Class IamPolicySearchResult (3.1.0)

IamPolicySearchResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A result of IAM Policy search, containing information of an IAM policy.

Attributes

Name	Description
`resource`	`str` The full resource name of the resource associated with this IAM policy. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See `Cloud Asset Inventory Resource Name Format
`project`	`str` The project that the associated GCP resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty. To search against the `project`: - specify the `scope` field as this project in your search request.
`policy`	`google.iam.v1.policy_pb2.Policy` The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constrain on policies (e.g., an empty query), this contains all the bindings. To search against the `policy` bindings: - use a field query: - query by the policy contained members. Example: `policy:amy@gmail.com` - query by the policy contained roles. Example: `policy:roles/compute.admin` - query by the policy contained roles' included permissions. Example: `policy.role.permissions:compute.instances.create`
`explanation`	`google.cloud.asset_v1.types.IamPolicySearchResult.Explanation` Explanation about the IAM policy search result. It contains additional information to explain why the search result matches the query.

Classes

Explanation

Explanation(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Explanation about the IAM policy search result. .. attribute:: matched_permissions

The map from roles to their included permissions that match the permission query (i.e., a query containing policy.role.permissions:). Example: if query policy.role.permissions:compute.disk.get matches a policy binding that contains owner role, the matched_permissions will be {"roles/owner": ["compute.disk.get"]}. The roles can also be found in the returned policy bindings. Note that the map is populated only for requests with permission queries.

:type: Sequence[google.cloud.asset_v1.types.IamPolicySearchResult.Explanation.MatchedPermissionsEntry]