Package com.google.cloud.orgpolicy.v1 (2.21.0)

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

Protobuf type google.cloud.orgpolicy.v1.Policy

Used in policy_type to specify how boolean_policy will behave at this resource.

Protobuf type google.cloud.orgpolicy.v1.Policy.BooleanPolicy

Used in policy_type to specify how boolean_policy will behave at this resource.

Protobuf type google.cloud.orgpolicy.v1.Policy.BooleanPolicy

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

Protobuf type google.cloud.orgpolicy.v1.Policy

Used in policy_type to specify how list_policy behaves at this resource.

ListPolicy can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied by setting the allowed_values and denied_values fields. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

• "projects/<project-id>", e.g. "projects/tokyo-rain-123"
• "folders/<folder-id>", e.g. "folders/1234"
• "organizations/<organization-id>", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. You can set allowed_values and denied_values in the same Policy if all_values is ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all values. If all_values is set to either ALLOW or DENY, allowed_values and denied_values must be unset.

Protobuf type google.cloud.orgpolicy.v1.Policy.ListPolicy

Used in policy_type to specify how list_policy behaves at this resource.

ListPolicy can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied by setting the allowed_values and denied_values fields. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

• "projects/<project-id>", e.g. "projects/tokyo-rain-123"
• "folders/<folder-id>", e.g. "folders/1234"
• "organizations/<organization-id>", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. You can set allowed_values and denied_values in the same Policy if all_values is ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all values. If all_values is set to either ALLOW or DENY, allowed_values and denied_values must be unset.

Protobuf type google.cloud.orgpolicy.v1.Policy.ListPolicy

Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource.

Suppose that constraint_default is set to ALLOW for the Constraint constraints/serviceuser.services. Suppose that organization foo.com sets a Policy at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a Policy with the policy_type restore_default on several experimental projects, restoring the constraint_default enforcement of the Constraint for only those projects, allowing those projects to have all services activated.

Protobuf type google.cloud.orgpolicy.v1.Policy.RestoreDefault

Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource.

Suppose that constraint_default is set to ALLOW for the Constraint constraints/serviceuser.services. Suppose that organization foo.com sets a Policy at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a Policy with the policy_type restore_default on several experimental projects, restoring the constraint_default enforcement of the Constraint for only those projects, allowing those projects to have all services activated.

Protobuf type google.cloud.orgpolicy.v1.Policy.RestoreDefault

This enum can be used to set Policies that apply to all possible configuration values rather than specific values in allowed_values or denied_values.

Settting this to ALLOW will mean this Policy allows all values. Similarly, setting it to DENY will mean no values are allowed. If set to either ALLOW or DENY, allowed_values and denied_values must be unset. Setting this to ALL_VALUES_UNSPECIFIED allows for setting allowed_values and denied_values`.

Protobuf enum google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues