public static final class AnalyzeIamPolicyRequest.Options extends GeneratedMessageV3 implements AnalyzeIamPolicyRequest.OptionsOrBuilder
Contains request options.
Protobuf type google.cloud.asset.v1p4beta1.AnalyzeIamPolicyRequest.Options
Static Fields
ANALYZE_SERVICE_ACCOUNT_IMPERSONATION_FIELD_NUMBER
public static final int ANALYZE_SERVICE_ACCOUNT_IMPERSONATION_FIELD_NUMBER
Field Value
EXECUTION_TIMEOUT_FIELD_NUMBER
public static final int EXECUTION_TIMEOUT_FIELD_NUMBER
Field Value
EXPAND_GROUPS_FIELD_NUMBER
public static final int EXPAND_GROUPS_FIELD_NUMBER
Field Value
EXPAND_RESOURCES_FIELD_NUMBER
public static final int EXPAND_RESOURCES_FIELD_NUMBER
Field Value
EXPAND_ROLES_FIELD_NUMBER
public static final int EXPAND_ROLES_FIELD_NUMBER
Field Value
OUTPUT_GROUP_EDGES_FIELD_NUMBER
public static final int OUTPUT_GROUP_EDGES_FIELD_NUMBER
Field Value
OUTPUT_RESOURCE_EDGES_FIELD_NUMBER
public static final int OUTPUT_RESOURCE_EDGES_FIELD_NUMBER
Field Value
Static Methods
getDefaultInstance()
public static AnalyzeIamPolicyRequest.Options getDefaultInstance()
Returns
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
Returns
newBuilder()
public static AnalyzeIamPolicyRequest.Options.Builder newBuilder()
Returns
newBuilder(AnalyzeIamPolicyRequest.Options prototype)
public static AnalyzeIamPolicyRequest.Options.Builder newBuilder(AnalyzeIamPolicyRequest.Options prototype)
Parameter
Returns
public static AnalyzeIamPolicyRequest.Options parseDelimitedFrom(InputStream input)
Parameter
Returns
Exceptions
public static AnalyzeIamPolicyRequest.Options parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(byte[] data)
public static AnalyzeIamPolicyRequest.Options parseFrom(byte[] data)
Parameter
Name |
Description |
data |
byte[]
|
Returns
Exceptions
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static AnalyzeIamPolicyRequest.Options parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(ByteString data)
public static AnalyzeIamPolicyRequest.Options parseFrom(ByteString data)
Parameter
Returns
Exceptions
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static AnalyzeIamPolicyRequest.Options parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
public static AnalyzeIamPolicyRequest.Options parseFrom(CodedInputStream input)
Parameter
Returns
Exceptions
public static AnalyzeIamPolicyRequest.Options parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
public static AnalyzeIamPolicyRequest.Options parseFrom(InputStream input)
Parameter
Returns
Exceptions
public static AnalyzeIamPolicyRequest.Options parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(ByteBuffer data)
public static AnalyzeIamPolicyRequest.Options parseFrom(ByteBuffer data)
Parameter
Returns
Exceptions
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static AnalyzeIamPolicyRequest.Options parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parser()
public static Parser<AnalyzeIamPolicyRequest.Options> parser()
Returns
Methods
equals(Object obj)
public boolean equals(Object obj)
Parameter
Returns
Overrides
getAnalyzeServiceAccountImpersonation()
public boolean getAnalyzeServiceAccountImpersonation()
Optional. If true, the response will include access analysis from identities to
resources via service account impersonation. This is a very expensive
operation, because many derived queries will be executed. We highly
recommend you use ExportIamPolicyAnalysis rpc instead.
For example, if the request analyzes for which resources user A has
permission P, and there's an IAM policy states user A has
iam.serviceAccounts.getAccessToken permission to a service account SA,
and there's another IAM policy states service account SA has permission P
to a GCP folder F, then user A potentially has access to the GCP folder
F. And those advanced analysis results will be included in
AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
Another example, if the request analyzes for who has
permission P to a GCP folder F, and there's an IAM policy states user A
has iam.serviceAccounts.actAs permission to a service account SA, and
there's another IAM policy states service account SA has permission P to
the GCP folder F, then user A potentially has access to the GCP folder
F. And those advanced analysis results will be included in
AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
Default is false.
bool analyze_service_account_impersonation = 6 [(.google.api.field_behavior) = OPTIONAL];
Returns
Type |
Description |
boolean |
The analyzeServiceAccountImpersonation.
|
getDefaultInstanceForType()
public AnalyzeIamPolicyRequest.Options getDefaultInstanceForType()
Returns
getExecutionTimeout()
public Duration getExecutionTimeout()
Optional. Amount of time executable has to complete. See JSON representation of
Duration.
If this field is set with a value less than the RPC deadline, and the
execution of your query hasn't finished in the specified
execution timeout, you will get a response with partial result.
Otherwise, your query's execution will continue until the RPC deadline.
If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
Default is empty.
.google.protobuf.Duration execution_timeout = 7 [(.google.api.field_behavior) = OPTIONAL];
Returns
Type |
Description |
Duration |
The executionTimeout.
|
getExecutionTimeoutOrBuilder()
public DurationOrBuilder getExecutionTimeoutOrBuilder()
Optional. Amount of time executable has to complete. See JSON representation of
Duration.
If this field is set with a value less than the RPC deadline, and the
execution of your query hasn't finished in the specified
execution timeout, you will get a response with partial result.
Otherwise, your query's execution will continue until the RPC deadline.
If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
Default is empty.
.google.protobuf.Duration execution_timeout = 7 [(.google.api.field_behavior) = OPTIONAL];
Returns
getExpandGroups()
public boolean getExpandGroups()
Optional. If true, the identities section of the result will expand any
Google groups appearing in an IAM policy binding.
If [identity_selector][] is specified, the identity in the result will
be determined by the selector, and this flag will have no effect.
Default is false.
bool expand_groups = 1 [(.google.api.field_behavior) = OPTIONAL];
Returns
Type |
Description |
boolean |
The expandGroups.
|
getExpandResources()
public boolean getExpandResources()
Optional. If true, the resource section of the result will expand any
resource attached to an IAM policy to include resources lower in the
resource hierarchy.
For example, if the request analyzes for which resources user A has
permission P, and the results include an IAM policy with P on a GCP
folder, the results will also include resources in that folder with
permission P.
If [resource_selector][] is specified, the resource section of the result
will be determined by the selector, and this flag will have no effect.
Default is false.
bool expand_resources = 3 [(.google.api.field_behavior) = OPTIONAL];
Returns
Type |
Description |
boolean |
The expandResources.
|
getExpandRoles()
public boolean getExpandRoles()
Optional. If true, the access section of result will expand any roles
appearing in IAM policy bindings to include their permissions.
If [access_selector][] is specified, the access section of the result
will be determined by the selector, and this flag will have no effect.
Default is false.
bool expand_roles = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns
Type |
Description |
boolean |
The expandRoles.
|
getOutputGroupEdges()
public boolean getOutputGroupEdges()
Optional. If true, the result will output group identity edges, starting
from the binding's group members, to any expanded identities.
Default is false.
bool output_group_edges = 5 [(.google.api.field_behavior) = OPTIONAL];
Returns
Type |
Description |
boolean |
The outputGroupEdges.
|
getOutputResourceEdges()
public boolean getOutputResourceEdges()
Optional. If true, the result will output resource edges, starting
from the policy attached resource, to any expanded resources.
Default is false.
bool output_resource_edges = 4 [(.google.api.field_behavior) = OPTIONAL];
Returns
Type |
Description |
boolean |
The outputResourceEdges.
|
getParserForType()
public Parser<AnalyzeIamPolicyRequest.Options> getParserForType()
Returns
Overrides
getSerializedSize()
public int getSerializedSize()
Returns
Overrides
getUnknownFields()
public final UnknownFieldSet getUnknownFields()
Returns
Overrides
hasExecutionTimeout()
public boolean hasExecutionTimeout()
Optional. Amount of time executable has to complete. See JSON representation of
Duration.
If this field is set with a value less than the RPC deadline, and the
execution of your query hasn't finished in the specified
execution timeout, you will get a response with partial result.
Otherwise, your query's execution will continue until the RPC deadline.
If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
Default is empty.
.google.protobuf.Duration execution_timeout = 7 [(.google.api.field_behavior) = OPTIONAL];
Returns
Type |
Description |
boolean |
Whether the executionTimeout field is set.
|
hashCode()
Returns
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
Overrides
isInitialized()
public final boolean isInitialized()
Returns
Overrides
newBuilderForType()
public AnalyzeIamPolicyRequest.Options.Builder newBuilderForType()
Returns
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected AnalyzeIamPolicyRequest.Options.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
Returns
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
Returns
Overrides
toBuilder()
public AnalyzeIamPolicyRequest.Options.Builder toBuilder()
Returns
writeTo(CodedOutputStream output)
public void writeTo(CodedOutputStream output)
Parameter
Overrides
Exceptions