Class: Google::Apis::SecuritypostureV1::GoogleCloudSecuritypostureV1PolicyRule

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/securityposture_v1/classes.rb,
lib/google/apis/securityposture_v1/representations.rb,
lib/google/apis/securityposture_v1/representations.rb

Overview

A rule that defines the allowed and denied values for an organization policy constraint.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleCloudSecuritypostureV1PolicyRule

Returns a new instance of GoogleCloudSecuritypostureV1PolicyRule.



495
496
497
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 495

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allow_allBoolean Also known as: allow_all?

Whether to allow any value for a list constraint. Valid only for list constraints. Corresponds to the JSON property allowAll

Returns:

  • (Boolean) 


424
425
426
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 424

def allow_all
  @allow_all
end

#conditionGoogle::Apis::SecuritypostureV1::Expr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: " Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example ( Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. Corresponds to the JSON property condition

Returns:



444
445
446
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 444

def condition
  @condition
end

#deny_allBoolean Also known as: deny_all?

Whether to deny all values for a list constraint. Valid only for list constraints. Corresponds to the JSON property denyAll

Returns:

  • (Boolean) 


450
451
452
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 450

def deny_all
  @deny_all
end

#enforceBoolean Also known as: enforce?

Whether to enforce the constraint. Valid only for boolean constraints. Corresponds to the JSON property enforce

Returns:

  • (Boolean) 


456
457
458
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 456

def enforce
  @enforce
end

#parametersHash<String,Object>

Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: ` "allowedLocations": ["us-east1", "us-west1"], "allowAll": true ` Corresponds to the JSON property parameters

Returns:

  • (Hash<String,Object>) 


465
466
467
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 465

def parameters
  @parameters
end

#resource_typesGoogle::Apis::SecuritypostureV1::ResourceTypes

Set multiple resource types for one policy, for example: resourceTypes: included: - compute.googleapis.com/Instance - compute.googleapis.com/Disk Constraint definition contains an empty resource type in order to support multiple resource types in the policy. Only supports managed constraints. Method type is GOVERN_TAGS. Corresponds to the JSON property resourceTypes

Returns:



474
475
476
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 474

def resource_types
  @resource_types
end

#valuesGoogle::Apis::SecuritypostureV1::GoogleCloudSecuritypostureV1PolicyRuleStringValues

The allowed and denied values for a list constraint. For all constraints, these fields can contain literal values. Optionally, you can add the is: prefix to these values. If the value contains a colon (:), then the is: prefix is required. Some constraints allow you to specify a portion of the resource hierarchy, known as a hierarchy subtree, that the constraint applies to. To specify a hierarchy subtree, use the under: prefix, followed by a value with one of these formats: - projects/project_id(for example, `projects/tokyo-rain-123`) - `folders/`folder_id (for example, folders/1234567890123) - organizations/organization_id`(for example, organizations/123456789012) A constraint'ssupports_underfield indicates whether you can specify a hierarchy subtree. To learn which predefined constraints let you specify a hierarchy subtree, see the [constraints reference](https://cloud.google.com/resource-manager/help/organization-policy/ constraints/reference). Corresponds to the JSON propertyvalues`

Returns:



493
494
495
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 493

def values
  @values
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



500
501
502
503
504
505
506
507
508
 
# File 'lib/google/apis/securityposture_v1/classes.rb', line 500

def update!(**args)
  @allow_all = args[:allow_all] if args.key?(:allow_all)
  @condition = args[:condition] if args.key?(:condition)
  @deny_all = args[:deny_all] if args.key?(:deny_all)
  @enforce = args[:enforce] if args.key?(:enforce)
  @parameters = args[:parameters] if args.key?(:parameters)
  @resource_types = args[:resource_types] if args.key?(:resource_types)
  @values = args[:values] if args.key?(:values)
end