Documentation ¶
Index ¶
- Variables
- func RegisterOrgPolicyServer(s *grpc.Server, srv OrgPolicyServer)
- type AlternatePolicySpec
- func (*AlternatePolicySpec) Descriptor() ([]byte, []int)deprecated
- func (x *AlternatePolicySpec) GetLaunch() string
- func (x *AlternatePolicySpec) GetSpec() *PolicySpec
- func (*AlternatePolicySpec) ProtoMessage()
- func (x *AlternatePolicySpec) ProtoReflect() protoreflect.Message
- func (x *AlternatePolicySpec) Reset()
- func (x *AlternatePolicySpec) String() string
- type Constraint
- func (*Constraint) Descriptor() ([]byte, []int)deprecated
- func (x *Constraint) GetBooleanConstraint() *Constraint_BooleanConstraint
- func (x *Constraint) GetConstraintDefault() Constraint_ConstraintDefault
- func (m *Constraint) GetConstraintType() isConstraint_ConstraintType
- func (x *Constraint) GetDescription() string
- func (x *Constraint) GetDisplayName() string
- func (x *Constraint) GetListConstraint() *Constraint_ListConstraint
- func (x *Constraint) GetName() string
- func (x *Constraint) GetSupportsDryRun() bool
- func (*Constraint) ProtoMessage()
- func (x *Constraint) ProtoReflect() protoreflect.Message
- func (x *Constraint) Reset()
- func (x *Constraint) String() string
- type Constraint_BooleanConstraint
- func (*Constraint_BooleanConstraint) Descriptor() ([]byte, []int)deprecated
- func (*Constraint_BooleanConstraint) ProtoMessage()
- func (x *Constraint_BooleanConstraint) ProtoReflect() protoreflect.Message
- func (x *Constraint_BooleanConstraint) Reset()
- func (x *Constraint_BooleanConstraint) String() string
- type Constraint_BooleanConstraint_
- type Constraint_ConstraintDefault
- func (Constraint_ConstraintDefault) Descriptor() protoreflect.EnumDescriptor
- func (x Constraint_ConstraintDefault) Enum() *Constraint_ConstraintDefault
- func (Constraint_ConstraintDefault) EnumDescriptor() ([]byte, []int)deprecated
- func (x Constraint_ConstraintDefault) Number() protoreflect.EnumNumber
- func (x Constraint_ConstraintDefault) String() string
- func (Constraint_ConstraintDefault) Type() protoreflect.EnumType
- type Constraint_ListConstraint
- func (*Constraint_ListConstraint) Descriptor() ([]byte, []int)deprecated
- func (x *Constraint_ListConstraint) GetSupportsIn() bool
- func (x *Constraint_ListConstraint) GetSupportsUnder() bool
- func (*Constraint_ListConstraint) ProtoMessage()
- func (x *Constraint_ListConstraint) ProtoReflect() protoreflect.Message
- func (x *Constraint_ListConstraint) Reset()
- func (x *Constraint_ListConstraint) String() string
- type Constraint_ListConstraint_
- type CreateCustomConstraintRequest
- func (*CreateCustomConstraintRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateCustomConstraintRequest) GetCustomConstraint() *CustomConstraint
- func (x *CreateCustomConstraintRequest) GetParent() string
- func (*CreateCustomConstraintRequest) ProtoMessage()
- func (x *CreateCustomConstraintRequest) ProtoReflect() protoreflect.Message
- func (x *CreateCustomConstraintRequest) Reset()
- func (x *CreateCustomConstraintRequest) String() string
- type CreatePolicyRequest
- func (*CreatePolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreatePolicyRequest) GetParent() string
- func (x *CreatePolicyRequest) GetPolicy() *Policy
- func (*CreatePolicyRequest) ProtoMessage()
- func (x *CreatePolicyRequest) ProtoReflect() protoreflect.Message
- func (x *CreatePolicyRequest) Reset()
- func (x *CreatePolicyRequest) String() string
- type CustomConstraint
- func (*CustomConstraint) Descriptor() ([]byte, []int)deprecated
- func (x *CustomConstraint) GetActionType() CustomConstraint_ActionType
- func (x *CustomConstraint) GetCondition() string
- func (x *CustomConstraint) GetDescription() string
- func (x *CustomConstraint) GetDisplayName() string
- func (x *CustomConstraint) GetMethodTypes() []CustomConstraint_MethodType
- func (x *CustomConstraint) GetName() string
- func (x *CustomConstraint) GetResourceTypes() []string
- func (x *CustomConstraint) GetUpdateTime() *timestamppb.Timestamp
- func (*CustomConstraint) ProtoMessage()
- func (x *CustomConstraint) ProtoReflect() protoreflect.Message
- func (x *CustomConstraint) Reset()
- func (x *CustomConstraint) String() string
- type CustomConstraint_ActionType
- func (CustomConstraint_ActionType) Descriptor() protoreflect.EnumDescriptor
- func (x CustomConstraint_ActionType) Enum() *CustomConstraint_ActionType
- func (CustomConstraint_ActionType) EnumDescriptor() ([]byte, []int)deprecated
- func (x CustomConstraint_ActionType) Number() protoreflect.EnumNumber
- func (x CustomConstraint_ActionType) String() string
- func (CustomConstraint_ActionType) Type() protoreflect.EnumType
- type CustomConstraint_MethodType
- func (CustomConstraint_MethodType) Descriptor() protoreflect.EnumDescriptor
- func (x CustomConstraint_MethodType) Enum() *CustomConstraint_MethodType
- func (CustomConstraint_MethodType) EnumDescriptor() ([]byte, []int)deprecated
- func (x CustomConstraint_MethodType) Number() protoreflect.EnumNumber
- func (x CustomConstraint_MethodType) String() string
- func (CustomConstraint_MethodType) Type() protoreflect.EnumType
- type DeleteCustomConstraintRequest
- func (*DeleteCustomConstraintRequest) Descriptor() ([]byte, []int)deprecated
- func (x *DeleteCustomConstraintRequest) GetName() string
- func (*DeleteCustomConstraintRequest) ProtoMessage()
- func (x *DeleteCustomConstraintRequest) ProtoReflect() protoreflect.Message
- func (x *DeleteCustomConstraintRequest) Reset()
- func (x *DeleteCustomConstraintRequest) String() string
- type DeletePolicyRequest
- func (*DeletePolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *DeletePolicyRequest) GetEtag() string
- func (x *DeletePolicyRequest) GetName() string
- func (*DeletePolicyRequest) ProtoMessage()
- func (x *DeletePolicyRequest) ProtoReflect() protoreflect.Message
- func (x *DeletePolicyRequest) Reset()
- func (x *DeletePolicyRequest) String() string
- type GetCustomConstraintRequest
- func (*GetCustomConstraintRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetCustomConstraintRequest) GetName() string
- func (*GetCustomConstraintRequest) ProtoMessage()
- func (x *GetCustomConstraintRequest) ProtoReflect() protoreflect.Message
- func (x *GetCustomConstraintRequest) Reset()
- func (x *GetCustomConstraintRequest) String() string
- type GetEffectivePolicyRequest
- func (*GetEffectivePolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetEffectivePolicyRequest) GetName() string
- func (*GetEffectivePolicyRequest) ProtoMessage()
- func (x *GetEffectivePolicyRequest) ProtoReflect() protoreflect.Message
- func (x *GetEffectivePolicyRequest) Reset()
- func (x *GetEffectivePolicyRequest) String() string
- type GetPolicyRequest
- type ListConstraintsRequest
- func (*ListConstraintsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListConstraintsRequest) GetPageSize() int32
- func (x *ListConstraintsRequest) GetPageToken() string
- func (x *ListConstraintsRequest) GetParent() string
- func (*ListConstraintsRequest) ProtoMessage()
- func (x *ListConstraintsRequest) ProtoReflect() protoreflect.Message
- func (x *ListConstraintsRequest) Reset()
- func (x *ListConstraintsRequest) String() string
- type ListConstraintsResponse
- func (*ListConstraintsResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListConstraintsResponse) GetConstraints() []*Constraint
- func (x *ListConstraintsResponse) GetNextPageToken() string
- func (*ListConstraintsResponse) ProtoMessage()
- func (x *ListConstraintsResponse) ProtoReflect() protoreflect.Message
- func (x *ListConstraintsResponse) Reset()
- func (x *ListConstraintsResponse) String() string
- type ListCustomConstraintsRequest
- func (*ListCustomConstraintsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListCustomConstraintsRequest) GetPageSize() int32
- func (x *ListCustomConstraintsRequest) GetPageToken() string
- func (x *ListCustomConstraintsRequest) GetParent() string
- func (*ListCustomConstraintsRequest) ProtoMessage()
- func (x *ListCustomConstraintsRequest) ProtoReflect() protoreflect.Message
- func (x *ListCustomConstraintsRequest) Reset()
- func (x *ListCustomConstraintsRequest) String() string
- type ListCustomConstraintsResponse
- func (*ListCustomConstraintsResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListCustomConstraintsResponse) GetCustomConstraints() []*CustomConstraint
- func (x *ListCustomConstraintsResponse) GetNextPageToken() string
- func (*ListCustomConstraintsResponse) ProtoMessage()
- func (x *ListCustomConstraintsResponse) ProtoReflect() protoreflect.Message
- func (x *ListCustomConstraintsResponse) Reset()
- func (x *ListCustomConstraintsResponse) String() string
- type ListPoliciesRequest
- func (*ListPoliciesRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListPoliciesRequest) GetPageSize() int32
- func (x *ListPoliciesRequest) GetPageToken() string
- func (x *ListPoliciesRequest) GetParent() string
- func (*ListPoliciesRequest) ProtoMessage()
- func (x *ListPoliciesRequest) ProtoReflect() protoreflect.Message
- func (x *ListPoliciesRequest) Reset()
- func (x *ListPoliciesRequest) String() string
- type ListPoliciesResponse
- func (*ListPoliciesResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListPoliciesResponse) GetNextPageToken() string
- func (x *ListPoliciesResponse) GetPolicies() []*Policy
- func (*ListPoliciesResponse) ProtoMessage()
- func (x *ListPoliciesResponse) ProtoReflect() protoreflect.Message
- func (x *ListPoliciesResponse) Reset()
- func (x *ListPoliciesResponse) String() string
- type OrgPolicyClient
- type OrgPolicyServer
- type Policy
- func (*Policy) Descriptor() ([]byte, []int)deprecated
- func (x *Policy) GetAlternate() *AlternatePolicySpecdeprecated
- func (x *Policy) GetDryRunSpec() *PolicySpec
- func (x *Policy) GetEtag() string
- func (x *Policy) GetName() string
- func (x *Policy) GetSpec() *PolicySpec
- func (*Policy) ProtoMessage()
- func (x *Policy) ProtoReflect() protoreflect.Message
- func (x *Policy) Reset()
- func (x *Policy) String() string
- type PolicySpec
- func (*PolicySpec) Descriptor() ([]byte, []int)deprecated
- func (x *PolicySpec) GetEtag() string
- func (x *PolicySpec) GetInheritFromParent() bool
- func (x *PolicySpec) GetReset_() bool
- func (x *PolicySpec) GetRules() []*PolicySpec_PolicyRule
- func (x *PolicySpec) GetUpdateTime() *timestamppb.Timestamp
- func (*PolicySpec) ProtoMessage()
- func (x *PolicySpec) ProtoReflect() protoreflect.Message
- func (x *PolicySpec) Reset()
- func (x *PolicySpec) String() string
- type PolicySpec_PolicyRule
- func (*PolicySpec_PolicyRule) Descriptor() ([]byte, []int)deprecated
- func (x *PolicySpec_PolicyRule) GetAllowAll() bool
- func (x *PolicySpec_PolicyRule) GetCondition() *expr.Expr
- func (x *PolicySpec_PolicyRule) GetDenyAll() bool
- func (x *PolicySpec_PolicyRule) GetEnforce() bool
- func (m *PolicySpec_PolicyRule) GetKind() isPolicySpec_PolicyRule_Kind
- func (x *PolicySpec_PolicyRule) GetValues() *PolicySpec_PolicyRule_StringValues
- func (*PolicySpec_PolicyRule) ProtoMessage()
- func (x *PolicySpec_PolicyRule) ProtoReflect() protoreflect.Message
- func (x *PolicySpec_PolicyRule) Reset()
- func (x *PolicySpec_PolicyRule) String() string
- type PolicySpec_PolicyRule_AllowAll
- type PolicySpec_PolicyRule_DenyAll
- type PolicySpec_PolicyRule_Enforce
- type PolicySpec_PolicyRule_StringValues
- func (*PolicySpec_PolicyRule_StringValues) Descriptor() ([]byte, []int)deprecated
- func (x *PolicySpec_PolicyRule_StringValues) GetAllowedValues() []string
- func (x *PolicySpec_PolicyRule_StringValues) GetDeniedValues() []string
- func (*PolicySpec_PolicyRule_StringValues) ProtoMessage()
- func (x *PolicySpec_PolicyRule_StringValues) ProtoReflect() protoreflect.Message
- func (x *PolicySpec_PolicyRule_StringValues) Reset()
- func (x *PolicySpec_PolicyRule_StringValues) String() string
- type PolicySpec_PolicyRule_Values
- type UnimplementedOrgPolicyServer
- func (*UnimplementedOrgPolicyServer) CreateCustomConstraint(context.Context, *CreateCustomConstraintRequest) (*CustomConstraint, error)
- func (*UnimplementedOrgPolicyServer) CreatePolicy(context.Context, *CreatePolicyRequest) (*Policy, error)
- func (*UnimplementedOrgPolicyServer) DeleteCustomConstraint(context.Context, *DeleteCustomConstraintRequest) (*emptypb.Empty, error)
- func (*UnimplementedOrgPolicyServer) DeletePolicy(context.Context, *DeletePolicyRequest) (*emptypb.Empty, error)
- func (*UnimplementedOrgPolicyServer) GetCustomConstraint(context.Context, *GetCustomConstraintRequest) (*CustomConstraint, error)
- func (*UnimplementedOrgPolicyServer) GetEffectivePolicy(context.Context, *GetEffectivePolicyRequest) (*Policy, error)
- func (*UnimplementedOrgPolicyServer) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
- func (*UnimplementedOrgPolicyServer) ListConstraints(context.Context, *ListConstraintsRequest) (*ListConstraintsResponse, error)
- func (*UnimplementedOrgPolicyServer) ListCustomConstraints(context.Context, *ListCustomConstraintsRequest) (*ListCustomConstraintsResponse, error)
- func (*UnimplementedOrgPolicyServer) ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error)
- func (*UnimplementedOrgPolicyServer) UpdateCustomConstraint(context.Context, *UpdateCustomConstraintRequest) (*CustomConstraint, error)
- func (*UnimplementedOrgPolicyServer) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
- type UpdateCustomConstraintRequest
- func (*UpdateCustomConstraintRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdateCustomConstraintRequest) GetCustomConstraint() *CustomConstraint
- func (*UpdateCustomConstraintRequest) ProtoMessage()
- func (x *UpdateCustomConstraintRequest) ProtoReflect() protoreflect.Message
- func (x *UpdateCustomConstraintRequest) Reset()
- func (x *UpdateCustomConstraintRequest) String() string
- type UpdatePolicyRequest
- func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdatePolicyRequest) GetPolicy() *Policy
- func (x *UpdatePolicyRequest) GetUpdateMask() *fieldmaskpb.FieldMask
- func (*UpdatePolicyRequest) ProtoMessage()
- func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message
- func (x *UpdatePolicyRequest) Reset()
- func (x *UpdatePolicyRequest) String() string
Constants ¶
This section is empty.
Variables ¶
var ( Constraint_ConstraintDefault_name = map[int32]string{ 0: "CONSTRAINT_DEFAULT_UNSPECIFIED", 1: "ALLOW", 2: "DENY", } Constraint_ConstraintDefault_value = map[string]int32{ "CONSTRAINT_DEFAULT_UNSPECIFIED": 0, "ALLOW": 1, "DENY": 2, } )
Enum value maps for Constraint_ConstraintDefault.
var ( CustomConstraint_MethodType_name = map[int32]string{ 0: "METHOD_TYPE_UNSPECIFIED", 1: "CREATE", 2: "UPDATE", 3: "DELETE", 4: "REMOVE_GRANT", 5: "GOVERN_TAGS", } CustomConstraint_MethodType_value = map[string]int32{ "METHOD_TYPE_UNSPECIFIED": 0, "CREATE": 1, "UPDATE": 2, "DELETE": 3, "REMOVE_GRANT": 4, "GOVERN_TAGS": 5, } )
Enum value maps for CustomConstraint_MethodType.
var ( CustomConstraint_ActionType_name = map[int32]string{ 0: "ACTION_TYPE_UNSPECIFIED", 1: "ALLOW", 2: "DENY", } CustomConstraint_ActionType_value = map[string]int32{ "ACTION_TYPE_UNSPECIFIED": 0, "ALLOW": 1, "DENY": 2, } )
Enum value maps for CustomConstraint_ActionType.
var File_google_cloud_orgpolicy_v2_constraint_proto protoreflect.FileDescriptor
var File_google_cloud_orgpolicy_v2_orgpolicy_proto protoreflect.FileDescriptor
Functions ¶
func RegisterOrgPolicyServer ¶
func RegisterOrgPolicyServer(s *grpc.Server, srv OrgPolicyServer)
Types ¶
type AlternatePolicySpec ¶
type AlternatePolicySpec struct { // Reference to the launch that will be used while audit logging and to // control the launch. // Should be set only in the alternate policy. Launch string `protobuf:"bytes,1,opt,name=launch,proto3" json:"launch,omitempty"` // Specify constraint for configurations of Google Cloud resources. Spec *PolicySpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` // contains filtered or unexported fields }
Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
func (*AlternatePolicySpec) Descriptor
deprecated
func (*AlternatePolicySpec) Descriptor() ([]byte, []int)
Deprecated: Use AlternatePolicySpec.ProtoReflect.Descriptor instead.
func (*AlternatePolicySpec) GetLaunch ¶
func (x *AlternatePolicySpec) GetLaunch() string
func (*AlternatePolicySpec) GetSpec ¶
func (x *AlternatePolicySpec) GetSpec() *PolicySpec
func (*AlternatePolicySpec) ProtoMessage ¶
func (*AlternatePolicySpec) ProtoMessage()
func (*AlternatePolicySpec) ProtoReflect ¶
func (x *AlternatePolicySpec) ProtoReflect() protoreflect.Message
func (*AlternatePolicySpec) Reset ¶
func (x *AlternatePolicySpec) Reset()
func (*AlternatePolicySpec) String ¶
func (x *AlternatePolicySpec) String() string
type Constraint ¶
type Constraint struct { // Immutable. The resource name of the constraint. Must be in one of // the following forms: // // * `projects/{project_number}/constraints/{constraint_name}` // * `folders/{folder_id}/constraints/{constraint_name}` // * `organizations/{organization_id}/constraints/{constraint_name}` // // For example, "/projects/123/constraints/compute.disableSerialPortAccess". Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The human readable name. // // Mutable. DisplayName string `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // Detailed description of what this constraint controls as well as how and // where it is enforced. // // Mutable. Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"` // The evaluation behavior of this constraint in the absence of a policy. ConstraintDefault Constraint_ConstraintDefault `` /* 173-byte string literal not displayed */ // The type of restrictions for this `Constraint`. // // Immutable after creation. // // Types that are assignable to ConstraintType: // // *Constraint_ListConstraint_ // *Constraint_BooleanConstraint_ ConstraintType isConstraint_ConstraintType `protobuf_oneof:"constraint_type"` // Shows if dry run is supported for this constraint or not. SupportsDryRun bool `protobuf:"varint,7,opt,name=supports_dry_run,json=supportsDryRun,proto3" json:"supports_dry_run,omitempty"` // contains filtered or unexported fields }
A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Google Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about [`policies`][google.cloud.OrgPolicy.v2.Policy].
Constraints have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.
func (*Constraint) Descriptor
deprecated
func (*Constraint) Descriptor() ([]byte, []int)
Deprecated: Use Constraint.ProtoReflect.Descriptor instead.
func (*Constraint) GetBooleanConstraint ¶
func (x *Constraint) GetBooleanConstraint() *Constraint_BooleanConstraint
func (*Constraint) GetConstraintDefault ¶
func (x *Constraint) GetConstraintDefault() Constraint_ConstraintDefault
func (*Constraint) GetConstraintType ¶
func (m *Constraint) GetConstraintType() isConstraint_ConstraintType
func (*Constraint) GetDescription ¶
func (x *Constraint) GetDescription() string
func (*Constraint) GetDisplayName ¶
func (x *Constraint) GetDisplayName() string
func (*Constraint) GetListConstraint ¶
func (x *Constraint) GetListConstraint() *Constraint_ListConstraint
func (*Constraint) GetName ¶
func (x *Constraint) GetName() string
func (*Constraint) GetSupportsDryRun ¶ added in v1.12.0
func (x *Constraint) GetSupportsDryRun() bool
func (*Constraint) ProtoMessage ¶
func (*Constraint) ProtoMessage()
func (*Constraint) ProtoReflect ¶
func (x *Constraint) ProtoReflect() protoreflect.Message
func (*Constraint) Reset ¶
func (x *Constraint) Reset()
func (*Constraint) String ¶
func (x *Constraint) String() string
type Constraint_BooleanConstraint ¶
type Constraint_BooleanConstraint struct {
// contains filtered or unexported fields
}
A constraint that is either enforced or not.
For example, a constraint `constraints/compute.disableSerialPortAccess`. If it is enforced on a VM instance, serial port connections will not be opened to that instance.
func (*Constraint_BooleanConstraint) Descriptor
deprecated
func (*Constraint_BooleanConstraint) Descriptor() ([]byte, []int)
Deprecated: Use Constraint_BooleanConstraint.ProtoReflect.Descriptor instead.
func (*Constraint_BooleanConstraint) ProtoMessage ¶
func (*Constraint_BooleanConstraint) ProtoMessage()
func (*Constraint_BooleanConstraint) ProtoReflect ¶
func (x *Constraint_BooleanConstraint) ProtoReflect() protoreflect.Message
func (*Constraint_BooleanConstraint) Reset ¶
func (x *Constraint_BooleanConstraint) Reset()
func (*Constraint_BooleanConstraint) String ¶
func (x *Constraint_BooleanConstraint) String() string
type Constraint_BooleanConstraint_ ¶
type Constraint_BooleanConstraint_ struct { // Defines this constraint as being a BooleanConstraint. BooleanConstraint *Constraint_BooleanConstraint `protobuf:"bytes,6,opt,name=boolean_constraint,json=booleanConstraint,proto3,oneof"` }
type Constraint_ConstraintDefault ¶
type Constraint_ConstraintDefault int32
Specifies the default behavior in the absence of any policy for the constraint. This must not be `CONSTRAINT_DEFAULT_UNSPECIFIED`.
Immutable after creation.
const ( // This is only used for distinguishing unset values and should never be // used. Constraint_CONSTRAINT_DEFAULT_UNSPECIFIED Constraint_ConstraintDefault = 0 // Indicate that all values are allowed for list constraints. // Indicate that enforcement is off for boolean constraints. Constraint_ALLOW Constraint_ConstraintDefault = 1 // Indicate that all values are denied for list constraints. // Indicate that enforcement is on for boolean constraints. Constraint_DENY Constraint_ConstraintDefault = 2 )
func (Constraint_ConstraintDefault) Descriptor ¶
func (Constraint_ConstraintDefault) Descriptor() protoreflect.EnumDescriptor
func (Constraint_ConstraintDefault) Enum ¶
func (x Constraint_ConstraintDefault) Enum() *Constraint_ConstraintDefault
func (Constraint_ConstraintDefault) EnumDescriptor
deprecated
func (Constraint_ConstraintDefault) EnumDescriptor() ([]byte, []int)
Deprecated: Use Constraint_ConstraintDefault.Descriptor instead.
func (Constraint_ConstraintDefault) Number ¶
func (x Constraint_ConstraintDefault) Number() protoreflect.EnumNumber
func (Constraint_ConstraintDefault) String ¶
func (x Constraint_ConstraintDefault) String() string
func (Constraint_ConstraintDefault) Type ¶
func (Constraint_ConstraintDefault) Type() protoreflect.EnumType
type Constraint_ListConstraint ¶
type Constraint_ListConstraint struct { // Indicates whether values grouped into categories can be used in // `Policy.allowed_values` and `Policy.denied_values`. For example, // `"in:Python"` would match any value in the 'Python' group. SupportsIn bool `protobuf:"varint,1,opt,name=supports_in,json=supportsIn,proto3" json:"supports_in,omitempty"` // Indicates whether subtrees of the Resource Manager resource hierarchy // can be used in `Policy.allowed_values` and `Policy.denied_values`. For // example, `"under:folders/123"` would match any resource under the // 'folders/123' folder. SupportsUnder bool `protobuf:"varint,2,opt,name=supports_under,json=supportsUnder,proto3" json:"supports_under,omitempty"` // contains filtered or unexported fields }
A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy.
func (*Constraint_ListConstraint) Descriptor
deprecated
func (*Constraint_ListConstraint) Descriptor() ([]byte, []int)
Deprecated: Use Constraint_ListConstraint.ProtoReflect.Descriptor instead.
func (*Constraint_ListConstraint) GetSupportsIn ¶
func (x *Constraint_ListConstraint) GetSupportsIn() bool
func (*Constraint_ListConstraint) GetSupportsUnder ¶
func (x *Constraint_ListConstraint) GetSupportsUnder() bool
func (*Constraint_ListConstraint) ProtoMessage ¶
func (*Constraint_ListConstraint) ProtoMessage()
func (*Constraint_ListConstraint) ProtoReflect ¶
func (x *Constraint_ListConstraint) ProtoReflect() protoreflect.Message
func (*Constraint_ListConstraint) Reset ¶
func (x *Constraint_ListConstraint) Reset()
func (*Constraint_ListConstraint) String ¶
func (x *Constraint_ListConstraint) String() string
type Constraint_ListConstraint_ ¶
type Constraint_ListConstraint_ struct { // Defines this constraint as being a ListConstraint. ListConstraint *Constraint_ListConstraint `protobuf:"bytes,5,opt,name=list_constraint,json=listConstraint,proto3,oneof"` }
type CreateCustomConstraintRequest ¶ added in v1.12.0
type CreateCustomConstraintRequest struct { // Required. Must be in the following form: // // * `organizations/{organization_id}` Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Required. Custom constraint to create. CustomConstraint *CustomConstraint `protobuf:"bytes,2,opt,name=custom_constraint,json=customConstraint,proto3" json:"custom_constraint,omitempty"` // contains filtered or unexported fields }
The request sent to the CreateCustomConstraintRequest [google.cloud.orgpolicy.v2.OrgPolicy.CreateCustomConstraint] method.
func (*CreateCustomConstraintRequest) Descriptor
deprecated
added in
v1.12.0
func (*CreateCustomConstraintRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateCustomConstraintRequest.ProtoReflect.Descriptor instead.
func (*CreateCustomConstraintRequest) GetCustomConstraint ¶ added in v1.12.0
func (x *CreateCustomConstraintRequest) GetCustomConstraint() *CustomConstraint
func (*CreateCustomConstraintRequest) GetParent ¶ added in v1.12.0
func (x *CreateCustomConstraintRequest) GetParent() string
func (*CreateCustomConstraintRequest) ProtoMessage ¶ added in v1.12.0
func (*CreateCustomConstraintRequest) ProtoMessage()
func (*CreateCustomConstraintRequest) ProtoReflect ¶ added in v1.12.0
func (x *CreateCustomConstraintRequest) ProtoReflect() protoreflect.Message
func (*CreateCustomConstraintRequest) Reset ¶ added in v1.12.0
func (x *CreateCustomConstraintRequest) Reset()
func (*CreateCustomConstraintRequest) String ¶ added in v1.12.0
func (x *CreateCustomConstraintRequest) String() string
type CreatePolicyRequest ¶
type CreatePolicyRequest struct { // Required. The Google Cloud resource that will parent the new policy. Must // be in one of the following forms: // // * `projects/{project_number}` // * `projects/{project_id}` // * `folders/{folder_id}` // * `organizations/{organization_id}` Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Required. Policy to create. Policy *Policy `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"` // contains filtered or unexported fields }
The request sent to the CreatePolicyRequest [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.
func (*CreatePolicyRequest) Descriptor
deprecated
func (*CreatePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreatePolicyRequest.ProtoReflect.Descriptor instead.
func (*CreatePolicyRequest) GetParent ¶
func (x *CreatePolicyRequest) GetParent() string
func (*CreatePolicyRequest) GetPolicy ¶
func (x *CreatePolicyRequest) GetPolicy() *Policy
func (*CreatePolicyRequest) ProtoMessage ¶
func (*CreatePolicyRequest) ProtoMessage()
func (*CreatePolicyRequest) ProtoReflect ¶
func (x *CreatePolicyRequest) ProtoReflect() protoreflect.Message
func (*CreatePolicyRequest) Reset ¶
func (x *CreatePolicyRequest) Reset()
func (*CreatePolicyRequest) String ¶
func (x *CreatePolicyRequest) String() string
type CustomConstraint ¶ added in v1.12.0
type CustomConstraint struct { // Immutable. Name of the constraint. This is unique within the organization. // Format of the name should be // // * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` // // Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms` // // The max length is 70 characters and the minimum length is 1. Note that the // prefix `organizations/{organization_id}/customConstraints/` is not counted. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Immutable. The resource instance type on which this policy applies. Format // will be of the form : `<canonical service name>/<type>` Example: // // - `compute.googleapis.com/Instance`. ResourceTypes []string `protobuf:"bytes,2,rep,name=resource_types,json=resourceTypes,proto3" json:"resource_types,omitempty"` // All the operations being applied for this constraint. MethodTypes []CustomConstraint_MethodType `` /* 161-byte string literal not displayed */ // Org policy condition/expression. For example: // `resource.instanceName.matches("[production|test]_.*_(\d)+")` or, // `resource.management.auto_upgrade == true` // // The max length of the condition is 1000 characters. Condition string `protobuf:"bytes,4,opt,name=condition,proto3" json:"condition,omitempty"` // Allow or deny type. ActionType CustomConstraint_ActionType `` /* 151-byte string literal not displayed */ // One line display name for the UI. // The max length of the display_name is 200 characters. DisplayName string `protobuf:"bytes,6,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // Detailed information about this custom policy constraint. // The max length of the description is 2000 characters. Description string `protobuf:"bytes,7,opt,name=description,proto3" json:"description,omitempty"` // Output only. The last time this custom constraint was updated. This // represents the last time that the `CreateCustomConstraint` or // `UpdateCustomConstraint` RPC was called UpdateTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"` // contains filtered or unexported fields }
A custom constraint defined by customers which can *only* be applied to the given resource types and organization.
By creating a custom constraint, customers can apply policies of this custom constraint. *Creating a custom constraint itself does NOT apply any policy enforcement*.
func (*CustomConstraint) Descriptor
deprecated
added in
v1.12.0
func (*CustomConstraint) Descriptor() ([]byte, []int)
Deprecated: Use CustomConstraint.ProtoReflect.Descriptor instead.
func (*CustomConstraint) GetActionType ¶ added in v1.12.0
func (x *CustomConstraint) GetActionType() CustomConstraint_ActionType
func (*CustomConstraint) GetCondition ¶ added in v1.12.0
func (x *CustomConstraint) GetCondition() string
func (*CustomConstraint) GetDescription ¶ added in v1.12.0
func (x *CustomConstraint) GetDescription() string
func (*CustomConstraint) GetDisplayName ¶ added in v1.12.0
func (x *CustomConstraint) GetDisplayName() string
func (*CustomConstraint) GetMethodTypes ¶ added in v1.12.0
func (x *CustomConstraint) GetMethodTypes() []CustomConstraint_MethodType
func (*CustomConstraint) GetName ¶ added in v1.12.0
func (x *CustomConstraint) GetName() string
func (*CustomConstraint) GetResourceTypes ¶ added in v1.12.0
func (x *CustomConstraint) GetResourceTypes() []string
func (*CustomConstraint) GetUpdateTime ¶ added in v1.12.0
func (x *CustomConstraint) GetUpdateTime() *timestamppb.Timestamp
func (*CustomConstraint) ProtoMessage ¶ added in v1.12.0
func (*CustomConstraint) ProtoMessage()
func (*CustomConstraint) ProtoReflect ¶ added in v1.12.0
func (x *CustomConstraint) ProtoReflect() protoreflect.Message
func (*CustomConstraint) Reset ¶ added in v1.12.0
func (x *CustomConstraint) Reset()
func (*CustomConstraint) String ¶ added in v1.12.0
func (x *CustomConstraint) String() string
type CustomConstraint_ActionType ¶ added in v1.12.0
type CustomConstraint_ActionType int32
Allow or deny type.
const ( // Unspecified. Results in an error. CustomConstraint_ACTION_TYPE_UNSPECIFIED CustomConstraint_ActionType = 0 // Allowed action type. CustomConstraint_ALLOW CustomConstraint_ActionType = 1 // Deny action type. CustomConstraint_DENY CustomConstraint_ActionType = 2 )
func (CustomConstraint_ActionType) Descriptor ¶ added in v1.12.0
func (CustomConstraint_ActionType) Descriptor() protoreflect.EnumDescriptor
func (CustomConstraint_ActionType) Enum ¶ added in v1.12.0
func (x CustomConstraint_ActionType) Enum() *CustomConstraint_ActionType
func (CustomConstraint_ActionType) EnumDescriptor
deprecated
added in
v1.12.0
func (CustomConstraint_ActionType) EnumDescriptor() ([]byte, []int)
Deprecated: Use CustomConstraint_ActionType.Descriptor instead.
func (CustomConstraint_ActionType) Number ¶ added in v1.12.0
func (x CustomConstraint_ActionType) Number() protoreflect.EnumNumber
func (CustomConstraint_ActionType) String ¶ added in v1.12.0
func (x CustomConstraint_ActionType) String() string
func (CustomConstraint_ActionType) Type ¶ added in v1.12.0
func (CustomConstraint_ActionType) Type() protoreflect.EnumType
type CustomConstraint_MethodType ¶ added in v1.12.0
type CustomConstraint_MethodType int32
The operation for which this constraint will be applied. To apply this constraint only when creating new VMs, the `method_types` should be `CREATE` only. To apply this constraint when creating or deleting VMs, the `method_types` should be `CREATE` and `DELETE`.
`UPDATE` only custom constraints are not supported. Use `CREATE` or `CREATE, UPDATE`.
const ( // Unspecified. Results in an error. CustomConstraint_METHOD_TYPE_UNSPECIFIED CustomConstraint_MethodType = 0 // Constraint applied when creating the resource. CustomConstraint_CREATE CustomConstraint_MethodType = 1 // Constraint applied when updating the resource. CustomConstraint_UPDATE CustomConstraint_MethodType = 2 // Constraint applied when deleting the resource. // Not supported yet. CustomConstraint_DELETE CustomConstraint_MethodType = 3 // Constraint applied when removing an IAM grant. CustomConstraint_REMOVE_GRANT CustomConstraint_MethodType = 4 // Constraint applied when enforcing forced tagging. CustomConstraint_GOVERN_TAGS CustomConstraint_MethodType = 5 )
func (CustomConstraint_MethodType) Descriptor ¶ added in v1.12.0
func (CustomConstraint_MethodType) Descriptor() protoreflect.EnumDescriptor
func (CustomConstraint_MethodType) Enum ¶ added in v1.12.0
func (x CustomConstraint_MethodType) Enum() *CustomConstraint_MethodType
func (CustomConstraint_MethodType) EnumDescriptor
deprecated
added in
v1.12.0
func (CustomConstraint_MethodType) EnumDescriptor() ([]byte, []int)
Deprecated: Use CustomConstraint_MethodType.Descriptor instead.
func (CustomConstraint_MethodType) Number ¶ added in v1.12.0
func (x CustomConstraint_MethodType) Number() protoreflect.EnumNumber
func (CustomConstraint_MethodType) String ¶ added in v1.12.0
func (x CustomConstraint_MethodType) String() string
func (CustomConstraint_MethodType) Type ¶ added in v1.12.0
func (CustomConstraint_MethodType) Type() protoreflect.EnumType
type DeleteCustomConstraintRequest ¶ added in v1.12.0
type DeleteCustomConstraintRequest struct { // Required. Name of the custom constraint to delete. // See the custom constraint entry for naming rules. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
The request sent to the [DeleteCustomConstraint] [google.cloud.orgpolicy.v2.OrgPolicy.DeleteCustomConstraint] method.
func (*DeleteCustomConstraintRequest) Descriptor
deprecated
added in
v1.12.0
func (*DeleteCustomConstraintRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeleteCustomConstraintRequest.ProtoReflect.Descriptor instead.
func (*DeleteCustomConstraintRequest) GetName ¶ added in v1.12.0
func (x *DeleteCustomConstraintRequest) GetName() string
func (*DeleteCustomConstraintRequest) ProtoMessage ¶ added in v1.12.0
func (*DeleteCustomConstraintRequest) ProtoMessage()
func (*DeleteCustomConstraintRequest) ProtoReflect ¶ added in v1.12.0
func (x *DeleteCustomConstraintRequest) ProtoReflect() protoreflect.Message
func (*DeleteCustomConstraintRequest) Reset ¶ added in v1.12.0
func (x *DeleteCustomConstraintRequest) Reset()
func (*DeleteCustomConstraintRequest) String ¶ added in v1.12.0
func (x *DeleteCustomConstraintRequest) String() string
type DeletePolicyRequest ¶
type DeletePolicyRequest struct { // Required. Name of the policy to delete. // See the policy entry for naming rules. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Optional. The current etag of policy. If an etag is provided and does not // match the current etag of the policy, deletion will be blocked and an // ABORTED error will be returned. Etag string `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"` // contains filtered or unexported fields }
The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.
func (*DeletePolicyRequest) Descriptor
deprecated
func (*DeletePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeletePolicyRequest.ProtoReflect.Descriptor instead.
func (*DeletePolicyRequest) GetEtag ¶ added in v1.12.0
func (x *DeletePolicyRequest) GetEtag() string
func (*DeletePolicyRequest) GetName ¶
func (x *DeletePolicyRequest) GetName() string
func (*DeletePolicyRequest) ProtoMessage ¶
func (*DeletePolicyRequest) ProtoMessage()
func (*DeletePolicyRequest) ProtoReflect ¶
func (x *DeletePolicyRequest) ProtoReflect() protoreflect.Message
func (*DeletePolicyRequest) Reset ¶
func (x *DeletePolicyRequest) Reset()
func (*DeletePolicyRequest) String ¶
func (x *DeletePolicyRequest) String() string
type GetCustomConstraintRequest ¶ added in v1.12.0
type GetCustomConstraintRequest struct { // Required. Resource name of the custom constraint. See the custom constraint // entry for naming requirements. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
The request sent to the [GetCustomConstraint] [google.cloud.orgpolicy.v2.OrgPolicy.GetCustomConstraint] method.
func (*GetCustomConstraintRequest) Descriptor
deprecated
added in
v1.12.0
func (*GetCustomConstraintRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetCustomConstraintRequest.ProtoReflect.Descriptor instead.
func (*GetCustomConstraintRequest) GetName ¶ added in v1.12.0
func (x *GetCustomConstraintRequest) GetName() string
func (*GetCustomConstraintRequest) ProtoMessage ¶ added in v1.12.0
func (*GetCustomConstraintRequest) ProtoMessage()
func (*GetCustomConstraintRequest) ProtoReflect ¶ added in v1.12.0
func (x *GetCustomConstraintRequest) ProtoReflect() protoreflect.Message
func (*GetCustomConstraintRequest) Reset ¶ added in v1.12.0
func (x *GetCustomConstraintRequest) Reset()
func (*GetCustomConstraintRequest) String ¶ added in v1.12.0
func (x *GetCustomConstraintRequest) String() string
type GetEffectivePolicyRequest ¶
type GetEffectivePolicyRequest struct { // Required. The effective policy to compute. See // [Policy][google.cloud.orgpolicy.v2.Policy] for naming requirements. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.
func (*GetEffectivePolicyRequest) Descriptor
deprecated
func (*GetEffectivePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetEffectivePolicyRequest.ProtoReflect.Descriptor instead.
func (*GetEffectivePolicyRequest) GetName ¶
func (x *GetEffectivePolicyRequest) GetName() string
func (*GetEffectivePolicyRequest) ProtoMessage ¶
func (*GetEffectivePolicyRequest) ProtoMessage()
func (*GetEffectivePolicyRequest) ProtoReflect ¶
func (x *GetEffectivePolicyRequest) ProtoReflect() protoreflect.Message
func (*GetEffectivePolicyRequest) Reset ¶
func (x *GetEffectivePolicyRequest) Reset()
func (*GetEffectivePolicyRequest) String ¶
func (x *GetEffectivePolicyRequest) String() string
type GetPolicyRequest ¶
type GetPolicyRequest struct { // Required. Resource name of the policy. See // [Policy][google.cloud.orgpolicy.v2.Policy] for naming requirements. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.
func (*GetPolicyRequest) Descriptor
deprecated
func (*GetPolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetPolicyRequest) GetName ¶
func (x *GetPolicyRequest) GetName() string
func (*GetPolicyRequest) ProtoMessage ¶
func (*GetPolicyRequest) ProtoMessage()
func (*GetPolicyRequest) ProtoReflect ¶
func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message
func (*GetPolicyRequest) Reset ¶
func (x *GetPolicyRequest) Reset()
func (*GetPolicyRequest) String ¶
func (x *GetPolicyRequest) String() string
type ListConstraintsRequest ¶
type ListConstraintsRequest struct { // Required. The Google Cloud resource that parents the constraint. Must be in // one of the following forms: // // * `projects/{project_number}` // * `projects/{project_id}` // * `folders/{folder_id}` // * `organizations/{organization_id}` Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Size of the pages to be returned. This is currently unsupported and will // be ignored. The server may at any point start using this field to limit // page size. PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // Page token used to retrieve the next page. This is currently unsupported // and will be ignored. The server may at any point start using this field. PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // contains filtered or unexported fields }
The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
func (*ListConstraintsRequest) Descriptor
deprecated
func (*ListConstraintsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListConstraintsRequest.ProtoReflect.Descriptor instead.
func (*ListConstraintsRequest) GetPageSize ¶
func (x *ListConstraintsRequest) GetPageSize() int32
func (*ListConstraintsRequest) GetPageToken ¶
func (x *ListConstraintsRequest) GetPageToken() string
func (*ListConstraintsRequest) GetParent ¶
func (x *ListConstraintsRequest) GetParent() string
func (*ListConstraintsRequest) ProtoMessage ¶
func (*ListConstraintsRequest) ProtoMessage()
func (*ListConstraintsRequest) ProtoReflect ¶
func (x *ListConstraintsRequest) ProtoReflect() protoreflect.Message
func (*ListConstraintsRequest) Reset ¶
func (x *ListConstraintsRequest) Reset()
func (*ListConstraintsRequest) String ¶
func (x *ListConstraintsRequest) String() string
type ListConstraintsResponse ¶
type ListConstraintsResponse struct { // The collection of constraints that are available on the targeted resource. Constraints []*Constraint `protobuf:"bytes,1,rep,name=constraints,proto3" json:"constraints,omitempty"` // Page token used to retrieve the next page. This is currently not used. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // contains filtered or unexported fields }
The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
func (*ListConstraintsResponse) Descriptor
deprecated
func (*ListConstraintsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListConstraintsResponse.ProtoReflect.Descriptor instead.
func (*ListConstraintsResponse) GetConstraints ¶
func (x *ListConstraintsResponse) GetConstraints() []*Constraint
func (*ListConstraintsResponse) GetNextPageToken ¶
func (x *ListConstraintsResponse) GetNextPageToken() string
func (*ListConstraintsResponse) ProtoMessage ¶
func (*ListConstraintsResponse) ProtoMessage()
func (*ListConstraintsResponse) ProtoReflect ¶
func (x *ListConstraintsResponse) ProtoReflect() protoreflect.Message
func (*ListConstraintsResponse) Reset ¶
func (x *ListConstraintsResponse) Reset()
func (*ListConstraintsResponse) String ¶
func (x *ListConstraintsResponse) String() string
type ListCustomConstraintsRequest ¶ added in v1.12.0
type ListCustomConstraintsRequest struct { // Required. The target Google Cloud resource that parents the set of custom // constraints that will be returned from this call. Must be in one of the // following forms: // // * `organizations/{organization_id}` Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Size of the pages to be returned. This is currently unsupported and will // be ignored. The server may at any point start using this field to limit // page size. PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // Page token used to retrieve the next page. This is currently unsupported // and will be ignored. The server may at any point start using this field. PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // contains filtered or unexported fields }
The request sent to the [ListCustomConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListCustomConstraints] method.
func (*ListCustomConstraintsRequest) Descriptor
deprecated
added in
v1.12.0
func (*ListCustomConstraintsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListCustomConstraintsRequest.ProtoReflect.Descriptor instead.
func (*ListCustomConstraintsRequest) GetPageSize ¶ added in v1.12.0
func (x *ListCustomConstraintsRequest) GetPageSize() int32
func (*ListCustomConstraintsRequest) GetPageToken ¶ added in v1.12.0
func (x *ListCustomConstraintsRequest) GetPageToken() string
func (*ListCustomConstraintsRequest) GetParent ¶ added in v1.12.0
func (x *ListCustomConstraintsRequest) GetParent() string
func (*ListCustomConstraintsRequest) ProtoMessage ¶ added in v1.12.0
func (*ListCustomConstraintsRequest) ProtoMessage()
func (*ListCustomConstraintsRequest) ProtoReflect ¶ added in v1.12.0
func (x *ListCustomConstraintsRequest) ProtoReflect() protoreflect.Message
func (*ListCustomConstraintsRequest) Reset ¶ added in v1.12.0
func (x *ListCustomConstraintsRequest) Reset()
func (*ListCustomConstraintsRequest) String ¶ added in v1.12.0
func (x *ListCustomConstraintsRequest) String() string
type ListCustomConstraintsResponse ¶ added in v1.12.0
type ListCustomConstraintsResponse struct { // All custom constraints that exist on the organization resource. It will be // empty if no custom constraints are set. CustomConstraints []*CustomConstraint `protobuf:"bytes,1,rep,name=custom_constraints,json=customConstraints,proto3" json:"custom_constraints,omitempty"` // Page token used to retrieve the next page. This is currently not used, but // the server may at any point start supplying a valid token. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // contains filtered or unexported fields }
The response returned from the [ListCustomConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListCustomConstraints] method. It will be empty if no custom constraints are set on the organization resource.
func (*ListCustomConstraintsResponse) Descriptor
deprecated
added in
v1.12.0
func (*ListCustomConstraintsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListCustomConstraintsResponse.ProtoReflect.Descriptor instead.
func (*ListCustomConstraintsResponse) GetCustomConstraints ¶ added in v1.12.0
func (x *ListCustomConstraintsResponse) GetCustomConstraints() []*CustomConstraint
func (*ListCustomConstraintsResponse) GetNextPageToken ¶ added in v1.12.0
func (x *ListCustomConstraintsResponse) GetNextPageToken() string
func (*ListCustomConstraintsResponse) ProtoMessage ¶ added in v1.12.0
func (*ListCustomConstraintsResponse) ProtoMessage()
func (*ListCustomConstraintsResponse) ProtoReflect ¶ added in v1.12.0
func (x *ListCustomConstraintsResponse) ProtoReflect() protoreflect.Message
func (*ListCustomConstraintsResponse) Reset ¶ added in v1.12.0
func (x *ListCustomConstraintsResponse) Reset()
func (*ListCustomConstraintsResponse) String ¶ added in v1.12.0
func (x *ListCustomConstraintsResponse) String() string
type ListPoliciesRequest ¶
type ListPoliciesRequest struct { // Required. The target Google Cloud resource that parents the set of // constraints and policies that will be returned from this call. Must be in // one of the following forms: // // * `projects/{project_number}` // * `projects/{project_id}` // * `folders/{folder_id}` // * `organizations/{organization_id}` Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Size of the pages to be returned. This is currently unsupported and will // be ignored. The server may at any point start using this field to limit // page size. PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // Page token used to retrieve the next page. This is currently unsupported // and will be ignored. The server may at any point start using this field. PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // contains filtered or unexported fields }
The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.
func (*ListPoliciesRequest) Descriptor
deprecated
func (*ListPoliciesRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListPoliciesRequest.ProtoReflect.Descriptor instead.
func (*ListPoliciesRequest) GetPageSize ¶
func (x *ListPoliciesRequest) GetPageSize() int32
func (*ListPoliciesRequest) GetPageToken ¶
func (x *ListPoliciesRequest) GetPageToken() string
func (*ListPoliciesRequest) GetParent ¶
func (x *ListPoliciesRequest) GetParent() string
func (*ListPoliciesRequest) ProtoMessage ¶
func (*ListPoliciesRequest) ProtoMessage()
func (*ListPoliciesRequest) ProtoReflect ¶
func (x *ListPoliciesRequest) ProtoReflect() protoreflect.Message
func (*ListPoliciesRequest) Reset ¶
func (x *ListPoliciesRequest) Reset()
func (*ListPoliciesRequest) String ¶
func (x *ListPoliciesRequest) String() string
type ListPoliciesResponse ¶
type ListPoliciesResponse struct { // All policies that exist on the resource. It will be empty if no // policies are set. Policies []*Policy `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"` // Page token used to retrieve the next page. This is currently not used, but // the server may at any point start supplying a valid token. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // contains filtered or unexported fields }
The response returned from the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no policies are set on the resource.
func (*ListPoliciesResponse) Descriptor
deprecated
func (*ListPoliciesResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListPoliciesResponse.ProtoReflect.Descriptor instead.
func (*ListPoliciesResponse) GetNextPageToken ¶
func (x *ListPoliciesResponse) GetNextPageToken() string
func (*ListPoliciesResponse) GetPolicies ¶
func (x *ListPoliciesResponse) GetPolicies() []*Policy
func (*ListPoliciesResponse) ProtoMessage ¶
func (*ListPoliciesResponse) ProtoMessage()
func (*ListPoliciesResponse) ProtoReflect ¶
func (x *ListPoliciesResponse) ProtoReflect() protoreflect.Message
func (*ListPoliciesResponse) Reset ¶
func (x *ListPoliciesResponse) Reset()
func (*ListPoliciesResponse) String ¶
func (x *ListPoliciesResponse) String() string
type OrgPolicyClient ¶
type OrgPolicyClient interface { // Lists constraints that could be applied on the specified resource. ListConstraints(ctx context.Context, in *ListConstraintsRequest, opts ...grpc.CallOption) (*ListConstraintsResponse, error) // Retrieves all of the policies that exist on a particular resource. ListPolicies(ctx context.Context, in *ListPoliciesRequest, opts ...grpc.CallOption) (*ListPoliciesResponse, error) // Gets a policy on a resource. // // If no policy is set on the resource, `NOT_FOUND` is returned. The // `etag` value can be used with `UpdatePolicy()` to update a // policy during read-modify-write. GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error) // Gets the effective policy on a resource. This is the result of merging // policies in the resource hierarchy and evaluating conditions. The // returned policy will not have an `etag` or `condition` set because it is // an evaluated policy across multiple resources. // Subtrees of Resource Manager resource hierarchy with 'under:' prefix will // not be expanded. GetEffectivePolicy(ctx context.Context, in *GetEffectivePolicyRequest, opts ...grpc.CallOption) (*Policy, error) // Creates a policy. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint does not exist. // Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the // policy already exists on the given Google Cloud resource. CreatePolicy(ctx context.Context, in *CreatePolicyRequest, opts ...grpc.CallOption) (*Policy, error) // Updates a policy. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint or the policy do not exist. // Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag // supplied in the request does not match the persisted etag of the policy // // Note: the supplied policy will perform a full overwrite of all // fields. UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*Policy, error) // Deletes a policy. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint or organization policy does not exist. DeletePolicy(ctx context.Context, in *DeletePolicyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) // Creates a custom constraint. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // organization does not exist. // Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the // constraint already exists on the given organization. CreateCustomConstraint(ctx context.Context, in *CreateCustomConstraintRequest, opts ...grpc.CallOption) (*CustomConstraint, error) // Updates a custom constraint. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint does not exist. // // Note: the supplied policy will perform a full overwrite of all // fields. UpdateCustomConstraint(ctx context.Context, in *UpdateCustomConstraintRequest, opts ...grpc.CallOption) (*CustomConstraint, error) // Gets a custom constraint. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // custom constraint does not exist. GetCustomConstraint(ctx context.Context, in *GetCustomConstraintRequest, opts ...grpc.CallOption) (*CustomConstraint, error) // Retrieves all of the custom constraints that exist on a particular // organization resource. ListCustomConstraints(ctx context.Context, in *ListCustomConstraintsRequest, opts ...grpc.CallOption) (*ListCustomConstraintsResponse, error) // Deletes a custom constraint. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint does not exist. DeleteCustomConstraint(ctx context.Context, in *DeleteCustomConstraintRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) }
OrgPolicyClient is the client API for OrgPolicy service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewOrgPolicyClient ¶
func NewOrgPolicyClient(cc grpc.ClientConnInterface) OrgPolicyClient
type OrgPolicyServer ¶
type OrgPolicyServer interface { // Lists constraints that could be applied on the specified resource. ListConstraints(context.Context, *ListConstraintsRequest) (*ListConstraintsResponse, error) // Retrieves all of the policies that exist on a particular resource. ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error) // Gets a policy on a resource. // // If no policy is set on the resource, `NOT_FOUND` is returned. The // `etag` value can be used with `UpdatePolicy()` to update a // policy during read-modify-write. GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error) // Gets the effective policy on a resource. This is the result of merging // policies in the resource hierarchy and evaluating conditions. The // returned policy will not have an `etag` or `condition` set because it is // an evaluated policy across multiple resources. // Subtrees of Resource Manager resource hierarchy with 'under:' prefix will // not be expanded. GetEffectivePolicy(context.Context, *GetEffectivePolicyRequest) (*Policy, error) // Creates a policy. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint does not exist. // Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the // policy already exists on the given Google Cloud resource. CreatePolicy(context.Context, *CreatePolicyRequest) (*Policy, error) // Updates a policy. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint or the policy do not exist. // Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag // supplied in the request does not match the persisted etag of the policy // // Note: the supplied policy will perform a full overwrite of all // fields. UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error) // Deletes a policy. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint or organization policy does not exist. DeletePolicy(context.Context, *DeletePolicyRequest) (*emptypb.Empty, error) // Creates a custom constraint. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // organization does not exist. // Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the // constraint already exists on the given organization. CreateCustomConstraint(context.Context, *CreateCustomConstraintRequest) (*CustomConstraint, error) // Updates a custom constraint. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint does not exist. // // Note: the supplied policy will perform a full overwrite of all // fields. UpdateCustomConstraint(context.Context, *UpdateCustomConstraintRequest) (*CustomConstraint, error) // Gets a custom constraint. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // custom constraint does not exist. GetCustomConstraint(context.Context, *GetCustomConstraintRequest) (*CustomConstraint, error) // Retrieves all of the custom constraints that exist on a particular // organization resource. ListCustomConstraints(context.Context, *ListCustomConstraintsRequest) (*ListCustomConstraintsResponse, error) // Deletes a custom constraint. // // Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the // constraint does not exist. DeleteCustomConstraint(context.Context, *DeleteCustomConstraintRequest) (*emptypb.Empty, error) }
OrgPolicyServer is the server API for OrgPolicy service.
type Policy ¶
type Policy struct { // Immutable. The resource name of the policy. Must be one of the following // forms, where `constraint_name` is the name of the constraint which this // policy configures: // // * `projects/{project_number}/policies/{constraint_name}` // * `folders/{folder_id}/policies/{constraint_name}` // * `organizations/{organization_id}/policies/{constraint_name}` // // For example, `projects/123/policies/compute.disableSerialPortAccess`. // // Note: `projects/{project_id}/policies/{constraint_name}` is also an // acceptable name for API requests, but responses will return the name using // the equivalent project number. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Basic information about the Organization Policy. Spec *PolicySpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` // Deprecated. // // Deprecated: Marked as deprecated in google/cloud/orgpolicy/v2/orgpolicy.proto. Alternate *AlternatePolicySpec `protobuf:"bytes,3,opt,name=alternate,proto3" json:"alternate,omitempty"` // Dry-run policy. // Audit-only policy, can be used to monitor how the policy would have // impacted the existing and future resources if it's enforced. DryRunSpec *PolicySpec `protobuf:"bytes,4,opt,name=dry_run_spec,json=dryRunSpec,proto3" json:"dry_run_spec,omitempty"` // Optional. An opaque tag indicating the current state of the policy, used // for concurrency control. This 'etag' is computed by the server based on the // value of other fields, and may be sent on update and delete requests to // ensure the client has an up-to-date value before proceeding. Etag string `protobuf:"bytes,5,opt,name=etag,proto3" json:"etag,omitempty"` // contains filtered or unexported fields }
Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.
func (*Policy) Descriptor
deprecated
func (*Policy) GetAlternate
deprecated
func (x *Policy) GetAlternate() *AlternatePolicySpec
Deprecated: Marked as deprecated in google/cloud/orgpolicy/v2/orgpolicy.proto.
func (*Policy) GetDryRunSpec ¶ added in v1.9.0
func (x *Policy) GetDryRunSpec() *PolicySpec
func (*Policy) GetSpec ¶
func (x *Policy) GetSpec() *PolicySpec
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) ProtoReflect ¶
func (x *Policy) ProtoReflect() protoreflect.Message
type PolicySpec ¶
type PolicySpec struct { // An opaque tag indicating the current version of the policySpec, used for // concurrency control. // // This field is ignored if used in a `CreatePolicy` request. // // When the policy is returned from either a `GetPolicy` or a // `ListPolicies` request, this `etag` indicates the version of the // current policySpec to use when executing a read-modify-write loop. // // When the policy is returned from a `GetEffectivePolicy` request, the // `etag` will be unset. Etag string `protobuf:"bytes,1,opt,name=etag,proto3" json:"etag,omitempty"` // Output only. The time stamp this was previously updated. This // represents the last time a call to `CreatePolicy` or `UpdatePolicy` was // made for that policy. UpdateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"` // In policies for boolean constraints, the following requirements apply: // // - There must be one and only one policy rule where condition is unset. // - Boolean policy rules with conditions must set `enforced` to the // opposite of the policy rule without a condition. // - During policy evaluation, policy rules with conditions that are // true for a target resource take precedence. Rules []*PolicySpec_PolicyRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"` // Determines the inheritance behavior for this policy. // // If `inherit_from_parent` is true, policy rules set higher up in the // hierarchy (up to the closest root) are inherited and present in the // effective policy. If it is false, then no rules are inherited, and this // policy becomes the new root for evaluation. // This field can be set only for policies which configure list constraints. InheritFromParent bool `protobuf:"varint,4,opt,name=inherit_from_parent,json=inheritFromParent,proto3" json:"inherit_from_parent,omitempty"` // Ignores policies set above this resource and restores the // `constraint_default` enforcement behavior of the specific constraint at // this resource. // This field can be set in policies for either list or boolean // constraints. If set, `rules` must be empty and `inherit_from_parent` // must be set to false. Reset_ bool `protobuf:"varint,5,opt,name=reset,proto3" json:"reset,omitempty"` // contains filtered or unexported fields }
Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.
func (*PolicySpec) Descriptor
deprecated
func (*PolicySpec) Descriptor() ([]byte, []int)
Deprecated: Use PolicySpec.ProtoReflect.Descriptor instead.
func (*PolicySpec) GetEtag ¶
func (x *PolicySpec) GetEtag() string
func (*PolicySpec) GetInheritFromParent ¶
func (x *PolicySpec) GetInheritFromParent() bool
func (*PolicySpec) GetReset_ ¶
func (x *PolicySpec) GetReset_() bool
func (*PolicySpec) GetRules ¶
func (x *PolicySpec) GetRules() []*PolicySpec_PolicyRule
func (*PolicySpec) GetUpdateTime ¶
func (x *PolicySpec) GetUpdateTime() *timestamppb.Timestamp
func (*PolicySpec) ProtoMessage ¶
func (*PolicySpec) ProtoMessage()
func (*PolicySpec) ProtoReflect ¶
func (x *PolicySpec) ProtoReflect() protoreflect.Message
func (*PolicySpec) Reset ¶
func (x *PolicySpec) Reset()
func (*PolicySpec) String ¶
func (x *PolicySpec) String() string
type PolicySpec_PolicyRule ¶
type PolicySpec_PolicyRule struct { // Types that are assignable to Kind: // // *PolicySpec_PolicyRule_Values // *PolicySpec_PolicyRule_AllowAll // *PolicySpec_PolicyRule_DenyAll // *PolicySpec_PolicyRule_Enforce Kind isPolicySpec_PolicyRule_Kind `protobuf_oneof:"kind"` // A condition which determines whether this rule is used // in the evaluation of the policy. When set, the `expression` field in // the `Expr' must include from 1 to 10 subexpressions, joined by the "||" // or "&&" operators. Each subexpression must be of the form // "resource.matchTag('<ORG_ID>/tag_key_short_name, // 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', // 'tagValues/value_id')". where key_name and value_name are the resource // names for Label Keys and Values. These names are available from the Tag // Manager Service. An example expression is: // "resource.matchTag('123456789/environment, // 'prod')". or "resource.matchTagId('tagKeys/123', // 'tagValues/456')". Condition *expr.Expr `protobuf:"bytes,5,opt,name=condition,proto3" json:"condition,omitempty"` // contains filtered or unexported fields }
A rule used to express this policy.
func (*PolicySpec_PolicyRule) Descriptor
deprecated
func (*PolicySpec_PolicyRule) Descriptor() ([]byte, []int)
Deprecated: Use PolicySpec_PolicyRule.ProtoReflect.Descriptor instead.
func (*PolicySpec_PolicyRule) GetAllowAll ¶
func (x *PolicySpec_PolicyRule) GetAllowAll() bool
func (*PolicySpec_PolicyRule) GetCondition ¶
func (x *PolicySpec_PolicyRule) GetCondition() *expr.Expr
func (*PolicySpec_PolicyRule) GetDenyAll ¶
func (x *PolicySpec_PolicyRule) GetDenyAll() bool
func (*PolicySpec_PolicyRule) GetEnforce ¶
func (x *PolicySpec_PolicyRule) GetEnforce() bool
func (*PolicySpec_PolicyRule) GetKind ¶
func (m *PolicySpec_PolicyRule) GetKind() isPolicySpec_PolicyRule_Kind
func (*PolicySpec_PolicyRule) GetValues ¶
func (x *PolicySpec_PolicyRule) GetValues() *PolicySpec_PolicyRule_StringValues
func (*PolicySpec_PolicyRule) ProtoMessage ¶
func (*PolicySpec_PolicyRule) ProtoMessage()
func (*PolicySpec_PolicyRule) ProtoReflect ¶
func (x *PolicySpec_PolicyRule) ProtoReflect() protoreflect.Message
func (*PolicySpec_PolicyRule) Reset ¶
func (x *PolicySpec_PolicyRule) Reset()
func (*PolicySpec_PolicyRule) String ¶
func (x *PolicySpec_PolicyRule) String() string
type PolicySpec_PolicyRule_AllowAll ¶
type PolicySpec_PolicyRule_AllowAll struct { // Setting this to true means that all values are allowed. This field can // be set only in policies for list constraints. AllowAll bool `protobuf:"varint,2,opt,name=allow_all,json=allowAll,proto3,oneof"` }
type PolicySpec_PolicyRule_DenyAll ¶
type PolicySpec_PolicyRule_DenyAll struct { // Setting this to true means that all values are denied. This field can // be set only in policies for list constraints. DenyAll bool `protobuf:"varint,3,opt,name=deny_all,json=denyAll,proto3,oneof"` }
type PolicySpec_PolicyRule_Enforce ¶
type PolicySpec_PolicyRule_Enforce struct { // If `true`, then the policy is enforced. If `false`, then any // configuration is acceptable. // This field can be set only in policies for boolean constraints. Enforce bool `protobuf:"varint,4,opt,name=enforce,proto3,oneof"` }
type PolicySpec_PolicyRule_StringValues ¶
type PolicySpec_PolicyRule_StringValues struct { // List of values allowed at this resource. AllowedValues []string `protobuf:"bytes,1,rep,name=allowed_values,json=allowedValues,proto3" json:"allowed_values,omitempty"` // List of values denied at this resource. DeniedValues []string `protobuf:"bytes,2,rep,name=denied_values,json=deniedValues,proto3" json:"denied_values,omitempty"` // contains filtered or unexported fields }
A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:
- `projects/<project-id>` (for example, `projects/tokyo-rain-123`) - `folders/<folder-id>` (for example, `folders/1234`) - `organizations/<organization-id>` (for example, `organizations/1234`)
The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used.
func (*PolicySpec_PolicyRule_StringValues) Descriptor
deprecated
func (*PolicySpec_PolicyRule_StringValues) Descriptor() ([]byte, []int)
Deprecated: Use PolicySpec_PolicyRule_StringValues.ProtoReflect.Descriptor instead.
func (*PolicySpec_PolicyRule_StringValues) GetAllowedValues ¶
func (x *PolicySpec_PolicyRule_StringValues) GetAllowedValues() []string
func (*PolicySpec_PolicyRule_StringValues) GetDeniedValues ¶
func (x *PolicySpec_PolicyRule_StringValues) GetDeniedValues() []string
func (*PolicySpec_PolicyRule_StringValues) ProtoMessage ¶
func (*PolicySpec_PolicyRule_StringValues) ProtoMessage()
func (*PolicySpec_PolicyRule_StringValues) ProtoReflect ¶
func (x *PolicySpec_PolicyRule_StringValues) ProtoReflect() protoreflect.Message
func (*PolicySpec_PolicyRule_StringValues) Reset ¶
func (x *PolicySpec_PolicyRule_StringValues) Reset()
func (*PolicySpec_PolicyRule_StringValues) String ¶
func (x *PolicySpec_PolicyRule_StringValues) String() string
type PolicySpec_PolicyRule_Values ¶
type PolicySpec_PolicyRule_Values struct { // List of values to be used for this policy rule. This field can be set // only in policies for list constraints. Values *PolicySpec_PolicyRule_StringValues `protobuf:"bytes,1,opt,name=values,proto3,oneof"` }
type UnimplementedOrgPolicyServer ¶
type UnimplementedOrgPolicyServer struct { }
UnimplementedOrgPolicyServer can be embedded to have forward compatible implementations.
func (*UnimplementedOrgPolicyServer) CreateCustomConstraint ¶ added in v1.12.0
func (*UnimplementedOrgPolicyServer) CreateCustomConstraint(context.Context, *CreateCustomConstraintRequest) (*CustomConstraint, error)
func (*UnimplementedOrgPolicyServer) CreatePolicy ¶
func (*UnimplementedOrgPolicyServer) CreatePolicy(context.Context, *CreatePolicyRequest) (*Policy, error)
func (*UnimplementedOrgPolicyServer) DeleteCustomConstraint ¶ added in v1.12.0
func (*UnimplementedOrgPolicyServer) DeleteCustomConstraint(context.Context, *DeleteCustomConstraintRequest) (*emptypb.Empty, error)
func (*UnimplementedOrgPolicyServer) DeletePolicy ¶
func (*UnimplementedOrgPolicyServer) DeletePolicy(context.Context, *DeletePolicyRequest) (*emptypb.Empty, error)
func (*UnimplementedOrgPolicyServer) GetCustomConstraint ¶ added in v1.12.0
func (*UnimplementedOrgPolicyServer) GetCustomConstraint(context.Context, *GetCustomConstraintRequest) (*CustomConstraint, error)
func (*UnimplementedOrgPolicyServer) GetEffectivePolicy ¶
func (*UnimplementedOrgPolicyServer) GetEffectivePolicy(context.Context, *GetEffectivePolicyRequest) (*Policy, error)
func (*UnimplementedOrgPolicyServer) GetPolicy ¶
func (*UnimplementedOrgPolicyServer) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
func (*UnimplementedOrgPolicyServer) ListConstraints ¶
func (*UnimplementedOrgPolicyServer) ListConstraints(context.Context, *ListConstraintsRequest) (*ListConstraintsResponse, error)
func (*UnimplementedOrgPolicyServer) ListCustomConstraints ¶ added in v1.12.0
func (*UnimplementedOrgPolicyServer) ListCustomConstraints(context.Context, *ListCustomConstraintsRequest) (*ListCustomConstraintsResponse, error)
func (*UnimplementedOrgPolicyServer) ListPolicies ¶
func (*UnimplementedOrgPolicyServer) ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error)
func (*UnimplementedOrgPolicyServer) UpdateCustomConstraint ¶ added in v1.12.0
func (*UnimplementedOrgPolicyServer) UpdateCustomConstraint(context.Context, *UpdateCustomConstraintRequest) (*CustomConstraint, error)
func (*UnimplementedOrgPolicyServer) UpdatePolicy ¶
func (*UnimplementedOrgPolicyServer) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
type UpdateCustomConstraintRequest ¶ added in v1.12.0
type UpdateCustomConstraintRequest struct { // Required. `CustomConstraint` to update. CustomConstraint *CustomConstraint `protobuf:"bytes,1,opt,name=custom_constraint,json=customConstraint,proto3" json:"custom_constraint,omitempty"` // contains filtered or unexported fields }
The request sent to the UpdateCustomConstraintRequest [google.cloud.orgpolicy.v2.OrgPolicy.UpdateCustomConstraint] method.
func (*UpdateCustomConstraintRequest) Descriptor
deprecated
added in
v1.12.0
func (*UpdateCustomConstraintRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateCustomConstraintRequest.ProtoReflect.Descriptor instead.
func (*UpdateCustomConstraintRequest) GetCustomConstraint ¶ added in v1.12.0
func (x *UpdateCustomConstraintRequest) GetCustomConstraint() *CustomConstraint
func (*UpdateCustomConstraintRequest) ProtoMessage ¶ added in v1.12.0
func (*UpdateCustomConstraintRequest) ProtoMessage()
func (*UpdateCustomConstraintRequest) ProtoReflect ¶ added in v1.12.0
func (x *UpdateCustomConstraintRequest) ProtoReflect() protoreflect.Message
func (*UpdateCustomConstraintRequest) Reset ¶ added in v1.12.0
func (x *UpdateCustomConstraintRequest) Reset()
func (*UpdateCustomConstraintRequest) String ¶ added in v1.12.0
func (x *UpdateCustomConstraintRequest) String() string
type UpdatePolicyRequest ¶
type UpdatePolicyRequest struct { // Required. Policy to update. Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"` // Field mask used to specify the fields to be overwritten in the policy // by the set. The fields specified in the update_mask are relative to the // policy, not the full request. UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"` // contains filtered or unexported fields }
The request sent to the UpdatePolicyRequest [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.
func (*UpdatePolicyRequest) Descriptor
deprecated
func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdatePolicyRequest) GetPolicy ¶
func (x *UpdatePolicyRequest) GetPolicy() *Policy
func (*UpdatePolicyRequest) GetUpdateMask ¶ added in v1.9.0
func (x *UpdatePolicyRequest) GetUpdateMask() *fieldmaskpb.FieldMask
func (*UpdatePolicyRequest) ProtoMessage ¶
func (*UpdatePolicyRequest) ProtoMessage()
func (*UpdatePolicyRequest) ProtoReflect ¶
func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message
func (*UpdatePolicyRequest) Reset ¶
func (x *UpdatePolicyRequest) Reset()
func (*UpdatePolicyRequest) String ¶
func (x *UpdatePolicyRequest) String() string