openapi-directory/api/googleapis.com/policysimulator.json

Building & bundling https://github.com/APIs-guru/openapi-directory for easy use from JS

{"openapi":"3.0.0","servers":[{"url":"https://policysimulator.googleapis.com/"}],"info":{"contact":{"name":"Google","url":"https://google.com","x-twitter":"youtube"},"description":" Policy Simulator is a collection of endpoints for creating, running, and viewing a Replay. A `Replay` is a type of simulation that lets you see how your members' access to resources might change if you changed your IAM policy. During a `Replay`, Policy Simulator re-evaluates, or replays, past access attempts under both the current policy and your proposed policy, and compares those results to determine how your members' access might change under the proposed policy.","license":{"name":"Creative Commons Attribution 3.0","url":"http://creativecommons.org/licenses/by/3.0/"},"termsOfService":"https://developers.google.com/terms/","title":"Policy Simulator API","version":"v1beta","x-apisguru-categories":["analytics","media"],"x-logo":{"url":"https://upload.wikimedia.org/wikipedia/commons/e/e1/YouTube_play_buttom_icon_%282013-2017%29.svg"},"x-origin":[{"format":"google","url":"https://policysimulator.googleapis.com/$discovery/rest?version=v1beta","version":"v1"}],"x-preferred":true,"x-providerName":"googleapis.com","x-serviceName":"policysimulator"},"externalDocs":{"url":"https://cloud.google.com/iam/docs/simulating-access"},"tags":[{"name":"folders"},{"name":"operations"},{"name":"organizations"},{"name":"projects"}],"paths":{"/v1beta/{name}":{"get":{"description":"Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`.","operationId":"policysimulator.projects.locations.replays.operations.list","parameters":[{"description":"The name of the operation's parent resource.","in":"path","name":"name","required":true,"schema":{"type":"string"}},{"description":"The standard list filter.","in":"query","name":"filter","schema":{"type":"string"}},{"description":"The standard list page size.","in":"query","name":"pageSize","schema":{"type":"integer"}},{"description":"The standard list page token.","in":"query","name":"pageToken","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleLongrunningListOperationsResponse"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["projects"]},"parameters":[{"$ref":"#/components/parameters/_.xgafv"},{"$ref":"#/components/parameters/access_token"},{"$ref":"#/components/parameters/alt"},{"$ref":"#/components/parameters/callback"},{"$ref":"#/components/parameters/fields"},{"$ref":"#/components/parameters/key"},{"$ref":"#/components/parameters/oauth_token"},{"$ref":"#/components/parameters/prettyPrint"},{"$ref":"#/components/parameters/quotaUser"},{"$ref":"#/components/parameters/upload_protocol"},{"$ref":"#/components/parameters/uploadType"}]},"/v1beta/{parent}/orgPolicyViolations":{"get":{"description":"ListOrgPolicyViolations lists the OrgPolicyViolations that are present in an OrgPolicyViolationsPreview.","operationId":"policysimulator.organizations.locations.orgPolicyViolationsPreviews.orgPolicyViolations.list","parameters":[{"description":"Required. The OrgPolicyViolationsPreview to get OrgPolicyViolations from. Format: organizations/{organization}/locations/{location}/orgPolicyViolationsPreviews/{orgPolicyViolationsPreview}","in":"path","name":"parent","required":true,"schema":{"type":"string"}},{"description":"Optional. The maximum number of items to return. The service may return fewer than this value. If unspecified, at most 50 items will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.","in":"query","name":"pageSize","schema":{"type":"integer"}},{"description":"Optional. A page token, received from a previous call. Provide this to retrieve the subsequent page. When paginating, all other parameters must match the call that provided the page token.","in":"query","name":"pageToken","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaListOrgPolicyViolationsResponse"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["organizations"]},"parameters":[{"$ref":"#/components/parameters/_.xgafv"},{"$ref":"#/components/parameters/access_token"},{"$ref":"#/components/parameters/alt"},{"$ref":"#/components/parameters/callback"},{"$ref":"#/components/parameters/fields"},{"$ref":"#/components/parameters/key"},{"$ref":"#/components/parameters/oauth_token"},{"$ref":"#/components/parameters/prettyPrint"},{"$ref":"#/components/parameters/quotaUser"},{"$ref":"#/components/parameters/upload_protocol"},{"$ref":"#/components/parameters/uploadType"}]},"/v1beta/{parent}/orgPolicyViolationsPreviews":{"get":{"description":"ListOrgPolicyViolationsPreviews lists each OrgPolicyViolationsPreview in an organization. Each OrgPolicyViolationsPreview is available for at least 7 days.","operationId":"policysimulator.organizations.locations.orgPolicyViolationsPreviews.list","parameters":[{"description":"Required. The parent the violations are scoped to. Format: `organizations/{organization}/locations/{location}` Example: `organizations/my-example-org/locations/global`","in":"path","name":"parent","required":true,"schema":{"type":"string"}},{"description":"Optional. The maximum number of items to return. The service may return fewer than this value. If unspecified, at most 5 items will be returned. The maximum value is 10; values above 10 will be coerced to 10.","in":"query","name":"pageSize","schema":{"type":"integer"}},{"description":"Optional. A page token, received from a previous call. Provide this to retrieve the subsequent page. When paginating, all other parameters must match the call that provided the page token.","in":"query","name":"pageToken","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaListOrgPolicyViolationsPreviewsResponse"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["organizations"]},"parameters":[{"$ref":"#/components/parameters/_.xgafv"},{"$ref":"#/components/parameters/access_token"},{"$ref":"#/components/parameters/alt"},{"$ref":"#/components/parameters/callback"},{"$ref":"#/components/parameters/fields"},{"$ref":"#/components/parameters/key"},{"$ref":"#/components/parameters/oauth_token"},{"$ref":"#/components/parameters/prettyPrint"},{"$ref":"#/components/parameters/quotaUser"},{"$ref":"#/components/parameters/upload_protocol"},{"$ref":"#/components/parameters/uploadType"}],"post":{"description":"CreateOrgPolicyViolationsPreview creates an OrgPolicyViolationsPreview for the proposed changes in the provided OrgPolicyViolationsPreview.OrgPolicyOverlay. The changes to OrgPolicy are specified by this `OrgPolicyOverlay`. The resources to scan are inferred from these specified changes.","operationId":"policysimulator.organizations.locations.orgPolicyViolationsPreviews.create","parameters":[{"description":"Required. The organization under which this OrgPolicyViolationsPreview will be created. Example: `organizations/my-example-org/locations/global`","in":"path","name":"parent","required":true,"schema":{"type":"string"}},{"description":"Optional. An optional user-specified ID for the OrgPolicyViolationsPreview. If not provided, a random ID will be generated.","in":"query","name":"orgPolicyViolationsPreviewId","schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaOrgPolicyViolationsPreview"}}}},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleLongrunningOperation"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["organizations"]}},"/v1beta/{parent}/orgPolicyViolationsPreviews:generate":{"parameters":[{"$ref":"#/components/parameters/_.xgafv"},{"$ref":"#/components/parameters/access_token"},{"$ref":"#/components/parameters/alt"},{"$ref":"#/components/parameters/callback"},{"$ref":"#/components/parameters/fields"},{"$ref":"#/components/parameters/key"},{"$ref":"#/components/parameters/oauth_token"},{"$ref":"#/components/parameters/prettyPrint"},{"$ref":"#/components/parameters/quotaUser"},{"$ref":"#/components/parameters/upload_protocol"},{"$ref":"#/components/parameters/uploadType"}],"post":{"description":"GenerateOrgPolicyViolationsPreview generates an OrgPolicyViolationsPreview for the proposed changes in the provided OrgPolicyViolationsPreview.OrgPolicyOverlay. The changes to OrgPolicy are specified by this `OrgPolicyOverlay`. The resources to scan are inferred from these specified changes.","operationId":"policysimulator.organizations.locations.orgPolicyViolationsPreviews.generate","parameters":[{"description":"Required. The organization under which this OrgPolicyViolationsPreview will be created. Example: `organizations/my-example-org/locations/global`","in":"path","name":"parent","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaOrgPolicyViolationsPreview"}}}},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleLongrunningOperation"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["organizations"]}},"/v1beta/{parent}/replays":{"get":{"description":"Lists each Replay in a project, folder, or organization. Each `Replay` is available for at least 7 days.","operationId":"policysimulator.projects.locations.replays.list","parameters":[{"description":"Required. The parent resource, in the following format: `{projects|folders|organizations}/{resource-id}/locations/global`, where `{resource-id}` is the ID of the project, folder, or organization that owns the Replay. Example: `projects/my-example-project/locations/global` Only `Replay` objects that are direct children of the provided parent are listed. In other words, `Replay` objects that are children of a project will not be included when the parent is a folder of that project.","in":"path","name":"parent","required":true,"schema":{"type":"string"}},{"description":"The maximum number of Replay objects to return. Defaults to 50. The maximum value is 1000; values above 1000 are rounded down to 1000.","in":"query","name":"pageSize","schema":{"type":"integer"}},{"description":"A page token, received from a previous Simulator.ListReplays call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to Simulator.ListReplays must match the call that provided the page token.","in":"query","name":"pageToken","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaListReplaysResponse"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["projects"]},"parameters":[{"$ref":"#/components/parameters/_.xgafv"},{"$ref":"#/components/parameters/access_token"},{"$ref":"#/components/parameters/alt"},{"$ref":"#/components/parameters/callback"},{"$ref":"#/components/parameters/fields"},{"$ref":"#/components/parameters/key"},{"$ref":"#/components/parameters/oauth_token"},{"$ref":"#/components/parameters/prettyPrint"},{"$ref":"#/components/parameters/quotaUser"},{"$ref":"#/components/parameters/upload_protocol"},{"$ref":"#/components/parameters/uploadType"}],"post":{"description":"Creates and starts a Replay using the given ReplayConfig.","operationId":"policysimulator.projects.locations.replays.create","parameters":[{"description":"Required. The parent resource where this Replay will be created. This resource must be a project, folder, or organization with a location. Example: `projects/my-example-project/locations/global`","in":"path","name":"parent","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaReplay"}}}},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleLongrunningOperation"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["projects"]}},"/v1beta/{parent}/results":{"get":{"description":"Lists the results of running a Replay.","operationId":"policysimulator.projects.locations.replays.results.list","parameters":[{"description":"Required. The Replay whose results are listed, in the following format: `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}` Example: `projects/my-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`","in":"path","name":"parent","required":true,"schema":{"type":"string"}},{"description":"The maximum number of ReplayResult objects to return. Defaults to 5000. The maximum value is 5000; values above 5000 are rounded down to 5000.","in":"query","name":"pageSize","schema":{"type":"integer"}},{"description":"A page token, received from a previous Simulator.ListReplayResults call. Provide this token to retrieve the next page of results. When paginating, all other parameters provided to [Simulator.ListReplayResults[] must match the call that provided the page token.","in":"query","name":"pageToken","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaListReplayResultsResponse"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["projects"]},"parameters":[{"$ref":"#/components/parameters/_.xgafv"},{"$ref":"#/components/parameters/access_token"},{"$ref":"#/components/parameters/alt"},{"$ref":"#/components/parameters/callback"},{"$ref":"#/components/parameters/fields"},{"$ref":"#/components/parameters/key"},{"$ref":"#/components/parameters/oauth_token"},{"$ref":"#/components/parameters/prettyPrint"},{"$ref":"#/components/parameters/quotaUser"},{"$ref":"#/components/parameters/upload_protocol"},{"$ref":"#/components/parameters/uploadType"}]}},"components":{"parameters":{"_.xgafv":{"description":"V1 error format.","in":"query","name":"$.xgafv","schema":{"enum":["1","2"],"type":"string"}},"access_token":{"description":"OAuth access token.","in":"query","name":"access_token","schema":{"type":"string"}},"alt":{"description":"Data format for response.","in":"query","name":"alt","schema":{"enum":["json","media","proto"],"type":"string"}},"callback":{"description":"JSONP","in":"query","name":"callback","schema":{"type":"string"}},"fields":{"description":"Selector specifying which fields to include in a partial response.","in":"query","name":"fields","schema":{"type":"string"}},"key":{"description":"API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.","in":"query","name":"key","schema":{"type":"string"}},"oauth_token":{"description":"OAuth 2.0 token for the current user.","in":"query","name":"oauth_token","schema":{"type":"string"}},"prettyPrint":{"description":"Returns response with indentations and line breaks.","in":"query","name":"prettyPrint","schema":{"type":"boolean"}},"quotaUser":{"description":"Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.","in":"query","name":"quotaUser","schema":{"type":"string"}},"uploadType":{"description":"Legacy upload protocol for media (e.g. \"media\", \"multipart\").","in":"query","name":"uploadType","schema":{"type":"string"}},"upload_protocol":{"description":"Upload protocol for media (e.g. \"raw\", \"multipart\").","in":"query","name":"upload_protocol","schema":{"type":"string"}}},"schemas":{"GoogleCloudOrgpolicyV2AlternatePolicySpec":{"description":"Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.","properties":{"launch":{"description":"Reference to the launch that will be used while audit logging and to control the launch. Should be set only in the alternate policy.","type":"string"},"spec":{"$ref":"#/components/schemas/GoogleCloudOrgpolicyV2PolicySpec","description":"Specify constraint for configurations of Google Cloud resources."}},"type":"object"},"GoogleCloudOrgpolicyV2CustomConstraint":{"description":"A custom constraint defined by customers which can *only* be applied to the given resource types and organization. By creating a custom constraint, customers can apply policies of this custom constraint. *Creating a custom constraint itself does NOT apply any policy enforcement*.","properties":{"actionType":{"description":"Allow or deny type.","enum":["ACTION_TYPE_UNSPECIFIED","ALLOW","DENY"],"type":"string"},"condition":{"description":"Org policy condition/expression. For example: `resource.instanceName.matches(\"[production|test]_.*_(\\d)+\")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.","type":"string"},"description":{"description":"Detailed information about this custom policy constraint. The max length of the description is 2000 characters.","type":"string"},"displayName":{"description":"One line display name for the UI. The max length of the display_name is 200 characters.","type":"string"},"methodTypes":{"description":"All the operations being applied for this constraint.","items":{"enum":["METHOD_TYPE_UNSPECIFIED","CREATE","UPDATE","DELETE"],"type":"string"},"type":"array"},"name":{"description":"Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms` The max length is 70 characters and the minimum length is 1. Note that the prefix `organizations/{organization_id}/customConstraints/` is not counted.","type":"string"},"resourceTypes":{"description":"Immutable. The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`.","items":{"type":"string"},"type":"array"},"updateTime":{"description":"Output only. The last time this custom constraint was updated. This represents the last time that the `CreateCustomConstraint` or `UpdateCustomConstraint` RPC was called","format":"google-datetime","readOnly":true,"type":"string"}},"type":"object"},"GoogleCloudOrgpolicyV2Policy":{"description":"Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.","properties":{"alternate":{"$ref":"#/components/schemas/GoogleCloudOrgpolicyV2AlternatePolicySpec","deprecated":true,"description":"Deprecated."},"dryRunSpec":{"$ref":"#/components/schemas/GoogleCloudOrgpolicyV2PolicySpec","description":"Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced."},"etag":{"description":"Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","type":"string"},"name":{"description":"Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.","type":"string"},"spec":{"$ref":"#/components/schemas/GoogleCloudOrgpolicyV2PolicySpec","description":"Basic information about the Organization Policy."}},"type":"object"},"GoogleCloudOrgpolicyV2PolicySpec":{"description":"Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.","properties":{"etag":{"description":"An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset.","type":"string"},"inheritFromParent":{"description":"Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.","type":"boolean"},"reset":{"description":"Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.","type":"boolean"},"rules":{"description":"In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.","items":{"$ref":"#/components/schemas/GoogleCloudOrgpolicyV2PolicySpecPolicyRule"},"type":"array"},"updateTime":{"description":"Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.","format":"google-datetime","readOnly":true,"type":"string"}},"type":"object"},"GoogleCloudOrgpolicyV2PolicySpecPolicyRule":{"description":"A rule used to express this policy.","properties":{"allowAll":{"description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","type":"boolean"},"condition":{"$ref":"#/components/schemas/GoogleTypeExpr","description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"&&\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\"."},"denyAll":{"description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","type":"boolean"},"enforce":{"description":"If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.","type":"boolean"},"values":{"$ref":"#/components/schemas/GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues","description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints."}},"type":"object"},"GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues":{"description":"A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a \":\". Values prefixed with \"is:\" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used.","properties":{"allowedValues":{"description":"List of values allowed at this resource.","items":{"type":"string"},"type":"array"},"deniedValues":{"description":"List of values denied at this resource.","items":{"type":"string"},"type":"array"}},"type":"object"},"GoogleCloudPolicysimulatorV1Replay":{"description":"A resource describing a `Replay`, or simulation.","properties":{"config":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1ReplayConfig","description":"Required. The configuration used for the `Replay`."},"name":{"description":"Output only. The resource name of the `Replay`, which has the following format: `{projects|folders|organizations}/{resource-id}/locations/global/replays/{replay-id}`, where `{resource-id}` is the ID of the project, folder, or organization that owns the Replay. Example: `projects/my-example-project/locations/global/replays/506a5f7f-38ce-4d7d-8e03-479ce1833c36`","readOnly":true,"type":"string"},"resultsSummary":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1ReplayResultsSummary","description":"Output only. Summary statistics about the replayed log entries.","readOnly":true},"state":{"description":"Output only. The current state of the `Replay`.","enum":["STATE_UNSPECIFIED","PENDING","RUNNING","SUCCEEDED","FAILED"],"readOnly":true,"type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1ReplayConfig":{"description":"The configuration used for a Replay.","properties":{"logSource":{"description":"The logs to use as input for the Replay.","enum":["LOG_SOURCE_UNSPECIFIED","RECENT_ACCESSES"],"type":"string"},"policyOverlay":{"additionalProperties":{"$ref":"#/components/schemas/GoogleIamV1Policy"},"description":"A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.","type":"object"}},"type":"object"},"GoogleCloudPolicysimulatorV1ReplayOperationMetadata":{"description":"Metadata about a Replay operation.","properties":{"startTime":{"description":"Time when the request was received.","format":"google-datetime","type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1ReplayResultsSummary":{"description":"Summary statistics about the replayed log entries.","properties":{"differenceCount":{"description":"The number of replayed log entries with a difference between baseline and simulated policies.","format":"int32","type":"integer"},"errorCount":{"description":"The number of log entries that could not be replayed.","format":"int32","type":"integer"},"logCount":{"description":"The total number of log entries replayed.","format":"int32","type":"integer"},"newestDate":{"$ref":"#/components/schemas/GoogleTypeDate","description":"The date of the newest log entry replayed."},"oldestDate":{"$ref":"#/components/schemas/GoogleTypeDate","description":"The date of the oldest log entry replayed."},"unchangedCount":{"description":"The number of replayed log entries with no difference between baseline and simulated policies.","format":"int32","type":"integer"}},"type":"object"},"GoogleCloudPolicysimulatorV1alphaCreateOrgPolicyViolationsPreviewOperationMetadata":{"description":"CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.","properties":{"requestTime":{"description":"Time when the request was received.","format":"google-datetime","type":"string"},"resourcesFound":{"description":"Total number of resources that need scanning. Should equal resource_scanned + resources_pending","format":"int32","type":"integer"},"resourcesPending":{"description":"Number of resources still to scan.","format":"int32","type":"integer"},"resourcesScanned":{"description":"Number of resources already scanned.","format":"int32","type":"integer"},"startTime":{"description":"Time when the request started processing, i.e., when the state was set to RUNNING.","format":"google-datetime","type":"string"},"state":{"description":"Output only. The current state of the operation.","enum":["PREVIEW_STATE_UNSPECIFIED","PREVIEW_PENDING","PREVIEW_RUNNING","PREVIEW_SUCCEEDED","PREVIEW_FAILED"],"readOnly":true,"type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1alphaGenerateOrgPolicyViolationsPreviewOperationMetadata":{"description":"GenerateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.","properties":{"requestTime":{"description":"Time when the request was received.","format":"google-datetime","type":"string"},"resourcesFound":{"description":"Total number of resources that need scanning. Should equal resource_scanned + resources_pending","format":"int32","type":"integer"},"resourcesPending":{"description":"Number of resources still to scan.","format":"int32","type":"integer"},"resourcesScanned":{"description":"Number of resources already scanned.","format":"int32","type":"integer"},"startTime":{"description":"Time when the request started processing, i.e. when the state was set to RUNNING.","format":"google-datetime","type":"string"},"state":{"description":"The current state of the operation.","enum":["PREVIEW_STATE_UNSPECIFIED","PREVIEW_PENDING","PREVIEW_RUNNING","PREVIEW_SUCCEEDED","PREVIEW_FAILED"],"type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlay":{"description":"The proposed changes to OrgPolicy.","properties":{"customConstraints":{"description":"Optional. The OrgPolicy CustomConstraint changes to preview violations for. Any existing CustomConstraints with the same name will be overridden in the simulation. That is, violations will be determined as if all custom constraints in the overlay were instantiated. Only a single custom_constraint is supported in the overlay at a time. For evaluating multiple constraints, multiple `GenerateOrgPolicyViolationsPreview` requests are made, where each request evaluates a single constraint.","items":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlayCustomConstraintOverlay"},"type":"array"},"policies":{"description":"Optional. The OrgPolicy changes to preview violations for. Any existing OrgPolicies with the same name will be overridden in the simulation. That is, violations will be determined as if all policies in the overlay were created or updated.","items":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlayPolicyOverlay"},"type":"array"}},"type":"object"},"GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlayCustomConstraintOverlay":{"description":"A change to an OrgPolicy custom constraint.","properties":{"customConstraint":{"$ref":"#/components/schemas/GoogleCloudOrgpolicyV2CustomConstraint","description":"Optional. The new or updated custom constraint."},"customConstraintParent":{"description":"Optional. Resource the constraint is attached to. Example: \"organization/987654\"","type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlayPolicyOverlay":{"description":"A change to an OrgPolicy.","properties":{"policy":{"$ref":"#/components/schemas/GoogleCloudOrgpolicyV2Policy","description":"Optional. The new or updated OrgPolicy."},"policyParent":{"description":"Optional. The parent of the policy we are attaching to. Example: \"projects/123456\"","type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1alphaOrgPolicyViolationsPreview":{"description":"OrgPolicyViolationsPreview is a resource providing a preview of the violations that will exist if an OrgPolicy change is made. The list of violations are modeled as child resources and retrieved via a ListOrgPolicyViolations API call. There are potentially more OrgPolicyViolations than could fit in an embedded field. Thus, the use of a child resource instead of a field.","properties":{"createTime":{"description":"Output only. Time when this `OrgPolicyViolationsPreview` was created.","format":"google-datetime","readOnly":true,"type":"string"},"customConstraints":{"description":"Output only. The names of the constraints against which all `OrgPolicyViolations` were evaluated. If `OrgPolicyOverlay` only contains `PolicyOverlay` then it contains the name of the configured custom constraint, applicable to the specified policies. Otherwise it contains the name of the constraint specified in `CustomConstraintOverlay`. Format: `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms`","items":{"type":"string"},"readOnly":true,"type":"array"},"name":{"description":"Output only. The resource name of the `OrgPolicyViolationsPreview`. It has the following format: `organizations/{organization}/locations/{location}/orgPolicyViolationsPreviews/{orgPolicyViolationsPreview}` Example: `organizations/my-example-org/locations/global/orgPolicyViolationsPreviews/506a5f7f`","readOnly":true,"type":"string"},"overlay":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1alphaOrgPolicyOverlay","description":"Required. The proposed changes we are previewing violations for."},"resourceCounts":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1alphaOrgPolicyViolationsPreviewResourceCounts","description":"Output only. A summary of the state of all resources scanned for compliance with the changed OrgPolicy.","readOnly":true},"state":{"description":"Output only. The state of the `OrgPolicyViolationsPreview`.","enum":["PREVIEW_STATE_UNSPECIFIED","PREVIEW_PENDING","PREVIEW_RUNNING","PREVIEW_SUCCEEDED","PREVIEW_FAILED"],"readOnly":true,"type":"string"},"violationsCount":{"description":"Output only. The number of OrgPolicyViolations in this `OrgPolicyViolationsPreview`. This count may differ from `resource_summary.noncompliant_count` because each OrgPolicyViolation is specific to a resource **and** constraint. If there are multiple constraints being evaluated (i.e. multiple policies in the overlay), a single resource may violate multiple constraints.","format":"int32","readOnly":true,"type":"integer"}},"type":"object"},"GoogleCloudPolicysimulatorV1alphaOrgPolicyViolationsPreviewResourceCounts":{"description":"A summary of the state of all resources scanned for compliance with the changed OrgPolicy.","properties":{"compliant":{"description":"Output only. Number of scanned resources with zero violations.","format":"int32","readOnly":true,"type":"integer"},"errors":{"description":"Output only. Number of resources that returned an error when scanned.","format":"int32","readOnly":true,"type":"integer"},"noncompliant":{"description":"Output only. Number of scanned resources with at least one violation.","format":"int32","readOnly":true,"type":"integer"},"scanned":{"description":"Output only. Number of resources checked for compliance. Must equal: unenforced + noncompliant + compliant + error","format":"int32","readOnly":true,"type":"integer"},"unenforced":{"description":"Output only. Number of resources where the constraint was not enforced, i.e. the Policy set `enforced: false` for that resource.","format":"int32","readOnly":true,"type":"integer"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaAccessStateDiff":{"description":"A summary and comparison of the principal's access under the current (baseline) policies and the proposed (simulated) policies for a single access tuple.","properties":{"accessChange":{"description":"How the principal's access, specified in the AccessState field, changed between the current (baseline) policies and proposed (simulated) policies.","enum":["ACCESS_CHANGE_TYPE_UNSPECIFIED","NO_CHANGE","UNKNOWN_CHANGE","ACCESS_REVOKED","ACCESS_GAINED","ACCESS_MAYBE_REVOKED","ACCESS_MAYBE_GAINED"],"type":"string"},"baseline":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaExplainedAccess","description":"The results of evaluating the access tuple under the current (baseline) policies. If the AccessState couldn't be fully evaluated, this field explains why."},"simulated":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaExplainedAccess","description":"The results of evaluating the access tuple under the proposed (simulated) policies. If the AccessState couldn't be fully evaluated, this field explains why."}},"type":"object"},"GoogleCloudPolicysimulatorV1betaAccessTuple":{"description":"Information about the principal, resource, and permission to check.","properties":{"fullResourceName":{"description":"Required. The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.","type":"string"},"permission":{"description":"Required. The IAM permission to check for the specified principal and resource. For a complete list of IAM permissions, see https://cloud.google.com/iam/help/permissions/reference. For a complete list of predefined IAM roles and the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.","type":"string"},"principal":{"description":"Required. The principal whose access you want to check, in the form of the email address that represents that principal. For example, `alice@example.com` or `my-service-account@my-project.iam.gserviceaccount.com`. The principal must be a Google Account or a service account. Other types of principals are not supported.","type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaBindingExplanation":{"description":"Details about how a binding in a policy affects a principal's ability to use a permission.","properties":{"access":{"description":"Required. Indicates whether _this binding_ provides the specified permission to the specified principal for the specified resource. This field does _not_ indicate whether the principal actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the principal actually has the permission, use the `access` field in the TroubleshootIamPolicyResponse.","enum":["ACCESS_STATE_UNSPECIFIED","GRANTED","NOT_GRANTED","UNKNOWN_CONDITIONAL","UNKNOWN_INFO_DENIED"],"type":"string"},"condition":{"$ref":"#/components/schemas/GoogleTypeExpr","description":"A condition expression that prevents this binding from granting access unless the expression evaluates to `true`. To learn about IAM Conditions, see https://cloud.google.com/iam/docs/conditions-overview."},"memberships":{"additionalProperties":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaBindingExplanationAnnotatedMembership"},"description":"Indicates whether each principal in the binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the binding, and each value indicates whether the principal in the binding includes the principal in the request. For example, suppose that a binding includes the following principals: * `user:alice@example.com` * `group:product-eng@example.com` The principal in the replayed access tuple is `user:bob@example.com`. This user is a principal of the group `group:product-eng@example.com`. For the first principal in the binding, the key is `user:alice@example.com`, and the `membership` field in the value is set to `MEMBERSHIP_NOT_INCLUDED`. For the second principal in the binding, the key is `group:product-eng@example.com`, and the `membership` field in the value is set to `MEMBERSHIP_INCLUDED`.","type":"object"},"relevance":{"description":"The relevance of this binding to the overall determination for the entire policy.","enum":["HEURISTIC_RELEVANCE_UNSPECIFIED","NORMAL","HIGH"],"type":"string"},"role":{"description":"The role that this binding grants. For example, `roles/compute.serviceAgent`. For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.","type":"string"},"rolePermission":{"description":"Indicates whether the role granted by this binding contains the specified permission.","enum":["ROLE_PERMISSION_UNSPECIFIED","ROLE_PERMISSION_INCLUDED","ROLE_PERMISSION_NOT_INCLUDED","ROLE_PERMISSION_UNKNOWN_INFO_DENIED"],"type":"string"},"rolePermissionRelevance":{"description":"The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.","enum":["HEURISTIC_RELEVANCE_UNSPECIFIED","NORMAL","HIGH"],"type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaBindingExplanationAnnotatedMembership":{"description":"Details about whether the binding includes the principal.","properties":{"membership":{"description":"Indicates whether the binding includes the principal.","enum":["MEMBERSHIP_UNSPECIFIED","MEMBERSHIP_INCLUDED","MEMBERSHIP_NOT_INCLUDED","MEMBERSHIP_UNKNOWN_INFO_DENIED","MEMBERSHIP_UNKNOWN_UNSUPPORTED"],"type":"string"},"relevance":{"description":"The relevance of the principal's status to the overall determination for the binding.","enum":["HEURISTIC_RELEVANCE_UNSPECIFIED","NORMAL","HIGH"],"type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaCreateOrgPolicyViolationsPreviewOperationMetadata":{"description":"CreateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.","properties":{"requestTime":{"description":"Time when the request was received.","format":"google-datetime","type":"string"},"resourcesFound":{"description":"Total number of resources that need scanning. Should equal resource_scanned + resources_pending","format":"int32","type":"integer"},"resourcesPending":{"description":"Number of resources still to scan.","format":"int32","type":"integer"},"resourcesScanned":{"description":"Number of resources already scanned.","format":"int32","type":"integer"},"startTime":{"description":"Time when the request started processing, i.e., when the state was set to RUNNING.","format":"google-datetime","type":"string"},"state":{"description":"Output only. The current state of the operation.","enum":["PREVIEW_STATE_UNSPECIFIED","PREVIEW_PENDING","PREVIEW_RUNNING","PREVIEW_SUCCEEDED","PREVIEW_FAILED"],"readOnly":true,"type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaExplainedAccess":{"description":"Details about how a set of policies, listed in ExplainedPolicy, resulted in a certain AccessState when replaying an access tuple.","properties":{"accessState":{"description":"Whether the principal in the access tuple has permission to access the resource in the access tuple under the given policies.","enum":["ACCESS_STATE_UNSPECIFIED","GRANTED","NOT_GRANTED","UNKNOWN_CONDITIONAL","UNKNOWN_INFO_DENIED"],"type":"string"},"errors":{"description":"If the AccessState is `UNKNOWN`, this field contains a list of errors explaining why the result is `UNKNOWN`. If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is omitted.","items":{"$ref":"#/components/schemas/GoogleRpcStatus"},"type":"array"},"policies":{"description":"If the AccessState is `UNKNOWN`, this field contains the policies that led to that result. If the `AccessState` is `GRANTED` or `NOT_GRANTED`, this field is omitted.","items":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaExplainedPolicy"},"type":"array"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaExplainedPolicy":{"description":"Details about how a specific IAM Policy contributed to the access check.","properties":{"access":{"description":"Indicates whether _this policy_ provides the specified permission to the specified principal for the specified resource. This field does _not_ indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the `access` field in the TroubleshootIamPolicyResponse.","enum":["ACCESS_STATE_UNSPECIFIED","GRANTED","NOT_GRANTED","UNKNOWN_CONDITIONAL","UNKNOWN_INFO_DENIED"],"type":"string"},"bindingExplanations":{"description":"Details about how each binding in the policy affects the principal's ability, or inability, to use the permission for the resource. If the user who created the Replay does not have access to the policy, this field is omitted.","items":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaBindingExplanation"},"type":"array"},"fullResourceName":{"description":"The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.","type":"string"},"policy":{"$ref":"#/components/schemas/GoogleIamV1Policy","description":"The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty."},"relevance":{"description":"The relevance of this policy to the overall determination in the TroubleshootIamPolicyResponse. If the user who created the Replay does not have access to the policy, this field is omitted.","enum":["HEURISTIC_RELEVANCE_UNSPECIFIED","NORMAL","HIGH"],"type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaGenerateOrgPolicyViolationsPreviewOperationMetadata":{"description":"GenerateOrgPolicyViolationsPreviewOperationMetadata is metadata about an OrgPolicyViolationsPreview generations operation.","properties":{"requestTime":{"description":"Time when the request was received.","format":"google-datetime","type":"string"},"resourcesFound":{"description":"Total number of resources that need scanning. Should equal resource_scanned + resources_pending","format":"int32","type":"integer"},"resourcesPending":{"description":"Number of resources still to scan.","format":"int32","type":"integer"},"resourcesScanned":{"description":"Number of resources already scanned.","format":"int32","type":"integer"},"startTime":{"description":"Time when the request started processing, i.e. when the state was set to RUNNING.","format":"google-datetime","type":"string"},"state":{"description":"The current state of the operation.","enum":["PREVIEW_STATE_UNSPECIFIED","PREVIEW_PENDING","PREVIEW_RUNNING","PREVIEW_SUCCEEDED","PREVIEW_FAILED"],"type":"string"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaListOrgPolicyViolationsPreviewsResponse":{"description":"ListOrgPolicyViolationsPreviewsResponse is the response message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolationsPreviews.","properties":{"nextPageToken":{"description":"A token that you can use to retrieve the next page of results. If this field is omitted, there are no subsequent pages.","type":"string"},"orgPolicyViolationsPreviews":{"description":"The list of OrgPolicyViolationsPreview","items":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaOrgPolicyViolationsPreview"},"type":"array"}},"type":"object"},"GoogleCloudPolicysimulatorV1betaListOrgPolicyViolationsResponse":{"description":"ListOrgPolicyViolationsResponse is the response message for OrgPolicyViolationsPreviewService.ListOrgPolicyViolations","properties":{"nextPageToken":{"description":"A token that you can use to retrieve the next page of results. If this field is omitted, there are no subsequent pages.","type":"string"},"orgPolicyViolations":{"description":"The list of OrgPolicyViolations","items":{"$ref":"#/components/schemas/GoogleCloudPolicysimulatorV1betaOrgPolicyViolation"},"type":"array"}},"type":"object"},"Google