- 3.57.0 (latest)
- 3.56.0
- 3.55.0
- 3.53.0
- 3.52.0
- 3.51.0
- 3.50.0
- 3.49.0
- 3.48.0
- 3.47.0
- 3.46.0
- 3.45.0
- 3.44.0
- 3.43.0
- 3.41.0
- 3.40.0
- 3.39.0
- 3.38.0
- 3.37.0
- 3.36.0
- 3.35.0
- 3.34.0
- 3.33.0
- 3.32.0
- 3.31.0
- 3.28.0
- 3.27.0
- 3.26.0
- 3.25.0
- 3.24.0
- 3.23.0
- 3.22.0
- 3.21.0
- 3.20.0
- 3.19.0
- 3.18.0
- 3.17.0
- 3.16.0
- 3.15.0
- 3.14.0
- 3.13.0
- 3.12.0
- 3.11.0
- 3.10.0
- 3.9.0
- 3.8.0
- 3.7.2-SNAPSHOT
- 3.6.0
- 3.4.1
- 3.3.1
- 3.2.17
public static final class IamPolicyAnalysisQuery.Options.Builder extends GeneratedMessageV3.Builder<IamPolicyAnalysisQuery.Options.Builder> implements IamPolicyAnalysisQuery.OptionsOrBuilder
Contains query options.
Protobuf type google.cloud.asset.v1.IamPolicyAnalysisQuery.Options
Inheritance
Object > AbstractMessageLite.Builder<MessageType,BuilderType> > AbstractMessage.Builder<BuilderType> > GeneratedMessageV3.Builder > IamPolicyAnalysisQuery.Options.BuilderImplements
IamPolicyAnalysisQuery.OptionsOrBuilderStatic Methods
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
Type | Description |
Descriptor |
Methods
addRepeatedField(Descriptors.FieldDescriptor field, Object value)
public IamPolicyAnalysisQuery.Options.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Name | Description |
field | FieldDescriptor |
value | Object |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
build()
public IamPolicyAnalysisQuery.Options build()
Type | Description |
IamPolicyAnalysisQuery.Options |
buildPartial()
public IamPolicyAnalysisQuery.Options buildPartial()
Type | Description |
IamPolicyAnalysisQuery.Options |
clear()
public IamPolicyAnalysisQuery.Options.Builder clear()
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
clearAnalyzeServiceAccountImpersonation()
public IamPolicyAnalysisQuery.Options.Builder clearAnalyzeServiceAccountImpersonation()
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
bool analyze_service_account_impersonation = 6 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
clearExpandGroups()
public IamPolicyAnalysisQuery.Options.Builder clearExpandGroups()
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
bool expand_groups = 1 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
clearExpandResources()
public IamPolicyAnalysisQuery.Options.Builder clearExpandResources()
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
bool expand_resources = 3 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
clearExpandRoles()
public IamPolicyAnalysisQuery.Options.Builder clearExpandRoles()
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
bool expand_roles = 2 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
clearField(Descriptors.FieldDescriptor field)
public IamPolicyAnalysisQuery.Options.Builder clearField(Descriptors.FieldDescriptor field)
Name | Description |
field | FieldDescriptor |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
clearOneof(Descriptors.OneofDescriptor oneof)
public IamPolicyAnalysisQuery.Options.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Name | Description |
oneof | OneofDescriptor |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
clearOutputGroupEdges()
public IamPolicyAnalysisQuery.Options.Builder clearOutputGroupEdges()
Optional. If true, the result will output group identity edges, starting from the binding's group members, to any expanded identities. Default is false.
bool output_group_edges = 5 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
clearOutputResourceEdges()
public IamPolicyAnalysisQuery.Options.Builder clearOutputResourceEdges()
Optional. If true, the result will output resource edges, starting from the policy attached resource, to any expanded resources. Default is false.
bool output_resource_edges = 4 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
clone()
public IamPolicyAnalysisQuery.Options.Builder clone()
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
getAnalyzeServiceAccountImpersonation()
public boolean getAnalyzeServiceAccountImpersonation()
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
bool analyze_service_account_impersonation = 6 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
boolean | The analyzeServiceAccountImpersonation. |
getDefaultInstanceForType()
public IamPolicyAnalysisQuery.Options getDefaultInstanceForType()
Type | Description |
IamPolicyAnalysisQuery.Options |
getDescriptorForType()
public Descriptors.Descriptor getDescriptorForType()
Type | Description |
Descriptor |
getExpandGroups()
public boolean getExpandGroups()
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
bool expand_groups = 1 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
boolean | The expandGroups. |
getExpandResources()
public boolean getExpandResources()
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
bool expand_resources = 3 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
boolean | The expandResources. |
getExpandRoles()
public boolean getExpandRoles()
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
bool expand_roles = 2 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
boolean | The expandRoles. |
getOutputGroupEdges()
public boolean getOutputGroupEdges()
Optional. If true, the result will output group identity edges, starting from the binding's group members, to any expanded identities. Default is false.
bool output_group_edges = 5 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
boolean | The outputGroupEdges. |
getOutputResourceEdges()
public boolean getOutputResourceEdges()
Optional. If true, the result will output resource edges, starting from the policy attached resource, to any expanded resources. Default is false.
bool output_resource_edges = 4 [(.google.api.field_behavior) = OPTIONAL];
Type | Description |
boolean | The outputResourceEdges. |
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Type | Description |
FieldAccessorTable |
isInitialized()
public final boolean isInitialized()
Type | Description |
boolean |
mergeFrom(IamPolicyAnalysisQuery.Options other)
public IamPolicyAnalysisQuery.Options.Builder mergeFrom(IamPolicyAnalysisQuery.Options other)
Name | Description |
other | IamPolicyAnalysisQuery.Options |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public IamPolicyAnalysisQuery.Options.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Name | Description |
input | CodedInputStream |
extensionRegistry | ExtensionRegistryLite |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
Type | Description |
IOException |
mergeFrom(Message other)
public IamPolicyAnalysisQuery.Options.Builder mergeFrom(Message other)
Name | Description |
other | Message |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
mergeUnknownFields(UnknownFieldSet unknownFields)
public final IamPolicyAnalysisQuery.Options.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Name | Description |
unknownFields | UnknownFieldSet |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
setAnalyzeServiceAccountImpersonation(boolean value)
public IamPolicyAnalysisQuery.Options.Builder setAnalyzeServiceAccountImpersonation(boolean value)
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
bool analyze_service_account_impersonation = 6 [(.google.api.field_behavior) = OPTIONAL];
Name | Description |
value | boolean The analyzeServiceAccountImpersonation to set. |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
setExpandGroups(boolean value)
public IamPolicyAnalysisQuery.Options.Builder setExpandGroups(boolean value)
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
bool expand_groups = 1 [(.google.api.field_behavior) = OPTIONAL];
Name | Description |
value | boolean The expandGroups to set. |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
setExpandResources(boolean value)
public IamPolicyAnalysisQuery.Options.Builder setExpandResources(boolean value)
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
bool expand_resources = 3 [(.google.api.field_behavior) = OPTIONAL];
Name | Description |
value | boolean The expandResources to set. |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
setExpandRoles(boolean value)
public IamPolicyAnalysisQuery.Options.Builder setExpandRoles(boolean value)
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
bool expand_roles = 2 [(.google.api.field_behavior) = OPTIONAL];
Name | Description |
value | boolean The expandRoles to set. |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
setField(Descriptors.FieldDescriptor field, Object value)
public IamPolicyAnalysisQuery.Options.Builder setField(Descriptors.FieldDescriptor field, Object value)
Name | Description |
field | FieldDescriptor |
value | Object |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
setOutputGroupEdges(boolean value)
public IamPolicyAnalysisQuery.Options.Builder setOutputGroupEdges(boolean value)
Optional. If true, the result will output group identity edges, starting from the binding's group members, to any expanded identities. Default is false.
bool output_group_edges = 5 [(.google.api.field_behavior) = OPTIONAL];
Name | Description |
value | boolean The outputGroupEdges to set. |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
setOutputResourceEdges(boolean value)
public IamPolicyAnalysisQuery.Options.Builder setOutputResourceEdges(boolean value)
Optional. If true, the result will output resource edges, starting from the policy attached resource, to any expanded resources. Default is false.
bool output_resource_edges = 4 [(.google.api.field_behavior) = OPTIONAL];
Name | Description |
value | boolean The outputResourceEdges to set. |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder | This builder for chaining. |
setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
public IamPolicyAnalysisQuery.Options.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Name | Description |
field | FieldDescriptor |
index | int |
value | Object |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |
setUnknownFields(UnknownFieldSet unknownFields)
public final IamPolicyAnalysisQuery.Options.Builder setUnknownFields(UnknownFieldSet unknownFields)
Name | Description |
unknownFields | UnknownFieldSet |
Type | Description |
IamPolicyAnalysisQuery.Options.Builder |