Class Explanations.BindingExplanation (1.36.0)

public static final class Explanations.BindingExplanation extends GeneratedMessageV3 implements Explanations.BindingExplanationOrBuilder

Details about how a binding in a policy affects a principal's ability to use a permission.

Protobuf type google.cloud.policytroubleshooter.v1.BindingExplanation

Inheritance

Object > AbstractMessageLite<MessageType,BuilderType> > AbstractMessage > GeneratedMessageV3 > Explanations.BindingExplanation

Static Fields

ACCESS_FIELD_NUMBER

public static final int ACCESS_FIELD_NUMBER
Field Value
TypeDescription
int

CONDITION_FIELD_NUMBER

public static final int CONDITION_FIELD_NUMBER
Field Value
TypeDescription
int

MEMBERSHIPS_FIELD_NUMBER

public static final int MEMBERSHIPS_FIELD_NUMBER
Field Value
TypeDescription
int

RELEVANCE_FIELD_NUMBER

public static final int RELEVANCE_FIELD_NUMBER
Field Value
TypeDescription
int

ROLE_FIELD_NUMBER

public static final int ROLE_FIELD_NUMBER
Field Value
TypeDescription
int

ROLE_PERMISSION_FIELD_NUMBER

public static final int ROLE_PERMISSION_FIELD_NUMBER
Field Value
TypeDescription
int

ROLE_PERMISSION_RELEVANCE_FIELD_NUMBER

public static final int ROLE_PERMISSION_RELEVANCE_FIELD_NUMBER
Field Value
TypeDescription
int

Static Methods

getDefaultInstance()

public static Explanations.BindingExplanation getDefaultInstance()
Returns
TypeDescription
Explanations.BindingExplanation

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

newBuilder()

public static Explanations.BindingExplanation.Builder newBuilder()
Returns
TypeDescription
Explanations.BindingExplanation.Builder

newBuilder(Explanations.BindingExplanation prototype)

public static Explanations.BindingExplanation.Builder newBuilder(Explanations.BindingExplanation prototype)
Parameter
NameDescription
prototypeExplanations.BindingExplanation
Returns
TypeDescription
Explanations.BindingExplanation.Builder

parseDelimitedFrom(InputStream input)

public static Explanations.BindingExplanation parseDelimitedFrom(InputStream input)
Parameter
NameDescription
inputInputStream
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
IOException

parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static Explanations.BindingExplanation parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
IOException

parseFrom(byte[] data)

public static Explanations.BindingExplanation parseFrom(byte[] data)
Parameter
NameDescription
databyte[]
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)

public static Explanations.BindingExplanation parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
databyte[]
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteString data)

public static Explanations.BindingExplanation parseFrom(ByteString data)
Parameter
NameDescription
dataByteString
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)

public static Explanations.BindingExplanation parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
dataByteString
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(CodedInputStream input)

public static Explanations.BindingExplanation parseFrom(CodedInputStream input)
Parameter
NameDescription
inputCodedInputStream
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
IOException

parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public static Explanations.BindingExplanation parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputCodedInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
IOException

parseFrom(InputStream input)

public static Explanations.BindingExplanation parseFrom(InputStream input)
Parameter
NameDescription
inputInputStream
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
IOException

parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static Explanations.BindingExplanation parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
IOException

parseFrom(ByteBuffer data)

public static Explanations.BindingExplanation parseFrom(ByteBuffer data)
Parameter
NameDescription
dataByteBuffer
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)

public static Explanations.BindingExplanation parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
dataByteBuffer
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Explanations.BindingExplanation
Exceptions
TypeDescription
InvalidProtocolBufferException

parser()

public static Parser<Explanations.BindingExplanation> parser()
Returns
TypeDescription
Parser<BindingExplanation>

Methods

containsMemberships(String key)

public boolean containsMemberships(String key)

Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the binding, and each value indicates whether the principal in the binding includes the principal in the request.

For example, suppose that a binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a principal of the group group:product-eng@example.com.

    For the first principal in the binding, the key is user:alice@example.com, and the membership field in the value is set to MEMBERSHIP_NOT_INCLUDED.

    For the second principal in the binding, the key is group:product-eng@example.com, and the membership field in the value is set to MEMBERSHIP_INCLUDED.

map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

equals(Object obj)

public boolean equals(Object obj)
Parameter
NameDescription
objObject
Returns
TypeDescription
boolean
Overrides

getAccess()

public Explanations.AccessState getAccess()

Required. Indicates whether this binding provides the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the principal actually has the permission, use the access field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.v1.AccessState access = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
Explanations.AccessState

The access.

getAccessValue()

public int getAccessValue()

Required. Indicates whether this binding provides the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the principal actually has the permission, use the access field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.v1.AccessState access = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
int

The enum numeric value on the wire for access.

getCondition()

public Expr getCondition()

A condition expression that prevents this binding from granting access unless the expression evaluates to true.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 7;

Returns
TypeDescription
com.google.type.Expr

The condition.

getConditionOrBuilder()

public ExprOrBuilder getConditionOrBuilder()

A condition expression that prevents this binding from granting access unless the expression evaluates to true.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 7;

Returns
TypeDescription
com.google.type.ExprOrBuilder

getDefaultInstanceForType()

public Explanations.BindingExplanation getDefaultInstanceForType()
Returns
TypeDescription
Explanations.BindingExplanation

getMemberships() (deprecated)

public Map<String,Explanations.BindingExplanation.AnnotatedMembership> getMemberships()

Use #getMembershipsMap() instead.

Returns
TypeDescription
Map<String,AnnotatedMembership>

getMembershipsCount()

public int getMembershipsCount()

Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the binding, and each value indicates whether the principal in the binding includes the principal in the request.

For example, suppose that a binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a principal of the group group:product-eng@example.com.

    For the first principal in the binding, the key is user:alice@example.com, and the membership field in the value is set to MEMBERSHIP_NOT_INCLUDED.

    For the second principal in the binding, the key is group:product-eng@example.com, and the membership field in the value is set to MEMBERSHIP_INCLUDED.

map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

Returns
TypeDescription
int

getMembershipsMap()

public Map<String,Explanations.BindingExplanation.AnnotatedMembership> getMembershipsMap()

Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the binding, and each value indicates whether the principal in the binding includes the principal in the request.

For example, suppose that a binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a principal of the group group:product-eng@example.com.

    For the first principal in the binding, the key is user:alice@example.com, and the membership field in the value is set to MEMBERSHIP_NOT_INCLUDED.

    For the second principal in the binding, the key is group:product-eng@example.com, and the membership field in the value is set to MEMBERSHIP_INCLUDED.

map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

Returns
TypeDescription
Map<String,AnnotatedMembership>

getMembershipsOrDefault(String key, Explanations.BindingExplanation.AnnotatedMembership defaultValue)

public Explanations.BindingExplanation.AnnotatedMembership getMembershipsOrDefault(String key, Explanations.BindingExplanation.AnnotatedMembership defaultValue)

Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the binding, and each value indicates whether the principal in the binding includes the principal in the request.

For example, suppose that a binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a principal of the group group:product-eng@example.com.

    For the first principal in the binding, the key is user:alice@example.com, and the membership field in the value is set to MEMBERSHIP_NOT_INCLUDED.

    For the second principal in the binding, the key is group:product-eng@example.com, and the membership field in the value is set to MEMBERSHIP_INCLUDED.

map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

Parameters
NameDescription
keyString
defaultValueExplanations.BindingExplanation.AnnotatedMembership
Returns
TypeDescription
Explanations.BindingExplanation.AnnotatedMembership

getMembershipsOrThrow(String key)

public Explanations.BindingExplanation.AnnotatedMembership getMembershipsOrThrow(String key)

Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the binding, and each value indicates whether the principal in the binding includes the principal in the request.

For example, suppose that a binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a principal of the group group:product-eng@example.com.

    For the first principal in the binding, the key is user:alice@example.com, and the membership field in the value is set to MEMBERSHIP_NOT_INCLUDED.

    For the second principal in the binding, the key is group:product-eng@example.com, and the membership field in the value is set to MEMBERSHIP_INCLUDED.

map<string, .google.cloud.policytroubleshooter.v1.BindingExplanation.AnnotatedMembership> memberships = 5;

Parameter
NameDescription
keyString
Returns
TypeDescription
Explanations.BindingExplanation.AnnotatedMembership

getParserForType()

public Parser<Explanations.BindingExplanation> getParserForType()
Returns
TypeDescription
Parser<BindingExplanation>
Overrides

getRelevance()

public Explanations.HeuristicRelevance getRelevance()

The relevance of this binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.v1.HeuristicRelevance relevance = 6;

Returns
TypeDescription
Explanations.HeuristicRelevance

The relevance.

getRelevanceValue()

public int getRelevanceValue()

The relevance of this binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.v1.HeuristicRelevance relevance = 6;

Returns
TypeDescription
int

The enum numeric value on the wire for relevance.

getRole()

public String getRole()

The role that this binding grants. For example, roles/compute.serviceAgent.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Returns
TypeDescription
String

The role.

getRoleBytes()

public ByteString getRoleBytes()

The role that this binding grants. For example, roles/compute.serviceAgent.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Returns
TypeDescription
ByteString

The bytes for role.

getRolePermission()

public Explanations.BindingExplanation.RolePermission getRolePermission()

Indicates whether the role granted by this binding contains the specified permission.

.google.cloud.policytroubleshooter.v1.BindingExplanation.RolePermission role_permission = 3;

Returns
TypeDescription
Explanations.BindingExplanation.RolePermission

The rolePermission.

getRolePermissionRelevance()

public Explanations.HeuristicRelevance getRolePermissionRelevance()

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.v1.HeuristicRelevance role_permission_relevance = 4;

Returns
TypeDescription
Explanations.HeuristicRelevance

The rolePermissionRelevance.

getRolePermissionRelevanceValue()

public int getRolePermissionRelevanceValue()

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.v1.HeuristicRelevance role_permission_relevance = 4;

Returns
TypeDescription
int

The enum numeric value on the wire for rolePermissionRelevance.

getRolePermissionValue()

public int getRolePermissionValue()

Indicates whether the role granted by this binding contains the specified permission.

.google.cloud.policytroubleshooter.v1.BindingExplanation.RolePermission role_permission = 3;

Returns
TypeDescription
int

The enum numeric value on the wire for rolePermission.

getSerializedSize()

public int getSerializedSize()
Returns
TypeDescription
int
Overrides

hasCondition()

public boolean hasCondition()

A condition expression that prevents this binding from granting access unless the expression evaluates to true.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 7;

Returns
TypeDescription
boolean

Whether the condition field is set.

hashCode()

public int hashCode()
Returns
TypeDescription
int
Overrides

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
TypeDescription
FieldAccessorTable
Overrides

internalGetMapFieldReflection(int number)

protected MapFieldReflectionAccessor internalGetMapFieldReflection(int number)
Parameter
NameDescription
numberint
Returns
TypeDescription
com.google.protobuf.MapFieldReflectionAccessor
Overrides
com.google.protobuf.GeneratedMessageV3.internalGetMapFieldReflection(int)

isInitialized()

public final boolean isInitialized()
Returns
TypeDescription
boolean
Overrides

newBuilderForType()

public Explanations.BindingExplanation.Builder newBuilderForType()
Returns
TypeDescription
Explanations.BindingExplanation.Builder

newBuilderForType(GeneratedMessageV3.BuilderParent parent)

protected Explanations.BindingExplanation.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
NameDescription
parentBuilderParent
Returns
TypeDescription
Explanations.BindingExplanation.Builder
Overrides

newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)

protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
NameDescription
unusedUnusedPrivateParameter
Returns
TypeDescription
Object
Overrides

toBuilder()

public Explanations.BindingExplanation.Builder toBuilder()
Returns
TypeDescription
Explanations.BindingExplanation.Builder

writeTo(CodedOutputStream output)

public void writeTo(CodedOutputStream output)
Parameter
NameDescription
outputCodedOutputStream
Overrides
Exceptions
TypeDescription
IOException