class Google::Apis::CloudassetV1p5beta1::GoogleCloudOrgpolicyV1Policy
Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources.
Attributes
Used in `policy_type` to specify how `boolean_policy` will behave at this resource. Corresponds to the JSON property `booleanPolicy` @return [Google::Apis::CloudassetV1p5beta1::GoogleCloudOrgpolicyV1BooleanPolicy]
The name of the `Constraint` the `Policy` is configuring, for example, ` constraints/serviceuser.services`. A [list of available constraints](/resource- manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation. Corresponds to the JSON property `constraint` @return [String]
An opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`. Corresponds to the JSON property `etag` NOTE: Values are automatically base64 encoded/decoded in the client library. @return [String]
Used in `policy_type` to specify how `list_policy` behaves at this resource. ` ListPolicy` can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a “:”. Values prefixed with “is:” are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - “projects/”, e.g. “projects/tokyo-rain-123” - “folders/”, e.g. “folders/1234” - “organizations/”, e.g. “organizations/1234” The `supports_under` field of the associated ` Constraint` defines whether ancestry prefixes can be used. You can set ` allowed_values` and `denied_values` in the same `Policy` if `all_values` is ` ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset. Corresponds to the JSON property `listPolicy` @return [Google::Apis::CloudassetV1p5beta1::GoogleCloudOrgpolicyV1ListPolicy]
Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/ serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated. Corresponds to the JSON property `restoreDefault` @return [Google::Apis::CloudassetV1p5beta1::GoogleCloudOrgpolicyV1RestoreDefault]
The time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to ` SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored. Corresponds to the JSON property `updateTime` @return [String]
Version of the `Policy`. Default version is 0; Corresponds to the JSON property `version` @return [Fixnum]
Public Class Methods
# File lib/google/apis/cloudasset_v1p5beta1/classes.rb, line 940 def initialize(**args) update!(**args) end
Public Instance Methods
Update properties of this object
# File lib/google/apis/cloudasset_v1p5beta1/classes.rb, line 945 def update!(**args) @boolean_policy = args[:boolean_policy] if args.key?(:boolean_policy) @constraint = args[:constraint] if args.key?(:constraint) @etag = args[:etag] if args.key?(:etag) @list_policy = args[:list_policy] if args.key?(:list_policy) @restore_default = args[:restore_default] if args.key?(:restore_default) @update_time = args[:update_time] if args.key?(:update_time) @version = args[:version] if args.key?(:version) end