PolicyRule(mapping=None, *, ignore_unknown_fields=False, **kwargs)A rule used to express this policy.
This message has oneof_ fields (mutually exclusive fields).
For each oneof, at most one member field can be set at the same time.
Setting any member of the oneof automatically clears all other
members.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
Attributes | |
|---|---|
| Name | Description |
values |
google.cloud.orgpolicy_v2.types.PolicySpec.PolicyRule.StringValues
List of values to be used for this policy rule. This field can be set only in policies for list constraints. This field is a member of oneof_ kind.
|
allow_all |
bool
Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. This field is a member of oneof_ kind.
|
deny_all |
bool
Setting this to true means that all values are denied. This field can be set only in policies for list constraints. This field is a member of oneof_ kind.
|
enforce |
bool
If true, then the policy is enforced. If false, then
any configuration is acceptable. This field can be set only
in policies for boolean constraints.
This field is a member of oneof_ kind.
|
condition |
google.type.expr_pb2.Expr
A condition which determines whether this rule is used in the evaluation of the policy. When set, the expression
field in the \`Expr' must include from 1 to 10
subexpressions, joined by the "||" or "&&" operators. Each
subexpression must be of the form
"resource.matchTag(' |
Classes
StringValues
StringValues(mapping=None, *, ignore_unknown_fields=False, **kwargs)A message that holds specific allowed and denied values. This
message can define specific values and subtrees of the Resource
Manager resource hierarchy (Organizations, Folders,
Projects) that are allowed or denied. This is achieved by using
the under: and optional is: prefixes. The under: prefix
is used to denote resource subtree values. The is: prefix is
used to denote specific values, and is required only if the value
contains a ":". Values prefixed with "is:" are treated the same as
values with no prefix. Ancestry subtrees must be in one of the
following formats:
projects/<project-id>(for example,projects/tokyo-rain-123)folders/<folder-id>(for example,folders/1234)organizations/<organization-id>(for example,organizations/1234)
The supports_under field of the associated Constraint
defines whether ancestry prefixes can be used.