Class: Google::Cloud::OrgPolicy::V1::Policy::BooleanPolicy

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/orgpolicy/v1/orgpolicy.rb

Overview

Used in policy_type to specify how boolean_policy will behave at this resource.

Instance Attribute Summary collapse

Instance Attribute Details

#enforced::Boolean

Returns If true, then the Policy is enforced. If false, then any configuration is acceptable.

Suppose you have a Constraint constraints/compute.disableSerialPortAccess with constraint_default set to ALLOW. A Policy for that Constraint exhibits the following behavior:

  • If the Policy at this resource has enforced set to false, serial port connection attempts will be allowed.
  • If the Policy at this resource has enforced set to true, serial port connection attempts will be refused.
  • If the Policy at this resource is RestoreDefault, serial port connection attempts will be allowed.
  • If no Policy is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed.
  • If no Policy is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if thePolicy were set at this resource.

The following examples demonstrate the different possible layerings:

Example 1 (nearest Constraint wins): organizations/foo has a Policy with: {enforced: false} projects/bar has no Policy set. The constraint at projects/bar and organizations/foo will not be enforced.

Example 2 (enforcement gets replaced): organizations/foo has a Policy with: {enforced: false} projects/bar has a Policy with: {enforced: true} The constraint at organizations/foo is not enforced. The constraint at projects/bar is enforced.

Example 3 (RestoreDefault): organizations/foo has a Policy with: {enforced: true} projects/bar has a Policy with: {RestoreDefault: \{}} The constraint at organizations/foo is enforced. The constraint at projects/bar is not enforced, because constraint_default for the Constraint is ALLOW.

Returns:

  • (::Boolean)

    If true, then the Policy is enforced. If false, then any configuration is acceptable.

    Suppose you have a Constraint constraints/compute.disableSerialPortAccess with constraint_default set to ALLOW. A Policy for that Constraint exhibits the following behavior:

    • If the Policy at this resource has enforced set to false, serial port connection attempts will be allowed.
    • If the Policy at this resource has enforced set to true, serial port connection attempts will be refused.
    • If the Policy at this resource is RestoreDefault, serial port connection attempts will be allowed.
    • If no Policy is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed.
    • If no Policy is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if thePolicy were set at this resource.

    The following examples demonstrate the different possible layerings:

    Example 1 (nearest Constraint wins): organizations/foo has a Policy with: {enforced: false} projects/bar has no Policy set. The constraint at projects/bar and organizations/foo will not be enforced.

    Example 2 (enforcement gets replaced): organizations/foo has a Policy with: {enforced: false} projects/bar has a Policy with: {enforced: true} The constraint at organizations/foo is not enforced. The constraint at projects/bar is enforced.

    Example 3 (RestoreDefault): organizations/foo has a Policy with: {enforced: true} projects/bar has a Policy with: {RestoreDefault: \{}} The constraint at organizations/foo is enforced. The constraint at projects/bar is not enforced, because constraint_default for the Constraint is ALLOW.



282
283
284
285
 
# File 'proto_docs/google/cloud/orgpolicy/v1/orgpolicy.rb', line 282

class BooleanPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end