Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
constraint describes a way to restrict resource's configuration. For
example, you could enforce a constraint that controls which cloud services
can be activated across an organization, or whether a Compute Engine instance
can have serial port connections established.
Constraints can be configured
by the organization's policy administrator to fit the needs of the
organization by setting a
policy that includes
constraints at different
locations in the organization's resource hierarchy. Policies are inherited
down the resource hierarchy from higher levels, but can also be overridden.
For details about the inheritance rules please read about
Constraints have a default behavior determined by the
field, which is the enforcement behavior that is used in the absence of a
policy being defined or inherited for the resource in question.
Container for nested types declared in the Constraint message type.
Constraint that is either enforced or not.
For example a constraint
If it is enforced on a VM instance, serial port connections will not be
opened to that instance.
Constraint that allows or disallows a list of string values, which are
configured by an Organization's policy administrator with a
Resource name for the
The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.
The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.
The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.
The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.
The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.
The response returned from the [ListPolicies]
[google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty
Policies are set on the resource.
An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.
You can use a
policy to configure restrictions in Cloud resources. For
example, you can enforce a
policy that restricts which Google
Cloud Platform APIs can be activated in a certain part of your resource
hierarchy, or prevents serial port access to VM instances in a particular
Policies are inherited down through the resource hierarchy. A
applied to a parent resource automatically applies to all its child resources
unless overridden with a
policy lower in the hierarchy.
constraint defines an aspect of a resource's configuration that can be
controlled by an organization's policy administrator.
Policies are a
constraints that defines their allowable configuration on a
particular resource and its child resources.
Base class for server-side implementations of OrgPolicy
Client for OrgPolicy
OrgPolicy client wrapper, for convenient use.
Builder class for OrgPolicyClient to provide simple configuration of credentials, endpoint etc.
OrgPolicy client wrapper implementation, for convenient use.
Settings for OrgPolicyClient instances.
Defines a Cloud Organization
Policy which is used to specify
for configurations of Cloud Platform resources.
Resource name for the
Defines a Cloud Organization
PolicySpec which is used to specify
Constraints for configurations of Cloud Platform resources.
Container for nested types declared in the PolicySpec message type.
A rule used to express this policy.
Container for nested types declared in the PolicyRule message type.
A message that holds specific allowed and denied values.
This message can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (
are allowed or denied. This is achieved by using the
under: prefix is used to denote resource subtree values.
is: prefix is used to denote specific values, and is required only
if the value contains a ":". Values prefixed with "is:" are treated the
same as values with no prefix.
Ancestry subtrees must be in one of the following formats:
- "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- "folders/<folder-id>", e.g. "folders/1234"
- "organizations/<organization-id>", e.g. "organizations/1234"
supports_underfield of the associated
Constraintdefines whether ancestry prefixes can be used.
The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.
Enum of possible cases for the "constraint_type" oneof.
Specifies the default behavior in the absence of any
Policy for the
Constraint. This must not be
Immutable after creation.
The possible contents of ConstraintName.
The possible contents of PolicyName.
Enum of possible cases for the "kind" oneof.