Class CustomConstraint (1.10.0)

CustomConstraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A custom constraint defined by customers which can only be applied to the given resource types and organization.

By creating a custom constraint, customers can apply policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement.


name str
Immutable. Name of the constraint. This is unique within the organization. Format of the name should be - organizations/{organization_id}/customConstraints/{custom_constraint_id} Example: organizations/123/customConstraints/custom.createOnlyE2TypeVms The max length is 70 characters and the minimum length is 1. Note that the prefix organizations/{organization_id}/customConstraints/ is not counted.
resource_types MutableSequence[str]
Immutable. The resource instance type on which this policy applies. Format will be of the form : Example: -
method_types MutableSequence[]
All the operations being applied for this constraint.
condition str
Org policy condition/expression. For example: resource.instanceName.matches("[production|test]_.*_(\d)+") or, == true The max length of the condition is 1000 characters.
Allow or deny type.
display_name str
One line display name for the UI. The max length of the display_name is 200 characters.
description str
Detailed information about this custom policy constraint. The max length of the description is 2000 characters.
update_time google.protobuf.timestamp_pb2.Timestamp
Output only. The last time this custom constraint was updated. This represents the last time that the CreateCustomConstraint or UpdateCustomConstraint RPC was called




Allow or deny type.

Values: ACTION_TYPE_UNSPECIFIED (0): Unspecified. Results in an error. ALLOW (1): Allowed action type. DENY (2): Deny action type.



The operation for which this constraint will be applied. To apply this constraint only when creating new VMs, the method_types should be CREATE only. To apply this constraint when creating or deleting VMs, the method_types should be CREATE and DELETE.

UPDATE only custom constraints are not supported. Use CREATE or CREATE, UPDATE.

Values: METHOD_TYPE_UNSPECIFIED (0): Unspecified. Results in an error. CREATE (1): Constraint applied when creating the resource. UPDATE (2): Constraint applied when updating the resource. DELETE (3): Constraint applied when deleting the resource. Not supported yet.