Constraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A constraint
describes a way to restrict resource's
configuration. For example, you could enforce a constraint that
controls which cloud services can be activated across an
organization, or whether a Compute Engine instance can have serial
port connections established. Constraints
can be configured by
the organization's policy adminstrator to fit the needs of the
organzation by setting a policy
that includes constraints
at
different locations in the organization's resource hierarchy.
Policies are inherited down the resource hierarchy from higher
levels, but can also be overridden. For details about the
inheritance rules please read about
[policies
][google.cloud.OrgPolicy.v2.Policy].
Constraints
have a default behavior determined by the
constraint_default
field, which is the enforcement behavior that
is used in the absence of a policy
being defined or inherited
for the resource in question.
Attributes | |
---|---|
Name | Description |
name |
str
Immutable. The resource name of the Constraint. Must be in one of the following forms: - projects/{project_number}/constraints/{constraint_name}
- folders/{folder_id}/constraints/{constraint_name}
- organizations/{organization_id}/constraints/{constraint_name}
For example,
"/projects/123/constraints/compute.disableSerialPortAccess".
|
display_name |
str
The human readable name. Mutable. |
description |
str
Detailed description of what this Constraint controls as
well as how and where it is enforced.
Mutable.
|
constraint_default |
google.cloud.orgpolicy_v2.types.Constraint.ConstraintDefault
The evaluation behavior of this constraint in the absence of 'Policy'. |
list_constraint |
google.cloud.orgpolicy_v2.types.Constraint.ListConstraint
Defines this constraint as being a ListConstraint. |
boolean_constraint |
google.cloud.orgpolicy_v2.types.Constraint.BooleanConstraint
Defines this constraint as being a BooleanConstraint. |
Classes
BooleanConstraint
BooleanConstraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A Constraint
that is either enforced or not.
For example a constraint
constraints/compute.disableSerialPortAccess
. If it is enforced
on a VM instance, serial port connections will not be opened to that
instance.
ConstraintDefault
ConstraintDefault(value)
Specifies the default behavior in the absence of any Policy
for
the Constraint
. This must not be
CONSTRAINT_DEFAULT_UNSPECIFIED
.
Immutable after creation.
ListConstraint
ListConstraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A Constraint
that allows or disallows a list of string values,
which are configured by an Organization's policy administrator with
a Policy
.