Class: Google::Apis::CloudassetV1beta1::GoogleCloudOrgpolicyV1Policy

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
generated/google/apis/cloudasset_v1beta1/classes.rb,
generated/google/apis/cloudasset_v1beta1/representations.rb,
generated/google/apis/cloudasset_v1beta1/representations.rb

Overview

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleCloudOrgpolicyV1Policy

Returns a new instance of GoogleCloudOrgpolicyV1Policy.



674
675
676
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 674

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#boolean_policyGoogle::Apis::CloudassetV1beta1::GoogleCloudOrgpolicyV1BooleanPolicy

Used in policy_type to specify how boolean_policy will behave at this resource. Corresponds to the JSON property booleanPolicy



604
605
606
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 604

def boolean_policy
  @boolean_policy
end

#constraintString

The name of the Constraint the Policy is configuring, for example, constraints/serviceuser.services. A list of available constraints is available. Immutable after creation. Corresponds to the JSON property constraint

Returns:

  • (String)


612
613
614
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 612

def constraint
  @constraint
end

#etagString

An opaque tag indicating the current version of the Policy, used for concurrency control. When the Policy is returned from either a GetPolicy or a ListOrgPolicy request, this etag indicates the version of the current Policy to use when executing a read-modify-write loop. When the Policy is returned from a GetEffectivePolicy request, the etag will be unset. When the Policy is used in a SetOrgPolicy method, use the etag value that was returned from a GetOrgPolicy request as part of a read-modify-write loop for concurrency control. Not setting the etagin a SetOrgPolicy request will result in an unconditional write of the Policy. Corresponds to the JSON property etag NOTE: Values are automatically base64 encoded/decoded in the client library.

Returns:

  • (String)


626
627
628
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 626

def etag
  @etag
end

#list_policyGoogle::Apis::CloudassetV1beta1::GoogleCloudOrgpolicyV1ListPolicy

Used in policy_type to specify how list_policy behaves at this resource. ListPolicy can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied by setting the allowed_values and denied_values fields. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. You can set allowed_values and denied_values in the same Policy if all_values is ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all values. If all_values is set to either ALLOW or DENY, allowed_values and denied_values must be unset. Corresponds to the JSON property listPolicy



646
647
648
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 646

def list_policy
  @list_policy
end

#restore_defaultGoogle::Apis::CloudassetV1beta1::GoogleCloudOrgpolicyV1RestoreDefault

Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource. Suppose that constraint_default is set to ALLOW for the Constraint constraints/ serviceuser.services. Suppose that organization foo.com sets a Policy at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a Policy with the policy_type restore_default on several experimental projects, restoring the constraint_default enforcement of the Constraint for only those projects, allowing those projects to have all services activated. Corresponds to the JSON property restoreDefault



659
660
661
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 659

def restore_default
  @restore_default
end

#update_timeString

The time stamp the Policy was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to SetOrgPolicy was made for that Policy. Any value set by the client will be ignored. Corresponds to the JSON property updateTime

Returns:

  • (String)


667
668
669
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 667

def update_time
  @update_time
end

#versionFixnum

Version of the Policy. Default version is 0; Corresponds to the JSON property version

Returns:

  • (Fixnum)


672
673
674
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 672

def version
  @version
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



679
680
681
682
683
684
685
686
687
# File 'generated/google/apis/cloudasset_v1beta1/classes.rb', line 679

def update!(**args)
  @boolean_policy = args[:boolean_policy] if args.key?(:boolean_policy)
  @constraint = args[:constraint] if args.key?(:constraint)
  @etag = args[:etag] if args.key?(:etag)
  @list_policy = args[:list_policy] if args.key?(:list_policy)
  @restore_default = args[:restore_default] if args.key?(:restore_default)
  @update_time = args[:update_time] if args.key?(:update_time)
  @version = args[:version] if args.key?(:version)
end