Class: Google::Cloud::Asset::V1::AnalyzerOrgPolicy

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/asset/v1/asset_service.rb

Overview

This organization policy message is a modified version of the one defined in the Organization Policy system. This message contains several fields defined in the original organization policy with some new fields for analysis purpose.

Defined Under Namespace

Classes: Rule

Instance Attribute Summary collapse

Instance Attribute Details

#applied_resource::String

Returns The full resource name of an organization/folder/project resource where this organization policy applies to.

For any user defined org policies, this field has the same value as the [attached_resource] field. Only for default policy, this field has the different value.

Returns:

  • (::String)

    The full resource name of an organization/folder/project resource where this organization policy applies to.

    For any user defined org policies, this field has the same value as the [attached_resource] field. Only for default policy, this field has the different value.



1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1953

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#attached_resource::String

Returns The full resource name of an organization/folder/project resource where this organization policy is set.

Notice that some type of constraints are defined with default policy. This field will be empty for them.

Returns:

  • (::String)

    The full resource name of an organization/folder/project resource where this organization policy is set.

    Notice that some type of constraints are defined with default policy. This field will be empty for them.



1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1953

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#inherit_from_parent::Boolean

Returns If inherit_from_parent is true, Rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the effective root for evaluation.

Returns:

  • (::Boolean)

    If inherit_from_parent is true, Rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the effective root for evaluation.



1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1953

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#reset::Boolean

Returns Ignores policies set above this resource and restores the default behavior of the constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, rules must be empty and inherit_from_parent must be set to false.

Returns:

  • (::Boolean)

    Ignores policies set above this resource and restores the default behavior of the constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, rules must be empty and inherit_from_parent must be set to false.



1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1953

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#rules::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule>

Returns List of rules for this organization policy.

Returns:



1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1953

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end