Class AllowBindingExplanation (1.53.0)

public final class AllowBindingExplanation extends GeneratedMessageV3 implements AllowBindingExplanationOrBuilder

Details about how a role binding in an allow policy affects a principal's ability to use a permission.

Protobuf type google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation

com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT)
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT,int)
com.google.protobuf.GeneratedMessageV3.<T>emptyList(java.lang.Class<T>)
com.google.protobuf.GeneratedMessageV3.internalGetMapFieldReflection(int)

Static Fields

ALLOW_ACCESS_STATE_FIELD_NUMBER

public static final int ALLOW_ACCESS_STATE_FIELD_NUMBER
Field Value
Type Description
int

COMBINED_MEMBERSHIP_FIELD_NUMBER

public static final int COMBINED_MEMBERSHIP_FIELD_NUMBER
Field Value
Type Description
int

CONDITION_EXPLANATION_FIELD_NUMBER

public static final int CONDITION_EXPLANATION_FIELD_NUMBER
Field Value
Type Description
int

CONDITION_FIELD_NUMBER

public static final int CONDITION_FIELD_NUMBER
Field Value
Type Description
int

MEMBERSHIPS_FIELD_NUMBER

public static final int MEMBERSHIPS_FIELD_NUMBER
Field Value
Type Description
int

RELEVANCE_FIELD_NUMBER

public static final int RELEVANCE_FIELD_NUMBER
Field Value
Type Description
int

ROLE_FIELD_NUMBER

public static final int ROLE_FIELD_NUMBER
Field Value
Type Description
int

ROLE_PERMISSION_FIELD_NUMBER

public static final int ROLE_PERMISSION_FIELD_NUMBER
Field Value
Type Description
int

ROLE_PERMISSION_RELEVANCE_FIELD_NUMBER

public static final int ROLE_PERMISSION_RELEVANCE_FIELD_NUMBER
Field Value
Type Description
int

Static Methods

getDefaultInstance()

public static AllowBindingExplanation getDefaultInstance()
Returns
Type Description
AllowBindingExplanation

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
Type Description
Descriptor

newBuilder()

public static AllowBindingExplanation.Builder newBuilder()
Returns
Type Description
AllowBindingExplanation.Builder

newBuilder(AllowBindingExplanation prototype)

public static AllowBindingExplanation.Builder newBuilder(AllowBindingExplanation prototype)
Parameter
Name Description
prototype AllowBindingExplanation
Returns
Type Description
AllowBindingExplanation.Builder

parseDelimitedFrom(InputStream input)

public static AllowBindingExplanation parseDelimitedFrom(InputStream input)
Parameter
Name Description
input InputStream
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
IOException

parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static AllowBindingExplanation parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input InputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
IOException

parseFrom(byte[] data)

public static AllowBindingExplanation parseFrom(byte[] data)
Parameter
Name Description
data byte[]
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)

public static AllowBindingExplanation parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data byte[]
extensionRegistry ExtensionRegistryLite
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteString data)

public static AllowBindingExplanation parseFrom(ByteString data)
Parameter
Name Description
data ByteString
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)

public static AllowBindingExplanation parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data ByteString
extensionRegistry ExtensionRegistryLite
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(CodedInputStream input)

public static AllowBindingExplanation parseFrom(CodedInputStream input)
Parameter
Name Description
input CodedInputStream
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
IOException

parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public static AllowBindingExplanation parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input CodedInputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
IOException

parseFrom(InputStream input)

public static AllowBindingExplanation parseFrom(InputStream input)
Parameter
Name Description
input InputStream
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
IOException

parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static AllowBindingExplanation parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input InputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
IOException

parseFrom(ByteBuffer data)

public static AllowBindingExplanation parseFrom(ByteBuffer data)
Parameter
Name Description
data ByteBuffer
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)

public static AllowBindingExplanation parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data ByteBuffer
extensionRegistry ExtensionRegistryLite
Returns
Type Description
AllowBindingExplanation
Exceptions
Type Description
InvalidProtocolBufferException

parser()

public static Parser<AllowBindingExplanation> parser()
Returns
Type Description
Parser<AllowBindingExplanation>

Methods

containsMemberships(String key)

public boolean containsMemberships(String key)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameter
Name Description
key String
Returns
Type Description
boolean

equals(Object obj)

public boolean equals(Object obj)
Parameter
Name Description
obj Object
Returns
Type Description
boolean
Overrides

getAllowAccessState()

public AllowAccessState getAllowAccessState()

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
Type Description
AllowAccessState

The allowAccessState.

getAllowAccessStateValue()

public int getAllowAccessStateValue()

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.AllowAccessState allow_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
Type Description
int

The enum numeric value on the wire for allowAccessState.

getCombinedMembership()

public AllowBindingExplanation.AnnotatedAllowMembership getCombinedMembership()

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Returns
Type Description
AllowBindingExplanation.AnnotatedAllowMembership

The combinedMembership.

getCombinedMembershipOrBuilder()

public AllowBindingExplanation.AnnotatedAllowMembershipOrBuilder getCombinedMembershipOrBuilder()

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

getCondition()

public Expr getCondition()

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Returns
Type Description
com.google.type.Expr

The condition.

getConditionExplanation()

public ConditionExplanation getConditionExplanation()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Returns
Type Description
ConditionExplanation

The conditionExplanation.

getConditionExplanationOrBuilder()

public ConditionExplanationOrBuilder getConditionExplanationOrBuilder()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Returns
Type Description
ConditionExplanationOrBuilder

getConditionOrBuilder()

public ExprOrBuilder getConditionOrBuilder()

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Returns
Type Description
com.google.type.ExprOrBuilder

getDefaultInstanceForType()

public AllowBindingExplanation getDefaultInstanceForType()
Returns
Type Description
AllowBindingExplanation

getMemberships() (deprecated)

public Map<String,AllowBindingExplanation.AnnotatedAllowMembership> getMemberships()

Use #getMembershipsMap() instead.

Returns
Type Description
Map<String,AnnotatedAllowMembership>

getMembershipsCount()

public int getMembershipsCount()

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Returns
Type Description
int

getMembershipsMap()

public Map<String,AllowBindingExplanation.AnnotatedAllowMembership> getMembershipsMap()

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Returns
Type Description
Map<String,AnnotatedAllowMembership>

getMembershipsOrDefault(String key, AllowBindingExplanation.AnnotatedAllowMembership defaultValue)

public AllowBindingExplanation.AnnotatedAllowMembership getMembershipsOrDefault(String key, AllowBindingExplanation.AnnotatedAllowMembership defaultValue)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameters
Name Description
key String
defaultValue AllowBindingExplanation.AnnotatedAllowMembership

getMembershipsOrThrow(String key)

public AllowBindingExplanation.AnnotatedAllowMembership getMembershipsOrThrow(String key)

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

map<string, .google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership> memberships = 6;

Parameter
Name Description
key String

getParserForType()

public Parser<AllowBindingExplanation> getParserForType()
Returns
Type Description
Parser<AllowBindingExplanation>
Overrides

getRelevance()

public HeuristicRelevance getRelevance()

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;

Returns
Type Description
HeuristicRelevance

The relevance.

getRelevanceValue()

public int getRelevanceValue()

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 7;

Returns
Type Description
int

The enum numeric value on the wire for relevance.

getRole()

public String getRole()

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Returns
Type Description
String

The role.

getRoleBytes()

public ByteString getRoleBytes()

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string role = 2;

Returns
Type Description
ByteString

The bytes for role.

getRolePermission()

public RolePermissionInclusionState getRolePermission()

Indicates whether the role granted by this role binding contains the specified permission.

.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;

Returns
Type Description
RolePermissionInclusionState

The rolePermission.

getRolePermissionRelevance()

public HeuristicRelevance getRolePermissionRelevance()

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;

Returns
Type Description
HeuristicRelevance

The rolePermissionRelevance.

getRolePermissionRelevanceValue()

public int getRolePermissionRelevanceValue()

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance role_permission_relevance = 4;

Returns
Type Description
int

The enum numeric value on the wire for rolePermissionRelevance.

getRolePermissionValue()

public int getRolePermissionValue()

Indicates whether the role granted by this role binding contains the specified permission.

.google.cloud.policytroubleshooter.iam.v3.RolePermissionInclusionState role_permission = 3;

Returns
Type Description
int

The enum numeric value on the wire for rolePermission.

getSerializedSize()

public int getSerializedSize()
Returns
Type Description
int
Overrides

hasCombinedMembership()

public boolean hasCombinedMembership()

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

.google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation.AnnotatedAllowMembership combined_membership = 5;

Returns
Type Description
boolean

Whether the combinedMembership field is set.

hasCondition()

public boolean hasCondition()

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 8;

Returns
Type Description
boolean

Whether the condition field is set.

hasConditionExplanation()

public boolean hasConditionExplanation()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 9;

Returns
Type Description
boolean

Whether the conditionExplanation field is set.

hashCode()

public int hashCode()
Returns
Type Description
int
Overrides

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
Type Description
FieldAccessorTable
Overrides

internalGetMapFieldReflection(int number)

protected MapFieldReflectionAccessor internalGetMapFieldReflection(int number)
Parameter
Name Description
number int
Returns
Type Description
com.google.protobuf.MapFieldReflectionAccessor
Overrides
com.google.protobuf.GeneratedMessageV3.internalGetMapFieldReflection(int)

isInitialized()

public final boolean isInitialized()
Returns
Type Description
boolean
Overrides

newBuilderForType()

public AllowBindingExplanation.Builder newBuilderForType()
Returns
Type Description
AllowBindingExplanation.Builder

newBuilderForType(GeneratedMessageV3.BuilderParent parent)

protected AllowBindingExplanation.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
Name Description
parent BuilderParent
Returns
Type Description
AllowBindingExplanation.Builder
Overrides

newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)

protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
Name Description
unused UnusedPrivateParameter
Returns
Type Description
Object
Overrides

toBuilder()

public AllowBindingExplanation.Builder toBuilder()
Returns
Type Description
AllowBindingExplanation.Builder

writeTo(CodedOutputStream output)

public void writeTo(CodedOutputStream output)
Parameter
Name Description
output CodedOutputStream
Overrides
Exceptions
Type Description
IOException