Class: Google::Apis::CloudresourcemanagerV1::OrgPolicy

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
generated/google/apis/cloudresourcemanager_v1/classes.rb,
generated/google/apis/cloudresourcemanager_v1/representations.rb,
generated/google/apis/cloudresourcemanager_v1/representations.rb

Overview

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Google::Apis::Core::JsonObjectSupport

#to_json

Methods included from Google::Apis::Core::Hashable

process_value, #to_h

Constructor Details

#initialize(**args) ⇒ OrgPolicy

Returns a new instance of OrgPolicy



1204
1205
1206
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1204

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#boolean_policyGoogle::Apis::CloudresourcemanagerV1::BooleanPolicy

Used in policy_type to specify how boolean_policy will behave at this resource. Corresponds to the JSON property booleanPolicy



1126
1127
1128
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1126

def boolean_policy
  @boolean_policy
end

#constraintString

The name of the Constraint the Policy is configuring, for example, constraints/serviceuser.services. Immutable after creation. Corresponds to the JSON property constraint

Returns:

  • (String)


1133
1134
1135
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1133

def constraint
  @constraint
end

#etagString

An opaque tag indicating the current version of the Policy, used for concurrency control. When the Policy is returned from either a GetPolicy or a ListOrgPolicy request, this etag indicates the version of the current Policy to use when executing a read-modify-write loop. When the Policy is returned from a GetEffectivePolicy request, the etag will be unset. When the Policy is used in a SetOrgPolicy method, use the etag value that was returned from a GetOrgPolicy request as part of a read-modify-write loop for concurrency control. Not setting the etagin a SetOrgPolicy request will result in an unconditional write of the Policy. Corresponds to the JSON property etag NOTE: Values are automatically base64 encoded/decoded in the client library.

Returns:

  • (String)


1150
1151
1152
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1150

def etag
  @etag
end

#list_policyGoogle::Apis::CloudresourcemanagerV1::ListPolicy

Used in policy_type to specify how list_policy behaves at this resource. ListPolicy can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied by setting the allowed_values and denied_values fields. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

  • “projects/”, e.g. “projects/tokyo-rain-123”
  • “folders/”, e.g. “folders/1234”
  • “organizations/”, e.g. “organizations/1234” The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. You can set allowed_values and denied_values in the same Policy if all_values is ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all values. If all_values is set to either ALLOW or DENY, allowed_values and denied_values must be unset. Corresponds to the JSON property listPolicy


1174
1175
1176
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1174

def list_policy
  @list_policy
end

#restore_defaultGoogle::Apis::CloudresourcemanagerV1::RestoreDefault

Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource. Suppose that constraint_default is set to ALLOW for the Constraint constraints/serviceuser.services. Suppose that organization foo.com sets a Policy at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a Policy with the policy_type restore_default on several experimental projects, restoring the constraint_default enforcement of the Constraint for only those projects, allowing those projects to have all services activated. Corresponds to the JSON property restoreDefault



1189
1190
1191
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1189

def restore_default
  @restore_default
end

#update_timeString

The time stamp the Policy was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to SetOrgPolicy was made for that Policy. Any value set by the client will be ignored. Corresponds to the JSON property updateTime

Returns:

  • (String)


1197
1198
1199
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1197

def update_time
  @update_time
end

#versionFixnum

Version of the Policy. Default version is 0; Corresponds to the JSON property version

Returns:

  • (Fixnum)


1202
1203
1204
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1202

def version
  @version
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1209
1210
1211
1212
1213
1214
1215
1216
1217
# File 'generated/google/apis/cloudresourcemanager_v1/classes.rb', line 1209

def update!(**args)
  @boolean_policy = args[:boolean_policy] if args.key?(:boolean_policy)
  @constraint = args[:constraint] if args.key?(:constraint)
  @etag = args[:etag] if args.key?(:etag)
  @list_policy = args[:list_policy] if args.key?(:list_policy)
  @restore_default = args[:restore_default] if args.key?(:restore_default)
  @update_time = args[:update_time] if args.key?(:update_time)
  @version = args[:version] if args.key?(:version)
end