policysimulator/v1 library

Policy Simulator API - v1

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A Replay is a type of simulation that lets you see how your members' access to resources might change if you changed your IAM policy. During a Replay, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your members' access might change under the proposed policy.

For more information, see cloud.google.com/iam/docs/simulating-access

Create an instance of PolicySimulatorApi to access these resources:

• FoldersResource
  • FoldersLocationsResource
    • FoldersLocationsOrgPolicyViolationsPreviewsResource
      • FoldersLocationsOrgPolicyViolationsPreviewsOperationsResource
    • FoldersLocationsReplaysResource
      • FoldersLocationsReplaysOperationsResource
      • FoldersLocationsReplaysResultsResource
• OperationsResource
• OrganizationsResource
  • OrganizationsLocationsResource
    • OrganizationsLocationsOrgPolicyViolationsPreviewsResource
• OrganizationsLocationsOrgPolicyViolationsPreviewsOperationsResource

OrganizationsLocationsOrgPolicyViolationsPreviewsOrgPolicyViolationsResource - OrganizationsLocationsReplaysResource - OrganizationsLocationsReplaysOperationsResource - OrganizationsLocationsReplaysResultsResource

• ProjectsResource
  • ProjectsLocationsResource
    • ProjectsLocationsOrgPolicyViolationsPreviewsResource
      • ProjectsLocationsOrgPolicyViolationsPreviewsOperationsResource
    • ProjectsLocationsReplaysResource
      • ProjectsLocationsReplaysOperationsResource
      • ProjectsLocationsReplaysResultsResource

Classes

FoldersLocationsOrgPolicyViolationsPreviewsOperationsResource

FoldersLocationsOrgPolicyViolationsPreviewsResource

FoldersLocationsReplaysOperationsResource

FoldersLocationsReplaysResource

FoldersLocationsReplaysResultsResource

FoldersLocationsResource

FoldersResource

GoogleCloudOrgpolicyV2AlternatePolicySpec

Similar to PolicySpec but with an extra 'launch' field for launch reference.

GoogleCloudOrgpolicyV2Policy

Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.

GoogleCloudOrgpolicyV2PolicySpec

Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.

GoogleCloudOrgpolicyV2PolicySpecPolicyRule

A rule used to express this policy.

GoogleCloudPolicysimulatorV1AccessStateDiff

A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.

GoogleCloudPolicysimulatorV1BindingExplanation

Details about how a binding in a policy affects a principal's ability to use a permission.

GoogleCloudPolicysimulatorV1BindingExplanationAnnotatedMembership

Details about whether the binding includes the principal.

GoogleCloudPolicysimulatorV1ExplainedAccess

Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.

GoogleCloudPolicysimulatorV1ExplainedPolicy

Details about how a specific IAM Policy contributed to the access check.

GoogleCloudPolicysimulatorV1ListOrgPolicyViolationsPreviewsResponse

ListOrgPolicyViolationsPreviewsResponse is the response message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews.

GoogleCloudPolicysimulatorV1ListOrgPolicyViolationsResponse

ListOrgPolicyViolationsResponse is the response message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolations

GoogleCloudPolicysimulatorV1ListReplayResultsResponse

Response message for Simulator.ListReplayResults.

GoogleCloudPolicysimulatorV1OrgPolicyOverlay

The proposed changes to OrgPolicy.

GoogleCloudPolicysimulatorV1OrgPolicyOverlayCustomConstraintOverlay

A change to an OrgPolicy custom constraint.

GoogleCloudPolicysimulatorV1OrgPolicyOverlayPolicyOverlay

A change to an OrgPolicy.

GoogleCloudPolicysimulatorV1OrgPolicyViolation

OrgPolicyViolation is a resource representing a single resource violating a single OrgPolicy constraint.

GoogleCloudPolicysimulatorV1OrgPolicyViolationsPreview

OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made.

GoogleCloudPolicysimulatorV1OrgPolicyViolationsPreviewResourceCounts

A summary of the state of all resources scanned for compliance with the changed OrgPolicy.

GoogleCloudPolicysimulatorV1Replay

A resource describing a Replay, or simulation.

GoogleCloudPolicysimulatorV1ReplayConfig

The configuration used for a Replay.

GoogleCloudPolicysimulatorV1ReplayDiff

The difference between the results of evaluating an access tuple under the current (baseline) policies and under the proposed (simulated) policies.

GoogleCloudPolicysimulatorV1ReplayResult

The result of replaying a single access tuple against a simulated state.

GoogleCloudPolicysimulatorV1ReplayResultsSummary

Summary statistics about the replayed log entries.

GoogleCloudPolicysimulatorV1ResourceContext

ResourceContext provides the context we know about a resource.

GoogleIamV1AuditConfig

Specifies the audit configuration for a service.

GoogleIamV1Binding

Associates members, or principals, with a role.

GoogleIamV1Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

GoogleLongrunningListOperationsResponse

The response message for Operations.ListOperations.

GoogleLongrunningOperation

This resource represents a long-running operation that is the result of a network API call.

OperationsResource

OrganizationsLocationsOrgPolicyViolationsPreviewsOperationsResource

OrganizationsLocationsOrgPolicyViolationsPreviewsOrgPolicyViolationsResource

OrganizationsLocationsOrgPolicyViolationsPreviewsResource

OrganizationsLocationsReplaysOperationsResource

OrganizationsLocationsReplaysResource

OrganizationsLocationsReplaysResultsResource

OrganizationsLocationsResource

OrganizationsResource

PolicySimulatorApi

Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay.

ProjectsLocationsOrgPolicyViolationsPreviewsOperationsResource

ProjectsLocationsOrgPolicyViolationsPreviewsResource

ProjectsLocationsReplaysOperationsResource

ProjectsLocationsReplaysResource

ProjectsLocationsReplaysResultsResource

ProjectsLocationsResource

ProjectsResource

Typedefs

GoogleCloudOrgpolicyV2CustomConstraint = $GoogleCloudOrgpolicyV2CustomConstraint

A custom constraint defined by customers which can only be applied to the given resource types and organization.

GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues = $StringValues

A message that holds specific allowed and denied values.

GoogleCloudPolicysimulatorV1AccessTuple = $V1AccessTuple

Information about the principal, resource, and permission to check.

GoogleIamV1AuditLogConfig = $AuditLogConfig

Provides the configuration for logging a type of permissions.

GoogleRpcStatus = $Status

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs.

GoogleTypeDate = $Date

Represents a whole or partial calendar date, such as a birthday.

GoogleTypeExpr = $Expr

Represents a textual expression in the Common Expression Language (CEL) syntax.

Exceptions / Errors

ApiRequestError

Represents a general error reported by the API endpoint.

DetailedApiRequestError

Represents a specific error reported by the API endpoint.