Explain API.
Explainer
(config)[source]¶Bases: object
Implements the Explain API.
check_iam_policy
(model_name, resource, permission, identity)[source]¶Checks access according to IAM policy for the resource.
Parameters: |
|
---|---|
Returns: | whether such access is allowed |
Return type: | bool |
explain_denied
(model_name, member, resources, permissions, roles)[source]¶Provides information on granting a member access to a resource.
Parameters: |
|
---|---|
Returns: | list of tuples, (overgranting,[(role_name,member_name,resource_name)]) |
Return type: | list |
explain_granted
(model_name, member, resource, role, permission)[source]¶Provides information on why a member has access to a resource.
Parameters: |
|
---|---|
Returns: | (bindings, member_graph, resource_type_names) bindings, the bindings to grant the access member_graph, the graph to have member included in the binding resource_type_names, the resource tree |
Return type: | tuples |
get_access_by_members
(model_name, member_name, permission_names, expand_resources)[source]¶Returns access to resources for the provided member.
Parameters: |
|
---|---|
Yields: | tuple – Generator for (role, resources). |
get_access_by_permissions
(model_name, role_name, permission_name, expand_groups, expand_resources)[source]¶Returns access tuples satisfying the permission or role.
Parameters: |
|
---|---|
Yields: | tuple – Generator for (role, resource, members). |
get_access_by_resources
(model_name, resource_name, permission_names, expand_groups)[source]¶Returns members who have access to the given resource.
Parameters: |
|
---|---|
Returns: | role_member_mapping, <”role_name”, “member_names”> |
Return type: | dict |
get_iam_policy
(model_name, resource)[source]¶Gets the IAM policy for the resource.
Parameters: |
|
---|---|
Returns: | the IAM policy |
Return type: | dict |
get_permissions_by_roles
(model_name, role_names, role_prefixes)[source]¶Returns the permissions associated with the specified roles.
Parameters: |
|
---|---|
Yields: | tuple – Generator for (Role, Permission). |
list_group_members
(model_name, member_name_prefix)[source]¶Lists a member from the model.
Parameters: |
|
---|---|
Returns: | list of Members that match the query |
Return type: | list |