Class: Google::Cloud::Asset::V1::AnalyzerOrgPolicy

Inherits:

Object

• Object
• Google::Cloud::Asset::V1::AnalyzerOrgPolicy

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/asset/v1/asset_service.rb

Overview

This organization policy message is a modified version of the one defined in the Organization Policy system. This message contains several fields defined in the original organization policy with some new fields for analysis purpose.

Defined Under Namespace

Classes: Rule

Instance Attribute Summary

• #applied_resource ⇒ ::String

  The full resource name of an organization/folder/project resource where this organization policy applies to.

• #attached_resource ⇒ ::String

  The full resource name of an organization/folder/project resource where this organization policy is set.

• #inherit_from_parent ⇒ ::Boolean

  If inherit_from_parent is true, Rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy.

• #reset ⇒ ::Boolean

  Ignores policies set above this resource and restores the default behavior of the constraint at this resource.

• #rules ⇒ ::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule>

  List of rules for this organization policy.

Instance Attribute Details

#applied_resource ⇒ ::String

Returns The full resource name of an organization/folder/project resource where this organization policy applies to.

For any user defined org policies, this field has the same value as the [attached_resource] field. Only for default policy, this field has the different value.

Returns:

• (::String) —

  The full resource name of an organization/folder/project resource where this organization policy applies to.

  For any user defined org policies, this field has the same value as the [attached_resource] field. Only for default policy, this field has the different value.

# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1983

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `values`, `allow_all`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `allow_all`, `values`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `deny_all`, `values`, `allow_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  #
  #     Note: The following fields are mutually exclusive: `enforce`, `values`, `allow_all`, `deny_all`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#attached_resource ⇒ ::String

Returns The full resource name of an organization/folder/project resource where this organization policy is set.

Notice that some type of constraints are defined with default policy. This field will be empty for them.

Returns:

• (::String) —

  The full resource name of an organization/folder/project resource where this organization policy is set.

  Notice that some type of constraints are defined with default policy. This field will be empty for them.

# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1983

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `values`, `allow_all`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `allow_all`, `values`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `deny_all`, `values`, `allow_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  #
  #     Note: The following fields are mutually exclusive: `enforce`, `values`, `allow_all`, `deny_all`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#inherit_from_parent ⇒ ::Boolean

Returns If inherit_from_parent is true, Rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the effective root for evaluation.

Returns:

• (::Boolean) —

  If inherit_from_parent is true, Rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the effective root for evaluation.

# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1983

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `values`, `allow_all`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `allow_all`, `values`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `deny_all`, `values`, `allow_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  #
  #     Note: The following fields are mutually exclusive: `enforce`, `values`, `allow_all`, `deny_all`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#reset ⇒ ::Boolean

Returns Ignores policies set above this resource and restores the default behavior of the constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, rules must be empty and inherit_from_parent must be set to false.

Returns:

• (::Boolean) —

  Ignores policies set above this resource and restores the default behavior of the constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, rules must be empty and inherit_from_parent must be set to false.

# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1983

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `values`, `allow_all`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `allow_all`, `values`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `deny_all`, `values`, `allow_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  #
  #     Note: The following fields are mutually exclusive: `enforce`, `values`, `allow_all`, `deny_all`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#rules ⇒ ::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule>

Returns List of rules for this organization policy.

Returns:

• (::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule>) —

  List of rules for this organization policy.

# File 'proto_docs/google/cloud/asset/v1/asset_service.rb', line 1983

class AnalyzerOrgPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This rule message is a customized version of the one defined in the
  # Organization Policy system. In addition to the fields defined in the
  # original organization policy, it contains additional field(s) under
  # specific circumstances to support analysis results.
  # @!attribute [rw] values
  #   @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
  #     List of values to be used for this policy rule. This field can be set
  #     only in policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `values`, `allow_all`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] allow_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are allowed. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `allow_all`, `values`, `deny_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] deny_all
  #   @return [::Boolean]
  #     Setting this to true means that all values are denied. This field can
  #     be set only in Policies for list constraints.
  #
  #     Note: The following fields are mutually exclusive: `deny_all`, `values`, `allow_all`, `enforce`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] enforce
  #   @return [::Boolean]
  #     If `true`, then the `Policy` is enforced. If `false`, then any
  #     configuration is acceptable.
  #     This field can be set only in Policies for boolean constraints.
  #
  #     Note: The following fields are mutually exclusive: `enforce`, `values`, `allow_all`, `deny_all`. If a field in that set is populated, all other fields in the set will automatically be cleared.
  # @!attribute [rw] condition
  #   @return [::Google::Type::Expr]
  #     The evaluating condition for this rule.
  # @!attribute [rw] condition_evaluation
  #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
  #     The condition evaluation result for this rule.
  #     Only populated if it meets all the following criteria:
  #
  #     * There is a
  #     {::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule#condition condition}
  #     defined for this rule.
  #     * This rule is within
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#consolidated_policy AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy},
  #       or
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#consolidated_policy AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy}
  #       when the
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset}
  #       has
  #       {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#governed_resource AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource}.
  class Rule
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The string values for the list constraints.
    # @!attribute [rw] allowed_values
    #   @return [::Array<::String>]
    #     List of values allowed at this resource.
    # @!attribute [rw] denied_values
    #   @return [::Array<::String>]
    #     List of values denied at this resource.
    class StringValues
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end