Package cloud.google.com/go/policytroubleshooter/iam/apiv3/iampb (v1.9.0)

var (
	AllowAccessState_name = map[int32]string{
		0: "ALLOW_ACCESS_STATE_UNSPECIFIED",
		1: "ALLOW_ACCESS_STATE_GRANTED",
		2: "ALLOW_ACCESS_STATE_NOT_GRANTED",
		3: "ALLOW_ACCESS_STATE_UNKNOWN_CONDITIONAL",
		4: "ALLOW_ACCESS_STATE_UNKNOWN_INFO",
	}
	AllowAccessState_value = map[string]int32{
		"ALLOW_ACCESS_STATE_UNSPECIFIED":         0,
		"ALLOW_ACCESS_STATE_GRANTED":             1,
		"ALLOW_ACCESS_STATE_NOT_GRANTED":         2,
		"ALLOW_ACCESS_STATE_UNKNOWN_CONDITIONAL": 3,
		"ALLOW_ACCESS_STATE_UNKNOWN_INFO":        4,
	}
)

var (
	DenyAccessState_name = map[int32]string{
		0: "DENY_ACCESS_STATE_UNSPECIFIED",
		1: "DENY_ACCESS_STATE_DENIED",
		2: "DENY_ACCESS_STATE_NOT_DENIED",
		3: "DENY_ACCESS_STATE_UNKNOWN_CONDITIONAL",
		4: "DENY_ACCESS_STATE_UNKNOWN_INFO",
	}
	DenyAccessState_value = map[string]int32{
		"DENY_ACCESS_STATE_UNSPECIFIED":         0,
		"DENY_ACCESS_STATE_DENIED":              1,
		"DENY_ACCESS_STATE_NOT_DENIED":          2,
		"DENY_ACCESS_STATE_UNKNOWN_CONDITIONAL": 3,
		"DENY_ACCESS_STATE_UNKNOWN_INFO":        4,
	}
)

var (
	RolePermissionInclusionState_name = map[int32]string{
		0: "ROLE_PERMISSION_INCLUSION_STATE_UNSPECIFIED",
		1: "ROLE_PERMISSION_INCLUDED",
		2: "ROLE_PERMISSION_NOT_INCLUDED",
		3: "ROLE_PERMISSION_UNKNOWN_INFO",
	}
	RolePermissionInclusionState_value = map[string]int32{
		"ROLE_PERMISSION_INCLUSION_STATE_UNSPECIFIED": 0,
		"ROLE_PERMISSION_INCLUDED":                    1,
		"ROLE_PERMISSION_NOT_INCLUDED":                2,
		"ROLE_PERMISSION_UNKNOWN_INFO":                3,
	}
)

var (
	PermissionPatternMatchingState_name = map[int32]string{
		0: "PERMISSION_PATTERN_MATCHING_STATE_UNSPECIFIED",
		1: "PERMISSION_PATTERN_MATCHED",
		2: "PERMISSION_PATTERN_NOT_MATCHED",
	}
	PermissionPatternMatchingState_value = map[string]int32{
		"PERMISSION_PATTERN_MATCHING_STATE_UNSPECIFIED": 0,
		"PERMISSION_PATTERN_MATCHED":                    1,
		"PERMISSION_PATTERN_NOT_MATCHED":                2,
	}
)

var (
	MembershipMatchingState_name = map[int32]string{
		0: "MEMBERSHIP_MATCHING_STATE_UNSPECIFIED",
		1: "MEMBERSHIP_MATCHED",
		2: "MEMBERSHIP_NOT_MATCHED",
		3: "MEMBERSHIP_UNKNOWN_INFO",
		4: "MEMBERSHIP_UNKNOWN_UNSUPPORTED",
	}
	MembershipMatchingState_value = map[string]int32{
		"MEMBERSHIP_MATCHING_STATE_UNSPECIFIED": 0,
		"MEMBERSHIP_MATCHED":                    1,
		"MEMBERSHIP_NOT_MATCHED":                2,
		"MEMBERSHIP_UNKNOWN_INFO":               3,
		"MEMBERSHIP_UNKNOWN_UNSUPPORTED":        4,
	}
)

var (
	HeuristicRelevance_name = map[int32]string{
		0: "HEURISTIC_RELEVANCE_UNSPECIFIED",
		1: "HEURISTIC_RELEVANCE_NORMAL",
		2: "HEURISTIC_RELEVANCE_HIGH",
	}
	HeuristicRelevance_value = map[string]int32{
		"HEURISTIC_RELEVANCE_UNSPECIFIED": 0,
		"HEURISTIC_RELEVANCE_NORMAL":      1,
		"HEURISTIC_RELEVANCE_HIGH":        2,
	}
)

var (
	TroubleshootIamPolicyResponse_OverallAccessState_name = map[int32]string{
		0: "OVERALL_ACCESS_STATE_UNSPECIFIED",
		1: "CAN_ACCESS",
		2: "CANNOT_ACCESS",
		3: "UNKNOWN_INFO",
		4: "UNKNOWN_CONDITIONAL",
	}
	TroubleshootIamPolicyResponse_OverallAccessState_value = map[string]int32{
		"OVERALL_ACCESS_STATE_UNSPECIFIED": 0,
		"CAN_ACCESS":                       1,
		"CANNOT_ACCESS":                    2,
		"UNKNOWN_INFO":                     3,
		"UNKNOWN_CONDITIONAL":              4,
	}
)

var File_google_cloud_policytroubleshooter_iam_v3_troubleshooter_proto protoreflect.FileDescriptor

func RegisterPolicyTroubleshooterServer(s *grpc.Server, srv PolicyTroubleshooterServer)

type AccessTuple struct {

	// Required. The email address of the principal whose access you want to
	// check. For example, `alice@example.com` or
	// `my-service-account@my-project.iam.gserviceaccount.com`.
	//
	// The principal must be a Google Account or a service account. Other types of
	// principals are not supported.
	Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"`
	// Required. The full resource name that identifies the resource. For example,
	// `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`.
	//
	// For examples of full resource names for Google Cloud services, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// Required. The IAM permission to check for, either in the `v1` permission
	// format or the `v2` permission format.
	//
	// For a complete list of IAM permissions in the `v1` format, see
	// https://cloud.google.com/iam/help/permissions/reference.
	//
	// For a list of IAM permissions in the `v2` format, see
	// https://cloud.google.com/iam/help/deny/supported-permissions.
	//
	// For a complete list of predefined IAM roles and the permissions in each
	// role, see https://cloud.google.com/iam/help/roles/reference.
	Permission string `protobuf:"bytes,3,opt,name=permission,proto3" json:"permission,omitempty"`
	// Output only. The permission that Policy Troubleshooter checked for, in
	// the `v2` format.
	PermissionFqdn string `protobuf:"bytes,4,opt,name=permission_fqdn,json=permissionFqdn,proto3" json:"permission_fqdn,omitempty"`
	// Optional. Additional context for the request, such as the request time or
	// IP address. This context allows Policy Troubleshooter to troubleshoot
	// conditional role bindings and deny rules.
	ConditionContext *ConditionContext `protobuf:"bytes,5,opt,name=condition_context,json=conditionContext,proto3" json:"condition_context,omitempty"`
	// contains filtered or unexported fields
}

func (*AccessTuple) Descriptor() ([]byte, []int)

func (x *AccessTuple) GetConditionContext() *ConditionContext

func (x *AccessTuple) GetFullResourceName() string

func (x *AccessTuple) GetPermission() string

func (x *AccessTuple) GetPermissionFqdn() string

func (x *AccessTuple) GetPrincipal() string

func (*AccessTuple) ProtoMessage()

func (x *AccessTuple) ProtoReflect() protoreflect.Message

func (x *AccessTuple) Reset()

func (x *AccessTuple) String() string

type AllowAccessState int32

const (
	// Not specified.
	AllowAccessState_ALLOW_ACCESS_STATE_UNSPECIFIED AllowAccessState = 0
	// The allow policy gives the principal the permission.
	AllowAccessState_ALLOW_ACCESS_STATE_GRANTED AllowAccessState = 1
	// The allow policy doesn't give the principal the permission.
	AllowAccessState_ALLOW_ACCESS_STATE_NOT_GRANTED AllowAccessState = 2
	// The allow policy gives the principal the permission if a condition
	// expression evaluate to `true`. However, the sender of the request didn't
	// provide enough context for Policy Troubleshooter to evaluate the condition
	// expression.
	AllowAccessState_ALLOW_ACCESS_STATE_UNKNOWN_CONDITIONAL AllowAccessState = 3
	// The sender of the request doesn't have access to all of the allow policies
	// that Policy Troubleshooter needs to evaluate the principal's access.
	AllowAccessState_ALLOW_ACCESS_STATE_UNKNOWN_INFO AllowAccessState = 4
)

func (AllowAccessState) Descriptor() protoreflect.EnumDescriptor

func (x AllowAccessState) Enum() *AllowAccessState

func (AllowAccessState) EnumDescriptor() ([]byte, []int)

func (x AllowAccessState) Number() protoreflect.EnumNumber

func (x AllowAccessState) String() string

func (AllowAccessState) Type() protoreflect.EnumType

type AllowBindingExplanation struct {
	AllowAccessState AllowAccessState "" /* 175 byte string literal not displayed */

	Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`

	RolePermission RolePermissionInclusionState "" /* 179 byte string literal not displayed */

	RolePermissionRelevance HeuristicRelevance "" /* 198 byte string literal not displayed */

	CombinedMembership *AllowBindingExplanation_AnnotatedAllowMembership `protobuf:"bytes,5,opt,name=combined_membership,json=combinedMembership,proto3" json:"combined_membership,omitempty"`

	Memberships map[string]*AllowBindingExplanation_AnnotatedAllowMembership "" /* 163 byte string literal not displayed */

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

	Condition *expr.Expr `protobuf:"bytes,8,opt,name=condition,proto3" json:"condition,omitempty"`

	ConditionExplanation *ConditionExplanation `protobuf:"bytes,9,opt,name=condition_explanation,json=conditionExplanation,proto3" json:"condition_explanation,omitempty"`

}

func (*AllowBindingExplanation) Descriptor() ([]byte, []int)

func (x *AllowBindingExplanation) GetAllowAccessState() AllowAccessState

func (x *AllowBindingExplanation) GetCombinedMembership() *AllowBindingExplanation_AnnotatedAllowMembership

func (x *AllowBindingExplanation) GetCondition() *expr.Expr

func (x *AllowBindingExplanation) GetConditionExplanation() *ConditionExplanation

func (x *AllowBindingExplanation) GetMemberships() map[string]*AllowBindingExplanation_AnnotatedAllowMembership

func (x *AllowBindingExplanation) GetRelevance() HeuristicRelevance

func (x *AllowBindingExplanation) GetRole() string

func (x *AllowBindingExplanation) GetRolePermission() RolePermissionInclusionState

func (x *AllowBindingExplanation) GetRolePermissionRelevance() HeuristicRelevance

func (*AllowBindingExplanation) ProtoMessage()

func (x *AllowBindingExplanation) ProtoReflect() protoreflect.Message

func (x *AllowBindingExplanation) Reset()

func (x *AllowBindingExplanation) String() string

type AllowBindingExplanation_AnnotatedAllowMembership struct {
	Membership MembershipMatchingState "" /* 144 byte string literal not displayed */

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

}

func (*AllowBindingExplanation_AnnotatedAllowMembership) Descriptor() ([]byte, []int)

func (x *AllowBindingExplanation_AnnotatedAllowMembership) GetMembership() MembershipMatchingState

func (x *AllowBindingExplanation_AnnotatedAllowMembership) GetRelevance() HeuristicRelevance

func (*AllowBindingExplanation_AnnotatedAllowMembership) ProtoMessage()

func (x *AllowBindingExplanation_AnnotatedAllowMembership) ProtoReflect() protoreflect.Message

func (x *AllowBindingExplanation_AnnotatedAllowMembership) Reset()

func (x *AllowBindingExplanation_AnnotatedAllowMembership) String() string

type AllowPolicyExplanation struct {
	AllowAccessState AllowAccessState "" /* 175 byte string literal not displayed */

	ExplainedPolicies []*ExplainedAllowPolicy `protobuf:"bytes,2,rep,name=explained_policies,json=explainedPolicies,proto3" json:"explained_policies,omitempty"`

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

}

func (*AllowPolicyExplanation) Descriptor() ([]byte, []int)

func (x *AllowPolicyExplanation) GetAllowAccessState() AllowAccessState

func (x *AllowPolicyExplanation) GetExplainedPolicies() []*ExplainedAllowPolicy

func (x *AllowPolicyExplanation) GetRelevance() HeuristicRelevance

func (*AllowPolicyExplanation) ProtoMessage()

func (x *AllowPolicyExplanation) ProtoReflect() protoreflect.Message

func (x *AllowPolicyExplanation) Reset()

func (x *AllowPolicyExplanation) String() string

type ConditionContext struct {

	// Represents a target resource that is involved with a network activity.
	// If multiple resources are involved with an activity, this must be the
	// primary one.
	Resource *ConditionContext_Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
	// The destination of a network activity, such as accepting a TCP connection.
	// In a multi-hop network activity, the destination represents the receiver of
	// the last hop.
	Destination *ConditionContext_Peer `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"`
	// Represents a network request, such as an HTTP request.
	Request *ConditionContext_Request `protobuf:"bytes,3,opt,name=request,proto3" json:"request,omitempty"`
	// Output only. The effective tags on the resource. The effective tags are
	// fetched during troubleshooting.
	EffectiveTags []*ConditionContext_EffectiveTag `protobuf:"bytes,4,rep,name=effective_tags,json=effectiveTags,proto3" json:"effective_tags,omitempty"`
	// contains filtered or unexported fields
}

func (*ConditionContext) Descriptor() ([]byte, []int)

func (x *ConditionContext) GetDestination() *ConditionContext_Peer

func (x *ConditionContext) GetEffectiveTags() []*ConditionContext_EffectiveTag

func (x *ConditionContext) GetRequest() *ConditionContext_Request

func (x *ConditionContext) GetResource() *ConditionContext_Resource

func (*ConditionContext) ProtoMessage()

func (x *ConditionContext) ProtoReflect() protoreflect.Message

func (x *ConditionContext) Reset()

func (x *ConditionContext) String() string

type ConditionContext_EffectiveTag struct {

	// Output only. Resource name for TagValue in the format `tagValues/456`.
	TagValue string `protobuf:"bytes,1,opt,name=tag_value,json=tagValue,proto3" json:"tag_value,omitempty"`
	// Output only. The namespaced name of the TagValue. Can be in the form
	// `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or
	// `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or
	// `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
	NamespacedTagValue string `protobuf:"bytes,2,opt,name=namespaced_tag_value,json=namespacedTagValue,proto3" json:"namespaced_tag_value,omitempty"`
	// Output only. The name of the TagKey, in the format `tagKeys/{id}`, such
	// as `tagKeys/123`.
	TagKey string `protobuf:"bytes,3,opt,name=tag_key,json=tagKey,proto3" json:"tag_key,omitempty"`
	// Output only. The namespaced name of the TagKey. Can be in the form
	// `{organization_id}/{tag_key_short_name}` or
	// `{project_id}/{tag_key_short_name}` or
	// `{project_number}/{tag_key_short_name}`.
	NamespacedTagKey string `protobuf:"bytes,4,opt,name=namespaced_tag_key,json=namespacedTagKey,proto3" json:"namespaced_tag_key,omitempty"`
	// The parent name of the tag key.
	// Must be in the format `organizations/{organization_id}` or
	// `projects/{project_number}`
	TagKeyParentName string `protobuf:"bytes,6,opt,name=tag_key_parent_name,json=tagKeyParentName,proto3" json:"tag_key_parent_name,omitempty"`
	// Output only. Indicates the inheritance status of a tag value
	// attached to the given resource. If the tag value is inherited from one of
	// the resource's ancestors, inherited will be true. If false, then the tag
	// value is directly attached to the resource, inherited will be false.
	Inherited bool `protobuf:"varint,5,opt,name=inherited,proto3" json:"inherited,omitempty"`
	// contains filtered or unexported fields
}

func (*ConditionContext_EffectiveTag) Descriptor() ([]byte, []int)

func (x *ConditionContext_EffectiveTag) GetInherited() bool

func (x *ConditionContext_EffectiveTag) GetNamespacedTagKey() string

func (x *ConditionContext_EffectiveTag) GetNamespacedTagValue() string

func (x *ConditionContext_EffectiveTag) GetTagKey() string

func (x *ConditionContext_EffectiveTag) GetTagKeyParentName() string

func (x *ConditionContext_EffectiveTag) GetTagValue() string

func (*ConditionContext_EffectiveTag) ProtoMessage()

func (x *ConditionContext_EffectiveTag) ProtoReflect() protoreflect.Message

func (x *ConditionContext_EffectiveTag) Reset()

func (x *ConditionContext_EffectiveTag) String() string

type ConditionContext_Peer struct {

	// The IPv4 or IPv6 address of the peer.
	Ip string `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
	// The network port of the peer.
	Port int64 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
	// contains filtered or unexported fields
}

func (*ConditionContext_Peer) Descriptor() ([]byte, []int)

func (x *ConditionContext_Peer) GetIp() string

func (x *ConditionContext_Peer) GetPort() int64

func (*ConditionContext_Peer) ProtoMessage()

func (x *ConditionContext_Peer) ProtoReflect() protoreflect.Message

func (x *ConditionContext_Peer) Reset()

func (x *ConditionContext_Peer) String() string

type ConditionContext_Request struct {

	// Optional. The timestamp when the destination service receives the first
	// byte of the request.
	ReceiveTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=receive_time,json=receiveTime,proto3" json:"receive_time,omitempty"`
	// contains filtered or unexported fields
}

func (*ConditionContext_Request) Descriptor() ([]byte, []int)

func (x *ConditionContext_Request) GetReceiveTime() *timestamppb.Timestamp

func (*ConditionContext_Request) ProtoMessage()

func (x *ConditionContext_Request) ProtoReflect() protoreflect.Message

func (x *ConditionContext_Request) Reset()

func (x *ConditionContext_Request) String() string

type ConditionContext_Resource struct {

	// The name of the service that this resource belongs to, such as
	// `compute.googleapis.com`. The service name might not match the DNS
	// hostname that actually serves the request.
	//
	// For a full list of resource service values, see
	// https://cloud.google.com/iam/help/conditions/resource-services
	Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
	// The stable identifier (name) of a resource on the `service`. A resource
	// can be logically identified as `//{resource.service}/{resource.name}`.
	// Unlike the resource URI, the resource name doesn't contain any protocol
	// and version information.
	//
	// For a list of full resource name formats, see
	// https://cloud.google.com/iam/help/troubleshooter/full-resource-names
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// The type of the resource, in the format `{service}/{kind}`.
	//
	// For a full list of resource type values, see
	// https://cloud.google.com/iam/help/conditions/resource-types
	Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"`
	// contains filtered or unexported fields
}

func (*ConditionContext_Resource) Descriptor() ([]byte, []int)

func (x *ConditionContext_Resource) GetName() string

func (x *ConditionContext_Resource) GetService() string

func (x *ConditionContext_Resource) GetType() string

func (*ConditionContext_Resource) ProtoMessage()

func (x *ConditionContext_Resource) ProtoReflect() protoreflect.Message

func (x *ConditionContext_Resource) Reset()

func (x *ConditionContext_Resource) String() string

type ConditionExplanation struct {

	// Value of the condition.
	Value *structpb.Value `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
	// Any errors that prevented complete evaluation of the condition expression.
	Errors []*status.Status `protobuf:"bytes,3,rep,name=errors,proto3" json:"errors,omitempty"`
	// The value of each statement of the condition expression. The value can be
	// `true`, `false`, or `null`. The value is `null` if the statement can't be
	// evaluated.
	EvaluationStates []*ConditionExplanation_EvaluationState `protobuf:"bytes,2,rep,name=evaluation_states,json=evaluationStates,proto3" json:"evaluation_states,omitempty"`
	// contains filtered or unexported fields
}

func (*ConditionExplanation) Descriptor() ([]byte, []int)

func (x *ConditionExplanation) GetErrors() []*status.Status

func (x *ConditionExplanation) GetEvaluationStates() []*ConditionExplanation_EvaluationState

func (x *ConditionExplanation) GetValue() *structpb.Value

func (*ConditionExplanation) ProtoMessage()

func (x *ConditionExplanation) ProtoReflect() protoreflect.Message

func (x *ConditionExplanation) Reset()

func (x *ConditionExplanation) String() string

type ConditionExplanation_EvaluationState struct {

	// Start position of an expression in the condition, by character.
	Start int32 `protobuf:"varint,1,opt,name=start,proto3" json:"start,omitempty"`
	// End position of an expression in the condition, by character,
	// end included, for example: the end position of the first part of
	// `a==b || c==d` would be 4.
	End int32 `protobuf:"varint,2,opt,name=end,proto3" json:"end,omitempty"`
	// Value of this expression.
	Value *structpb.Value `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
	// Any errors that prevented complete evaluation of the condition
	// expression.
	Errors []*status.Status `protobuf:"bytes,4,rep,name=errors,proto3" json:"errors,omitempty"`
	// contains filtered or unexported fields
}

func (*ConditionExplanation_EvaluationState) Descriptor() ([]byte, []int)

func (x *ConditionExplanation_EvaluationState) GetEnd() int32

func (x *ConditionExplanation_EvaluationState) GetErrors() []*status.Status

func (x *ConditionExplanation_EvaluationState) GetStart() int32

func (x *ConditionExplanation_EvaluationState) GetValue() *structpb.Value

func (*ConditionExplanation_EvaluationState) ProtoMessage()

func (x *ConditionExplanation_EvaluationState) ProtoReflect() protoreflect.Message

func (x *ConditionExplanation_EvaluationState) Reset()

func (x *ConditionExplanation_EvaluationState) String() string

type DenyAccessState int32

const (
	// Not specified.
	DenyAccessState_DENY_ACCESS_STATE_UNSPECIFIED DenyAccessState = 0
	// The deny policy denies the principal the permission.
	DenyAccessState_DENY_ACCESS_STATE_DENIED DenyAccessState = 1
	// The deny policy doesn't deny the principal the permission.
	DenyAccessState_DENY_ACCESS_STATE_NOT_DENIED DenyAccessState = 2
	// The deny policy denies the principal the permission if a condition
	// expression evaluates to `true`. However, the sender of the request didn't
	// provide enough context for Policy Troubleshooter to evaluate the condition
	// expression.
	DenyAccessState_DENY_ACCESS_STATE_UNKNOWN_CONDITIONAL DenyAccessState = 3
	// The sender of the request does not have access to all of the deny policies
	// that Policy Troubleshooter needs to evaluate the principal's access.
	DenyAccessState_DENY_ACCESS_STATE_UNKNOWN_INFO DenyAccessState = 4
)

func (DenyAccessState) Descriptor() protoreflect.EnumDescriptor

func (x DenyAccessState) Enum() *DenyAccessState

func (DenyAccessState) EnumDescriptor() ([]byte, []int)

func (x DenyAccessState) Number() protoreflect.EnumNumber

func (x DenyAccessState) String() string

func (DenyAccessState) Type() protoreflect.EnumType

type DenyPolicyExplanation struct {
	DenyAccessState DenyAccessState "" /* 171 byte string literal not displayed */

	ExplainedResources []*ExplainedDenyResource `protobuf:"bytes,2,rep,name=explained_resources,json=explainedResources,proto3" json:"explained_resources,omitempty"`

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

	PermissionDeniable bool `protobuf:"varint,4,opt,name=permission_deniable,json=permissionDeniable,proto3" json:"permission_deniable,omitempty"`

}

func (*DenyPolicyExplanation) Descriptor() ([]byte, []int)

func (x *DenyPolicyExplanation) GetDenyAccessState() DenyAccessState

func (x *DenyPolicyExplanation) GetExplainedResources() []*ExplainedDenyResource

func (x *DenyPolicyExplanation) GetPermissionDeniable() bool

func (x *DenyPolicyExplanation) GetRelevance() HeuristicRelevance

func (*DenyPolicyExplanation) ProtoMessage()

func (x *DenyPolicyExplanation) ProtoReflect() protoreflect.Message

func (x *DenyPolicyExplanation) Reset()

func (x *DenyPolicyExplanation) String() string

type DenyRuleExplanation struct {
	DenyAccessState DenyAccessState "" /* 171 byte string literal not displayed */

	CombinedDeniedPermission *DenyRuleExplanation_AnnotatedPermissionMatching "" /* 135 byte string literal not displayed */

	DeniedPermissions map[string]*DenyRuleExplanation_AnnotatedPermissionMatching "" /* 200 byte string literal not displayed */

	CombinedExceptionPermission *DenyRuleExplanation_AnnotatedPermissionMatching "" /* 144 byte string literal not displayed */

	ExceptionPermissions map[string]*DenyRuleExplanation_AnnotatedPermissionMatching "" /* 209 byte string literal not displayed */

	CombinedDeniedPrincipal *DenyRuleExplanation_AnnotatedDenyPrincipalMatching "" /* 132 byte string literal not displayed */

	DeniedPrincipals map[string]*DenyRuleExplanation_AnnotatedDenyPrincipalMatching "" /* 197 byte string literal not displayed */

	CombinedExceptionPrincipal *DenyRuleExplanation_AnnotatedDenyPrincipalMatching "" /* 141 byte string literal not displayed */

	ExceptionPrincipals map[string]*DenyRuleExplanation_AnnotatedDenyPrincipalMatching "" /* 206 byte string literal not displayed */

	Relevance HeuristicRelevance "" /* 138 byte string literal not displayed */

	Condition *expr.Expr `protobuf:"bytes,11,opt,name=condition,proto3" json:"condition,omitempty"`

	ConditionExplanation *ConditionExplanation `protobuf:"bytes,12,opt,name=condition_explanation,json=conditionExplanation,proto3" json:"condition_explanation,omitempty"`

}

func (*DenyRuleExplanation) Descriptor() ([]byte, []int)

func (x *DenyRuleExplanation) GetCombinedDeniedPermission() *DenyRuleExplanation_AnnotatedPermissionMatching

func (x *DenyRuleExplanation) GetCombinedDeniedPrincipal() *DenyRuleExplanation_AnnotatedDenyPrincipalMatching

func (x *DenyRuleExplanation) GetCombinedExceptionPermission() *DenyRuleExplanation_AnnotatedPermissionMatching

func (x *DenyRuleExplanation) GetCombinedExceptionPrincipal() *DenyRuleExplanation_AnnotatedDenyPrincipalMatching

func (x *DenyRuleExplanation) GetCondition() *expr.Expr

func (x *DenyRuleExplanation) GetConditionExplanation() *ConditionExplanation

func (x *DenyRuleExplanation) GetDeniedPermissions() map[string]*DenyRuleExplanation_AnnotatedPermissionMatching

func (x *DenyRuleExplanation) GetDeniedPrincipals() map[string]*DenyRuleExplanation_AnnotatedDenyPrincipalMatching

func (x *DenyRuleExplanation) GetDenyAccessState() DenyAccessState

func (x *DenyRuleExplanation) GetExceptionPermissions() map[string]*DenyRuleExplanation_AnnotatedPermissionMatching

func (x *DenyRuleExplanation) GetExceptionPrincipals() map[string]*DenyRuleExplanation_AnnotatedDenyPrincipalMatching

func (x *DenyRuleExplanation) GetRelevance() HeuristicRelevance

func (*DenyRuleExplanation) ProtoMessage()

func (x *DenyRuleExplanation) ProtoReflect() protoreflect.Message

func (x *DenyRuleExplanation) Reset()

func (x *DenyRuleExplanation) String() string

type DenyRuleExplanation_AnnotatedDenyPrincipalMatching struct {
	Membership MembershipMatchingState "" /* 144 byte string literal not displayed */

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

}

func (*DenyRuleExplanation_AnnotatedDenyPrincipalMatching) Descriptor() ([]byte, []int)

func (x *DenyRuleExplanation_AnnotatedDenyPrincipalMatching) GetMembership() MembershipMatchingState

func (x *DenyRuleExplanation_AnnotatedDenyPrincipalMatching) GetRelevance() HeuristicRelevance

func (*DenyRuleExplanation_AnnotatedDenyPrincipalMatching) ProtoMessage()

func (x *DenyRuleExplanation_AnnotatedDenyPrincipalMatching) ProtoReflect() protoreflect.Message

func (x *DenyRuleExplanation_AnnotatedDenyPrincipalMatching) Reset()

func (x *DenyRuleExplanation_AnnotatedDenyPrincipalMatching) String() string

type DenyRuleExplanation_AnnotatedPermissionMatching struct {
	PermissionMatchingState PermissionPatternMatchingState "" /* 210 byte string literal not displayed */

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

}

func (*DenyRuleExplanation_AnnotatedPermissionMatching) Descriptor() ([]byte, []int)

func (x *DenyRuleExplanation_AnnotatedPermissionMatching) GetPermissionMatchingState() PermissionPatternMatchingState

func (x *DenyRuleExplanation_AnnotatedPermissionMatching) GetRelevance() HeuristicRelevance

func (*DenyRuleExplanation_AnnotatedPermissionMatching) ProtoMessage()

func (x *DenyRuleExplanation_AnnotatedPermissionMatching) ProtoReflect() protoreflect.Message

func (x *DenyRuleExplanation_AnnotatedPermissionMatching) Reset()

func (x *DenyRuleExplanation_AnnotatedPermissionMatching) String() string

type ExplainedAllowPolicy struct {
	AllowAccessState AllowAccessState "" /* 175 byte string literal not displayed */

	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`

	BindingExplanations []*AllowBindingExplanation `protobuf:"bytes,3,rep,name=binding_explanations,json=bindingExplanations,proto3" json:"binding_explanations,omitempty"`

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

	Policy *iampb.Policy `protobuf:"bytes,5,opt,name=policy,proto3" json:"policy,omitempty"`

}

func (*ExplainedAllowPolicy) Descriptor() ([]byte, []int)

func (x *ExplainedAllowPolicy) GetAllowAccessState() AllowAccessState

func (x *ExplainedAllowPolicy) GetBindingExplanations() []*AllowBindingExplanation

func (x *ExplainedAllowPolicy) GetFullResourceName() string

func (x *ExplainedAllowPolicy) GetPolicy() *iampb.Policy

func (x *ExplainedAllowPolicy) GetRelevance() HeuristicRelevance

func (*ExplainedAllowPolicy) ProtoMessage()

func (x *ExplainedAllowPolicy) ProtoReflect() protoreflect.Message

func (x *ExplainedAllowPolicy) Reset()

func (x *ExplainedAllowPolicy) String() string

type ExplainedDenyPolicy struct {
	DenyAccessState DenyAccessState "" /* 171 byte string literal not displayed */

	Policy *iampb1.Policy `protobuf:"bytes,2,opt,name=policy,proto3" json:"policy,omitempty"`

	RuleExplanations []*DenyRuleExplanation `protobuf:"bytes,3,rep,name=rule_explanations,json=ruleExplanations,proto3" json:"rule_explanations,omitempty"`

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

}

func (*ExplainedDenyPolicy) Descriptor() ([]byte, []int)

func (x *ExplainedDenyPolicy) GetDenyAccessState() DenyAccessState

func (x *ExplainedDenyPolicy) GetPolicy() *iampb1.Policy

func (x *ExplainedDenyPolicy) GetRelevance() HeuristicRelevance

func (x *ExplainedDenyPolicy) GetRuleExplanations() []*DenyRuleExplanation

func (*ExplainedDenyPolicy) ProtoMessage()

func (x *ExplainedDenyPolicy) ProtoReflect() protoreflect.Message

func (x *ExplainedDenyPolicy) Reset()

func (x *ExplainedDenyPolicy) String() string

type ExplainedDenyResource struct {
	DenyAccessState DenyAccessState "" /* 171 byte string literal not displayed */

	FullResourceName string `protobuf:"bytes,2,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`

	ExplainedPolicies []*ExplainedDenyPolicy `protobuf:"bytes,3,rep,name=explained_policies,json=explainedPolicies,proto3" json:"explained_policies,omitempty"`

	Relevance HeuristicRelevance "" /* 137 byte string literal not displayed */

}

func (*ExplainedDenyResource) Descriptor() ([]byte, []int)

func (x *ExplainedDenyResource) GetDenyAccessState() DenyAccessState

func (x *ExplainedDenyResource) GetExplainedPolicies() []*ExplainedDenyPolicy

func (x *ExplainedDenyResource) GetFullResourceName() string

func (x *ExplainedDenyResource) GetRelevance() HeuristicRelevance

func (*ExplainedDenyResource) ProtoMessage()

func (x *ExplainedDenyResource) ProtoReflect() protoreflect.Message

func (x *ExplainedDenyResource) Reset()

func (x *ExplainedDenyResource) String() string

type HeuristicRelevance int32

const (
	// Not specified.
	HeuristicRelevance_HEURISTIC_RELEVANCE_UNSPECIFIED HeuristicRelevance = 0
	// The data point has a limited effect on the result. Changing the data point
	// is unlikely to affect the overall determination.
	HeuristicRelevance_HEURISTIC_RELEVANCE_NORMAL HeuristicRelevance = 1
	// The data point has a strong effect on the result. Changing the data point
	// is likely to affect the overall determination.
	HeuristicRelevance_HEURISTIC_RELEVANCE_HIGH HeuristicRelevance = 2
)

func (HeuristicRelevance) Descriptor() protoreflect.EnumDescriptor

func (x HeuristicRelevance) Enum() *HeuristicRelevance

func (HeuristicRelevance) EnumDescriptor() ([]byte, []int)

func (x HeuristicRelevance) Number() protoreflect.EnumNumber

func (x HeuristicRelevance) String() string

func (HeuristicRelevance) Type() protoreflect.EnumType

type MembershipMatchingState int32

const (
	// Not specified.
	MembershipMatchingState_MEMBERSHIP_MATCHING_STATE_UNSPECIFIED MembershipMatchingState = 0
	// The principal in the request matches the principal in the policy. The
	// principal can be included directly or indirectly:
	//
	// * A principal is included directly if that principal is listed in the
	//   role binding.
	// * A principal is included indirectly if that principal is in a Google
	//   group, Google Workspace account, or Cloud Identity domain that is listed
	//   in the policy.
	MembershipMatchingState_MEMBERSHIP_MATCHED MembershipMatchingState = 1
	// The principal in the request doesn't match the principal in the policy.
	MembershipMatchingState_MEMBERSHIP_NOT_MATCHED MembershipMatchingState = 2
	// The principal in the policy is a group or domain, and the sender of the
	// request doesn't have permission to view whether the principal in the
	// request is a member of the group or domain.
	MembershipMatchingState_MEMBERSHIP_UNKNOWN_INFO MembershipMatchingState = 3
	// The principal is an unsupported type.
	MembershipMatchingState_MEMBERSHIP_UNKNOWN_UNSUPPORTED MembershipMatchingState = 4
)

func (MembershipMatchingState) Descriptor() protoreflect.EnumDescriptor

func (x MembershipMatchingState) Enum() *MembershipMatchingState

func (MembershipMatchingState) EnumDescriptor() ([]byte, []int)

func (x MembershipMatchingState) Number() protoreflect.EnumNumber

func (x MembershipMatchingState) String() string

func (MembershipMatchingState) Type() protoreflect.EnumType

type PermissionPatternMatchingState int32

const (
	// Not specified.
	PermissionPatternMatchingState_PERMISSION_PATTERN_MATCHING_STATE_UNSPECIFIED PermissionPatternMatchingState = 0
	// The permission in the request matches the permission in the policy.
	PermissionPatternMatchingState_PERMISSION_PATTERN_MATCHED PermissionPatternMatchingState = 1
	// The permission in the request matches the permission in the policy.
	PermissionPatternMatchingState_PERMISSION_PATTERN_NOT_MATCHED PermissionPatternMatchingState = 2
)

func (PermissionPatternMatchingState) Descriptor() protoreflect.EnumDescriptor

func (x PermissionPatternMatchingState) Enum() *PermissionPatternMatchingState

func (PermissionPatternMatchingState) EnumDescriptor() ([]byte, []int)

func (x PermissionPatternMatchingState) Number() protoreflect.EnumNumber

func (x PermissionPatternMatchingState) String() string

func (PermissionPatternMatchingState) Type() protoreflect.EnumType

type PolicyTroubleshooterClient interface {
	// Checks whether a principal has a specific permission for a specific
	// resource, and explains why the principal does or doesn't have that
	// permission.
	TroubleshootIamPolicy(ctx context.Context, in *TroubleshootIamPolicyRequest, opts ...grpc.CallOption) (*TroubleshootIamPolicyResponse, error)
}

func NewPolicyTroubleshooterClient(cc grpc.ClientConnInterface) PolicyTroubleshooterClient

type PolicyTroubleshooterServer interface {
	// Checks whether a principal has a specific permission for a specific
	// resource, and explains why the principal does or doesn't have that
	// permission.
	TroubleshootIamPolicy(context.Context, *TroubleshootIamPolicyRequest) (*TroubleshootIamPolicyResponse, error)
}

type RolePermissionInclusionState int32

const (
	// Not specified.
	RolePermissionInclusionState_ROLE_PERMISSION_INCLUSION_STATE_UNSPECIFIED RolePermissionInclusionState = 0
	// The permission is included in the role.
	RolePermissionInclusionState_ROLE_PERMISSION_INCLUDED RolePermissionInclusionState = 1
	// The permission is not included in the role.
	RolePermissionInclusionState_ROLE_PERMISSION_NOT_INCLUDED RolePermissionInclusionState = 2
	// The sender of the request is not allowed to access the role definition.
	RolePermissionInclusionState_ROLE_PERMISSION_UNKNOWN_INFO RolePermissionInclusionState = 3
)

func (RolePermissionInclusionState) Descriptor() protoreflect.EnumDescriptor

func (x RolePermissionInclusionState) Enum() *RolePermissionInclusionState

func (RolePermissionInclusionState) EnumDescriptor() ([]byte, []int)

func (x RolePermissionInclusionState) Number() protoreflect.EnumNumber

func (x RolePermissionInclusionState) String() string

func (RolePermissionInclusionState) Type() protoreflect.EnumType

type TroubleshootIamPolicyRequest struct {

	// The information to use for checking whether a principal has a permission
	// for a resource.
	AccessTuple *AccessTuple `protobuf:"bytes,1,opt,name=access_tuple,json=accessTuple,proto3" json:"access_tuple,omitempty"`
	// contains filtered or unexported fields
}

func (*TroubleshootIamPolicyRequest) Descriptor() ([]byte, []int)

func (x *TroubleshootIamPolicyRequest) GetAccessTuple() *AccessTuple

func (*TroubleshootIamPolicyRequest) ProtoMessage()

func (x *TroubleshootIamPolicyRequest) ProtoReflect() protoreflect.Message

func (x *TroubleshootIamPolicyRequest) Reset()

func (x *TroubleshootIamPolicyRequest) String() string

type TroubleshootIamPolicyResponse struct {
	OverallAccessState TroubleshootIamPolicyResponse_OverallAccessState "" /* 213 byte string literal not displayed */

	AccessTuple *AccessTuple `protobuf:"bytes,2,opt,name=access_tuple,json=accessTuple,proto3" json:"access_tuple,omitempty"`

	AllowPolicyExplanation *AllowPolicyExplanation "" /* 129 byte string literal not displayed */

	DenyPolicyExplanation *DenyPolicyExplanation `protobuf:"bytes,4,opt,name=deny_policy_explanation,json=denyPolicyExplanation,proto3" json:"deny_policy_explanation,omitempty"`

}

func (*TroubleshootIamPolicyResponse) Descriptor() ([]byte, []int)

func (x *TroubleshootIamPolicyResponse) GetAccessTuple() *AccessTuple

func (x *TroubleshootIamPolicyResponse) GetAllowPolicyExplanation() *AllowPolicyExplanation

func (x *TroubleshootIamPolicyResponse) GetDenyPolicyExplanation() *DenyPolicyExplanation

func (x *TroubleshootIamPolicyResponse) GetOverallAccessState() TroubleshootIamPolicyResponse_OverallAccessState

func (*TroubleshootIamPolicyResponse) ProtoMessage()

func (x *TroubleshootIamPolicyResponse) ProtoReflect() protoreflect.Message

func (x *TroubleshootIamPolicyResponse) Reset()

func (x *TroubleshootIamPolicyResponse) String() string

type TroubleshootIamPolicyResponse_OverallAccessState int32

const (
	// Not specified.
	TroubleshootIamPolicyResponse_OVERALL_ACCESS_STATE_UNSPECIFIED TroubleshootIamPolicyResponse_OverallAccessState = 0
	// The principal has the permission.
	TroubleshootIamPolicyResponse_CAN_ACCESS TroubleshootIamPolicyResponse_OverallAccessState = 1
	// The principal doesn't have the permission.
	TroubleshootIamPolicyResponse_CANNOT_ACCESS TroubleshootIamPolicyResponse_OverallAccessState = 2
	// The principal might have the permission, but the sender can't access all
	// of the information needed to fully evaluate the principal's access.
	TroubleshootIamPolicyResponse_UNKNOWN_INFO TroubleshootIamPolicyResponse_OverallAccessState = 3
	// The principal might have the permission, but Policy Troubleshooter can't
	// fully evaluate the principal's access because the sender didn't provide
	// the required context to evaluate the condition.
	TroubleshootIamPolicyResponse_UNKNOWN_CONDITIONAL TroubleshootIamPolicyResponse_OverallAccessState = 4
)

func (TroubleshootIamPolicyResponse_OverallAccessState) Descriptor() protoreflect.EnumDescriptor

func (x TroubleshootIamPolicyResponse_OverallAccessState) Enum() *TroubleshootIamPolicyResponse_OverallAccessState

func (TroubleshootIamPolicyResponse_OverallAccessState) EnumDescriptor() ([]byte, []int)

func (x TroubleshootIamPolicyResponse_OverallAccessState) Number() protoreflect.EnumNumber

func (x TroubleshootIamPolicyResponse_OverallAccessState) String() string

func (TroubleshootIamPolicyResponse_OverallAccessState) Type() protoreflect.EnumType

type UnimplementedPolicyTroubleshooterServer struct {
}

func (*UnimplementedPolicyTroubleshooterServer) TroubleshootIamPolicy(context.Context, *TroubleshootIamPolicyRequest) (*TroubleshootIamPolicyResponse, error)