Class AllowBindingExplanation.Builder (1.35.0)

public static final class AllowBindingExplanation.Builder extends GeneratedMessageV3.Builder<AllowBindingExplanation.Builder> implements AllowBindingExplanationOrBuilder

Details about how a role binding in an allow policy affects a principal's ability to use a permission.

Protobuf type google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation

Static Methods

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

Methods

addRepeatedField(Descriptors.FieldDescriptor field, Object value)

public AllowBindingExplanation.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

build()

public AllowBindingExplanation build()
Returns
TypeDescription
AllowBindingExplanation

buildPartial()

public AllowBindingExplanation buildPartial()
Returns
TypeDescription
AllowBindingExplanation

clear()

public AllowBindingExplanation.Builder clear()
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

clearAllowAccessState()

public AllowBindingExplanation.Builder clearAllowAccessState()

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

clearCombinedMembership()

public AllowBindingExplanation.Builder clearCombinedMembership()

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Returns
TypeDescription
AllowBindingExplanation.Builder

clearCondition()

public AllowBindingExplanation.Builder clearCondition()

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Returns
TypeDescription
AllowBindingExplanation.Builder

clearConditionExplanation()

public AllowBindingExplanation.Builder clearConditionExplanation()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Returns
TypeDescription
AllowBindingExplanation.Builder

clearField(Descriptors.FieldDescriptor field)

public AllowBindingExplanation.Builder clearField(Descriptors.FieldDescriptor field)
Parameter
NameDescription
fieldFieldDescriptor
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

clearMemberships()

public AllowBindingExplanation.Builder clearMemberships()
Returns
TypeDescription
AllowBindingExplanation.Builder

clearOneof(Descriptors.OneofDescriptor oneof)

public AllowBindingExplanation.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter
NameDescription
oneofOneofDescriptor
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

clearRelevance()

public AllowBindingExplanation.Builder clearRelevance()

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

clearRole()

public AllowBindingExplanation.Builder clearRole()

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

clearRolePermission()

public AllowBindingExplanation.Builder clearRolePermission()

Indicates whether the role granted by this role binding contains the specified permission.

.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

clearRolePermissionRelevance()

public AllowBindingExplanation.Builder clearRolePermissionRelevance()

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

clone()

public AllowBindingExplanation.Builder clone()
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

containsMemberships(String key)

public boolean containsMemberships(String key)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

getAllowAccessState()

public AllowAccessState getAllowAccessState()

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
AllowAccessState

The allowAccessState.

getAllowAccessStateValue()

public int getAllowAccessStateValue()

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
int

The enum numeric value on the wire for allowAccessState.

getCombinedMembership()

public AllowBindingExplanation.AnnotatedAllowMembership getCombinedMembership()

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Returns
TypeDescription
AllowBindingExplanation.AnnotatedAllowMembership

The combinedMembership.

getCombinedMembershipBuilder()

public AllowBindingExplanation.AnnotatedAllowMembership.Builder getCombinedMembershipBuilder()

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Returns
TypeDescription
AllowBindingExplanation.AnnotatedAllowMembership.Builder

getCombinedMembershipOrBuilder()

public AllowBindingExplanation.AnnotatedAllowMembershipOrBuilder getCombinedMembershipOrBuilder()

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Returns
TypeDescription
AllowBindingExplanation.AnnotatedAllowMembershipOrBuilder

getCondition()

public Expr getCondition()

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Returns
TypeDescription
com.google.type.Expr

The condition.

getConditionBuilder()

public Expr.Builder getConditionBuilder()

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Returns
TypeDescription
com.google.type.Expr.Builder

getConditionExplanation()

public ConditionExplanation getConditionExplanation()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Returns
TypeDescription
ConditionExplanation

The conditionExplanation.

getConditionExplanationBuilder()

public ConditionExplanation.Builder getConditionExplanationBuilder()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Returns
TypeDescription
ConditionExplanation.Builder

getConditionExplanationOrBuilder()

public ConditionExplanationOrBuilder getConditionExplanationOrBuilder()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Returns
TypeDescription
ConditionExplanationOrBuilder

getConditionOrBuilder()

public ExprOrBuilder getConditionOrBuilder()

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Returns
TypeDescription
com.google.type.ExprOrBuilder

getDefaultInstanceForType()

public AllowBindingExplanation getDefaultInstanceForType()
Returns
TypeDescription
AllowBindingExplanation

getDescriptorForType()

public Descriptors.Descriptor getDescriptorForType()
Returns
TypeDescription
Descriptor
Overrides

getMemberships() (deprecated)

public Map<String,AllowBindingExplanation.AnnotatedAllowMembership> getMemberships()

Use #getMembershipsMap() instead.

Returns
TypeDescription
Map<String,AnnotatedAllowMembership>

getMembershipsCount()

public int getMembershipsCount()

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Returns
TypeDescription
int

getMembershipsMap()

public Map<String,AllowBindingExplanation.AnnotatedAllowMembership> getMembershipsMap()

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Returns
TypeDescription
Map<String,AnnotatedAllowMembership>

getMembershipsOrDefault(String key, AllowBindingExplanation.AnnotatedAllowMembership defaultValue)

public AllowBindingExplanation.AnnotatedAllowMembership getMembershipsOrDefault(String key, AllowBindingExplanation.AnnotatedAllowMembership defaultValue)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameters
NameDescription
keyString
defaultValueAllowBindingExplanation.AnnotatedAllowMembership
Returns
TypeDescription
AllowBindingExplanation.AnnotatedAllowMembership

getMembershipsOrThrow(String key)

public AllowBindingExplanation.AnnotatedAllowMembership getMembershipsOrThrow(String key)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameter
NameDescription
keyString
Returns
TypeDescription
AllowBindingExplanation.AnnotatedAllowMembership

getMutableMemberships() (deprecated)

public Map<String,AllowBindingExplanation.AnnotatedAllowMembership> getMutableMemberships()

Use alternate mutation accessors instead.

Returns
TypeDescription
Map<String,AnnotatedAllowMembership>

getRelevance()

public HeuristicRelevance getRelevance()

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;

Returns
TypeDescription
HeuristicRelevance

The relevance.

getRelevanceValue()

public int getRelevanceValue()

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;

Returns
TypeDescription
int

The enum numeric value on the wire for relevance.

getRole()

public String getRole()

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Returns
TypeDescription
String

The role.

getRoleBytes()

public ByteString getRoleBytes()

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Returns
TypeDescription
ByteString

The bytes for role.

getRolePermission()

public RolePermissionInclusionState getRolePermission()

Indicates whether the role granted by this role binding contains the specified permission.

.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;

Returns
TypeDescription
RolePermissionInclusionState

The rolePermission.

getRolePermissionRelevance()

public HeuristicRelevance getRolePermissionRelevance()

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;

Returns
TypeDescription
HeuristicRelevance

The rolePermissionRelevance.

getRolePermissionRelevanceValue()

public int getRolePermissionRelevanceValue()

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;

Returns
TypeDescription
int

The enum numeric value on the wire for rolePermissionRelevance.

getRolePermissionValue()

public int getRolePermissionValue()

Indicates whether the role granted by this role binding contains the specified permission.

.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;

Returns
TypeDescription
int

The enum numeric value on the wire for rolePermission.

hasCombinedMembership()

public boolean hasCombinedMembership()

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Returns
TypeDescription
boolean

Whether the combinedMembership field is set.

hasCondition()

public boolean hasCondition()

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Returns
TypeDescription
boolean

Whether the condition field is set.

hasConditionExplanation()

public boolean hasConditionExplanation()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Returns
TypeDescription
boolean

Whether the conditionExplanation field is set.

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
TypeDescription
FieldAccessorTable
Overrides

internalGetMapFieldReflection(int number)

protected MapFieldReflectionAccessor internalGetMapFieldReflection(int number)
Parameter
NameDescription
numberint
Returns
TypeDescription
com.google.protobuf.MapFieldReflectionAccessor
Overrides
com.google.protobuf.GeneratedMessageV3.Builder.internalGetMapFieldReflection(int)

internalGetMutableMapFieldReflection(int number)

protected MapFieldReflectionAccessor internalGetMutableMapFieldReflection(int number)
Parameter
NameDescription
numberint
Returns
TypeDescription
com.google.protobuf.MapFieldReflectionAccessor
Overrides
com.google.protobuf.GeneratedMessageV3.Builder.internalGetMutableMapFieldReflection(int)

isInitialized()

public final boolean isInitialized()
Returns
TypeDescription
boolean
Overrides

mergeCombinedMembership(AllowBindingExplanation.AnnotatedAllowMembership value)

public AllowBindingExplanation.Builder mergeCombinedMembership(AllowBindingExplanation.AnnotatedAllowMembership value)

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Parameter
NameDescription
valueAllowBindingExplanation.AnnotatedAllowMembership
Returns
TypeDescription
AllowBindingExplanation.Builder

mergeCondition(Expr value)

public AllowBindingExplanation.Builder mergeCondition(Expr value)

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Parameter
NameDescription
valuecom.google.type.Expr
Returns
TypeDescription
AllowBindingExplanation.Builder

mergeConditionExplanation(ConditionExplanation value)

public AllowBindingExplanation.Builder mergeConditionExplanation(ConditionExplanation value)

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Parameter
NameDescription
valueConditionExplanation
Returns
TypeDescription
AllowBindingExplanation.Builder

mergeFrom(AllowBindingExplanation other)

public AllowBindingExplanation.Builder mergeFrom(AllowBindingExplanation other)
Parameter
NameDescription
otherAllowBindingExplanation
Returns
TypeDescription
AllowBindingExplanation.Builder

mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public AllowBindingExplanation.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputCodedInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides
Exceptions
TypeDescription
IOException

mergeFrom(Message other)

public AllowBindingExplanation.Builder mergeFrom(Message other)
Parameter
NameDescription
otherMessage
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

mergeUnknownFields(UnknownFieldSet unknownFields)

public final AllowBindingExplanation.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Parameter
NameDescription
unknownFieldsUnknownFieldSet
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

putAllMemberships(Map<String,AllowBindingExplanation.AnnotatedAllowMembership> values)

public AllowBindingExplanation.Builder putAllMemberships(Map<String,AllowBindingExplanation.AnnotatedAllowMembership> values)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameter
NameDescription
valuesMap<String,AnnotatedAllowMembership>
Returns
TypeDescription
AllowBindingExplanation.Builder

putMemberships(String key, AllowBindingExplanation.AnnotatedAllowMembership value)

public AllowBindingExplanation.Builder putMemberships(String key, AllowBindingExplanation.AnnotatedAllowMembership value)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameters
NameDescription
keyString
valueAllowBindingExplanation.AnnotatedAllowMembership
Returns
TypeDescription
AllowBindingExplanation.Builder

putMembershipsBuilderIfAbsent(String key)

public AllowBindingExplanation.AnnotatedAllowMembership.Builder putMembershipsBuilderIfAbsent(String key)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameter
NameDescription
keyString
Returns
TypeDescription
AllowBindingExplanation.AnnotatedAllowMembership.Builder

removeMemberships(String key)

public AllowBindingExplanation.Builder removeMemberships(String key)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameter
NameDescription
keyString
Returns
TypeDescription
AllowBindingExplanation.Builder

setAllowAccessState(AllowAccessState value)

public AllowBindingExplanation.Builder setAllowAccessState(AllowAccessState value)

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Parameter
NameDescription
valueAllowAccessState

The allowAccessState to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setAllowAccessStateValue(int value)

public AllowBindingExplanation.Builder setAllowAccessStateValue(int value)

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Parameter
NameDescription
valueint

The enum numeric value on the wire for allowAccessState to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setCombinedMembership(AllowBindingExplanation.AnnotatedAllowMembership value)

public AllowBindingExplanation.Builder setCombinedMembership(AllowBindingExplanation.AnnotatedAllowMembership value)

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Parameter
NameDescription
valueAllowBindingExplanation.AnnotatedAllowMembership
Returns
TypeDescription
AllowBindingExplanation.Builder

setCombinedMembership(AllowBindingExplanation.AnnotatedAllowMembership.Builder builderForValue)

public AllowBindingExplanation.Builder setCombinedMembership(AllowBindingExplanation.AnnotatedAllowMembership.Builder builderForValue)

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Parameter
NameDescription
builderForValueAllowBindingExplanation.AnnotatedAllowMembership.Builder
Returns
TypeDescription
AllowBindingExplanation.Builder

setCondition(Expr value)

public AllowBindingExplanation.Builder setCondition(Expr value)

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Parameter
NameDescription
valuecom.google.type.Expr
Returns
TypeDescription
AllowBindingExplanation.Builder

setCondition(Expr.Builder builderForValue)

public AllowBindingExplanation.Builder setCondition(Expr.Builder builderForValue)

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Parameter
NameDescription
builderForValuecom.google.type.Expr.Builder
Returns
TypeDescription
AllowBindingExplanation.Builder

setConditionExplanation(ConditionExplanation value)

public AllowBindingExplanation.Builder setConditionExplanation(ConditionExplanation value)

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Parameter
NameDescription
valueConditionExplanation
Returns
TypeDescription
AllowBindingExplanation.Builder

setConditionExplanation(ConditionExplanation.Builder builderForValue)

public AllowBindingExplanation.Builder setConditionExplanation(ConditionExplanation.Builder builderForValue)

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Parameter
NameDescription
builderForValueConditionExplanation.Builder
Returns
TypeDescription
AllowBindingExplanation.Builder

setField(Descriptors.FieldDescriptor field, Object value)

public AllowBindingExplanation.Builder setField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

setRelevance(HeuristicRelevance value)

public AllowBindingExplanation.Builder setRelevance(HeuristicRelevance value)

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;

Parameter
NameDescription
valueHeuristicRelevance

The relevance to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setRelevanceValue(int value)

public AllowBindingExplanation.Builder setRelevanceValue(int value)

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;

Parameter
NameDescription
valueint

The enum numeric value on the wire for relevance to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)

public AllowBindingExplanation.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Parameters
NameDescription
fieldFieldDescriptor
indexint
valueObject
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides

setRole(String value)

public AllowBindingExplanation.Builder setRole(String value)

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Parameter
NameDescription
valueString

The role to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setRoleBytes(ByteString value)

public AllowBindingExplanation.Builder setRoleBytes(ByteString value)

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Parameter
NameDescription
valueByteString

The bytes for role to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setRolePermission(RolePermissionInclusionState value)

public AllowBindingExplanation.Builder setRolePermission(RolePermissionInclusionState value)

Indicates whether the role granted by this role binding contains the specified permission.

.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;

Parameter
NameDescription
valueRolePermissionInclusionState

The rolePermission to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setRolePermissionRelevance(HeuristicRelevance value)

public AllowBindingExplanation.Builder setRolePermissionRelevance(HeuristicRelevance value)

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;

Parameter
NameDescription
valueHeuristicRelevance

The rolePermissionRelevance to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setRolePermissionRelevanceValue(int value)

public AllowBindingExplanation.Builder setRolePermissionRelevanceValue(int value)

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;

Parameter
NameDescription
valueint

The enum numeric value on the wire for rolePermissionRelevance to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setRolePermissionValue(int value)

public AllowBindingExplanation.Builder setRolePermissionValue(int value)

Indicates whether the role granted by this role binding contains the specified permission.

.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;

Parameter
NameDescription
valueint

The enum numeric value on the wire for rolePermission to set.

Returns
TypeDescription
AllowBindingExplanation.Builder

This builder for chaining.

setUnknownFields(UnknownFieldSet unknownFields)

public final AllowBindingExplanation.Builder setUnknownFields(UnknownFieldSet unknownFields)
Parameter
NameDescription
unknownFieldsUnknownFieldSet
Returns
TypeDescription
AllowBindingExplanation.Builder
Overrides