- 1.53.0 (latest)
- 1.52.0
- 1.51.0
- 1.50.0
- 1.48.0
- 1.47.0
- 1.46.0
- 1.45.0
- 1.44.0
- 1.43.0
- 1.42.0
- 1.41.0
- 1.40.0
- 1.39.0
- 1.38.0
- 1.36.0
- 1.35.0
- 1.34.0
- 1.33.0
- 1.32.0
- 1.31.0
- 1.30.0
- 1.29.0
- 1.28.0
- 1.27.0
- 1.26.0
- 1.23.0
- 1.22.0
- 1.21.0
- 1.20.0
- 1.19.0
- 1.18.0
- 1.17.0
- 1.16.0
- 1.15.0
- 1.14.0
- 1.13.0
- 1.12.0
- 1.11.0
- 1.10.0
- 1.8.0
- 1.7.0
- 1.6.0
- 1.5.0
- 1.4.0
- 1.3.0
- 1.2.6
- 1.1.0
- 1.0.4
- 0.4.4
A client to Policy Troubleshooter API
The interfaces provided are listed below, along with usage samples.
PolicyTroubleshooterClient
Service Description: IAM Policy Troubleshooter service.
This service helps you troubleshoot access issues for Google Cloud resources.
Sample for PolicyTroubleshooterClient:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (PolicyTroubleshooterClient policyTroubleshooterClient =
PolicyTroubleshooterClient.create()) {
TroubleshootIamPolicyRequest request =
TroubleshootIamPolicyRequest.newBuilder()
.setAccessTuple(AccessTuple.newBuilder().build())
.build();
TroubleshootIamPolicyResponse response =
policyTroubleshooterClient.troubleshootIamPolicy(request);
}
Classes
AccessTuple
Information about the principal, resource, and permission to check.
Protobuf type google.cloud.policytroubleshooter.iam.v3.AccessTuple
AccessTuple.Builder
Information about the principal, resource, and permission to check.
Protobuf type google.cloud.policytroubleshooter.iam.v3.AccessTuple
AllowBindingExplanation
Details about how a role binding in an allow policy affects a principal's ability to use a permission.
Protobuf type google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation
AllowBindingExplanation.AnnotatedAllowMembership
Details about whether the role binding includes the principal.
Protobuf type
google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership
AllowBindingExplanation.AnnotatedAllowMembership.Builder
Details about whether the role binding includes the principal.
Protobuf type
google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership
AllowBindingExplanation.Builder
Details about how a role binding in an allow policy affects a principal's ability to use a permission.
Protobuf type google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation
AllowPolicyExplanation
Details about how the relevant IAM allow policies affect the final access state.
Protobuf type google.cloud.policytroubleshooter.iam.v3.AllowPolicyExplanation
AllowPolicyExplanation.Builder
Details about how the relevant IAM allow policies affect the final access state.
Protobuf type google.cloud.policytroubleshooter.iam.v3.AllowPolicyExplanation
ConditionContext
Additional context for troubleshooting conditional role bindings and deny rules.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext
ConditionContext.Builder
Additional context for troubleshooting conditional role bindings and deny rules.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext
ConditionContext.EffectiveTag
A tag that applies to a resource during policy evaluation. Tags can be
either directly bound to a resource or inherited from its ancestor.
EffectiveTag
contains the name
and namespaced_name
of the tag value
and tag key, with additional fields of inherited
to indicate the
inheritance status of the effective tag.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext.EffectiveTag
ConditionContext.EffectiveTag.Builder
A tag that applies to a resource during policy evaluation. Tags can be
either directly bound to a resource or inherited from its ancestor.
EffectiveTag
contains the name
and namespaced_name
of the tag value
and tag key, with additional fields of inherited
to indicate the
inheritance status of the effective tag.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext.EffectiveTag
ConditionContext.Peer
This message defines attributes for a node that handles a network request.
The node can be either a service or an application that sends, forwards,
or receives the request. Service peers should fill in
principal
and labels
as appropriate.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext.Peer
ConditionContext.Peer.Builder
This message defines attributes for a node that handles a network request.
The node can be either a service or an application that sends, forwards,
or receives the request. Service peers should fill in
principal
and labels
as appropriate.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext.Peer
ConditionContext.Request
This message defines attributes for an HTTP request. If the actual request is not an HTTP request, the runtime system should try to map the actual request to an equivalent HTTP request.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext.Request
ConditionContext.Request.Builder
This message defines attributes for an HTTP request. If the actual request is not an HTTP request, the runtime system should try to map the actual request to an equivalent HTTP request.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext.Request
ConditionContext.Resource
Core attributes for a resource. A resource is an addressable (named) entity provided by the destination service. For example, a Compute Engine instance.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext.Resource
ConditionContext.Resource.Builder
Core attributes for a resource. A resource is an addressable (named) entity provided by the destination service. For example, a Compute Engine instance.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionContext.Resource
ConditionExplanation
Explanation for how a condition affects a principal's access
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionExplanation
ConditionExplanation.Builder
Explanation for how a condition affects a principal's access
Protobuf type google.cloud.policytroubleshooter.iam.v3.ConditionExplanation
ConditionExplanation.EvaluationState
Evaluated state of a condition expression.
Protobuf type
google.cloud.policytroubleshooter.iam.v3.ConditionExplanation.EvaluationState
ConditionExplanation.EvaluationState.Builder
Evaluated state of a condition expression.
Protobuf type
google.cloud.policytroubleshooter.iam.v3.ConditionExplanation.EvaluationState
DenyPolicyExplanation
Details about how the relevant IAM deny policies affect the final access state.
Protobuf type google.cloud.policytroubleshooter.iam.v3.DenyPolicyExplanation
DenyPolicyExplanation.Builder
Details about how the relevant IAM deny policies affect the final access state.
Protobuf type google.cloud.policytroubleshooter.iam.v3.DenyPolicyExplanation
DenyRuleExplanation
Details about how a deny rule in a deny policy affects a principal's ability to use a permission.
Protobuf type google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation
DenyRuleExplanation.AnnotatedDenyPrincipalMatching
Details about whether the principal in the request is listed as a denied principal in the deny rule, either directly or through membership in a principal set.
Protobuf type
google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching
DenyRuleExplanation.AnnotatedDenyPrincipalMatching.Builder
Details about whether the principal in the request is listed as a denied principal in the deny rule, either directly or through membership in a principal set.
Protobuf type
google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching
DenyRuleExplanation.AnnotatedPermissionMatching
Details about whether the permission in the request is denied by the deny rule.
Protobuf type
google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching
DenyRuleExplanation.AnnotatedPermissionMatching.Builder
Details about whether the permission in the request is denied by the deny rule.
Protobuf type
google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching
DenyRuleExplanation.Builder
Details about how a deny rule in a deny policy affects a principal's ability to use a permission.
Protobuf type google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation
ExplainedAllowPolicy
Details about how a specific IAM allow policy contributed to the final access state.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ExplainedAllowPolicy
ExplainedAllowPolicy.Builder
Details about how a specific IAM allow policy contributed to the final access state.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ExplainedAllowPolicy
ExplainedDenyPolicy
Details about how a specific IAM deny policy Policy contributed to the access check.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ExplainedDenyPolicy
ExplainedDenyPolicy.Builder
Details about how a specific IAM deny policy Policy contributed to the access check.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ExplainedDenyPolicy
ExplainedDenyResource
Details about how a specific resource contributed to the deny policy evaluation.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ExplainedDenyResource
ExplainedDenyResource.Builder
Details about how a specific resource contributed to the deny policy evaluation.
Protobuf type google.cloud.policytroubleshooter.iam.v3.ExplainedDenyResource
PolicyTroubleshooterClient
Service Description: IAM Policy Troubleshooter service.
This service helps you troubleshoot access issues for Google Cloud resources.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (PolicyTroubleshooterClient policyTroubleshooterClient =
PolicyTroubleshooterClient.create()) {
TroubleshootIamPolicyRequest request =
TroubleshootIamPolicyRequest.newBuilder()
.setAccessTuple(AccessTuple.newBuilder().build())
.build();
TroubleshootIamPolicyResponse response =
policyTroubleshooterClient.troubleshootIamPolicy(request);
}
Note: close() needs to be called on the PolicyTroubleshooterClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
The surface of this class includes several types of Java methods for each of the API's methods:
- A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
- A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
- A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of PolicyTroubleshooterSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
PolicyTroubleshooterSettings policyTroubleshooterSettings =
PolicyTroubleshooterSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
PolicyTroubleshooterClient policyTroubleshooterClient =
PolicyTroubleshooterClient.create(policyTroubleshooterSettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
PolicyTroubleshooterSettings policyTroubleshooterSettings =
PolicyTroubleshooterSettings.newBuilder().setEndpoint(myEndpoint).build();
PolicyTroubleshooterClient policyTroubleshooterClient =
PolicyTroubleshooterClient.create(policyTroubleshooterSettings);
To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
PolicyTroubleshooterSettings policyTroubleshooterSettings =
PolicyTroubleshooterSettings.newHttpJsonBuilder().build();
PolicyTroubleshooterClient policyTroubleshooterClient =
PolicyTroubleshooterClient.create(policyTroubleshooterSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
PolicyTroubleshooterGrpc
IAM Policy Troubleshooter service. This service helps you troubleshoot access issues for Google Cloud resources.
PolicyTroubleshooterGrpc.PolicyTroubleshooterBlockingStub
A stub to allow clients to do synchronous rpc calls to service PolicyTroubleshooter.
IAM Policy Troubleshooter service. This service helps you troubleshoot access issues for Google Cloud resources.
PolicyTroubleshooterGrpc.PolicyTroubleshooterFutureStub
A stub to allow clients to do ListenableFuture-style rpc calls to service PolicyTroubleshooter.
IAM Policy Troubleshooter service. This service helps you troubleshoot access issues for Google Cloud resources.
PolicyTroubleshooterGrpc.PolicyTroubleshooterImplBase
Base class for the server implementation of the service PolicyTroubleshooter.
IAM Policy Troubleshooter service. This service helps you troubleshoot access issues for Google Cloud resources.
PolicyTroubleshooterGrpc.PolicyTroubleshooterStub
A stub to allow clients to do asynchronous rpc calls to service PolicyTroubleshooter.
IAM Policy Troubleshooter service. This service helps you troubleshoot access issues for Google Cloud resources.
PolicyTroubleshooterSettings
Settings class to configure an instance of PolicyTroubleshooterClient.
The default instance has everything set to sensible defaults:
- The default service address (policytroubleshooter.googleapis.com) and default port (443) are used.
- Credentials are acquired automatically through Application Default Credentials.
- Retries are configured for idempotent methods but not for non-idempotent methods.
The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.
For example, to set the total timeout of troubleshootIamPolicy to 30 seconds:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
PolicyTroubleshooterSettings.Builder policyTroubleshooterSettingsBuilder =
PolicyTroubleshooterSettings.newBuilder();
policyTroubleshooterSettingsBuilder
.troubleshootIamPolicySettings()
.setRetrySettings(
policyTroubleshooterSettingsBuilder
.troubleshootIamPolicySettings()
.getRetrySettings()
.toBuilder()
.setTotalTimeout(Duration.ofSeconds(30))
.build());
PolicyTroubleshooterSettings policyTroubleshooterSettings =
policyTroubleshooterSettingsBuilder.build();
PolicyTroubleshooterSettings.Builder
Builder for PolicyTroubleshooterSettings.
TroubleshootIamPolicyRequest
Request for TroubleshootIamPolicy.
Protobuf type google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyRequest
TroubleshootIamPolicyRequest.Builder
Request for TroubleshootIamPolicy.
Protobuf type google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyRequest
TroubleshootIamPolicyResponse
Response for TroubleshootIamPolicy.
Protobuf type google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse
TroubleshootIamPolicyResponse.Builder
Response for TroubleshootIamPolicy.
Protobuf type google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse
TroubleshooterProto
Interfaces
AccessTupleOrBuilder
AllowBindingExplanation.AnnotatedAllowMembershipOrBuilder
AllowBindingExplanationOrBuilder
AllowPolicyExplanationOrBuilder
ConditionContext.EffectiveTagOrBuilder
ConditionContext.PeerOrBuilder
ConditionContext.RequestOrBuilder
ConditionContext.ResourceOrBuilder
ConditionContextOrBuilder
ConditionExplanation.EvaluationStateOrBuilder
ConditionExplanationOrBuilder
DenyPolicyExplanationOrBuilder
DenyRuleExplanation.AnnotatedDenyPrincipalMatchingOrBuilder
DenyRuleExplanation.AnnotatedPermissionMatchingOrBuilder
DenyRuleExplanationOrBuilder
ExplainedAllowPolicyOrBuilder
ExplainedDenyPolicyOrBuilder
ExplainedDenyResourceOrBuilder
PolicyTroubleshooterGrpc.AsyncService
IAM Policy Troubleshooter service. This service helps you troubleshoot access issues for Google Cloud resources.
TroubleshootIamPolicyRequestOrBuilder
TroubleshootIamPolicyResponseOrBuilder
Enums
AllowAccessState
Whether IAM allow policies gives the principal the permission.
Protobuf enum google.cloud.policytroubleshooter.iam.v3.AllowAccessState
DenyAccessState
Whether IAM deny policies deny the principal the permission.
Protobuf enum google.cloud.policytroubleshooter.iam.v3.DenyAccessState
HeuristicRelevance
The extent to which a single data point contributes to an overall determination.
Protobuf enum google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance
MembershipMatchingState
Whether the principal in the request matches the principal in the policy.
Protobuf enum google.cloud.policytroubleshooter.iam.v3.MembershipMatchingState
PermissionPatternMatchingState
Whether the permission in the request matches the permission in the policy.
Protobuf enum google.cloud.policytroubleshooter.iam.v3.PermissionPatternMatchingState
RolePermissionInclusionState
Whether a role includes a specific permission.
Protobuf enum google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState
TroubleshootIamPolicyResponse.OverallAccessState
Whether the principal has the permission on the resource.
Protobuf enum
google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse.OverallAccessState