Package cloud.google.com/go/orgpolicy/apiv1/orgpolicypb (v1.14.1)

Variables

Policy_ListPolicy_AllValues_name, Policy_ListPolicy_AllValues_value

var (
	Policy_ListPolicy_AllValues_name = map[int32]string{
		0: "ALL_VALUES_UNSPECIFIED",
		1: "ALLOW",
		2: "DENY",
	}
	Policy_ListPolicy_AllValues_value = map[string]int32{
		"ALL_VALUES_UNSPECIFIED": 0,
		"ALLOW":                  1,
		"DENY":                   2,
	}
)

Enum value maps for Policy_ListPolicy_AllValues.

File_google_cloud_orgpolicy_v1_orgpolicy_proto

var File_google_cloud_orgpolicy_v1_orgpolicy_proto protoreflect.FileDescriptor

Policy

type Policy struct {

	// Version of the `Policy`. Default version is 0;
	Version int32 `protobuf:"varint,1,opt,name=version,proto3" json:"version,omitempty"`
	// The name of the `Constraint` the `Policy` is configuring, for example,
	// `constraints/serviceuser.services`.
	//
	// Immutable after creation.
	Constraint string `protobuf:"bytes,2,opt,name=constraint,proto3" json:"constraint,omitempty"`
	// An opaque tag indicating the current version of the `Policy`, used for
	// concurrency control.
	//
	// When the `Policy` is returned from either a `GetPolicy` or a
	// `ListOrgPolicy` request, this `etag` indicates the version of the current
	// `Policy` to use when executing a read-modify-write loop.
	//
	// When the `Policy` is returned from a `GetEffectivePolicy` request, the
	// `etag` will be unset.
	//
	// When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
	// that was returned from a `GetOrgPolicy` request as part of a
	// read-modify-write loop for concurrency control. Not setting the `etag`in a
	// `SetOrgPolicy` request will result in an unconditional write of the
	// `Policy`.
	Etag []byte `protobuf:"bytes,3,opt,name=etag,proto3" json:"etag,omitempty"`
	// The time stamp the `Policy` was previously updated. This is set by the
	// server, not specified by the caller, and represents the last time a call to
	// `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
	// be ignored.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// The field to populate is based on the `constraint_type` value in the
	// `Constraint`.
	//
	//	 `list_constraint` => `list_policy`
	//	 `boolean_constraint` => `boolean_policy`
	//
	//	A `restore_default` message may be used with any `Constraint` type.
	//
	// Providing a *_policy that is incompatible with the `constraint_type` will
	// result in an `invalid_argument` error.
	//
	// Attempting to set a `Policy` with a `policy_type` not set will result in an
	// `invalid_argument` error.
	//
	// Types that are assignable to PolicyType:
	//
	//	*Policy_ListPolicy_
	//	*Policy_BooleanPolicy_
	//	*Policy_RestoreDefault_
	PolicyType isPolicy_PolicyType `protobuf_oneof:"policy_type"`
	// contains filtered or unexported fields
}

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

func (*Policy) Descriptor

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) GetBooleanPolicy

func (x *Policy) GetBooleanPolicy() *Policy_BooleanPolicy

func (*Policy) GetConstraint

func (x *Policy) GetConstraint() string

func (*Policy) GetEtag

func (x *Policy) GetEtag() []byte

func (*Policy) GetListPolicy

func (x *Policy) GetListPolicy() *Policy_ListPolicy

func (*Policy) GetPolicyType

func (m *Policy) GetPolicyType() isPolicy_PolicyType

func (*Policy) GetRestoreDefault

func (x *Policy) GetRestoreDefault() *Policy_RestoreDefault

func (*Policy) GetUpdateTime

func (x *Policy) GetUpdateTime() *timestamppb.Timestamp

func (*Policy) GetVersion

func (x *Policy) GetVersion() int32

func (*Policy) ProtoMessage

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset

func (x *Policy) Reset()

func (*Policy) String

func (x *Policy) String() string

Policy_BooleanPolicy

type Policy_BooleanPolicy struct {

	// If `true`, then the `Policy` is enforced. If `false`, then any
	// configuration is acceptable.
	//
	// Suppose you have a `Constraint`
	// `constraints/compute.disableSerialPortAccess` with `constraint_default`
	// set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
	// behavior:
	//   - If the `Policy` at this resource has enforced set to `false`, serial
	//     port connection attempts will be allowed.
	//   - If the `Policy` at this resource has enforced set to `true`, serial
	//     port connection attempts will be refused.
	//   - If the `Policy` at this resource is `RestoreDefault`, serial port
	//     connection attempts will be allowed.
	//   - If no `Policy` is set at this resource or anywhere higher in the
	//     resource hierarchy, serial port connection attempts will be allowed.
	//   - If no `Policy` is set at this resource, but one exists higher in the
	//     resource hierarchy, the behavior is as if the`Policy` were set at
	//     this resource.
	//
	// The following examples demonstrate the different possible layerings:
	//
	// Example 1 (nearest `Constraint` wins):
	//
	//	`organizations/foo` has a `Policy` with:
	//	  {enforced: false}
	//	`projects/bar` has no `Policy` set.
	//
	// The constraint at `projects/bar` and `organizations/foo` will not be
	// enforced.
	//
	// Example 2 (enforcement gets replaced):
	//
	//	`organizations/foo` has a `Policy` with:
	//	  {enforced: false}
	//	`projects/bar` has a `Policy` with:
	//	  {enforced: true}
	//
	// The constraint at `organizations/foo` is not enforced.
	// The constraint at `projects/bar` is enforced.
	//
	// Example 3 (RestoreDefault):
	//
	//	`organizations/foo` has a `Policy` with:
	//	  {enforced: true}
	//	`projects/bar` has a `Policy` with:
	//	  {RestoreDefault: {}}
	//
	// The constraint at `organizations/foo` is enforced.
	// The constraint at `projects/bar` is not enforced, because
	// `constraint_default` for the `Constraint` is `ALLOW`.
	Enforced bool `protobuf:"varint,1,opt,name=enforced,proto3" json:"enforced,omitempty"`
	// contains filtered or unexported fields
}

Used in policy_type to specify how boolean_policy will behave at this resource.

func (*Policy_BooleanPolicy) Descriptor

func (*Policy_BooleanPolicy) Descriptor() ([]byte, []int)

Deprecated: Use Policy_BooleanPolicy.ProtoReflect.Descriptor instead.

func (*Policy_BooleanPolicy) GetEnforced

func (x *Policy_BooleanPolicy) GetEnforced() bool

func (*Policy_BooleanPolicy) ProtoMessage

func (*Policy_BooleanPolicy) ProtoMessage()

func (*Policy_BooleanPolicy) ProtoReflect

func (x *Policy_BooleanPolicy) ProtoReflect() protoreflect.Message

func (*Policy_BooleanPolicy) Reset

func (x *Policy_BooleanPolicy) Reset()

func (*Policy_BooleanPolicy) String

func (x *Policy_BooleanPolicy) String() string

Policy_BooleanPolicy_

type Policy_BooleanPolicy_ struct {
	// For boolean `Constraints`, whether to enforce the `Constraint` or not.
	BooleanPolicy *Policy_BooleanPolicy `protobuf:"bytes,6,opt,name=boolean_policy,json=booleanPolicy,proto3,oneof"`
}

Policy_ListPolicy

type Policy_ListPolicy struct {
	AllowedValues []string `protobuf:"bytes,1,rep,name=allowed_values,json=allowedValues,proto3" json:"allowed_values,omitempty"`

	DeniedValues []string `protobuf:"bytes,2,rep,name=denied_values,json=deniedValues,proto3" json:"denied_values,omitempty"`

	AllValues Policy_ListPolicy_AllValues "" /* 148 byte string literal not displayed */

	SuggestedValue string `protobuf:"bytes,4,opt,name=suggested_value,json=suggestedValue,proto3" json:"suggested_value,omitempty"`

	InheritFromParent bool `protobuf:"varint,5,opt,name=inherit_from_parent,json=inheritFromParent,proto3" json:"inherit_from_parent,omitempty"`

}

Used in policy_type to specify how list_policy behaves at this resource.

ListPolicy can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied by setting the allowed_values and denied_values fields. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

  • "projects/
  • "folders/
  • "organizations/

The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. You can set allowed_values and denied_values in the same Policy if all_values is ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all values. If all_values is set to either ALLOW or DENY, allowed_values and denied_values must be unset.

func (*Policy_ListPolicy) Descriptor

func (*Policy_ListPolicy) Descriptor() ([]byte, []int)

Deprecated: Use Policy_ListPolicy.ProtoReflect.Descriptor instead.

func (*Policy_ListPolicy) GetAllValues

func (*Policy_ListPolicy) GetAllowedValues

func (x *Policy_ListPolicy) GetAllowedValues() []string

func (*Policy_ListPolicy) GetDeniedValues

func (x *Policy_ListPolicy) GetDeniedValues() []string

func (*Policy_ListPolicy) GetInheritFromParent

func (x *Policy_ListPolicy) GetInheritFromParent() bool

func (*Policy_ListPolicy) GetSuggestedValue

func (x *Policy_ListPolicy) GetSuggestedValue() string

func (*Policy_ListPolicy) ProtoMessage

func (*Policy_ListPolicy) ProtoMessage()

func (*Policy_ListPolicy) ProtoReflect

func (x *Policy_ListPolicy) ProtoReflect() protoreflect.Message

func (*Policy_ListPolicy) Reset

func (x *Policy_ListPolicy) Reset()

func (*Policy_ListPolicy) String

func (x *Policy_ListPolicy) String() string

Policy_ListPolicy_

type Policy_ListPolicy_ struct {
	// List of values either allowed or disallowed.
	ListPolicy *Policy_ListPolicy `protobuf:"bytes,5,opt,name=list_policy,json=listPolicy,proto3,oneof"`
}

Policy_ListPolicy_AllValues

type Policy_ListPolicy_AllValues int32

This enum can be used to set Policies that apply to all possible configuration values rather than specific values in allowed_values or denied_values.

Settting this to ALLOW will mean this Policy allows all values. Similarly, setting it to DENY will mean no values are allowed. If set to either ALLOW or DENY,allowed_valuesanddenied_valuesmust be unset. Setting this toALL_VALUES_UNSPECIFIEDallows for settingallowed_valuesanddenied_values`.

Policy_ListPolicy_ALL_VALUES_UNSPECIFIED, Policy_ListPolicy_ALLOW, Policy_ListPolicy_DENY

const (
	// Indicates that allowed_values or denied_values must be set.
	Policy_ListPolicy_ALL_VALUES_UNSPECIFIED Policy_ListPolicy_AllValues = 0
	// A policy with this set allows all values.
	Policy_ListPolicy_ALLOW Policy_ListPolicy_AllValues = 1
	// A policy with this set denies all values.
	Policy_ListPolicy_DENY Policy_ListPolicy_AllValues = 2
)

func (Policy_ListPolicy_AllValues) Descriptor

func (Policy_ListPolicy_AllValues) Enum

func (Policy_ListPolicy_AllValues) EnumDescriptor

func (Policy_ListPolicy_AllValues) EnumDescriptor() ([]byte, []int)

Deprecated: Use Policy_ListPolicy_AllValues.Descriptor instead.

func (Policy_ListPolicy_AllValues) Number

func (Policy_ListPolicy_AllValues) String

func (Policy_ListPolicy_AllValues) Type

Policy_RestoreDefault

type Policy_RestoreDefault struct {
	// contains filtered or unexported fields
}

Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource.

Suppose that constraint_default is set to ALLOW for the Constraint constraints/serviceuser.services. Suppose that organization foo.com sets a Policy at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a Policy with the policy_type restore_default on several experimental projects, restoring the constraint_default enforcement of the Constraint for only those projects, allowing those projects to have all services activated.

func (*Policy_RestoreDefault) Descriptor

func (*Policy_RestoreDefault) Descriptor() ([]byte, []int)

Deprecated: Use Policy_RestoreDefault.ProtoReflect.Descriptor instead.

func (*Policy_RestoreDefault) ProtoMessage

func (*Policy_RestoreDefault) ProtoMessage()

func (*Policy_RestoreDefault) ProtoReflect

func (x *Policy_RestoreDefault) ProtoReflect() protoreflect.Message

func (*Policy_RestoreDefault) Reset

func (x *Policy_RestoreDefault) Reset()

func (*Policy_RestoreDefault) String

func (x *Policy_RestoreDefault) String() string

Policy_RestoreDefault_

type Policy_RestoreDefault_ struct {
	// Restores the default behavior of the constraint; independent of
	// `Constraint` type.
	RestoreDefault *Policy_RestoreDefault `protobuf:"bytes,7,opt,name=restore_default,json=restoreDefault,proto3,oneof"`
}