Reference documentation and code samples for the Policy Simulator V1 API class Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule.
A rule used to express this policy.
Inherits
Object
Extended By
Google::Protobuf::MessageExts::ClassMethods
Includes
Google::Protobuf::MessageExts
Methods
#allow_all
defallow_all()->::Boolean
Returns
(::Boolean) — Setting this to true means that all values are allowed. This field can
be set only in policies for list constraints.
Note: The following fields are mutually exclusive: allow_all, values, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
#allow_all=
defallow_all=(value)->::Boolean
Parameter
value (::Boolean) — Setting this to true means that all values are allowed. This field can
be set only in policies for list constraints.
Note: The following fields are mutually exclusive: allow_all, values, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
Returns
(::Boolean) — Setting this to true means that all values are allowed. This field can
be set only in policies for list constraints.
Note: The following fields are mutually exclusive: allow_all, values, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
#condition
defcondition()->::Google::Type::Expr
Returns
(::Google::Type::Expr) — A condition which determines whether this rule is used
in the evaluation of the policy. When set, the expression field in
the `Expr' must include from 1 to 10 subexpressions, joined by the "||"
or "&&" operators. Each subexpression must be of the form
"resource.matchTag('
#condition=
defcondition=(value)->::Google::Type::Expr
Parameter
value (::Google::Type::Expr) — A condition which determines whether this rule is used
in the evaluation of the policy. When set, the expression field in
the `Expr' must include from 1 to 10 subexpressions, joined by the "||"
or "&&" operators. Each subexpression must be of the form
"resource.matchTag('
Returns
(::Google::Type::Expr) — A condition which determines whether this rule is used
in the evaluation of the policy. When set, the expression field in
the `Expr' must include from 1 to 10 subexpressions, joined by the "||"
or "&&" operators. Each subexpression must be of the form
"resource.matchTag('
#deny_all
defdeny_all()->::Boolean
Returns
(::Boolean) — Setting this to true means that all values are denied. This field can
be set only in policies for list constraints.
Note: The following fields are mutually exclusive: deny_all, values, allow_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
#deny_all=
defdeny_all=(value)->::Boolean
Parameter
value (::Boolean) — Setting this to true means that all values are denied. This field can
be set only in policies for list constraints.
Note: The following fields are mutually exclusive: deny_all, values, allow_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
Returns
(::Boolean) — Setting this to true means that all values are denied. This field can
be set only in policies for list constraints.
Note: The following fields are mutually exclusive: deny_all, values, allow_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
#enforce
defenforce()->::Boolean
Returns
(::Boolean) — If true, then the policy is enforced. If false, then any
configuration is acceptable.
This field can be set only in policies for boolean constraints.
Note: The following fields are mutually exclusive: enforce, values, allow_all, deny_all. If a field in that set is populated, all other fields in the set will automatically be cleared.
#enforce=
defenforce=(value)->::Boolean
Parameter
value (::Boolean) — If true, then the policy is enforced. If false, then any
configuration is acceptable.
This field can be set only in policies for boolean constraints.
Note: The following fields are mutually exclusive: enforce, values, allow_all, deny_all. If a field in that set is populated, all other fields in the set will automatically be cleared.
Returns
(::Boolean) — If true, then the policy is enforced. If false, then any
configuration is acceptable.
This field can be set only in policies for boolean constraints.
Note: The following fields are mutually exclusive: enforce, values, allow_all, deny_all. If a field in that set is populated, all other fields in the set will automatically be cleared.
#parameters
defparameters()->::Google::Protobuf::Struct
Returns
(::Google::Protobuf::Struct) — Optional. Required for managed constraints if parameters are defined.
Passes parameter values when policy enforcement is enabled. Ensure that
parameter value types match those defined in the constraint definition.
For example:
{
"allowedLocations" : ["us-east1", "us-west1"],
"allowAll" : true
}
#parameters=
defparameters=(value)->::Google::Protobuf::Struct
Parameter
value (::Google::Protobuf::Struct) — Optional. Required for managed constraints if parameters are defined.
Passes parameter values when policy enforcement is enabled. Ensure that
parameter value types match those defined in the constraint definition.
For example:
{
"allowedLocations" : ["us-east1", "us-west1"],
"allowAll" : true
}
Returns
(::Google::Protobuf::Struct) — Optional. Required for managed constraints if parameters are defined.
Passes parameter values when policy enforcement is enabled. Ensure that
parameter value types match those defined in the constraint definition.
For example:
{
"allowedLocations" : ["us-east1", "us-west1"],
"allowAll" : true
}
Note: The following fields are mutually exclusive: values, allow_all, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
Note: The following fields are mutually exclusive: values, allow_all, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
Note: The following fields are mutually exclusive: values, allow_all, deny_all, enforce. If a field in that set is populated, all other fields in the set will automatically be cleared.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[],[],null,["# Policy Simulator V1 API - Class Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule (v1.4.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.4.0 (latest)](/ruby/docs/reference/google-cloud-policy_simulator-v1/latest/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule)\n- [1.3.0](/ruby/docs/reference/google-cloud-policy_simulator-v1/1.3.0/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule)\n- [1.2.1](/ruby/docs/reference/google-cloud-policy_simulator-v1/1.2.1/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule)\n- [1.1.0](/ruby/docs/reference/google-cloud-policy_simulator-v1/1.1.0/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule)\n- [1.0.1](/ruby/docs/reference/google-cloud-policy_simulator-v1/1.0.1/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule)\n- [0.4.0](/ruby/docs/reference/google-cloud-policy_simulator-v1/0.4.0/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule)\n- [0.3.2](/ruby/docs/reference/google-cloud-policy_simulator-v1/0.3.2/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule)\n- [0.2.0](/ruby/docs/reference/google-cloud-policy_simulator-v1/0.2.0/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule)\n- [0.1.1](/ruby/docs/reference/google-cloud-policy_simulator-v1/0.1.1/Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule) \nReference documentation and code samples for the Policy Simulator V1 API class Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule.\n\nA rule used to express this policy. \n\nInherits\n--------\n\n- Object \n\nExtended By\n-----------\n\n- Google::Protobuf::MessageExts::ClassMethods \n\nIncludes\n--------\n\n- Google::Protobuf::MessageExts\n\nMethods\n-------\n\n### #allow_all\n\n def allow_all() -\u003e ::Boolean\n\n**Returns**\n\n- (::Boolean) --- Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.\n\n Note: The following fields are mutually exclusive: `allow_all`, `values`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.\n\n### #allow_all=\n\n def allow_all=(value) -\u003e ::Boolean\n\n**Parameter**\n\n- **value** (::Boolean) --- Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.\n\n\nNote: The following fields are mutually exclusive: `allow_all`, `values`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared. \n**Returns**\n\n- (::Boolean) --- Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.\n\n Note: The following fields are mutually exclusive: `allow_all`, `values`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.\n\n### #condition\n\n def condition() -\u003e ::Google::Type::Expr\n\n**Returns**\n\n- ([::Google::Type::Expr](./Google-Type-Expr)) --- A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the \\`Expr' must include from 1 to 10 subexpressions, joined by the \"\\|\\|\" or \"\\&\\&\" operators. Each subexpression must be of the form \"resource.matchTag('\n\n### #condition=\n\n def condition=(value) -\u003e ::Google::Type::Expr\n\n**Parameter**\n\n- **value** ([::Google::Type::Expr](./Google-Type-Expr)) --- A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the \\`Expr' must include from 1 to 10 subexpressions, joined by the \"\\|\\|\" or \"\\&\\&\" operators. Each subexpression must be of the form \"resource.matchTag(' \n**Returns**\n\n- ([::Google::Type::Expr](./Google-Type-Expr)) --- A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the \\`Expr' must include from 1 to 10 subexpressions, joined by the \"\\|\\|\" or \"\\&\\&\" operators. Each subexpression must be of the form \"resource.matchTag('\n\n### #deny_all\n\n def deny_all() -\u003e ::Boolean\n\n**Returns**\n\n- (::Boolean) --- Setting this to true means that all values are denied. This field can be set only in policies for list constraints.\n\n Note: The following fields are mutually exclusive: `deny_all`, `values`, `allow_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.\n\n### #deny_all=\n\n def deny_all=(value) -\u003e ::Boolean\n\n**Parameter**\n\n- **value** (::Boolean) --- Setting this to true means that all values are denied. This field can be set only in policies for list constraints.\n\n\nNote: The following fields are mutually exclusive: `deny_all`, `values`, `allow_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared. \n**Returns**\n\n- (::Boolean) --- Setting this to true means that all values are denied. This field can be set only in policies for list constraints.\n\n Note: The following fields are mutually exclusive: `deny_all`, `values`, `allow_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.\n\n### #enforce\n\n def enforce() -\u003e ::Boolean\n\n**Returns**\n\n- (::Boolean) --- If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.\n\n\n Note: The following fields are mutually exclusive: `enforce`, `values`, `allow_all`, `deny_all`. If a field in that set is populated, all other fields in the set will automatically be cleared.\n\n### #enforce=\n\n def enforce=(value) -\u003e ::Boolean\n\n**Parameter**\n\n- **value** (::Boolean) --- If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.\n\n\nNote: The following fields are mutually exclusive: `enforce`, `values`, `allow_all`, `deny_all`. If a field in that set is populated, all other fields in the set will automatically be cleared. \n**Returns**\n\n- (::Boolean) --- If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.\n\n\n Note: The following fields are mutually exclusive: `enforce`, `values`, `allow_all`, `deny_all`. If a field in that set is populated, all other fields in the set will automatically be cleared.\n\n### #parameters\n\n def parameters() -\u003e ::Google::Protobuf::Struct\n\n**Returns**\n\n- ([::Google::Protobuf::Struct](./Google-Protobuf-Struct)) --- Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : \\[\"us-east1\", \"us-west1\"\\], \"allowAll\" : true }\n\n### #parameters=\n\n def parameters=(value) -\u003e ::Google::Protobuf::Struct\n\n**Parameter**\n\n- **value** ([::Google::Protobuf::Struct](./Google-Protobuf-Struct)) --- Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : \\[\"us-east1\", \"us-west1\"\\], \"allowAll\" : true } \n**Returns**\n\n- ([::Google::Protobuf::Struct](./Google-Protobuf-Struct)) --- Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : \\[\"us-east1\", \"us-west1\"\\], \"allowAll\" : true }\n\n### #values\n\n def values() -\u003e ::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues\n\n**Returns**\n\n- ([::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues](./Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule-StringValues)) --- List of values to be used for this policy rule. This field can be set only in policies for list constraints.\n\n\n Note: The following fields are mutually exclusive: `values`, `allow_all`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.\n\n### #values=\n\n def values=(value) -\u003e ::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues\n\n**Parameter**\n\n- **value** ([::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues](./Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule-StringValues)) --- List of values to be used for this policy rule. This field can be set only in policies for list constraints.\n\n\nNote: The following fields are mutually exclusive: `values`, `allow_all`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared. \n**Returns**\n\n- ([::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues](./Google-Cloud-OrgPolicy-V2-PolicySpec-PolicyRule-StringValues)) --- List of values to be used for this policy rule. This field can be set only in policies for list constraints.\n\n\n Note: The following fields are mutually exclusive: `values`, `allow_all`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared."]]
