Cloud Functions v2 API를 사용할 때만 함수를 보호합니다. Cloud Run Functions는 Cloud Run API에서도 수정할 수 있습니다. 추가 보호를 위해 Cloud Run에 커스텀 제약조건을 적용해야 할 수도 있습니다.
일반적인 조직 정책 예시
다음 표에서는 유용한 몇 가지 커스텀 조직 정책 문법을 제공합니다.
설명
제약조건 구문
특정 언어로 함수가 생성되지 않도록 방지
name:organizations/ORGANIZATION_ID/customConstraints/custom.cloudFunctionRuntimeBlockresource_types:cloudfunctions.googleapis.com/Functionmethod_types:-CREATE-UPDATEcondition:resource.buildConfig.runtime == "python312"action_type:DENYdisplay_name:Deny functions using Python 3.12description:Functions cannot be created with Python 3.12 as the language runtime
함수가 특정 작업자 풀을 사용하도록 요구
name:organizations/ORGANIZATION_ID/customConstraints/custom.cloudFunctionsWorkerPoolresource_types:cloudfunctions.googleapis.com/Functionmethod_types:-CREATE-UPDATEcondition:resource.buildConfig.workerPool == "WORKER_POOL"action_type:DENYdisplay_name:Require worker pooldescription:Functions must use a worker pool
WORKER_POOL을 Cloud Build 작업자 풀의 이름으로 바꿉니다.
함수가 모든 컨테이너 이미지를 특정 이미지 저장소에 저장하도록 요구
name:organizations/ORGANIZATION_ID/customConstraints/custom.cloudFunctionsRepositoryresource_types:cloudfunctions.googleapis.com/Functionmethod_types:-CREATE-UPDATEcondition:resource.buildConfig.dockerRepository.startsWith("REPO_PATH")action_type:DENYdisplay_name:Image repository constraintdescription:Functions must push images to a central image repository under REPO_PATH
REPO_PATH를 모든 함수가 컨테이너 이미지를 저장할 이미지 저장소 URL의 URI로 바꿉니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-08-22(UTC)"],[[["\u003cp\u003eOrganization administrators can create custom constraints for Cloud Run functions using Organization Policy, allowing for granular control over specific fields at the project, folder, or organization level.\u003c/p\u003e\n"],["\u003cp\u003eCustom constraints offer benefits like cost management, enforcing security requirements, and governing automation scripts by restricting VM instance types, requiring specific firewall rules, or verifying label expressions.\u003c/p\u003e\n"],["\u003cp\u003eCustom constraints are defined in YAML files specifying resources, methods, conditions (using Common Expression Language), and actions, and they can be enforced at the project level using the \u003ccode\u003egcloud\u003c/code\u003e command-line tool or the Google Cloud console.\u003c/p\u003e\n"],["\u003cp\u003eCustom constraints are only enforced on Cloud Functions v2 APIs, not Cloud Run functions (1st gen), and are only applied to the \u003ccode\u003eCREATE\u003c/code\u003e method for Compute Engine resources.\u003c/p\u003e\n"],["\u003cp\u003eCustom organization policies can be set to deny the creation of functions with a specific language, require functions to use a specific worker pool, and require functions to store container images in a specific image repository.\u003c/p\u003e\n"]]],[],null,[]]
