PolicySpec(mapping=None, *, ignore_unknown_fields=False, **kwargs)
Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.
Attributes | |
---|---|
Name | Description |
etag |
str
An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a CreatePolicy request.
When the policy is returned from either a GetPolicy or a
ListPolicies request, this etag indicates the
version of the current policySpec to use when executing a
read-modify-write loop.
When the policy is returned from a GetEffectivePolicy
request, the etag will be unset.
|
update_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The time stamp this was previously updated. This represents the last time a call to CreatePolicy or
UpdatePolicy was made for that policy.
|
rules |
MutableSequence[google.cloud.orgpolicy_v2.types.PolicySpec.PolicyRule]
In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set enforced to the opposite of the policy rule without a
condition.
- During policy evaluation, policy rules with conditions
that are true for a target resource take precedence.
|
inherit_from_parent |
bool
Determines the inheritance behavior for this policy. If inherit_from_parent is true, policy rules set higher
up in the hierarchy (up to the closest root) are inherited
and present in the effective policy. If it is false, then no
rules are inherited, and this policy becomes the new root
for evaluation. This field can be set only for policies
which configure list constraints.
|
reset |
bool
Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific
constraint at this resource. This field can be set in
policies for either list or boolean constraints. If set,
rules must be empty and inherit_from_parent must be
set to false.
|
Classes
PolicyRule
PolicyRule(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A rule used to express this policy.
This message has oneof
_ fields (mutually exclusive fields).
For each oneof, at most one member field can be set at the same time.
Setting any member of the oneof automatically clears all other
members.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields