Constraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A constraint
describes a way to restrict resource's
configuration. For example, you could enforce a constraint that
controls which cloud services can be activated across an
organization, or whether a Compute Engine instance can have serial
port connections established. Constraints
can be configured by
the organization's policy administrator to fit the needs of the
organization by setting a policy
that includes constraints
at different locations in the organization's resource hierarchy.
Policies are inherited down the resource hierarchy from higher
levels, but can also be overridden. For details about the
inheritance rules please read about
[policies
][google.cloud.OrgPolicy.v2.Policy].
Constraints
have a default behavior determined by the
constraint_default
field, which is the enforcement behavior that
is used in the absence of a policy
being defined or inherited
for the resource in question.
This message has oneof
_ fields (mutually exclusive fields).
For each oneof, at most one member field can be set at the same time.
Setting any member of the oneof automatically clears all other
members.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
Attributes | |
---|---|
Name | Description |
name |
str
Immutable. The resource name of the Constraint. Must be in one of the following forms: - projects/{project_number}/constraints/{constraint_name}
- folders/{folder_id}/constraints/{constraint_name}
- organizations/{organization_id}/constraints/{constraint_name}
For example,
"/projects/123/constraints/compute.disableSerialPortAccess".
|
display_name |
str
The human readable name. Mutable. |
description |
str
Detailed description of what this Constraint controls as
well as how and where it is enforced.
Mutable.
|
constraint_default |
google.cloud.orgpolicy_v2.types.Constraint.ConstraintDefault
The evaluation behavior of this constraint in the absence of 'Policy'. |
list_constraint |
google.cloud.orgpolicy_v2.types.Constraint.ListConstraint
Defines this constraint as being a ListConstraint. This field is a member of oneof _ constraint_type .
|
boolean_constraint |
google.cloud.orgpolicy_v2.types.Constraint.BooleanConstraint
Defines this constraint as being a BooleanConstraint. This field is a member of oneof _ constraint_type .
|
Classes
BooleanConstraint
BooleanConstraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A Constraint
that is either enforced or not.
For example a constraint
constraints/compute.disableSerialPortAccess
. If it is enforced
on a VM instance, serial port connections will not be opened to that
instance.
ConstraintDefault
ConstraintDefault(value)
Specifies the default behavior in the absence of any Policy
for
the Constraint
. This must not be
CONSTRAINT_DEFAULT_UNSPECIFIED
.
Immutable after creation.
Values: CONSTRAINT_DEFAULT_UNSPECIFIED (0): This is only used for distinguishing unset values and should never be used. ALLOW (1): Indicate that all values are allowed for list constraints. Indicate that enforcement is off for boolean constraints. DENY (2): Indicate that all values are denied for list constraints. Indicate that enforcement is on for boolean constraints.
ListConstraint
ListConstraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A Constraint
that allows or disallows a list of string values,
which are configured by an Organization's policy administrator with
a Policy
.