Class: Google::Cloud::OrgPolicy::V2::CustomConstraint

Inherits:

Object

• Object
• Google::Cloud::OrgPolicy::V2::CustomConstraint

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/orgpolicy/v2/constraint.rb

Overview

A custom constraint defined by customers which can only be applied to the given resource types and organization.

By creating a custom constraint, customers can apply policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement.

Defined Under Namespace

Modules: ActionType, MethodType

Instance Attribute Summary

• #action_type ⇒ ::Google::Cloud::OrgPolicy::V2::CustomConstraint::ActionType

  Allow or deny type.

• #condition ⇒ ::String

  A Common Expression Language (CEL) condition which is used in the evaluation of the constraint.

• #description ⇒ ::String

  Detailed information about this custom policy constraint.

• #display_name ⇒ ::String

  One line display name for the UI.

• #method_types ⇒ ::Array<::Google::Cloud::OrgPolicy::V2::CustomConstraint::MethodType>

  All the operations being applied for this constraint.

• #name ⇒ ::String

  Immutable.

• #resource_types ⇒ ::Array<::String>

  Immutable.

• #update_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

Instance Attribute Details

#action_type ⇒ ::Google::Cloud::OrgPolicy::V2::CustomConstraint::ActionType

Returns Allow or deny type.

Returns:

• (::Google::Cloud::OrgPolicy::V2::CustomConstraint::ActionType) —

  Allow or deny type.

# File 'proto_docs/google/cloud/orgpolicy/v2/constraint.rb', line 321

class CustomConstraint
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The operation for which this constraint will be applied. To apply this
  # constraint only when creating new resources, the `method_types` should be
  # `CREATE` only. To apply this constraint when creating or deleting
  # resources, the `method_types` should be `CREATE` and `DELETE`.
  #
  # `UPDATE` only custom constraints are not supported. Use `CREATE` or
  # `CREATE, UPDATE`.
  module MethodType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    METHOD_TYPE_UNSPECIFIED = 0

    # Constraint applied when creating the resource.
    CREATE = 1

    # Constraint applied when updating the resource.
    UPDATE = 2

    # Constraint applied when deleting the resource.
    # Not currently supported.
    DELETE = 3

    # Constraint applied when removing an IAM grant.
    REMOVE_GRANT = 4

    # Constraint applied when enforcing forced tagging.
    GOVERN_TAGS = 5
  end

  # Allow or deny type.
  module ActionType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    ACTION_TYPE_UNSPECIFIED = 0

    # Allowed action type.
    ALLOW = 1

    # Deny action type.
    DENY = 2
  end
end

#condition ⇒ ::String

Returns A Common Expression Language (CEL) condition which is used in the evaluation of the constraint. For example: resource.instanceName.matches("[production|test]_.*_(\d)+") or, resource.management.auto_upgrade == true

The max length of the condition is 1000 characters.

Returns:

• (::String) —

  A Common Expression Language (CEL) condition which is used in the evaluation of the constraint. For example: resource.instanceName.matches("[production|test]_.*_(\d)+") or, resource.management.auto_upgrade == true

  The max length of the condition is 1000 characters.

# File 'proto_docs/google/cloud/orgpolicy/v2/constraint.rb', line 321

class CustomConstraint
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The operation for which this constraint will be applied. To apply this
  # constraint only when creating new resources, the `method_types` should be
  # `CREATE` only. To apply this constraint when creating or deleting
  # resources, the `method_types` should be `CREATE` and `DELETE`.
  #
  # `UPDATE` only custom constraints are not supported. Use `CREATE` or
  # `CREATE, UPDATE`.
  module MethodType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    METHOD_TYPE_UNSPECIFIED = 0

    # Constraint applied when creating the resource.
    CREATE = 1

    # Constraint applied when updating the resource.
    UPDATE = 2

    # Constraint applied when deleting the resource.
    # Not currently supported.
    DELETE = 3

    # Constraint applied when removing an IAM grant.
    REMOVE_GRANT = 4

    # Constraint applied when enforcing forced tagging.
    GOVERN_TAGS = 5
  end

  # Allow or deny type.
  module ActionType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    ACTION_TYPE_UNSPECIFIED = 0

    # Allowed action type.
    ALLOW = 1

    # Deny action type.
    DENY = 2
  end
end

#description ⇒ ::String

Returns Detailed information about this custom policy constraint. The max length of the description is 2000 characters.

Returns:

• (::String) —

  Detailed information about this custom policy constraint. The max length of the description is 2000 characters.

# File 'proto_docs/google/cloud/orgpolicy/v2/constraint.rb', line 321

class CustomConstraint
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The operation for which this constraint will be applied. To apply this
  # constraint only when creating new resources, the `method_types` should be
  # `CREATE` only. To apply this constraint when creating or deleting
  # resources, the `method_types` should be `CREATE` and `DELETE`.
  #
  # `UPDATE` only custom constraints are not supported. Use `CREATE` or
  # `CREATE, UPDATE`.
  module MethodType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    METHOD_TYPE_UNSPECIFIED = 0

    # Constraint applied when creating the resource.
    CREATE = 1

    # Constraint applied when updating the resource.
    UPDATE = 2

    # Constraint applied when deleting the resource.
    # Not currently supported.
    DELETE = 3

    # Constraint applied when removing an IAM grant.
    REMOVE_GRANT = 4

    # Constraint applied when enforcing forced tagging.
    GOVERN_TAGS = 5
  end

  # Allow or deny type.
  module ActionType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    ACTION_TYPE_UNSPECIFIED = 0

    # Allowed action type.
    ALLOW = 1

    # Deny action type.
    DENY = 2
  end
end

#display_name ⇒ ::String

Returns One line display name for the UI. The max length of the display_name is 200 characters.

Returns:

• (::String) —

  One line display name for the UI. The max length of the display_name is 200 characters.

# File 'proto_docs/google/cloud/orgpolicy/v2/constraint.rb', line 321

class CustomConstraint
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The operation for which this constraint will be applied. To apply this
  # constraint only when creating new resources, the `method_types` should be
  # `CREATE` only. To apply this constraint when creating or deleting
  # resources, the `method_types` should be `CREATE` and `DELETE`.
  #
  # `UPDATE` only custom constraints are not supported. Use `CREATE` or
  # `CREATE, UPDATE`.
  module MethodType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    METHOD_TYPE_UNSPECIFIED = 0

    # Constraint applied when creating the resource.
    CREATE = 1

    # Constraint applied when updating the resource.
    UPDATE = 2

    # Constraint applied when deleting the resource.
    # Not currently supported.
    DELETE = 3

    # Constraint applied when removing an IAM grant.
    REMOVE_GRANT = 4

    # Constraint applied when enforcing forced tagging.
    GOVERN_TAGS = 5
  end

  # Allow or deny type.
  module ActionType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    ACTION_TYPE_UNSPECIFIED = 0

    # Allowed action type.
    ALLOW = 1

    # Deny action type.
    DENY = 2
  end
end

#method_types ⇒ ::Array<::Google::Cloud::OrgPolicy::V2::CustomConstraint::MethodType>

Returns All the operations being applied for this constraint.

Returns:

• (::Array<::Google::Cloud::OrgPolicy::V2::CustomConstraint::MethodType>) —

  All the operations being applied for this constraint.

# File 'proto_docs/google/cloud/orgpolicy/v2/constraint.rb', line 321

class CustomConstraint
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The operation for which this constraint will be applied. To apply this
  # constraint only when creating new resources, the `method_types` should be
  # `CREATE` only. To apply this constraint when creating or deleting
  # resources, the `method_types` should be `CREATE` and `DELETE`.
  #
  # `UPDATE` only custom constraints are not supported. Use `CREATE` or
  # `CREATE, UPDATE`.
  module MethodType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    METHOD_TYPE_UNSPECIFIED = 0

    # Constraint applied when creating the resource.
    CREATE = 1

    # Constraint applied when updating the resource.
    UPDATE = 2

    # Constraint applied when deleting the resource.
    # Not currently supported.
    DELETE = 3

    # Constraint applied when removing an IAM grant.
    REMOVE_GRANT = 4

    # Constraint applied when enforcing forced tagging.
    GOVERN_TAGS = 5
  end

  # Allow or deny type.
  module ActionType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    ACTION_TYPE_UNSPECIFIED = 0

    # Allowed action type.
    ALLOW = 1

    # Deny action type.
    DENY = 2
  end
end

#name ⇒ ::String

Returns Immutable. Name of the constraint. This is unique within the organization. Format of the name should be

• organizations/{organization_id}/customConstraints/{custom_constraint_id}

Example: organizations/123/customConstraints/custom.createOnlyE2TypeVms

The max length is 70 characters and the minimum length is 1. Note that the prefix organizations/{organization_id}/customConstraints/ is not counted.

Returns:

• (::String) —

  Immutable. Name of the constraint. This is unique within the organization. Format of the name should be

  • organizations/{organization_id}/customConstraints/{custom_constraint_id}

  Example: organizations/123/customConstraints/custom.createOnlyE2TypeVms

  The max length is 70 characters and the minimum length is 1. Note that the prefix organizations/{organization_id}/customConstraints/ is not counted.

# File 'proto_docs/google/cloud/orgpolicy/v2/constraint.rb', line 321

class CustomConstraint
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The operation for which this constraint will be applied. To apply this
  # constraint only when creating new resources, the `method_types` should be
  # `CREATE` only. To apply this constraint when creating or deleting
  # resources, the `method_types` should be `CREATE` and `DELETE`.
  #
  # `UPDATE` only custom constraints are not supported. Use `CREATE` or
  # `CREATE, UPDATE`.
  module MethodType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    METHOD_TYPE_UNSPECIFIED = 0

    # Constraint applied when creating the resource.
    CREATE = 1

    # Constraint applied when updating the resource.
    UPDATE = 2

    # Constraint applied when deleting the resource.
    # Not currently supported.
    DELETE = 3

    # Constraint applied when removing an IAM grant.
    REMOVE_GRANT = 4

    # Constraint applied when enforcing forced tagging.
    GOVERN_TAGS = 5
  end

  # Allow or deny type.
  module ActionType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    ACTION_TYPE_UNSPECIFIED = 0

    # Allowed action type.
    ALLOW = 1

    # Deny action type.
    DENY = 2
  end
end

#resource_types ⇒ ::Array<::String>

Returns Immutable. The resource instance type on which this policy applies. Format will be of the form : <service name>/<type> Example:

• compute.googleapis.com/Instance.

Returns:

• (::Array<::String>) —

  Immutable. The resource instance type on which this policy applies. Format will be of the form : <service name>/<type> Example:

  • compute.googleapis.com/Instance.

# File 'proto_docs/google/cloud/orgpolicy/v2/constraint.rb', line 321

class CustomConstraint
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The operation for which this constraint will be applied. To apply this
  # constraint only when creating new resources, the `method_types` should be
  # `CREATE` only. To apply this constraint when creating or deleting
  # resources, the `method_types` should be `CREATE` and `DELETE`.
  #
  # `UPDATE` only custom constraints are not supported. Use `CREATE` or
  # `CREATE, UPDATE`.
  module MethodType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    METHOD_TYPE_UNSPECIFIED = 0

    # Constraint applied when creating the resource.
    CREATE = 1

    # Constraint applied when updating the resource.
    UPDATE = 2

    # Constraint applied when deleting the resource.
    # Not currently supported.
    DELETE = 3

    # Constraint applied when removing an IAM grant.
    REMOVE_GRANT = 4

    # Constraint applied when enforcing forced tagging.
    GOVERN_TAGS = 5
  end

  # Allow or deny type.
  module ActionType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    ACTION_TYPE_UNSPECIFIED = 0

    # Allowed action type.
    ALLOW = 1

    # Deny action type.
    DENY = 2
  end
end

#update_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. The last time this custom constraint was updated. This represents the last time that the CreateCustomConstraint or UpdateCustomConstraint methods were called.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. The last time this custom constraint was updated. This represents the last time that the CreateCustomConstraint or UpdateCustomConstraint methods were called.

# File 'proto_docs/google/cloud/orgpolicy/v2/constraint.rb', line 321

class CustomConstraint
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The operation for which this constraint will be applied. To apply this
  # constraint only when creating new resources, the `method_types` should be
  # `CREATE` only. To apply this constraint when creating or deleting
  # resources, the `method_types` should be `CREATE` and `DELETE`.
  #
  # `UPDATE` only custom constraints are not supported. Use `CREATE` or
  # `CREATE, UPDATE`.
  module MethodType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    METHOD_TYPE_UNSPECIFIED = 0

    # Constraint applied when creating the resource.
    CREATE = 1

    # Constraint applied when updating the resource.
    UPDATE = 2

    # Constraint applied when deleting the resource.
    # Not currently supported.
    DELETE = 3

    # Constraint applied when removing an IAM grant.
    REMOVE_GRANT = 4

    # Constraint applied when enforcing forced tagging.
    GOVERN_TAGS = 5
  end

  # Allow or deny type.
  module ActionType
    # This is only used for distinguishing unset values and should never be
    # used. Results in an error.
    ACTION_TYPE_UNSPECIFIED = 0

    # Allowed action type.
    ALLOW = 1

    # Deny action type.
    DENY = 2
  end
end