplanation_Membership) EnumDescriptor

func (BindingExplanation_Membership) EnumDescriptor() ([]byte, []int)

Deprecated: Use BindingExplanation_Membership.Descriptor instead.

func (BindingExplanation_Membership) Number

func (BindingExplanation_Membership) String

func (BindingExplanation_Membership) Type

BindingExplanation_RolePermission

type BindingExplanation_RolePermission int32

Whether a role includes a specific permission.

BindingExplanation_ROLE_PERMISSION_UNSPECIFIED, BindingExplanation_ROLE_PERMISSION_INCLUDED, BindingExplanation_ROLE_PERMISSION_NOT_INCLUDED, BindingExplanation_ROLE_PERMISSION_UNKNOWN_INFO_DENIED

const (
	// Default value. This value is unused.
	BindingExplanation_ROLE_PERMISSION_UNSPECIFIED BindingExplanation_RolePermission = 0
	// The permission is included in the role.
	BindingExplanation_ROLE_PERMISSION_INCLUDED BindingExplanation_RolePermission = 1
	// The permission is not included in the role.
	BindingExplanation_ROLE_PERMISSION_NOT_INCLUDED BindingExplanation_RolePermission = 2
	// The user who created the
	// [Replay][google.cloud.policysimulator.v1.Replay] is not
	// allowed to access the binding.
	BindingExplanation_ROLE_PERMISSION_UNKNOWN_INFO_DENIED BindingExplanation_RolePermission = 3
)

func (BindingExplanation_RolePermission) Descriptor

func (BindingExplanation_RolePermission) Enum

func (BindingExplanation_RolePermission) EnumDescriptor

func (BindingExplanation_RolePermission) EnumDescriptor() ([]byte, []int)

Deprecated: Use BindingExplanation_RolePermission.Descriptor instead.

func (BindingExplanation_RolePermission) Number

func (BindingExplanation_RolePermission) String

func (BindingExplanation_RolePermission) Type

CreateReplayRequest

type CreateReplayRequest struct {

	// Required. The parent resource where this
	// [Replay][google.cloud.policysimulator.v1.Replay] will be created. This
	// resource must be a project, folder, or organization with a location.
	//
	// Example: `projects/my-example-project/locations/global`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The [Replay][google.cloud.policysimulator.v1.Replay] to create.
	// Set `Replay.ReplayConfig` to configure the replay.
	Replay *Replay `protobuf:"bytes,2,opt,name=replay,proto3" json:"replay,omitempty"`
	// contains filtered or unexported fields
}

Request message for [Simulator.CreateReplay][google.cloud.policysimulator.v1.Simulator.CreateReplay].

func (*CreateReplayRequest) Descriptor

func (*CreateReplayRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateReplayRequest.ProtoReflect.Descriptor instead.

func (*CreateReplayRequest) GetParent

func (x *CreateReplayRequest) GetParent() string

func (*CreateReplayRequest) GetReplay

func (x *CreateReplayRequest) GetReplay() *Replay

func (*CreateReplayRequest) ProtoMessage

func (*CreateReplayRequest) ProtoMessage()

func (*CreateReplayRequest) ProtoReflect

func (x *CreateReplayRequest) ProtoReflect() protoreflect.Message

func (*CreateReplayRequest) Reset

func (x *CreateReplayRequest) Reset()

func (*CreateReplayRequest) String

func (x *CreateReplayRequest) String() string

ExplainedAccess

type ExplainedAccess struct {
	AccessState AccessState "" /* 144 byte string literal not displayed */

	Policies []*ExplainedPolicy `protobuf:"bytes,2,rep,name=policies,proto3" json:"policies,omitempty"`

	Errors []*status.Status `protobuf:"bytes,3,rep,name=errors,proto3" json:"errors,omitempty"`

}

Details about how a set of policies, listed in [ExplainedPolicy][google.cloud.policysimulator.v1.ExplainedPolicy], resulted in a certain [AccessState][google.cloud.policysimulator.v1.AccessState] when replaying an access tuple.

func (*ExplainedAccess) Descriptor

func (*ExplainedAccess) Descriptor() ([]byte, []int)

Deprecated: Use ExplainedAccess.ProtoReflect.Descriptor instead.

func (*ExplainedAccess) GetAccessState

func (x *ExplainedAccess) GetAccessState() AccessState

func (*ExplainedAccess) GetErrors

func (x *ExplainedAccess) GetErrors() []*status.Status

func (*ExplainedAccess) GetPolicies

func (x *ExplainedAccess) GetPolicies() []*ExplainedPolicy

func (*ExplainedAccess) ProtoMessage

func (*ExplainedAccess) ProtoMessage()

func (*ExplainedAccess) ProtoReflect

func (x *ExplainedAccess) ProtoReflect() protoreflect.Message

func (*ExplainedAccess) Reset

func (x *ExplainedAccess) Reset()

func (*ExplainedAccess) String

func (x *ExplainedAccess) String() string

ExplainedPolicy

type ExplainedPolicy struct {
	Access AccessState `protobuf:"varint,1,opt,name=access,proto3,enum=google.cloud.policysimulator.v1.AccessState" json:"access,omitempty"`

	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`

	Policy *iampb.Policy `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"`

	BindingExplanations []*BindingExplanation `protobuf:"bytes,4,rep,name=binding_explanations,json=bindingExplanations,proto3" json:"binding_explanations,omitempty"`

	Relevance HeuristicRelevance "" /* 128 byte string literal not displayed */

}

Details about how a specific IAM [Policy][google.iam.v1.Policy] contributed to the access check.

func (*ExplainedPolicy) Descriptor

func (*ExplainedPolicy) Descriptor() ([]byte, []int)

Deprecated: Use ExplainedPolicy.ProtoReflect.Descriptor instead.

func (*ExplainedPolicy) GetAccess

func (x *ExplainedPolicy) GetAccess() AccessState

func (*ExplainedPolicy) GetBindingExplanations

func (x *ExplainedPolicy) GetBindingExplanations() []*BindingExplanation

func (*ExplainedPolicy) GetFullResourceName

func (x *ExplainedPolicy) GetFullResourceName() string

func (*ExplainedPolicy) GetPolicy

func (x *ExplainedPolicy) GetPolicy() *iampb.Policy

func (*ExplainedPolicy) GetRelevance

func (x *ExplainedPolicy) GetRelevance() HeuristicRelevance

func (*ExplainedPolicy) ProtoMessage

func (*ExplainedPolicy) ProtoMessage()

func (*ExplainedPolicy) ProtoReflect

func (x *ExplainedPolicy) ProtoReflect() protoreflect.Message

func (*ExplainedPolicy) Reset

func (x *ExplainedPolicy) Reset()

func (*ExplainedPolicy) String

func (x *ExplainedPolicy) String() string

GetReplayRequest

type GetReplayRequest struct {

	// Required. The name of the [Replay][google.cloud.policysimulator.v1.Replay]
	// to retrieve, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the `Replay`.
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [Simulator.GetReplay][google.cloud.policysimulator.v1.Simulator.GetReplay].

func (*GetReplayRequest) Descriptor

func (*GetReplayRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetReplayRequest.ProtoReflect.Descriptor instead.

func (*GetReplayRequest) GetName

func (x *GetReplayRequest) GetName() string

func (*GetReplayRequest) ProtoMessage

func (*GetReplayRequest) ProtoMessage()

func (*GetReplayRequest) ProtoReflect

func (x *GetReplayRequest) ProtoReflect() protoreflect.Message

func (*GetReplayRequest) Reset

func (x *GetReplayRequest) Reset()

func (*GetReplayRequest) String

func (x *GetReplayRequest) String() string

HeuristicRelevance

type HeuristicRelevance int32

The extent to which a single data point, such as the existence of a binding or whether a binding includes a specific principal, contributes to an overall determination.

HeuristicRelevance_HEURISTIC_RELEVANCE_UNSPECIFIED, HeuristicRelevance_NORMAL, HeuristicRelevance_HIGH

const (
	// Default value. This value is unused.
	HeuristicRelevance_HEURISTIC_RELEVANCE_UNSPECIFIED HeuristicRelevance = 0
	// The data point has a limited effect on the result. Changing the data point
	// is unlikely to affect the overall determination.
	HeuristicRelevance_NORMAL HeuristicRelevance = 1
	// The data point has a strong effect on the result. Changing the data point
	// is likely to affect the overall determination.
	HeuristicRelevance_HIGH HeuristicRelevance = 2
)

func (HeuristicRelevance) Descriptor

func (HeuristicRelevance) Enum

func (HeuristicRelevance) EnumDescriptor

func (HeuristicRelevance) EnumDescriptor() ([]byte, []int)

Deprecated: Use HeuristicRelevance.Descriptor instead.

func (HeuristicRelevance) Number

func (HeuristicRelevance) String

func (x HeuristicRelevance) String() string

func (HeuristicRelevance) Type

ListReplayResultsRequest

type ListReplayResultsRequest struct {

	// Required. The [Replay][google.cloud.policysimulator.v1.Replay] whose
	// results are listed, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`
	//
	// Example:
	// `projects/my-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// The maximum number of
	// [ReplayResult][google.cloud.policysimulator.v1.ReplayResult] objects to
	// return. Defaults to 5000.
	//
	// The maximum value is 5000; values above 5000 are rounded down to 5000.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// A page token, received from a previous
	// [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults]
	// call. Provide this token to retrieve the next page of results.
	//
	// When paginating, all other parameters provided to
	// [Simulator.ListReplayResults[] must match the call that provided the page
	// token.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

Request message for [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults].

func (*ListReplayResultsRequest) Descriptor

func (*ListReplayResultsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListReplayResultsRequest.ProtoReflect.Descriptor instead.

func (*ListReplayResultsRequest) GetPageSize

func (x *ListReplayResultsRequest) GetPageSize() int32

func (*ListReplayResultsRequest) GetPageToken

func (x *ListReplayResultsRequest) GetPageToken() string

func (*ListReplayResultsRequest) GetParent

func (x *ListReplayResultsRequest) GetParent() string

func (*ListReplayResultsRequest) ProtoMessage

func (*ListReplayResultsRequest) ProtoMessage()

func (*ListReplayResultsRequest) ProtoReflect

func (x *ListReplayResultsRequest) ProtoReflect() protoreflect.Message

func (*ListReplayResultsRequest) Reset

func (x *ListReplayResultsRequest) Reset()

func (*ListReplayResultsRequest) String

func (x *ListReplayResultsRequest) String() string

ListReplayResultsResponse

type ListReplayResultsResponse struct {

	// The results of running a [Replay][google.cloud.policysimulator.v1.Replay].
	ReplayResults []*ReplayResult `protobuf:"bytes,1,rep,name=replay_results,json=replayResults,proto3" json:"replay_results,omitempty"`
	// A token that you can use to retrieve the next page of
	// [ReplayResult][google.cloud.policysimulator.v1.ReplayResult] objects. If
	// this field is omitted, there are no subsequent pages.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

Response message for [Simulator.ListReplayResults][google.cloud.policysimulator.v1.Simulator.ListReplayResults].

func (*ListReplayResultsResponse) Descriptor

func (*ListReplayResultsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListReplayResultsResponse.ProtoReflect.Descriptor instead.

func (*ListReplayResultsResponse) GetNextPageToken

func (x *ListReplayResultsResponse) GetNextPageToken() string

func (*ListReplayResultsResponse) GetReplayResults

func (x *ListReplayResultsResponse) GetReplayResults() []*ReplayResult

func (*ListReplayResultsResponse) ProtoMessage

func (*ListReplayResultsResponse) ProtoMessage()

func (*ListReplayResultsResponse) ProtoReflect

func (*ListReplayResultsResponse) Reset

func (x *ListReplayResultsResponse) Reset()

func (*ListReplayResultsResponse) String

func (x *ListReplayResultsResponse) String() string

Replay

type Replay struct {

	// Output only. The resource name of the `Replay`, which has the following
	// format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the Replay.
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The current state of the `Replay`.
	State Replay_State `protobuf:"varint,2,opt,name=state,proto3,enum=google.cloud.policysimulator.v1.Replay_State" json:"state,omitempty"`
	// Required. The configuration used for the `Replay`.
	Config *ReplayConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
	// Output only. Summary statistics about the replayed log entries.
	ResultsSummary *Replay_ResultsSummary `protobuf:"bytes,5,opt,name=results_summary,json=resultsSummary,proto3" json:"results_summary,omitempty"`
	// contains filtered or unexported fields
}

A resource describing a Replay, or simulation.

func (*Replay) Descriptor

func (*Replay) Descriptor() ([]byte, []int)

Deprecated: Use Replay.ProtoReflect.Descriptor instead.

func (*Replay) GetConfig

func (x *Replay) GetConfig() *ReplayConfig

func (*Replay) GetName

func (x *Replay) GetName() string

func (*Replay) GetResultsSummary

func (x *Replay) GetResultsSummary() *Replay_ResultsSummary

func (*Replay) GetState

func (x *Replay) GetState() Replay_State

func (*Replay) ProtoMessage

func (*Replay) ProtoMessage()

func (*Replay) ProtoReflect

func (x *Replay) ProtoReflect() protoreflect.Message

func (*Replay) Reset

func (x *Replay) Reset()

func (*Replay) String

func (x *Replay) String() string

ReplayConfig

type ReplayConfig struct {
	PolicyOverlay map[string]*iampb.Policy "" /* 188 byte string literal not displayed */

	LogSource ReplayConfig_LogSource "" /* 149 byte string literal not displayed */

}

The configuration used for a [Replay][google.cloud.policysimulator.v1.Replay].

func (*ReplayConfig) Descriptor

func (*ReplayConfig) Descriptor() ([]byte, []int)

Deprecated: Use ReplayConfig.ProtoReflect.Descriptor instead.

func (*ReplayConfig) GetLogSource

func (x *ReplayConfig) GetLogSource() ReplayConfig_LogSource

func (*ReplayConfig) GetPolicyOverlay

func (x *ReplayConfig) GetPolicyOverlay() map[string]*iampb.Policy

func (*ReplayConfig) ProtoMessage

func (*ReplayConfig) ProtoMessage()

func (*ReplayConfig) ProtoReflect

func (x *ReplayConfig) ProtoReflect() protoreflect.Message

func (*ReplayConfig) Reset

func (x *ReplayConfig) Reset()

func (*ReplayConfig) String

func (x *ReplayConfig) String() string

ReplayConfig_LogSource

type ReplayConfig_LogSource int32

The source of the logs to use for a [Replay][google.cloud.policysimulator.v1.Replay].

ReplayConfig_LOG_SOURCE_UNSPECIFIED, ReplayConfig_RECENT_ACCESSES

const (
	// An unspecified log source.
	// If the log source is unspecified, the
	// [Replay][google.cloud.policysimulator.v1.Replay] defaults to using
	// `RECENT_ACCESSES`.
	ReplayConfig_LOG_SOURCE_UNSPECIFIED ReplayConfig_LogSource = 0
	// All access logs from the last 90 days. These logs may not include logs
	// from the most recent 7 days.
	ReplayConfig_RECENT_ACCESSES ReplayConfig_LogSource = 1
)

func (ReplayConfig_LogSource) Descriptor

func (ReplayConfig_LogSource) Enum

func (ReplayConfig_LogSource) EnumDescriptor

func (ReplayConfig_LogSource) EnumDescriptor() ([]byte, []int)

Deprecated: Use ReplayConfig_LogSource.Descriptor instead.

func (ReplayConfig_LogSource) Number

func (ReplayConfig_LogSource) String

func (x ReplayConfig_LogSource) String() string

func (ReplayConfig_LogSource) Type

ReplayDiff

type ReplayDiff struct {

	// A summary and comparison of the principal's access under the current
	// (baseline) policies and the proposed (simulated) policies for a single
	// access tuple.
	//
	// The evaluation of the principal's access is reported in the
	// [AccessState][google.cloud.policysimulator.v1.AccessState] field.
	AccessDiff *AccessStateDiff `protobuf:"bytes,2,opt,name=access_diff,json=accessDiff,proto3" json:"access_diff,omitempty"`
	// contains filtered or unexported fields
}

The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies. This difference explains how a principal's access could change if the proposed policies were applied.

func (*ReplayDiff) Descriptor

func (*ReplayDiff) Descriptor() ([]byte, []int)

Deprecated: Use ReplayDiff.ProtoReflect.Descriptor instead.

func (*ReplayDiff) GetAccessDiff

func (x *ReplayDiff) GetAccessDiff() *AccessStateDiff

func (*ReplayDiff) ProtoMessage

func (*ReplayDiff) ProtoMessage()

func (*ReplayDiff) ProtoReflect

func (x *ReplayDiff) ProtoReflect() protoreflect.Message

func (*ReplayDiff) Reset

func (x *ReplayDiff) Reset()

func (*ReplayDiff) String

func (x *ReplayDiff) String() string

ReplayOperationMetadata

type ReplayOperationMetadata struct {

	// Time when the request was received.
	StartTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"`
	// contains filtered or unexported fields
}

Metadata about a Replay operation.

func (*ReplayOperationMetadata) Descriptor

func (*ReplayOperationMetadata) Descriptor() ([]byte, []int)

Deprecated: Use ReplayOperationMetadata.ProtoReflect.Descriptor instead.

func (*ReplayOperationMetadata) GetStartTime

func (x *ReplayOperationMetadata) GetStartTime() *timestamppb.Timestamp

func (*ReplayOperationMetadata) ProtoMessage

func (*ReplayOperationMetadata) ProtoMessage()

func (*ReplayOperationMetadata) ProtoReflect

func (x *ReplayOperationMetadata) ProtoReflect() protoreflect.Message

func (*ReplayOperationMetadata) Reset

func (x *ReplayOperationMetadata) Reset()

func (*ReplayOperationMetadata) String

func (x *ReplayOperationMetadata) String() string

ReplayResult

type ReplayResult struct {

	// The result of replaying the access tuple.
	//
	// Types that are assignable to Result:
	//
	//	*ReplayResult_Diff
	//	*ReplayResult_Error
	Result isReplayResult_Result `protobuf_oneof:"result"`
	// The resource name of the `ReplayResult`, in the following format:
	//
	// `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}/results/{replay-result-id}`,
	// where `{resource-id}` is the ID of the project, folder, or organization
	// that owns the [Replay][google.cloud.policysimulator.v1.Replay].
	//
	// Example:
	// `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36/results/1234`
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The [Replay][google.cloud.policysimulator.v1.Replay] that the access tuple
	// was included in.
	Parent string `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
	// The access tuple that was replayed. This field includes information about
	// the principal, resource, and permission that were involved in the access
	// attempt.
	AccessTuple *AccessTuple `protobuf:"bytes,3,opt,name=access_tuple,json=accessTuple,proto3" json:"access_tuple,omitempty"`
	// The latest date this access tuple was seen in the logs.
	LastSeenDate *date.Date `protobuf:"bytes,4,opt,name=last_seen_date,json=lastSeenDate,proto3" json:"last_seen_date,omitempty"`
	// contains filtered or unexported fields
}

The result of replaying a single access tuple against a simulated state.

func (*ReplayResult) Descriptor

func (*ReplayResult) Descriptor() ([]byte, []int)

Deprecated: Use ReplayResult.ProtoReflect.Descriptor instead.

func (*ReplayResult) GetAccessTuple

func (x *ReplayResult) GetAccessTuple() *AccessTuple

func (*ReplayResult) GetDiff

func (x *ReplayResult) GetDiff() *ReplayDiff

func (*ReplayResult) GetError

func (x *ReplayResult) GetError() *status.Status

func (*ReplayResult) GetLastSeenDate

func (x *ReplayResult) GetLastSeenDate() *date.Date

func (*ReplayResult) GetName

func (x *ReplayResult) GetName() string

func (*ReplayResult) GetParent

func (x *ReplayResult) GetParent() string

func (*ReplayResult) GetResult

func (m *ReplayResult) GetResult() isReplayResult_Result

func (*ReplayResult) ProtoMessage

func (*ReplayResult) ProtoMessage()

func (*ReplayResult) ProtoReflect

func (x *ReplayResult) ProtoReflect() protoreflect.Message

func (*ReplayResult) Reset

func (x *ReplayResult) Reset()

func (*ReplayResult) String

func (x *ReplayResult) String() string

ReplayResult_Diff

type ReplayResult_Diff struct {
	// The difference between the principal's access under the current
	// (baseline) policies and the principal's access under the proposed
	// (simulated) policies.
	//
	// This field is only included for access tuples that were successfully
	// replayed and had different results under the current policies and the
	// proposed policies.
	Diff *ReplayDiff `protobuf:"bytes,5,opt,name=diff,proto3,oneof"`
}

ReplayResult_Error

type ReplayResult_Error struct {
	// The error that caused the access tuple replay to fail.
	//
	// This field is only included for access tuples that were not replayed
	// successfully.
	Error *status.Status `protobuf:"bytes,6,opt,name=error,proto3,oneof"`
}

Replay_ResultsSummary

type Replay_ResultsSummary struct {

	// The total number of log entries replayed.
	LogCount int32 `protobuf:"varint,1,opt,name=log_count,json=logCount,proto3" json:"log_count,omitempty"`
	// The number of replayed log entries with no difference between
	// baseline and simulated policies.
	UnchangedCount int32 `protobuf:"varint,2,opt,name=unchanged_count,json=unchangedCount,proto3" json:"unchanged_count,omitempty"`
	// The number of replayed log entries with a difference between baseline and
	// simulated policies.
	DifferenceCount int32 `protobuf:"varint,3,opt,name=difference_count,json=differenceCount,proto3" json:"difference_count,omitempty"`
	// The number of log entries that could not be replayed.
	ErrorCount int32 `protobuf:"varint,4,opt,name=error_count,json=errorCount,proto3" json:"error_count,omitempty"`
	// The date of the oldest log entry replayed.
	OldestDate *date.Date `protobuf:"bytes,5,opt,name=oldest_date,json=oldestDate,proto3" json:"oldest_date,omitempty"`
	// The date of the newest log entry replayed.
	NewestDate *date.Date `protobuf:"bytes,6,opt,name=newest_date,json=newestDate,proto3" json:"newest_date,omitempty"`
	// contains filtered or unexported fields
}

Summary statistics about the replayed log entries.

func (*Replay_ResultsSummary) Descriptor

func (*Replay_ResultsSummary) Descriptor() ([]byte, []int)

Deprecated: Use Replay_ResultsSummary.ProtoReflect.Descriptor instead.

func (*Replay_ResultsSummary) GetDifferenceCount

func (x *Replay_ResultsSummary) GetDifferenceCount() int32

func (*Replay_ResultsSummary) GetErrorCount

func (x *Replay_ResultsSummary) GetErrorCount() int32

func (*Replay_ResultsSummary) GetLogCount

func (x *Replay_ResultsSummary) GetLogCount() int32

func (*Replay_ResultsSummary) GetNewestDate

func (x *Replay_ResultsSummary) GetNewestDate() *date.Date

func (*Replay_ResultsSummary) GetOldestDate

func (x *Replay_ResultsSummary) GetOldestDate() *date.Date

func (*Replay_ResultsSummary) GetUnchangedCount

func (x *Replay_ResultsSummary) GetUnchangedCount() int32

func (*Replay_ResultsSummary) ProtoMessage

func (*Replay_ResultsSummary) ProtoMessage()

func (*Replay_ResultsSummary) ProtoReflect

func (x *Replay_ResultsSummary) ProtoReflect() protoreflect.Message

func (*Replay_ResultsSummary) Reset

func (x *Replay_ResultsSummary) Reset()

func (*Replay_ResultsSummary) String

func (x *Replay_ResultsSummary) String() string

Replay_State

type Replay_State int32

The current state of the [Replay][google.cloud.policysimulator.v1.Replay].

Replay_STATE_UNSPECIFIED, Replay_PENDING, Replay_RUNNING, Replay_SUCCEEDED, Replay_FAILED

const (
	// Default value. This value is unused.
	Replay_STATE_UNSPECIFIED Replay_State = 0
	// The `Replay` has not started yet.
	Replay_PENDING Replay_State = 1
	// The `Replay` is currently running.
	Replay_RUNNING Replay_State = 2
	// The `Replay` has successfully completed.
	Replay_SUCCEEDED Replay_State = 3
	// The `Replay` has finished with an error.
	Replay_FAILED Replay_State = 4
)

func (Replay_State) Descriptor

func (Replay_State) Enum

func (x Replay_State) Enum() *Replay_State

func (Replay_State) EnumDescriptor

func (Replay_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use Replay_State.Descriptor instead.

func (Replay_State) Number

func (Replay_State) String

func (x Replay_State) String() string

func (Replay_State) Type

SimulatorClient

type SimulatorClient interface {
	// Gets the specified [Replay][google.cloud.policysimulator.v1.Replay]. Each
	// `Replay` is available for at least 7 days.
	GetReplay(ctx context.Context, in *GetReplayRequest, opts ...grpc.CallOption) (*Replay, error)
	// Creates and starts a [Replay][google.cloud.policysimulator.v1.Replay] using
	// the given [ReplayConfig][google.cloud.policysimulator.v1.ReplayConfig].
	CreateReplay(ctx context.Context, in *CreateReplayRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Lists the results of running a
	// [Replay][google.cloud.policysimulator.v1.Replay].
	ListReplayResults(ctx context.Context, in *ListReplayResultsRequest, opts ...grpc.CallOption) (*ListReplayResultsResponse, error)
}

SimulatorClient is the client API for Simulator service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewSimulatorClient

func NewSimulatorClient(cc grpc.ClientConnInterface) SimulatorClient

SimulatorServer

type SimulatorServer interface {
	// Gets the specified [Replay][google.cloud.policysimulator.v1.Replay]. Each
	// `Replay` is available for at least 7 days.
	GetReplay(context.Context, *GetReplayRequest) (*Replay, error)
	// Creates and starts a [Replay][google.cloud.policysimulator.v1.Replay] using
	// the given [ReplayConfig][google.cloud.policysimulator.v1.ReplayConfig].
	CreateReplay(context.Context, *CreateReplayRequest) (*longrunningpb.Operation, error)
	// Lists the results of running a
	// [Replay][google.cloud.policysimulator.v1.Replay].
	ListReplayResults(context.Context, *ListReplayResultsRequest) (*ListReplayResultsResponse, error)
}

SimulatorServer is the server API for Simulator service.

UnimplementedSimulatorServer

type UnimplementedSimulatorServer struct {
}

UnimplementedSimulatorServer can be embedded to have forward compatible implementations.

func (*UnimplementedSimulatorServer) CreateReplay

func (*UnimplementedSimulatorServer) GetReplay

func (*UnimplementedSimulatorServer) ListReplayResults