- 2.56.0 (latest)
- 2.55.0
- 2.54.0
- 2.53.0
- 2.52.0
- 2.51.0
- 2.49.0
- 2.48.0
- 2.47.0
- 2.46.0
- 2.45.0
- 2.44.0
- 2.43.0
- 2.42.0
- 2.41.0
- 2.40.0
- 2.39.0
- 2.37.0
- 2.36.0
- 2.35.0
- 2.34.0
- 2.33.0
- 2.32.0
- 2.31.0
- 2.30.0
- 2.29.0
- 2.28.0
- 2.27.0
- 2.24.0
- 2.23.0
- 2.22.0
- 2.21.0
- 2.20.0
- 2.19.0
- 2.18.0
- 2.17.0
- 2.16.0
- 2.15.0
- 2.14.0
- 2.13.0
- 2.12.0
- 2.11.0
- 2.9.0
- 2.8.0
- 2.7.0
- 2.6.0
- 2.5.0
- 2.4.0
- 2.3.7-SNAPSHOT
- 2.2.1
- 2.1.2
- 2.0.10
public static final class Policy.ListPolicy.Builder extends GeneratedMessageV3.Builder<Policy.ListPolicy.Builder> implements Policy.ListPolicyOrBuilder
Used in policy_type
to specify how list_policy
behaves at this
resource.
ListPolicy
can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (Organizations
, Folders
, Projects
) that
are allowed or denied by setting the allowed_values
and denied_values
fields. This is achieved by using the under:
and optional is:
prefixes.
The under:
prefix is used to denote resource subtree values.
The is:
prefix is used to denote specific values, and is required only
if the value contains a ":". Values prefixed with "is:" are treated the
same as values with no prefix.
Ancestry subtrees must be in one of the following formats:
- "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- "folders/<folder-id>", e.g. "folders/1234"
- "organizations/<organization-id>", e.g. "organizations/1234"
The
supports_under
field of the associatedConstraint
defines whether ancestry prefixes can be used. You can setallowed_values
anddenied_values
in the samePolicy
ifall_values
isALL_VALUES_UNSPECIFIED
.ALLOW
orDENY
are used to allow or deny all values. Ifall_values
is set to eitherALLOW
orDENY
,allowed_values
anddenied_values
must be unset.
Protobuf type google.cloud.orgpolicy.v1.Policy.ListPolicy
Inheritance
Object > AbstractMessageLite.Builder<MessageType,BuilderType> > AbstractMessage.Builder<BuilderType> > GeneratedMessageV3.Builder > Policy.ListPolicy.BuilderImplements
Policy.ListPolicyOrBuilderStatic Methods
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
Returns | |
---|---|
Type | Description |
Descriptor |
Methods
addAllAllowedValues(Iterable<String> values)
public Policy.ListPolicy.Builder addAllAllowedValues(Iterable<String> values)
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Parameter | |
---|---|
Name | Description |
values | Iterable<String> The allowedValues to add. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
addAllDeniedValues(Iterable<String> values)
public Policy.ListPolicy.Builder addAllDeniedValues(Iterable<String> values)
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Parameter | |
---|---|
Name | Description |
values | Iterable<String> The deniedValues to add. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
addAllowedValues(String value)
public Policy.ListPolicy.Builder addAllowedValues(String value)
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Parameter | |
---|---|
Name | Description |
value | String The allowedValues to add. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
addAllowedValuesBytes(ByteString value)
public Policy.ListPolicy.Builder addAllowedValuesBytes(ByteString value)
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Parameter | |
---|---|
Name | Description |
value | ByteString The bytes of the allowedValues to add. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
addDeniedValues(String value)
public Policy.ListPolicy.Builder addDeniedValues(String value)
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Parameter | |
---|---|
Name | Description |
value | String The deniedValues to add. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
addDeniedValuesBytes(ByteString value)
public Policy.ListPolicy.Builder addDeniedValuesBytes(ByteString value)
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Parameter | |
---|---|
Name | Description |
value | ByteString The bytes of the deniedValues to add. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
addRepeatedField(Descriptors.FieldDescriptor field, Object value)
public Policy.ListPolicy.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters | |
---|---|
Name | Description |
field | FieldDescriptor |
value | Object |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
build()
public Policy.ListPolicy build()
Returns | |
---|---|
Type | Description |
Policy.ListPolicy |
buildPartial()
public Policy.ListPolicy buildPartial()
Returns | |
---|---|
Type | Description |
Policy.ListPolicy |
clear()
public Policy.ListPolicy.Builder clear()
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
clearAllValues()
public Policy.ListPolicy.Builder clearAllValues()
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
clearAllowedValues()
public Policy.ListPolicy.Builder clearAllowedValues()
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
clearDeniedValues()
public Policy.ListPolicy.Builder clearDeniedValues()
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
clearField(Descriptors.FieldDescriptor field)
public Policy.ListPolicy.Builder clearField(Descriptors.FieldDescriptor field)
Parameter | |
---|---|
Name | Description |
field | FieldDescriptor |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
clearInheritFromParent()
public Policy.ListPolicy.Builder clearInheritFromParent()
Determines the inheritance behavior for this Policy
.
By default, a ListPolicy
set at a resource supercedes any Policy
set
anywhere up the resource hierarchy. However, if inherit_from_parent
is
set to true
, then the values from the effective Policy
of the parent
resource are inherited, meaning the values set in this Policy
are
added to the values inherited up the hierarchy.
Setting Policy
hierarchies that inherit both allowed values and denied
values isn't recommended in most circumstances to keep the configuration
simple and understandable. However, it is possible to set a Policy
with
allowed_values
set that inherits a Policy
with denied_values
set.
In this case, the values that are allowed must be in allowed_values
and
not present in denied_values
.
For example, suppose you have a Constraint
constraints/serviceuser.services
, which has a constraint_type
of
list_constraint
, and with constraint_default
set to ALLOW
.
Suppose that at the Organization level, a Policy
is applied that
restricts the allowed API activations to {E1
, E2
}. Then, if a
Policy
is applied to a project below the Organization that has
inherit_from_parent
set to false
and field all_values set to DENY,
then an attempt to activate any API will be denied.
The following examples demonstrate different possible layerings for
projects/bar
parented by organizations/foo
:
Example 1 (no inherited values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has inherit_from_parent
false
and values:
{allowed_values: "E3" allowed_values: "E4"}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are E3
, and E4
.
Example 2 (inherited values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has a Policy
with values:
{value: "E3" value: "E4" inherit_from_parent: true}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are E1
, E2
, E3
, and E4
.
Example 3 (inheriting both allowed and denied values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar
has a Policy
with:
{denied_values: "E1"}
The accepted values at organizations/foo
are E1
, E2
.
The value accepted at projects/bar
is E2
.
Example 4 (RestoreDefault):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has a Policy
with values:
{RestoreDefault: {}}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are either all or none depending on
the value of constraint_default
(if ALLOW
, all; if
DENY
, none).
Example 5 (no policy inherits parent policy):
organizations/foo
has no Policy
set.
projects/bar
has no Policy
set.
The accepted values at both levels are either all or none depending on
the value of constraint_default
(if ALLOW
, all; if
DENY
, none).
Example 6 (ListConstraint allowing all):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar
has a Policy
with:
{all: ALLOW}
The accepted values at organizations/foo
are E1
, E2.
Any value is accepted at
projects/bar.
Example 7 (ListConstraint allowing none):
organizations/foo has a
Policy with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar has a
Policy with:
{all: DENY}
The accepted values at
organizations/foo are
E1, E2
.
No value is accepted at projects/bar
.
Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
Given the following resource hierarchy
O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
organizations/foo
has a Policy
with values:
{allowed_values: "under:organizations/O1"}
projects/bar
has a Policy
with:
{allowed_values: "under:projects/P3"}
{denied_values: "under:folders/F2"}
The accepted values at organizations/foo
are organizations/O1
,
folders/F1
, folders/F2
, projects/P1
, projects/P2
,
projects/P3
.
The accepted values at projects/bar
are organizations/O1
,
folders/F1
, projects/P1
.
bool inherit_from_parent = 5;
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
clearOneof(Descriptors.OneofDescriptor oneof)
public Policy.ListPolicy.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter | |
---|---|
Name | Description |
oneof | OneofDescriptor |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
clearSuggestedValue()
public Policy.ListPolicy.Builder clearSuggestedValue()
Optional. The Google Cloud Console will try to default to a configuration
that matches the value specified in this Policy
. If suggested_value
is not set, it will inherit the value specified higher in the hierarchy,
unless inherit_from_parent
is false
.
string suggested_value = 4;
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
clone()
public Policy.ListPolicy.Builder clone()
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
getAllValues()
public Policy.ListPolicy.AllValues getAllValues()
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.AllValues | The allValues. |
getAllValuesValue()
public int getAllValuesValue()
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
Returns | |
---|---|
Type | Description |
int | The enum numeric value on the wire for allValues. |
getAllowedValues(int index)
public String getAllowedValues(int index)
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Parameter | |
---|---|
Name | Description |
index | int The index of the element to return. |
Returns | |
---|---|
Type | Description |
String | The allowedValues at the given index. |
getAllowedValuesBytes(int index)
public ByteString getAllowedValuesBytes(int index)
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Parameter | |
---|---|
Name | Description |
index | int The index of the value to return. |
Returns | |
---|---|
Type | Description |
ByteString | The bytes of the allowedValues at the given index. |
getAllowedValuesCount()
public int getAllowedValuesCount()
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Returns | |
---|---|
Type | Description |
int | The count of allowedValues. |
getAllowedValuesList()
public ProtocolStringList getAllowedValuesList()
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Returns | |
---|---|
Type | Description |
ProtocolStringList | A list containing the allowedValues. |
getDefaultInstanceForType()
public Policy.ListPolicy getDefaultInstanceForType()
Returns | |
---|---|
Type | Description |
Policy.ListPolicy |
getDeniedValues(int index)
public String getDeniedValues(int index)
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Parameter | |
---|---|
Name | Description |
index | int The index of the element to return. |
Returns | |
---|---|
Type | Description |
String | The deniedValues at the given index. |
getDeniedValuesBytes(int index)
public ByteString getDeniedValuesBytes(int index)
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Parameter | |
---|---|
Name | Description |
index | int The index of the value to return. |
Returns | |
---|---|
Type | Description |
ByteString | The bytes of the deniedValues at the given index. |
getDeniedValuesCount()
public int getDeniedValuesCount()
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Returns | |
---|---|
Type | Description |
int | The count of deniedValues. |
getDeniedValuesList()
public ProtocolStringList getDeniedValuesList()
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Returns | |
---|---|
Type | Description |
ProtocolStringList | A list containing the deniedValues. |
getDescriptorForType()
public Descriptors.Descriptor getDescriptorForType()
Returns | |
---|---|
Type | Description |
Descriptor |
getInheritFromParent()
public boolean getInheritFromParent()
Determines the inheritance behavior for this Policy
.
By default, a ListPolicy
set at a resource supercedes any Policy
set
anywhere up the resource hierarchy. However, if inherit_from_parent
is
set to true
, then the values from the effective Policy
of the parent
resource are inherited, meaning the values set in this Policy
are
added to the values inherited up the hierarchy.
Setting Policy
hierarchies that inherit both allowed values and denied
values isn't recommended in most circumstances to keep the configuration
simple and understandable. However, it is possible to set a Policy
with
allowed_values
set that inherits a Policy
with denied_values
set.
In this case, the values that are allowed must be in allowed_values
and
not present in denied_values
.
For example, suppose you have a Constraint
constraints/serviceuser.services
, which has a constraint_type
of
list_constraint
, and with constraint_default
set to ALLOW
.
Suppose that at the Organization level, a Policy
is applied that
restricts the allowed API activations to {E1
, E2
}. Then, if a
Policy
is applied to a project below the Organization that has
inherit_from_parent
set to false
and field all_values set to DENY,
then an attempt to activate any API will be denied.
The following examples demonstrate different possible layerings for
projects/bar
parented by organizations/foo
:
Example 1 (no inherited values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has inherit_from_parent
false
and values:
{allowed_values: "E3" allowed_values: "E4"}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are E3
, and E4
.
Example 2 (inherited values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has a Policy
with values:
{value: "E3" value: "E4" inherit_from_parent: true}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are E1
, E2
, E3
, and E4
.
Example 3 (inheriting both allowed and denied values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar
has a Policy
with:
{denied_values: "E1"}
The accepted values at organizations/foo
are E1
, E2
.
The value accepted at projects/bar
is E2
.
Example 4 (RestoreDefault):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has a Policy
with values:
{RestoreDefault: {}}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are either all or none depending on
the value of constraint_default
(if ALLOW
, all; if
DENY
, none).
Example 5 (no policy inherits parent policy):
organizations/foo
has no Policy
set.
projects/bar
has no Policy
set.
The accepted values at both levels are either all or none depending on
the value of constraint_default
(if ALLOW
, all; if
DENY
, none).
Example 6 (ListConstraint allowing all):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar
has a Policy
with:
{all: ALLOW}
The accepted values at organizations/foo
are E1
, E2.
Any value is accepted at
projects/bar.
Example 7 (ListConstraint allowing none):
organizations/foo has a
Policy with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar has a
Policy with:
{all: DENY}
The accepted values at
organizations/foo are
E1, E2
.
No value is accepted at projects/bar
.
Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
Given the following resource hierarchy
O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
organizations/foo
has a Policy
with values:
{allowed_values: "under:organizations/O1"}
projects/bar
has a Policy
with:
{allowed_values: "under:projects/P3"}
{denied_values: "under:folders/F2"}
The accepted values at organizations/foo
are organizations/O1
,
folders/F1
, folders/F2
, projects/P1
, projects/P2
,
projects/P3
.
The accepted values at projects/bar
are organizations/O1
,
folders/F1
, projects/P1
.
bool inherit_from_parent = 5;
Returns | |
---|---|
Type | Description |
boolean | The inheritFromParent. |
getSuggestedValue()
public String getSuggestedValue()
Optional. The Google Cloud Console will try to default to a configuration
that matches the value specified in this Policy
. If suggested_value
is not set, it will inherit the value specified higher in the hierarchy,
unless inherit_from_parent
is false
.
string suggested_value = 4;
Returns | |
---|---|
Type | Description |
String | The suggestedValue. |
getSuggestedValueBytes()
public ByteString getSuggestedValueBytes()
Optional. The Google Cloud Console will try to default to a configuration
that matches the value specified in this Policy
. If suggested_value
is not set, it will inherit the value specified higher in the hierarchy,
unless inherit_from_parent
is false
.
string suggested_value = 4;
Returns | |
---|---|
Type | Description |
ByteString | The bytes for suggestedValue. |
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns | |
---|---|
Type | Description |
FieldAccessorTable |
isInitialized()
public final boolean isInitialized()
Returns | |
---|---|
Type | Description |
boolean |
mergeFrom(Policy.ListPolicy other)
public Policy.ListPolicy.Builder mergeFrom(Policy.ListPolicy other)
Parameter | |
---|---|
Name | Description |
other | Policy.ListPolicy |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public Policy.ListPolicy.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters | |
---|---|
Name | Description |
input | CodedInputStream |
extensionRegistry | ExtensionRegistryLite |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
Exceptions | |
---|---|
Type | Description |
IOException |
mergeFrom(Message other)
public Policy.ListPolicy.Builder mergeFrom(Message other)
Parameter | |
---|---|
Name | Description |
other | Message |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
mergeUnknownFields(UnknownFieldSet unknownFields)
public final Policy.ListPolicy.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Parameter | |
---|---|
Name | Description |
unknownFields | UnknownFieldSet |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
setAllValues(Policy.ListPolicy.AllValues value)
public Policy.ListPolicy.Builder setAllValues(Policy.ListPolicy.AllValues value)
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
Parameter | |
---|---|
Name | Description |
value | Policy.ListPolicy.AllValues The allValues to set. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
setAllValuesValue(int value)
public Policy.ListPolicy.Builder setAllValuesValue(int value)
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
Parameter | |
---|---|
Name | Description |
value | int The enum numeric value on the wire for allValues to set. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
setAllowedValues(int index, String value)
public Policy.ListPolicy.Builder setAllowedValues(int index, String value)
List of values allowed at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string allowed_values = 1;
Parameters | |
---|---|
Name | Description |
index | int The index to set the value at. |
value | String The allowedValues to set. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
setDeniedValues(int index, String value)
public Policy.ListPolicy.Builder setDeniedValues(int index, String value)
List of values denied at this resource. Can only be set if all_values
is set to ALL_VALUES_UNSPECIFIED
.
repeated string denied_values = 2;
Parameters | |
---|---|
Name | Description |
index | int The index to set the value at. |
value | String The deniedValues to set. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
setField(Descriptors.FieldDescriptor field, Object value)
public Policy.ListPolicy.Builder setField(Descriptors.FieldDescriptor field, Object value)
Parameters | |
---|---|
Name | Description |
field | FieldDescriptor |
value | Object |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
setInheritFromParent(boolean value)
public Policy.ListPolicy.Builder setInheritFromParent(boolean value)
Determines the inheritance behavior for this Policy
.
By default, a ListPolicy
set at a resource supercedes any Policy
set
anywhere up the resource hierarchy. However, if inherit_from_parent
is
set to true
, then the values from the effective Policy
of the parent
resource are inherited, meaning the values set in this Policy
are
added to the values inherited up the hierarchy.
Setting Policy
hierarchies that inherit both allowed values and denied
values isn't recommended in most circumstances to keep the configuration
simple and understandable. However, it is possible to set a Policy
with
allowed_values
set that inherits a Policy
with denied_values
set.
In this case, the values that are allowed must be in allowed_values
and
not present in denied_values
.
For example, suppose you have a Constraint
constraints/serviceuser.services
, which has a constraint_type
of
list_constraint
, and with constraint_default
set to ALLOW
.
Suppose that at the Organization level, a Policy
is applied that
restricts the allowed API activations to {E1
, E2
}. Then, if a
Policy
is applied to a project below the Organization that has
inherit_from_parent
set to false
and field all_values set to DENY,
then an attempt to activate any API will be denied.
The following examples demonstrate different possible layerings for
projects/bar
parented by organizations/foo
:
Example 1 (no inherited values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has inherit_from_parent
false
and values:
{allowed_values: "E3" allowed_values: "E4"}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are E3
, and E4
.
Example 2 (inherited values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has a Policy
with values:
{value: "E3" value: "E4" inherit_from_parent: true}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are E1
, E2
, E3
, and E4
.
Example 3 (inheriting both allowed and denied values):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar
has a Policy
with:
{denied_values: "E1"}
The accepted values at organizations/foo
are E1
, E2
.
The value accepted at projects/bar
is E2
.
Example 4 (RestoreDefault):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values:"E2"}
projects/bar
has a Policy
with values:
{RestoreDefault: {}}
The accepted values at organizations/foo
are E1
, E2
.
The accepted values at projects/bar
are either all or none depending on
the value of constraint_default
(if ALLOW
, all; if
DENY
, none).
Example 5 (no policy inherits parent policy):
organizations/foo
has no Policy
set.
projects/bar
has no Policy
set.
The accepted values at both levels are either all or none depending on
the value of constraint_default
(if ALLOW
, all; if
DENY
, none).
Example 6 (ListConstraint allowing all):
organizations/foo
has a Policy
with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar
has a Policy
with:
{all: ALLOW}
The accepted values at organizations/foo
are E1
, E2.
Any value is accepted at
projects/bar.
Example 7 (ListConstraint allowing none):
organizations/foo has a
Policy with values:
{allowed_values: "E1" allowed_values: "E2"}
projects/bar has a
Policy with:
{all: DENY}
The accepted values at
organizations/foo are
E1, E2
.
No value is accepted at projects/bar
.
Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
Given the following resource hierarchy
O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
organizations/foo
has a Policy
with values:
{allowed_values: "under:organizations/O1"}
projects/bar
has a Policy
with:
{allowed_values: "under:projects/P3"}
{denied_values: "under:folders/F2"}
The accepted values at organizations/foo
are organizations/O1
,
folders/F1
, folders/F2
, projects/P1
, projects/P2
,
projects/P3
.
The accepted values at projects/bar
are organizations/O1
,
folders/F1
, projects/P1
.
bool inherit_from_parent = 5;
Parameter | |
---|---|
Name | Description |
value | boolean The inheritFromParent to set. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
public Policy.ListPolicy.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Parameters | |
---|---|
Name | Description |
field | FieldDescriptor |
index | int |
value | Object |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |
setSuggestedValue(String value)
public Policy.ListPolicy.Builder setSuggestedValue(String value)
Optional. The Google Cloud Console will try to default to a configuration
that matches the value specified in this Policy
. If suggested_value
is not set, it will inherit the value specified higher in the hierarchy,
unless inherit_from_parent
is false
.
string suggested_value = 4;
Parameter | |
---|---|
Name | Description |
value | String The suggestedValue to set. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
setSuggestedValueBytes(ByteString value)
public Policy.ListPolicy.Builder setSuggestedValueBytes(ByteString value)
Optional. The Google Cloud Console will try to default to a configuration
that matches the value specified in this Policy
. If suggested_value
is not set, it will inherit the value specified higher in the hierarchy,
unless inherit_from_parent
is false
.
string suggested_value = 4;
Parameter | |
---|---|
Name | Description |
value | ByteString The bytes for suggestedValue to set. |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder | This builder for chaining. |
setUnknownFields(UnknownFieldSet unknownFields)
public final Policy.ListPolicy.Builder setUnknownFields(UnknownFieldSet unknownFields)
Parameter | |
---|---|
Name | Description |
unknownFields | UnknownFieldSet |
Returns | |
---|---|
Type | Description |
Policy.ListPolicy.Builder |