Class: Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule

Inherits:

Object

• Object
• Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb

Overview

A rule used to express this policy.

Defined Under Namespace

Classes: StringValues

Instance Attribute Summary

• #allow_all ⇒ ::Boolean

  Setting this to true means that all values are allowed.

• #condition ⇒ ::Google::Type::Expr

  A condition which determines whether this rule is used in the evaluation of the policy.

• #deny_all ⇒ ::Boolean

  Setting this to true means that all values are denied.

• #enforce ⇒ ::Boolean

  If true, then the policy is enforced.

• #parameters ⇒ ::Google::Protobuf::Struct

  Optional.

• #values ⇒ ::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues

  List of values to be used for this policy rule.

Instance Attribute Details

#allow_all ⇒ ::Boolean

Returns Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.

Note: The following fields are mutually exclusive: allow_all, values, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Boolean) —

  Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.

  Note: The following fields are mutually exclusive: allow_all, values, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 179

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#condition ⇒ ::Google::Type::Expr

Returns A condition which determines whether this rule is used in the evaluation of the policy. When set, the expression field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".

Returns:

• (::Google::Type::Expr) —

  A condition which determines whether this rule is used in the evaluation of the policy. When set, the expression field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".

# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 179

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#deny_all ⇒ ::Boolean

Returns Setting this to true means that all values are denied. This field can be set only in policies for list constraints.

Note: The following fields are mutually exclusive: deny_all, values, allow_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Boolean) —

  Setting this to true means that all values are denied. This field can be set only in policies for list constraints.

  Note: The following fields are mutually exclusive: deny_all, values, allow_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 179

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#enforce ⇒ ::Boolean

Returns If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.

Note: The following fields are mutually exclusive: enforce, values, allow_all, deny_all. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Boolean) —

  If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.

  Note: The following fields are mutually exclusive: enforce, values, allow_all, deny_all. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 179

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#parameters ⇒ ::Google::Protobuf::Struct

Returns Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true }.

Returns:

• (::Google::Protobuf::Struct) —

  Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true }

# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 179

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#values ⇒ ::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues

Returns List of values to be used for this policy rule. This field can be set only in policies for list constraints.

Note: The following fields are mutually exclusive: values, allow_all, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues) —

  List of values to be used for this policy rule. This field can be set only in policies for list constraints.

  Note: The following fields are mutually exclusive: values, allow_all, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 179

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end