CustomConstraint(mapping=None, *, ignore_unknown_fields=False, **kwargs)A custom constraint defined by customers which can only be applied to the given resource types and organization.
By creating a custom constraint, customers can apply policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement.
Attributes | |
|---|---|
| Name | Description |
name |
str
Immutable. Name of the constraint. This is unique within the organization. Format of the name should be - organizations/{organization_id}/customConstraints/{custom_constraint_id}
Example:
organizations/123/customConstraints/custom.createOnlyE2TypeVms
The max length is 70 characters and the minimum length is 1.
Note that the prefix
organizations/{organization_id}/customConstraints/ is
not counted.
|
resource_types |
MutableSequence[str]
Immutable. The resource instance type on which this policy applies. Format will be of the form : compute.googleapis.com/Instance.
|
method_types |
MutableSequence[google.cloud.orgpolicy_v2.types.CustomConstraint.MethodType]
All the operations being applied for this constraint. |
condition |
str
Org policy condition/expression. For example: resource.instanceName.matches("[production|test]_.*_(\d)+")
or, resource.management.auto_upgrade == true
The max length of the condition is 1000 characters.
|
action_type |
google.cloud.orgpolicy_v2.types.CustomConstraint.ActionType
Allow or deny type. |
display_name |
str
One line display name for the UI. The max length of the display_name is 200 characters. |
description |
str
Detailed information about this custom policy constraint. The max length of the description is 2000 characters. |
update_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The last time this custom constraint was updated. This represents the last time that the CreateCustomConstraint or UpdateCustomConstraint RPC
was called
|
Classes
ActionType
ActionType(value)Allow or deny type.
Values: ACTION_TYPE_UNSPECIFIED (0): Unspecified. Results in an error. ALLOW (1): Allowed action type. DENY (2): Deny action type.
MethodType
MethodType(value)The operation for which this constraint will be applied. To apply
this constraint only when creating new VMs, the method_types
should be CREATE only. To apply this constraint when creating or
deleting VMs, the method_types should be CREATE and
DELETE.
UPDATE only custom constraints are not supported. Use CREATE
or CREATE, UPDATE.
Values: METHOD_TYPE_UNSPECIFIED (0): Unspecified. Results in an error. CREATE (1): Constraint applied when creating the resource. UPDATE (2): Constraint applied when updating the resource. DELETE (3): Constraint applied when deleting the resource. Not supported yet.