Class: Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule
- Inherits:
-
Object
- Object
- Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule
- Extended by:
- Protobuf::MessageExts::ClassMethods
- Includes:
- Protobuf::MessageExts
- Defined in:
- proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb
Overview
A rule used to express this policy.
Defined Under Namespace
Classes: StringValues
Instance Attribute Summary collapse
-
#allow_all ⇒ ::Boolean
Setting this to true means that all values are allowed.
-
#condition ⇒ ::Google::Type::Expr
A condition which determines whether this rule is used in the evaluation of the policy.
-
#deny_all ⇒ ::Boolean
Setting this to true means that all values are denied.
-
#enforce ⇒ ::Boolean
If
true
, then the policy is enforced. -
#values ⇒ ::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues
List of values to be used for this policy rule.
Instance Attribute Details
#allow_all ⇒ ::Boolean
Returns Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161 class PolicyRule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A message that holds specific allowed and denied values. # This message can define specific values and subtrees of the Resource # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that # are allowed or denied. This is achieved by using the `under:` and # optional `is:` prefixes. # The `under:` prefix is used to denote resource subtree values. # The `is:` prefix is used to denote specific values, and is required only # if the value contains a ":". Values prefixed with "is:" are treated the # same as values with no prefix. # Ancestry subtrees must be in one of the following formats: # # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`) # - `folders/<folder-id>` (for example, `folders/1234`) # - `organizations/<organization-id>` (for example, `organizations/1234`) # # The `supports_under` field of the associated `Constraint` defines # whether ancestry prefixes can be used. # @!attribute [rw] allowed_values # @return [::Array<::String>] # List of values allowed at this resource. # @!attribute [rw] denied_values # @return [::Array<::String>] # List of values denied at this resource. class StringValues include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |
#condition ⇒ ::Google::Type::Expr
Returns A condition which determines whether this rule is used
in the evaluation of the policy. When set, the expression
field in
the `Expr' must include from 1 to 10 subexpressions, joined by the "||"
or "&&" operators. Each subexpression must be of the form
"resource.matchTag('
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161 class PolicyRule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A message that holds specific allowed and denied values. # This message can define specific values and subtrees of the Resource # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that # are allowed or denied. This is achieved by using the `under:` and # optional `is:` prefixes. # The `under:` prefix is used to denote resource subtree values. # The `is:` prefix is used to denote specific values, and is required only # if the value contains a ":". Values prefixed with "is:" are treated the # same as values with no prefix. # Ancestry subtrees must be in one of the following formats: # # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`) # - `folders/<folder-id>` (for example, `folders/1234`) # - `organizations/<organization-id>` (for example, `organizations/1234`) # # The `supports_under` field of the associated `Constraint` defines # whether ancestry prefixes can be used. # @!attribute [rw] allowed_values # @return [::Array<::String>] # List of values allowed at this resource. # @!attribute [rw] denied_values # @return [::Array<::String>] # List of values denied at this resource. class StringValues include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |
#deny_all ⇒ ::Boolean
Returns Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161 class PolicyRule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A message that holds specific allowed and denied values. # This message can define specific values and subtrees of the Resource # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that # are allowed or denied. This is achieved by using the `under:` and # optional `is:` prefixes. # The `under:` prefix is used to denote resource subtree values. # The `is:` prefix is used to denote specific values, and is required only # if the value contains a ":". Values prefixed with "is:" are treated the # same as values with no prefix. # Ancestry subtrees must be in one of the following formats: # # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`) # - `folders/<folder-id>` (for example, `folders/1234`) # - `organizations/<organization-id>` (for example, `organizations/1234`) # # The `supports_under` field of the associated `Constraint` defines # whether ancestry prefixes can be used. # @!attribute [rw] allowed_values # @return [::Array<::String>] # List of values allowed at this resource. # @!attribute [rw] denied_values # @return [::Array<::String>] # List of values denied at this resource. class StringValues include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |
#enforce ⇒ ::Boolean
Returns If true
, then the policy is enforced. If false
, then any
configuration is acceptable.
This field can be set only in policies for boolean constraints.
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161 class PolicyRule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A message that holds specific allowed and denied values. # This message can define specific values and subtrees of the Resource # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that # are allowed or denied. This is achieved by using the `under:` and # optional `is:` prefixes. # The `under:` prefix is used to denote resource subtree values. # The `is:` prefix is used to denote specific values, and is required only # if the value contains a ":". Values prefixed with "is:" are treated the # same as values with no prefix. # Ancestry subtrees must be in one of the following formats: # # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`) # - `folders/<folder-id>` (for example, `folders/1234`) # - `organizations/<organization-id>` (for example, `organizations/1234`) # # The `supports_under` field of the associated `Constraint` defines # whether ancestry prefixes can be used. # @!attribute [rw] allowed_values # @return [::Array<::String>] # List of values allowed at this resource. # @!attribute [rw] denied_values # @return [::Array<::String>] # List of values denied at this resource. class StringValues include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |
#values ⇒ ::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues
Returns List of values to be used for this policy rule. This field can be set only in policies for list constraints.
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb', line 161 class PolicyRule include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A message that holds specific allowed and denied values. # This message can define specific values and subtrees of the Resource # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that # are allowed or denied. This is achieved by using the `under:` and # optional `is:` prefixes. # The `under:` prefix is used to denote resource subtree values. # The `is:` prefix is used to denote specific values, and is required only # if the value contains a ":". Values prefixed with "is:" are treated the # same as values with no prefix. # Ancestry subtrees must be in one of the following formats: # # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`) # - `folders/<folder-id>` (for example, `folders/1234`) # - `organizations/<organization-id>` (for example, `organizations/1234`) # # The `supports_under` field of the associated `Constraint` defines # whether ancestry prefixes can be used. # @!attribute [rw] allowed_values # @return [::Array<::String>] # List of values allowed at this resource. # @!attribute [rw] denied_values # @return [::Array<::String>] # List of values denied at this resource. class StringValues include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end |