PolicySpec(mapping=None, *, ignore_unknown_fields=False, **kwargs)
Defines a Cloud Organization PolicySpec
which is used to specify
Constraints
for configurations of Cloud Platform resources.
Attributes | |
---|---|
Name | Description |
etag |
str
An opaque tag indicating the current version of the Policy , used for concurrency control.
This field is ignored if used in a CreatePolicy request.
When the Policy is returned from either a GetPolicy
or a ListPolicies request, this etag indicates the
version of the current Policy to use when executing a
read-modify-write loop.
When the Policy is returned from a
GetEffectivePolicy request, the etag will be unset.
|
update_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The time stamp this was previously updated. This represents the last time a call to CreatePolicy or
UpdatePolicy was made for that Policy .
|
rules |
MutableSequence[google.cloud.orgpolicy_v2.types.PolicySpec.PolicyRule]
Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced
to the opposite of the PolicyRule without a condition.
- During policy evaluation, PolicyRules with conditions
that are true for a target resource take precedence.
|
inherit_from_parent |
bool
Determines the inheritance behavior for this Policy .
If inherit_from_parent is true, PolicyRules set higher
up in the hierarchy (up to the closest root) are inherited
and present in the effective policy. If it is false, then no
rules are inherited, and this Policy becomes the new root
for evaluation. This field can be set only for Policies
which configure list constraints.
|
reset |
bool
Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific
Constraint at this resource. This field can be set in
policies for either list or boolean constraints. If set,
rules must be empty and inherit_from_parent must be
set to false.
|
Classes
PolicyRule
PolicyRule(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A rule used to express this policy.
This message has oneof
_ fields (mutually exclusive fields).
For each oneof, at most one member field can be set at the same time.
Setting any member of the oneof automatically clears all other
members.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields