API Reference google_api_org_policy v0.2.0
Modules
API client metadata for GoogleApi.OrgPolicy.V2.
API calls for all endpoints tagged Folders
.
API calls for all endpoints tagged Organizations
.
API calls for all endpoints tagged Projects
.
Handle Tesla connections for GoogleApi.OrgPolicy.V2.
A constraint
describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints
can be configured by the organization's policy administrator to fit the needs of the organization by setting a policy
that includes constraints
at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about policies
. Constraints
have a default behavior determined by the constraint_default
field, which is the enforcement behavior that is used in the absence of a policy
being defined or inherited for the resource in question.
A Constraint
that is either enforced or not. For example a constraint constraints/compute.disableSerialPortAccess
. If it is enforced on a VM instance, serial port connections will not be opened to that instance.
A Constraint
that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a Policy
.
A custom constraint defined by customers which can only be applied to the given resource types and organization. By creating a custom constraint, customers can applied policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement.
The response returned from the ListConstraints method.
The response returned from the ListPolicies method. It will be empty if no Policies
are set on the resource.
Defines a Cloud Organization Policy
which is used to specify Constraints
for configurations of Cloud Platform resources.
Defines a Cloud Organization PolicySpec
which is used to specify Constraints
for configurations of Cloud Platform resources.
A rule used to express this policy.
A message that holds specific allowed and denied values. This message can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations
, Folders
, Projects
) that are allowed or denied. This is achieved by using the under:
and optional is:
prefixes. The under:
prefix is used to denote resource subtree values. The is:
prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The supports_under
field of the associated Constraint
defines whether ancestry prefixes can be used.
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty
is empty JSON object {}
.
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.