Class: Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb

Overview

A rule used to express this policy.

Defined Under Namespace

Classes: StringValues

Instance Attribute Summary collapse

Instance Attribute Details

#allow_all::Boolean

Returns Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.

Returns:

  • (::Boolean)

    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.



161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#condition::Google::Type::Expr

Returns A condition which determines whether this rule is used in the evaluation of the policy. When set, the expression field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".

Returns:

  • (::Google::Type::Expr)

    A condition which determines whether this rule is used in the evaluation of the policy. When set, the expression field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".



161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#deny_all::Boolean

Returns Setting this to true means that all values are denied. This field can be set only in policies for list constraints.

Returns:

  • (::Boolean)

    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.



161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#enforce::Boolean

Returns If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.

Returns:

  • (::Boolean)

    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.



161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#values::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues

Returns List of values to be used for this policy rule. This field can be set only in policies for list constraints.

Returns:



161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161

class PolicyRule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A message that holds specific allowed and denied values.
  # This message can define specific values and subtrees of the Resource
  # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
  # are allowed or denied. This is achieved by using the `under:` and
  # optional `is:` prefixes.
  # The `under:` prefix is used to denote resource subtree values.
  # The `is:` prefix is used to denote specific values, and is required only
  # if the value contains a ":". Values prefixed with "is:" are treated the
  # same as values with no prefix.
  # Ancestry subtrees must be in one of the following formats:
  #
  # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
  # - `folders/<folder-id>` (for example, `folders/1234`)
  # - `organizations/<organization-id>` (for example, `organizations/1234`)
  #
  # The `supports_under` field of the associated `Constraint`  defines
  # whether ancestry prefixes can be used.
  # @!attribute [rw] allowed_values
  #   @return [::Array<::String>]
  #     List of values allowed at this resource.
  # @!attribute [rw] denied_values
  #   @return [::Array<::String>]
  #     List of values denied at this resource.
  class StringValues
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end