public static interface Policy.ListPolicyOrBuilder extends MessageOrBuilder
| Modifier and Type | Method and Description |
|---|---|
String |
getAllowedValues(int index)
List of values allowed at this resource.
|
ByteString |
getAllowedValuesBytes(int index)
List of values allowed at this resource.
|
int |
getAllowedValuesCount()
List of values allowed at this resource.
|
List<String> |
getAllowedValuesList()
List of values allowed at this resource.
|
Policy.ListPolicy.AllValues |
getAllValues()
The policy all_values state.
|
int |
getAllValuesValue()
The policy all_values state.
|
String |
getDeniedValues(int index)
List of values denied at this resource.
|
ByteString |
getDeniedValuesBytes(int index)
List of values denied at this resource.
|
int |
getDeniedValuesCount()
List of values denied at this resource.
|
List<String> |
getDeniedValuesList()
List of values denied at this resource.
|
boolean |
getInheritFromParent()
Determines the inheritance behavior for this `Policy`.
|
String |
getSuggestedValue()
Optional.
|
ByteString |
getSuggestedValueBytes()
Optional.
|
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneofisInitializedList<String> getAllowedValuesList()
List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string allowed_values = 1;int getAllowedValuesCount()
List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string allowed_values = 1;String getAllowedValues(int index)
List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string allowed_values = 1;index - The index of the element to return.ByteString getAllowedValuesBytes(int index)
List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string allowed_values = 1;index - The index of the value to return.List<String> getDeniedValuesList()
List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string denied_values = 2;int getDeniedValuesCount()
List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string denied_values = 2;String getDeniedValues(int index)
List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string denied_values = 2;index - The index of the element to return.ByteString getDeniedValuesBytes(int index)
List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
repeated string denied_values = 2;index - The index of the value to return.int getAllValuesValue()
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;Policy.ListPolicy.AllValues getAllValues()
The policy all_values state.
.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;String getSuggestedValue()
Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
string suggested_value = 4;ByteString getSuggestedValueBytes()
Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
string suggested_value = 4;boolean getInheritFromParent()
Determines the inheritance behavior for this `Policy`.
By default, a `ListPolicy` set at a resource supercedes any `Policy` set
anywhere up the resource hierarchy. However, if `inherit_from_parent` is
set to `true`, then the values from the effective `Policy` of the parent
resource are inherited, meaning the values set in this `Policy` are
added to the values inherited up the hierarchy.
Setting `Policy` hierarchies that inherit both allowed values and denied
values isn't recommended in most circumstances to keep the configuration
simple and understandable. However, it is possible to set a `Policy` with
`allowed_values` set that inherits a `Policy` with `denied_values` set.
In this case, the values that are allowed must be in `allowed_values` and
not present in `denied_values`.
For example, suppose you have a `Constraint`
`constraints/serviceuser.services`, which has a `constraint_type` of
`list_constraint`, and with `constraint_default` set to `ALLOW`.
Suppose that at the Organization level, a `Policy` is applied that
restricts the allowed API activations to {`E1`, `E2`}. Then, if a
`Policy` is applied to a project below the Organization that has
`inherit_from_parent` set to `false` and field all_values set to DENY,
then an attempt to activate any API will be denied.
The following examples demonstrate different possible layerings for
`projects/bar` parented by `organizations/foo`:
Example 1 (no inherited values):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values:"E2"}
`projects/bar` has `inherit_from_parent` `false` and values:
{allowed_values: "E3" allowed_values: "E4"}
The accepted values at `organizations/foo` are `E1`, `E2`.
The accepted values at `projects/bar` are `E3`, and `E4`.
Example 2 (inherited values):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values:"E2"}
`projects/bar` has a `Policy` with values:
{value: "E3" value: "E4" inherit_from_parent: true}
The accepted values at `organizations/foo` are `E1`, `E2`.
The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
Example 3 (inheriting both allowed and denied values):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values: "E2"}
`projects/bar` has a `Policy` with:
{denied_values: "E1"}
The accepted values at `organizations/foo` are `E1`, `E2`.
The value accepted at `projects/bar` is `E2`.
Example 4 (RestoreDefault):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values:"E2"}
`projects/bar` has a `Policy` with values:
{RestoreDefault: {}}
The accepted values at `organizations/foo` are `E1`, `E2`.
The accepted values at `projects/bar` are either all or none depending on
the value of `constraint_default` (if `ALLOW`, all; if
`DENY`, none).
Example 5 (no policy inherits parent policy):
`organizations/foo` has no `Policy` set.
`projects/bar` has no `Policy` set.
The accepted values at both levels are either all or none depending on
the value of `constraint_default` (if `ALLOW`, all; if
`DENY`, none).
Example 6 (ListConstraint allowing all):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values: "E2"}
`projects/bar` has a `Policy` with:
{all: ALLOW}
The accepted values at `organizations/foo` are `E1`, E2`.
Any value is accepted at `projects/bar`.
Example 7 (ListConstraint allowing none):
`organizations/foo` has a `Policy` with values:
{allowed_values: "E1" allowed_values: "E2"}
`projects/bar` has a `Policy` with:
{all: DENY}
The accepted values at `organizations/foo` are `E1`, E2`.
No value is accepted at `projects/bar`.
Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
Given the following resource hierarchy
O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
`organizations/foo` has a `Policy` with values:
{allowed_values: "under:organizations/O1"}
`projects/bar` has a `Policy` with:
{allowed_values: "under:projects/P3"}
{denied_values: "under:folders/F2"}
The accepted values at `organizations/foo` are `organizations/O1`,
`folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
`projects/P3`.
The accepted values at `projects/bar` are `organizations/O1`,
`folders/F1`, `projects/P1`.
bool inherit_from_parent = 5;Copyright © 2021 Google LLC. All rights reserved.