getDeniedPrincipalsList();
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @return The count of deniedPrincipals.
*/
int getDeniedPrincipalsCount();
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param index The index of the element to return.
* @return The deniedPrincipals at the given index.
*/
java.lang.String getDeniedPrincipals(int index);
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param index The index of the value to return.
* @return The bytes of the deniedPrincipals at the given index.
*/
com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index);
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @return A list containing the exceptionPrincipals.
*/
java.util.List getExceptionPrincipalsList();
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @return The count of exceptionPrincipals.
*/
int getExceptionPrincipalsCount();
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param index The index of the element to return.
* @return The exceptionPrincipals at the given index.
*/
java.lang.String getExceptionPrincipals(int index);
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param index The index of the value to return.
* @return The bytes of the exceptionPrincipals at the given index.
*/
com.google.protobuf.ByteString getExceptionPrincipalsBytes(int index);
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @return A list containing the deniedPermissions.
*/
java.util.List getDeniedPermissionsList();
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @return The count of deniedPermissions.
*/
int getDeniedPermissionsCount();
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param index The index of the element to return.
* @return The deniedPermissions at the given index.
*/
java.lang.String getDeniedPermissions(int index);
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param index The index of the value to return.
* @return The bytes of the deniedPermissions at the given index.
*/
com.google.protobuf.ByteString getDeniedPermissionsBytes(int index);
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @return A list containing the exceptionPermissions.
*/
java.util.List getExceptionPermissionsList();
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @return The count of exceptionPermissions.
*/
int getExceptionPermissionsCount();
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param index The index of the element to return.
* @return The exceptionPermissions at the given index.
*/
java.lang.String getExceptionPermissions(int index);
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param index The index of the value to return.
* @return The bytes of the exceptionPermissions at the given index.
*/
com.google.protobuf.ByteString getExceptionPermissionsBytes(int index);
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*
* @return Whether the denialCondition field is set.
*/
boolean hasDenialCondition();
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*
* @return The denialCondition.
*/
com.google.type.Expr getDenialCondition();
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
com.google.type.ExprOrBuilder getDenialConditionOrBuilder();
}