Used in policy_type
to specify how boolean_policy
will behave at this
resource.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#enforced
def enforced() -> ::Boolean
-
(::Boolean) — If
true
, then thePolicy
is enforced. Iffalse
, then any configuration is acceptable.Suppose you have a
Constraint
constraints/compute.disableSerialPortAccess
withconstraint_default
set toALLOW
. APolicy
for thatConstraint
exhibits the following behavior:- If the
Policy
at this resource has enforced set tofalse
, serial port connection attempts will be allowed. - If the
Policy
at this resource has enforced set totrue
, serial port connection attempts will be refused. - If the
Policy
at this resource isRestoreDefault
, serial port connection attempts will be allowed. - If no
Policy
is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no
Policy
is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if thePolicy
were set at this resource.
The following examples demonstrate the different possible layerings:
Example 1 (nearest
Constraint
wins):organizations/foo
has aPolicy
with: {enforced: false}projects/bar
has noPolicy
set. The constraint atprojects/bar
andorganizations/foo
will not be enforced.Example 2 (enforcement gets replaced):
organizations/foo
has aPolicy
with: {enforced: false}projects/bar
has aPolicy
with: {enforced: true} The constraint atorganizations/foo
is not enforced. The constraint atprojects/bar
is enforced.Example 3 (RestoreDefault):
organizations/foo
has aPolicy
with: {enforced: true}projects/bar
has aPolicy
with: {RestoreDefault: \{}} The constraint atorganizations/foo
is enforced. The constraint atprojects/bar
is not enforced, becauseconstraint_default
for theConstraint
isALLOW
. - If the
#enforced=
def enforced=(value) -> ::Boolean
-
value (::Boolean) — If
true
, then thePolicy
is enforced. Iffalse
, then any configuration is acceptable.Suppose you have a
Constraint
constraints/compute.disableSerialPortAccess
withconstraint_default
set toALLOW
. APolicy
for thatConstraint
exhibits the following behavior:- If the
Policy
at this resource has enforced set tofalse
, serial port connection attempts will be allowed. - If the
Policy
at this resource has enforced set totrue
, serial port connection attempts will be refused. - If the
Policy
at this resource isRestoreDefault
, serial port connection attempts will be allowed. - If no
Policy
is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no
Policy
is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if thePolicy
were set at this resource.
The following examples demonstrate the different possible layerings:
Example 1 (nearest
Constraint
wins):organizations/foo
has aPolicy
with: {enforced: false}projects/bar
has noPolicy
set. The constraint atprojects/bar
andorganizations/foo
will not be enforced.Example 2 (enforcement gets replaced):
organizations/foo
has aPolicy
with: {enforced: false}projects/bar
has aPolicy
with: {enforced: true} The constraint atorganizations/foo
is not enforced. The constraint atprojects/bar
is enforced.Example 3 (RestoreDefault):
organizations/foo
has aPolicy
with: {enforced: true}projects/bar
has aPolicy
with: {RestoreDefault: \{}} The constraint atorganizations/foo
is enforced. The constraint atprojects/bar
is not enforced, becauseconstraint_default
for theConstraint
isALLOW
. - If the
-
(::Boolean) — If
true
, then thePolicy
is enforced. Iffalse
, then any configuration is acceptable.Suppose you have a
Constraint
constraints/compute.disableSerialPortAccess
withconstraint_default
set toALLOW
. APolicy
for thatConstraint
exhibits the following behavior:- If the
Policy
at this resource has enforced set tofalse
, serial port connection attempts will be allowed. - If the
Policy
at this resource has enforced set totrue
, serial port connection attempts will be refused. - If the
Policy
at this resource isRestoreDefault
, serial port connection attempts will be allowed. - If no
Policy
is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no
Policy
is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if thePolicy
were set at this resource.
The following examples demonstrate the different possible layerings:
Example 1 (nearest
Constraint
wins):organizations/foo
has aPolicy
with: {enforced: false}projects/bar
has noPolicy
set. The constraint atprojects/bar
andorganizations/foo
will not be enforced.Example 2 (enforcement gets replaced):
organizations/foo
has aPolicy
with: {enforced: false}projects/bar
has aPolicy
with: {enforced: true} The constraint atorganizations/foo
is not enforced. The constraint atprojects/bar
is enforced.Example 3 (RestoreDefault):
organizations/foo
has aPolicy
with: {enforced: true}projects/bar
has aPolicy
with: {RestoreDefault: \{}} The constraint atorganizations/foo
is enforced. The constraint atprojects/bar
is not enforced, becauseconstraint_default
for theConstraint
isALLOW
. - If the