class Google::Apis::CloudassetV1::IamPolicySearchResult
A result of IAM Policy
search, containing information of an IAM policy.
Attributes
The type of the resource associated with this IAM policy. Example: `compute. googleapis.com/Disk`. To search against the `asset_type`: * specify the ` asset_types` field in your search request. Corresponds to the JSON property `assetType` @return [String]
Explanation
about the IAM policy search result. Corresponds to the JSON property `explanation` @return [Google::Apis::CloudassetV1::Explanation]
The folder(s) that the IAM policy belongs to, in the form of folders/` FOLDER_NUMBER`. This field is available when the IAM policy belongs to one or more folders. To search against `folders`: * use a field query. Example: ` folders:(123 OR 456)` * use a free text query. Example: `123` * specify the ` scope` field as this folder in your search request. Corresponds to the JSON property `folders` @return [Array<String>]
The organization that the IAM policy belongs to, in the form of organizations/` ORGANIZATION_NUMBER`. This field is available when the IAM policy belongs to an organization. To search against `organization`: * use a field query. Example: `organization:123` * use a free text query. Example: `123` * specify the `scope` field as this organization in your search request. Corresponds to the JSON property `organization` @return [String]
An Identity and Access Management (IAM) policy, which specifies access controls for Google
Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google
groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google
Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](cloud.google.com/iam/help/conditions/ resource-policies). **JSON example:** ` “bindings”: [ ` “role”: “roles/ resourcemanager.organizationAdmin”, “members”: [ “user:mike@example.com”, “ group:admins@example.com”, “domain:google.com”, “serviceAccount:my-project-id@ appspot.gserviceaccount.com” ] `, ` “role”: “roles/resourcemanager. organizationViewer”, “members”: [ “user:eve@example.com” ], “condition”: ` “ title”: “expirable access”, “description”: “Does not grant access after Sep 2020”, “expression”: “request.time < timestamp('2020-10-01T00:00:00.000Z')”, ` ` ], “etag”: “BwWWja0YfJA=”, “version”: 3 ` **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google. com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/ resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](cloud. google.com/iam/docs/). Corresponds to the JSON property `policy` @return [Google::Apis::CloudassetV1::Policy]
The project that the associated GCP resource belongs to, in the form of projects/`PROJECT_NUMBER`. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty. To search against the `project`: * specify the ` scope` field as this project in your search request. Corresponds to the JSON property `project` @return [String]
The full resource name of the resource associated with this IAM policy. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/ instances/instance1`. See [Cloud Asset
Inventory
Resource
Name Format](https:// cloud.google.com/asset-inventory/docs/resource-name-format) for more information. To search against the `resource`: * use a field query. Example: ` resource:organizations/123` Corresponds to the JSON property `resource` @return [String]
Public Class Methods
# File lib/google/apis/cloudasset_v1/classes.rb, line 2996 def initialize(**args) update!(**args) end
Public Instance Methods
Update properties of this object
# File lib/google/apis/cloudasset_v1/classes.rb, line 3001 def update!(**args) @asset_type = args[:asset_type] if args.key?(:asset_type) @explanation = args[:explanation] if args.key?(:explanation) @folders = args[:folders] if args.key?(:folders) @organization = args[:organization] if args.key?(:organization) @policy = args[:policy] if args.key?(:policy) @project = args[:project] if args.key?(:project) @resource = args[:resource] if args.key?(:resource) end