public static final class Policy.ListPolicy extends GeneratedMessageV3 implements Policy.ListPolicyOrBuilder
Used in `policy_type` to specify how `list_policy` behaves at this
resource.
`ListPolicy` can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
are allowed or denied by setting the `allowed_values` and `denied_values`
fields. This is achieved by using the `under:` and optional `is:` prefixes.
The `under:` prefix is used to denote resource subtree values.
The `is:` prefix is used to denote specific values, and is required only
if the value contains a ":". Values prefixed with "is:" are treated the
same as values with no prefix.
Ancestry subtrees must be in one of the following formats:
- "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- "folders/<folder-id>", e.g. "folders/1234"
- "organizations/<organization-id>", e.g. "organizations/1234"
The `supports_under` field of the associated `Constraint` defines whether
ancestry prefixes can be used. You can set `allowed_values` and
`denied_values` in the same `Policy` if `all_values` is
`ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
values. If `all_values` is set to either `ALLOW` or `DENY`,
`allowed_values` and `denied_values` must be unset.
Protobuf type google.cloud.orgpolicy.v1.Policy.ListPolicy| Modifier and Type | Class and Description |
|---|---|
static class |
Policy.ListPolicy.AllValues
This enum can be used to set `Policies` that apply to all possible
configuration values rather than specific values in `allowed_values` or
`denied_values`.
|
static class |
Policy.ListPolicy.Builder
Used in `policy_type` to specify how `list_policy` behaves at this
resource.
|
GeneratedMessageV3.BuilderParent, GeneratedMessageV3.ExtendableBuilder<MessageType extends GeneratedMessageV3.ExtendableMessage,BuilderType extends GeneratedMessageV3.ExtendableBuilder<MessageType,BuilderType>>, GeneratedMessageV3.ExtendableMessage<MessageType extends GeneratedMessageV3.ExtendableMessage>, GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends GeneratedMessageV3.ExtendableMessage>, GeneratedMessageV3.FieldAccessorTable, GeneratedMessageV3.UnusedPrivateParameterAbstractMessageLite.InternalOneOfEnum| Modifier and Type | Field and Description |
|---|---|
static int |
ALL_VALUES_FIELD_NUMBER |
static int |
ALLOWED_VALUES_FIELD_NUMBER |
static int |
DENIED_VALUES_FIELD_NUMBER |
static int |
INHERIT_FROM_PARENT_FIELD_NUMBER |
static int |
SUGGESTED_VALUE_FIELD_NUMBER |
alwaysUseFieldBuilders, unknownFieldsmemoizedSizememoizedHashCodecanUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof, internalGetMapField, makeExtensionsImmutable, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTagfindInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toStringaddAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeToclone, finalize, getClass, notify, notifyAll, wait, wait, waitfindInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneoftoByteArray, toByteString, writeDelimitedTo, writeTopublic static final int ALLOWED_VALUES_FIELD_NUMBER
public static final int DENIED_VALUES_FIELD_NUMBER
public static final int ALL_VALUES_FIELD_NUMBER
public static final int SUGGESTED_VALUE_FIELD_NUMBER
public static final int INHERIT_FROM_PARENT_FIELD_NUMBER
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
newInstance in class GeneratedMessageV3public final UnknownFieldSet getUnknownFields()
getUnknownFields in interface MessageOrBuildergetUnknownFields in class GeneratedMessageV3public static final Descriptors.Descriptor getDescriptor()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
internalGetFieldAccessorTable in class GeneratedMessageV3public ProtocolStringList getAllowedValuesList()
List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string allowed_values = 1;getAllowedValuesList in interface Policy.ListPolicyOrBuilderpublic int getAllowedValuesCount()
List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string allowed_values = 1;getAllowedValuesCount in interface Policy.ListPolicyOrBuilderpublic String getAllowedValues(int index)
List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string allowed_values = 1;getAllowedValues in interface Policy.ListPolicyOrBuilderindex - The index of the element to return.public ByteString getAllowedValuesBytes(int index)
List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string allowed_values = 1;getAllowedValuesBytes in interface Policy.ListPolicyOrBuilderindex - The index of the value to return.public ProtocolStringList getDeniedValuesList()
List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string denied_values = 2;getDeniedValuesList in interface Policy.ListPolicyOrBuilderpublic int getDeniedValuesCount()
List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string denied_values = 2;getDeniedValuesCount in interface Policy.ListPolicyOrBuilderpublic String getDeniedValues(int index)
List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string denied_values = 2;getDeniedValues in interface Policy.ListPolicyOrBuilderindex - The index of the element to return.public ByteString getDeniedValuesBytes(int index)
List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string denied_values = 2;getDeniedValuesBytes in interface Policy.ListPolicyOrBuilderindex - The index of the value to return.public int getAllValuesValue()
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;getAllValuesValue in interface Policy.ListPolicyOrBuilderpublic Policy.ListPolicy.AllValues getAllValues()
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;getAllValues in interface Policy.ListPolicyOrBuilderpublic String getSuggestedValue()
Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
string suggested_value = 4;getSuggestedValue in interface Policy.ListPolicyOrBuilderpublic ByteString getSuggestedValueBytes()
Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
string suggested_value = 4;getSuggestedValueBytes in interface Policy.ListPolicyOrBuilderpublic boolean getInheritFromParent()
Determines the inheritance behavior for this `Policy`.
By default, a `ListPolicy` set at a resource supercedes any `Policy` set
anywhere up the resource hierarchy. However, if `inherit_from_parent` is
set to `true`, then the values from the effective `Policy` of the parent
resource are inherited, meaning the values set in this `Policy` are
added to the values inherited up the hierarchy.
Setting `Policy` hierarchies that inherit both allowed values and denied
values isn't recommended in most circumstances to keep the configuration
simple and understandable. However, it is possible to set a `Policy` with
`allowed_values` set that inherits a `Policy` with `denied_values` set.
In this case, the values that are allowed must be in `allowed_values` and
not present in `denied_values`.
For example, suppose you have a `Constraint`
`constraints/serviceuser.services`, which has a `constraint_type` of
`list_constraint`, and with `constraint_default` set to `ALLOW`.
Suppose that at the Organization level, a `Policy` is applied that
restricts the allowed API activations to {`E1`, `E2`}. Then, if a
`Policy` is applied to a project below the Organization that has
`inherit_from_parent` set to `false` and field all_values set to DENY,
then an attempt to activate any API will be denied.
The following examples demonstrate different possible layerings for
`projects/bar` parented by `organizations/foo`:
Example 1 (no inherited values):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values:"E2"}
`projects/bar` has `inherit_from_parent` `false` and values:
{allowed_values: "E3" allowed_values: "E4"}
The accepted values at `organizations/foo` are `E1`, `E2`.
The accepted values at `projects/bar` are `E3`, and `E4`.
Example 2 (inherited values):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values:"E2"}
`projects/bar` has a `Policy` with values:
{value: "E3" value: "E4" inherit_from_parent: true}
The accepted values at `organizations/foo` are `E1`, `E2`.
The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
Example 3 (inheriting both allowed and denied values):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values: "E2"}
`projects/bar` has a `Policy` with:
{denied_values: "E1"}
The accepted values at `organizations/foo` are `E1`, `E2`.
The value accepted at `projects/bar` is `E2`.
Example 4 (RestoreDefault):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values:"E2"}
`projects/bar` has a `Policy` with values:
{RestoreDefault: {}}
The accepted values at `organizations/foo` are `E1`, `E2`.
The accepted values at `projects/bar` are either all or none depending on
the value of `constraint_default` (if `ALLOW`, all; if
`DENY`, none).
Example 5 (no policy inherits parent policy):
`organizations/foo` has no `Policy` set.
`projects/bar` has no `Policy` set.
The accepted values at both levels are either all or none depending on
the value of `constraint_default` (if `ALLOW`, all; if
`DENY`, none).
Example 6 (ListConstraint allowing all):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values: "E2"}
`projects/bar` has a `Policy` with:
{all: ALLOW}
The accepted values at `organizations/foo` are `E1`, E2`.
Any value is accepted at `projects/bar`.
Example 7 (ListConstraint allowing none):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values: "E2"}
`projects/bar` has a `Policy` with:
{all: DENY}
The accepted values at `organizations/foo` are `E1`, E2`.
No value is accepted at `projects/bar`.
Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
Given the following resource hierarchy
O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
`organizations/foo` has a `Policy` with values:
{allowed_values: "under:organizations/O1"}
`projects/bar` has a `Policy` with:
{allowed_values: "under:projects/P3"}
{denied_values: "under:folders/F2"}
The accepted values at `organizations/foo` are `organizations/O1`,
`folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
`projects/P3`.
The accepted values at `projects/bar` are `organizations/O1`,
`folders/F1`, `projects/P1`.
bool inherit_from_parent = 5;getInheritFromParent in interface Policy.ListPolicyOrBuilderpublic final boolean isInitialized()
isInitialized in interface MessageLiteOrBuilderisInitialized in class GeneratedMessageV3public void writeTo(CodedOutputStream output) throws IOException
writeTo in interface MessageLitewriteTo in class GeneratedMessageV3IOExceptionpublic int getSerializedSize()
getSerializedSize in interface MessageLitegetSerializedSize in class GeneratedMessageV3public boolean equals(Object obj)
equals in interface Messageequals in class AbstractMessagepublic int hashCode()
hashCode in interface MessagehashCode in class AbstractMessagepublic static Policy.ListPolicy parseFrom(ByteBuffer data) throws InvalidProtocolBufferException
InvalidProtocolBufferExceptionpublic static Policy.ListPolicy parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry) throws InvalidProtocolBufferException
InvalidProtocolBufferExceptionpublic static Policy.ListPolicy parseFrom(ByteString data) throws InvalidProtocolBufferException
InvalidProtocolBufferExceptionpublic static Policy.ListPolicy parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry) throws InvalidProtocolBufferException
InvalidProtocolBufferExceptionpublic static Policy.ListPolicy parseFrom(byte[] data) throws InvalidProtocolBufferException
InvalidProtocolBufferExceptionpublic static Policy.ListPolicy parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry) throws InvalidProtocolBufferException
InvalidProtocolBufferExceptionpublic static Policy.ListPolicy parseFrom(InputStream input) throws IOException
IOExceptionpublic static Policy.ListPolicy parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic static Policy.ListPolicy parseDelimitedFrom(InputStream input) throws IOException
IOExceptionpublic static Policy.ListPolicy parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic static Policy.ListPolicy parseFrom(CodedInputStream input) throws IOException
IOExceptionpublic static Policy.ListPolicy parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic Policy.ListPolicy.Builder newBuilderForType()
newBuilderForType in interface MessagenewBuilderForType in interface MessageLitepublic static Policy.ListPolicy.Builder newBuilder()
public static Policy.ListPolicy.Builder newBuilder(Policy.ListPolicy prototype)
public Policy.ListPolicy.Builder toBuilder()
toBuilder in interface MessagetoBuilder in interface MessageLiteprotected Policy.ListPolicy.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
newBuilderForType in class GeneratedMessageV3public static Policy.ListPolicy getDefaultInstance()
public static Parser<Policy.ListPolicy> parser()
public Parser<Policy.ListPolicy> getParserForType()
getParserForType in interface MessagegetParserForType in interface MessageLitegetParserForType in class GeneratedMessageV3public Policy.ListPolicy getDefaultInstanceForType()
getDefaultInstanceForType in interface MessageLiteOrBuildergetDefaultInstanceForType in interface MessageOrBuilderCopyright © 2021 Google LLC. All rights reserved.