Class: Google::Apis::OrgpolicyV2::GoogleCloudOrgpolicyV2PolicySpecPolicyRule

Inherits:

Object

• Object
• Google::Apis::OrgpolicyV2::GoogleCloudOrgpolicyV2PolicySpecPolicyRule

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/orgpolicy_v2/classes.rb,
lib/google/apis/orgpolicy_v2/representations.rb,
lib/google/apis/orgpolicy_v2/representations.rb

Overview

A rule used to express this policy.

Instance Attribute Summary

• #allow_all ⇒ Boolean (also: #allow_all?)

  Setting this to true means that all values are allowed.

• #condition ⇒ Google::Apis::OrgpolicyV2::GoogleTypeExpr

  Represents a textual expression in the Common Expression Language (CEL) syntax.

• #deny_all ⇒ Boolean (also: #deny_all?)

  Setting this to true means that all values are denied.

• #enforce ⇒ Boolean (also: #enforce?)

  If true, then the policy is enforced.

• #parameters ⇒ Hash<String,Object>

  Optional.

• #values ⇒ Google::Apis::OrgpolicyV2::GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues

  A message that holds specific allowed and denied values.

Instance Method Summary

• #initialize(**args) ⇒ GoogleCloudOrgpolicyV2PolicySpecPolicyRule constructor

  A new instance of GoogleCloudOrgpolicyV2PolicySpecPolicyRule.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ GoogleCloudOrgpolicyV2PolicySpecPolicyRule

Returns a new instance of GoogleCloudOrgpolicyV2PolicySpecPolicyRule.

# File 'lib/google/apis/orgpolicy_v2/classes.rb', line 654

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allow_all ⇒ Boolean Also known as: allow_all?

Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. Corresponds to the JSON property allowAll

Returns:

• (Boolean)

# File 'lib/google/apis/orgpolicy_v2/classes.rb', line 593

def allow_all
  @allow_all
end

#condition ⇒ Google::Apis::OrgpolicyV2::GoogleTypeExpr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: " Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example ( Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. Corresponds to the JSON property condition

Returns:

• (Google::Apis::OrgpolicyV2::GoogleTypeExpr)

# File 'lib/google/apis/orgpolicy_v2/classes.rb', line 613

def condition
  @condition
end

#deny_all ⇒ Boolean Also known as: deny_all?

Setting this to true means that all values are denied. This field can be set only in policies for list constraints. Corresponds to the JSON property denyAll

Returns:

• (Boolean)

# File 'lib/google/apis/orgpolicy_v2/classes.rb', line 619

def deny_all
  @deny_all
end

#enforce ⇒ Boolean Also known as: enforce?

If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set in policies for boolean constraints, custom constraints and managed constraints. Corresponds to the JSON property enforce

Returns:

• (Boolean)

# File 'lib/google/apis/orgpolicy_v2/classes.rb', line 627

def enforce
  @enforce
end

#parameters ⇒ Hash<String,Object>

Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: ` "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true ` Corresponds to the JSON property parameters

Returns:

• (Hash<String,Object>)

# File 'lib/google/apis/orgpolicy_v2/classes.rb', line 636

def parameters
  @parameters
end

#values ⇒ Google::Apis::OrgpolicyV2::GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues

A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - projects/ (for example, projects/tokyo-rain-123) - folders/ (for example, folders/1234)

• organizations/ (for example, organizations/1234) The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. Corresponds to the JSON property values

Returns:

• (Google::Apis::OrgpolicyV2::GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues)

# File 'lib/google/apis/orgpolicy_v2/classes.rb', line 652

def values
  @values
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/orgpolicy_v2/classes.rb', line 659

def update!(**args)
  @allow_all = args[:allow_all] if args.key?(:allow_all)
  @condition = args[:condition] if args.key?(:condition)
  @deny_all = args[:deny_all] if args.key?(:deny_all)
  @enforce = args[:enforce] if args.key?(:enforce)
  @parameters = args[:parameters] if args.key?(:parameters)
  @values = args[:values] if args.key?(:values)
end