Class Constraint (1.7.1)

Constraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization's policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about [policies][google.cloud.OrgPolicy.v2.Policy].

Constraints have a default behavior determined by the constraint_default field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Attributes

NameDescription
name str
Immutable. The resource name of the Constraint. Must be in one of the following forms: - projects/{project_number}/constraints/{constraint_name} - folders/{folder_id}/constraints/{constraint_name} - organizations/{organization_id}/constraints/{constraint_name} For example, "/projects/123/constraints/compute.disableSerialPortAccess".
display_name str
The human readable name. Mutable.
description str
Detailed description of what this Constraint controls as well as how and where it is enforced. Mutable.
constraint_default google.cloud.orgpolicy_v2.types.Constraint.ConstraintDefault
The evaluation behavior of this constraint in the absence of 'Policy'.
list_constraint google.cloud.orgpolicy_v2.types.Constraint.ListConstraint
Defines this constraint as being a ListConstraint. This field is a member of oneof_ constraint_type.
boolean_constraint google.cloud.orgpolicy_v2.types.Constraint.BooleanConstraint
Defines this constraint as being a BooleanConstraint. This field is a member of oneof_ constraint_type.

Classes

BooleanConstraint

BooleanConstraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A Constraint that is either enforced or not.

For example a constraint constraints/compute.disableSerialPortAccess. If it is enforced on a VM instance, serial port connections will not be opened to that instance.

ConstraintDefault

ConstraintDefault(value)

Specifies the default behavior in the absence of any Policy for the Constraint. This must not be CONSTRAINT_DEFAULT_UNSPECIFIED.

Immutable after creation.

Values: CONSTRAINT_DEFAULT_UNSPECIFIED (0): This is only used for distinguishing unset values and should never be used. ALLOW (1): Indicate that all values are allowed for list constraints. Indicate that enforcement is off for boolean constraints. DENY (2): Indicate that all values are denied for list constraints. Indicate that enforcement is on for boolean constraints.

ListConstraint

ListConstraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A Constraint that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a Policy.