PolicyRule(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A rule used to express this policy.
Attributes | |
---|---|
Name | Description |
values |
google.cloud.orgpolicy_v2.types.PolicySpec.PolicyRule.StringValues
List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. |
allow_all |
bool
Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints. |
deny_all |
bool
Setting this to true means that all values are denied. This field can be set only in Policies for list constraints. |
enforce |
bool
If true , then the Policy is enforced. If false ,
then any configuration is acceptable. This field can be set
only in Policies for boolean constraints.
|
condition |
google.type.expr_pb2.Expr
A condition which determines whether this rule is used in the evaluation of the policy. When set, the expression
field in the \`Expr' must include from 1 to 10
subexpressions, joined by the "||" or "&&" operators. Each
subexpression must be of the form
"resource.matchLabels(key_name, value_name)", where key_name
and value_name are the resource names for Label Keys and
Values. These names are available from the Label Manager
Service. An example expression is:
"resource.matchLabels('labelKeys/123, 'labelValues/456')".
|
Classes
StringValues
StringValues(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A message that holds specific allowed and denied values. This
message can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (Organizations
, Folders
,
Projects
) that are allowed or denied. This is achieved by using
the under:
and optional is:
prefixes. The under:
prefix
is used to denote resource subtree values. The is:
prefix is
used to denote specific values, and is required only if the value
contains a ":". Values prefixed with "is:" are treated the same as
values with no prefix. Ancestry subtrees must be in one of the
following formats: - "projects/", e.g. "projects/tokyo-rain-123" -
"folders/", e.g. "folders/1234" - "organizations/", e.g.
"organizations/1234" The supports_under
field of the associated
Constraint
defines whether ancestry prefixes can be used.