Google Cloud Security Command Center V2 Client - Class Access (2.0.2)

Reference documentation and code samples for the Google Cloud Security Command Center V2 Client class Access.

Represents an access event.

Generated from protobuf message google.cloud.securitycenter.v2.Access

Namespace

Google \ Cloud \ SecurityCenter \ V2

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ principal_email string

Associated email, such as "foo@google.com". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the principal_subject field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see Caller identities in audit logs.

↳ caller_ip string

Caller's IP address, such as "1.1.1.1".

↳ caller_ip_geo Geolocation

The caller IP's geolocation, which identifies where the call came from.

↳ user_agent_family string

Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.

↳ user_agent string

The caller's user agent string associated with the finding.

↳ service_name string

This is the API service that the service account made a call to, e.g. "iam.googleapis.com"

↳ method_name string

The method that the service account called, e.g. "SetIamPolicy".

↳ principal_subject string

A string that represents the principal_subject that is associated with the identity. Unlike principal_email, principal_subject supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is principal://iam.googleapis.com/{identity pool name}/subject/{subject}. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format serviceAccount:{identity pool name}[{subject}].

↳ service_account_key_name string

The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".

↳ service_account_delegation_info array<ServiceAccountDelegationInfo>

The identity delegation history of an authenticated service account that made the request. The serviceAccountDelegationInfo[] object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.

↳ user_name string

A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.

getPrincipalEmail

Associated email, such as "foo@google.com".

The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the principal_subject field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see Caller identities in audit logs.

Returns
Type Description
string

setPrincipalEmail

Associated email, such as "foo@google.com".

The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the principal_subject field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see Caller identities in audit logs.

Parameter
Name Description
var string
Returns
Type Description
$this

getCallerIp

Caller's IP address, such as "1.1.1.1".

Returns
Type Description
string

setCallerIp

Caller's IP address, such as "1.1.1.1".

Parameter
Name Description
var string
Returns
Type Description
$this

getCallerIpGeo

The caller IP's geolocation, which identifies where the call came from.

Returns
Type Description
Geolocation|null

hasCallerIpGeo

clearCallerIpGeo

setCallerIpGeo

The caller IP's geolocation, which identifies where the call came from.

Parameter
Name Description
var Geolocation
Returns
Type Description
$this

getUserAgentFamily

Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.

Returns
Type Description
string

setUserAgentFamily

Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.

Parameter
Name Description
var string
Returns
Type Description
$this

getUserAgent

The caller's user agent string associated with the finding.

Returns
Type Description
string

setUserAgent

The caller's user agent string associated with the finding.

Parameter
Name Description
var string
Returns
Type Description
$this

getServiceName

This is the API service that the service account made a call to, e.g.

"iam.googleapis.com"

Returns
Type Description
string

setServiceName

This is the API service that the service account made a call to, e.g.

"iam.googleapis.com"

Parameter
Name Description
var string
Returns
Type Description
$this

getMethodName

The method that the service account called, e.g. "SetIamPolicy".

Returns
Type Description
string

setMethodName

The method that the service account called, e.g. "SetIamPolicy".

Parameter
Name Description
var string
Returns
Type Description
$this

getPrincipalSubject

A string that represents the principal_subject that is associated with the identity. Unlike principal_email, principal_subject supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is principal://iam.googleapis.com/{identity pool name}/subject/{subject}.

Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format serviceAccount:{identity pool name}[{subject}].

Returns
Type Description
string

setPrincipalSubject

A string that represents the principal_subject that is associated with the identity. Unlike principal_email, principal_subject supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is principal://iam.googleapis.com/{identity pool name}/subject/{subject}.

Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format serviceAccount:{identity pool name}[{subject}].

Parameter
Name Description
var string
Returns
Type Description
$this

getServiceAccountKeyName

The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request.

This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".

Returns
Type Description
string

setServiceAccountKeyName

The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request.

This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".

Parameter
Name Description
var string
Returns
Type Description
$this

getServiceAccountDelegationInfo

The identity delegation history of an authenticated service account that made the request. The serviceAccountDelegationInfo[] object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.

Returns
Type Description
Google\Protobuf\Internal\RepeatedField

setServiceAccountDelegationInfo

The identity delegation history of an authenticated service account that made the request. The serviceAccountDelegationInfo[] object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.

Parameter
Name Description
var array<ServiceAccountDelegationInfo>
Returns
Type Description
$this

getUserName

A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.

Returns
Type Description
string

setUserName

A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.

Parameter
Name Description
var string
Returns
Type Description
$this