Class GoogleCloudSecuritypostureV1PolicyRule
A rule that defines the allowed and denied values for an organization policy constraint.
Implements
Inherited Members
Namespace: Google.Apis.SecurityPosture.v1.Data
Assembly: Google.Apis.SecurityPosture.v1.dll
Syntax
public class GoogleCloudSecuritypostureV1PolicyRule : IDirectResponseSchemaProperties
AllowAll
Whether to allow any value for a list constraint. Valid only for list constraints.
Declaration
[JsonProperty("allowAll")]
public virtual bool? AllowAll { get; set; }Property Value
| Type | Description |
|---|---|
| bool? |
Condition
A condition that determines whether this rule is used to evaluate the policy. When set, the
google.type.Expr.expression field must contain 1 to 10 subexpressions, joined by the || or
&& operators. Each subexpression must use the resource.matchTag() or
resource.matchTagId() Common Expression Language (CEL) function. The resource.matchTag() function takes
the following arguments: * key_name: the namespaced name of the tag key, with the organization ID and a
slash (/) as a prefix; for example, 123456789012/environment * value_name: the short name of the tag
value For example: resource.matchTag('123456789012/environment, 'prod') The resource.matchTagId()
function takes the following arguments: * key_id: the permanent ID of the tag key; for example,
tagKeys/123456789012 * value_id: the permanent ID of the tag value; for example,
tagValues/567890123456 For example: resource.matchTagId('tagKeys/123456789012', 'tagValues/567890123456')
Declaration
[JsonProperty("condition")]
public virtual Expr Condition { get; set; }Property Value
| Type | Description |
|---|---|
| Expr |
DenyAll
Whether to deny all values for a list constraint. Valid only for list constraints.
Declaration
[JsonProperty("denyAll")]
public virtual bool? DenyAll { get; set; }Property Value
| Type | Description |
|---|---|
| bool? |
ETag
The ETag of the item.
Declaration
public virtual string ETag { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Enforce
Whether to enforce the constraint. Valid only for boolean constraints.
Declaration
[JsonProperty("enforce")]
public virtual bool? Enforce { get; set; }Property Value
| Type | Description |
|---|---|
| bool? |
Parameters
Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true }
Declaration
[JsonProperty("parameters")]
public virtual IDictionary<string, object> Parameters { get; set; }Property Value
| Type | Description |
|---|---|
| IDictionary<string, object> |
ResourceTypes
Optional. The resource types policies can support, only used for managed constraints. Method type is
GOVERN_TAGS.
Declaration
[JsonProperty("resourceTypes")]
public virtual ResourceTypes ResourceTypes { get; set; }Property Value
| Type | Description |
|---|---|
| ResourceTypes |
Values
The allowed and denied values for a list constraint. Valid only for list constraints.
Declaration
[JsonProperty("values")]
public virtual GoogleCloudSecuritypostureV1PolicyRuleStringValues Values { get; set; }Property Value
| Type | Description |
|---|---|
| GoogleCloudSecuritypostureV1PolicyRuleStringValues |