genproto: google.golang.org/genproto/googleapis/cloud/orgpolicy/v1 Index | Files

package orgpolicy

import "google.golang.org/genproto/googleapis/cloud/orgpolicy/v1"

Index

Package Files

orgpolicy.pb.go

Variables

var (
    Policy_ListPolicy_AllValues_name = map[int32]string{
        0:  "ALL_VALUES_UNSPECIFIED",
        1:  "ALLOW",
        2:  "DENY",
    }
    Policy_ListPolicy_AllValues_value = map[string]int32{
        "ALL_VALUES_UNSPECIFIED": 0,
        "ALLOW":                  1,
        "DENY":                   2,
    }
)

Enum value maps for Policy_ListPolicy_AllValues.

var File_google_cloud_orgpolicy_v1_orgpolicy_proto protoreflect.FileDescriptor

type Policy Uses

type Policy struct {

    // Version of the `Policy`. Default version is 0;
    Version int32 `protobuf:"varint,1,opt,name=version,proto3" json:"version,omitempty"`
    // The name of the `Constraint` the `Policy` is configuring, for example,
    // `constraints/serviceuser.services`.
    //
    // Immutable after creation.
    Constraint string `protobuf:"bytes,2,opt,name=constraint,proto3" json:"constraint,omitempty"`
    // An opaque tag indicating the current version of the `Policy`, used for
    // concurrency control.
    //
    // When the `Policy` is returned from either a `GetPolicy` or a
    // `ListOrgPolicy` request, this `etag` indicates the version of the current
    // `Policy` to use when executing a read-modify-write loop.
    //
    // When the `Policy` is returned from a `GetEffectivePolicy` request, the
    // `etag` will be unset.
    //
    // When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
    // that was returned from a `GetOrgPolicy` request as part of a
    // read-modify-write loop for concurrency control. Not setting the `etag`in a
    // `SetOrgPolicy` request will result in an unconditional write of the
    // `Policy`.
    Etag []byte `protobuf:"bytes,3,opt,name=etag,proto3" json:"etag,omitempty"`
    // The time stamp the `Policy` was previously updated. This is set by the
    // server, not specified by the caller, and represents the last time a call to
    // `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
    // be ignored.
    UpdateTime *timestamp.Timestamp `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
    // The field to populate is based on the `constraint_type` value in the
    // `Constraint`.
    //   `list_constraint` => `list_policy`
    //   `boolean_constraint` => `boolean_policy`
    //
    //  A `restore_default` message may be used with any `Constraint` type.
    //
    // Providing a *_policy that is incompatible with the `constraint_type` will
    // result in an `invalid_argument` error.
    //
    // Attempting to set a `Policy` with a `policy_type` not set will result in an
    // `invalid_argument` error.
    //
    // Types that are assignable to PolicyType:
    //	*Policy_ListPolicy_
    //	*Policy_BooleanPolicy_
    //	*Policy_RestoreDefault_
    PolicyType isPolicy_PolicyType `protobuf_oneof:"policy_type"`
    // contains filtered or unexported fields
}

Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources.

func (*Policy) Descriptor Uses

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) GetBooleanPolicy Uses

func (x *Policy) GetBooleanPolicy() *Policy_BooleanPolicy

func (*Policy) GetConstraint Uses

func (x *Policy) GetConstraint() string

func (*Policy) GetEtag Uses

func (x *Policy) GetEtag() []byte

func (*Policy) GetListPolicy Uses

func (x *Policy) GetListPolicy() *Policy_ListPolicy

func (*Policy) GetPolicyType Uses

func (m *Policy) GetPolicyType() isPolicy_PolicyType

func (*Policy) GetRestoreDefault Uses

func (x *Policy) GetRestoreDefault() *Policy_RestoreDefault

func (*Policy) GetUpdateTime Uses

func (x *Policy) GetUpdateTime() *timestamp.Timestamp

func (*Policy) GetVersion Uses

func (x *Policy) GetVersion() int32

func (*Policy) ProtoMessage Uses

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect Uses

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset Uses

func (x *Policy) Reset()

func (*Policy) String Uses

func (x *Policy) String() string

type Policy_BooleanPolicy Uses

type Policy_BooleanPolicy struct {

    // If `true`, then the `Policy` is enforced. If `false`, then any
    // configuration is acceptable.
    //
    // Suppose you have a `Constraint`
    // `constraints/compute.disableSerialPortAccess` with `constraint_default`
    // set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
    // behavior:
    //   - If the `Policy` at this resource has enforced set to `false`, serial
    //     port connection attempts will be allowed.
    //   - If the `Policy` at this resource has enforced set to `true`, serial
    //     port connection attempts will be refused.
    //   - If the `Policy` at this resource is `RestoreDefault`, serial port
    //     connection attempts will be allowed.
    //   - If no `Policy` is set at this resource or anywhere higher in the
    //     resource hierarchy, serial port connection attempts will be allowed.
    //   - If no `Policy` is set at this resource, but one exists higher in the
    //     resource hierarchy, the behavior is as if the`Policy` were set at
    //     this resource.
    //
    // The following examples demonstrate the different possible layerings:
    //
    // Example 1 (nearest `Constraint` wins):
    //   `organizations/foo` has a `Policy` with:
    //     {enforced: false}
    //   `projects/bar` has no `Policy` set.
    // The constraint at `projects/bar` and `organizations/foo` will not be
    // enforced.
    //
    // Example 2 (enforcement gets replaced):
    //   `organizations/foo` has a `Policy` with:
    //     {enforced: false}
    //   `projects/bar` has a `Policy` with:
    //     {enforced: true}
    // The constraint at `organizations/foo` is not enforced.
    // The constraint at `projects/bar` is enforced.
    //
    // Example 3 (RestoreDefault):
    //   `organizations/foo` has a `Policy` with:
    //     {enforced: true}
    //   `projects/bar` has a `Policy` with:
    //     {RestoreDefault: {}}
    // The constraint at `organizations/foo` is enforced.
    // The constraint at `projects/bar` is not enforced, because
    // `constraint_default` for the `Constraint` is `ALLOW`.
    Enforced bool `protobuf:"varint,1,opt,name=enforced,proto3" json:"enforced,omitempty"`
    // contains filtered or unexported fields
}

Used in `policy_type` to specify how `boolean_policy` will behave at this resource.

func (*Policy_BooleanPolicy) Descriptor Uses

func (*Policy_BooleanPolicy) Descriptor() ([]byte, []int)

Deprecated: Use Policy_BooleanPolicy.ProtoReflect.Descriptor instead.

func (*Policy_BooleanPolicy) GetEnforced Uses

func (x *Policy_BooleanPolicy) GetEnforced() bool

func (*Policy_BooleanPolicy) ProtoMessage Uses

func (*Policy_BooleanPolicy) ProtoMessage()

func (*Policy_BooleanPolicy) ProtoReflect Uses

func (x *Policy_BooleanPolicy) ProtoReflect() protoreflect.Message

func (*Policy_BooleanPolicy) Reset Uses

func (x *Policy_BooleanPolicy) Reset()

func (*Policy_BooleanPolicy) String Uses

func (x *Policy_BooleanPolicy) String() string

type Policy_BooleanPolicy_ Uses

type Policy_BooleanPolicy_ struct {
    // For boolean `Constraints`, whether to enforce the `Constraint` or not.
    BooleanPolicy *Policy_BooleanPolicy `protobuf:"bytes,6,opt,name=boolean_policy,json=booleanPolicy,proto3,oneof"`
}

type Policy_ListPolicy Uses

type Policy_ListPolicy struct {

    // List of values allowed  at this resource. Can only be set if `all_values`
    // is set to `ALL_VALUES_UNSPECIFIED`.
    AllowedValues []string `protobuf:"bytes,1,rep,name=allowed_values,json=allowedValues,proto3" json:"allowed_values,omitempty"`
    // List of values denied at this resource. Can only be set if `all_values`
    // is set to `ALL_VALUES_UNSPECIFIED`.
    DeniedValues []string `protobuf:"bytes,2,rep,name=denied_values,json=deniedValues,proto3" json:"denied_values,omitempty"`
    // The policy all_values state.
    AllValues Policy_ListPolicy_AllValues `protobuf:"varint,3,opt,name=all_values,json=allValues,proto3,enum=google.cloud.orgpolicy.v1.Policy_ListPolicy_AllValues" json:"all_values,omitempty"`
    // Optional. The Google Cloud Console will try to default to a configuration
    // that matches the value specified in this `Policy`. If `suggested_value`
    // is not set, it will inherit the value specified higher in the hierarchy,
    // unless `inherit_from_parent` is `false`.
    SuggestedValue string `protobuf:"bytes,4,opt,name=suggested_value,json=suggestedValue,proto3" json:"suggested_value,omitempty"`
    // Determines the inheritance behavior for this `Policy`.
    //
    // By default, a `ListPolicy` set at a resource supercedes any `Policy` set
    // anywhere up the resource hierarchy. However, if `inherit_from_parent` is
    // set to `true`, then the values from the effective `Policy` of the parent
    // resource are inherited, meaning the values set in this `Policy` are
    // added to the values inherited up the hierarchy.
    //
    // Setting `Policy` hierarchies that inherit both allowed values and denied
    // values isn't recommended in most circumstances to keep the configuration
    // simple and understandable. However, it is possible to set a `Policy` with
    // `allowed_values` set that inherits a `Policy` with `denied_values` set.
    // In this case, the values that are allowed must be in `allowed_values` and
    // not present in `denied_values`.
    //
    // For example, suppose you have a `Constraint`
    // `constraints/serviceuser.services`, which has a `constraint_type` of
    // `list_constraint`, and with `constraint_default` set to `ALLOW`.
    // Suppose that at the Organization level, a `Policy` is applied that
    // restricts the allowed API activations to {`E1`, `E2`}. Then, if a
    // `Policy` is applied to a project below the Organization that has
    // `inherit_from_parent` set to `false` and field all_values set to DENY,
    // then an attempt to activate any API will be denied.
    //
    // The following examples demonstrate different possible layerings for
    // `projects/bar` parented by `organizations/foo`:
    //
    // Example 1 (no inherited values):
    //   `organizations/foo` has a `Policy` with values:
    //     {allowed_values: "E1" allowed_values:"E2"}
    //   `projects/bar` has `inherit_from_parent` `false` and values:
    //     {allowed_values: "E3" allowed_values: "E4"}
    // The accepted values at `organizations/foo` are `E1`, `E2`.
    // The accepted values at `projects/bar` are `E3`, and `E4`.
    //
    // Example 2 (inherited values):
    //   `organizations/foo` has a `Policy` with values:
    //     {allowed_values: "E1" allowed_values:"E2"}
    //   `projects/bar` has a `Policy` with values:
    //     {value: "E3" value: "E4" inherit_from_parent: true}
    // The accepted values at `organizations/foo` are `E1`, `E2`.
    // The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
    //
    // Example 3 (inheriting both allowed and denied values):
    //   `organizations/foo` has a `Policy` with values:
    //     {allowed_values: "E1" allowed_values: "E2"}
    //   `projects/bar` has a `Policy` with:
    //     {denied_values: "E1"}
    // The accepted values at `organizations/foo` are `E1`, `E2`.
    // The value accepted at `projects/bar` is `E2`.
    //
    // Example 4 (RestoreDefault):
    //   `organizations/foo` has a `Policy` with values:
    //     {allowed_values: "E1" allowed_values:"E2"}
    //   `projects/bar` has a `Policy` with values:
    //     {RestoreDefault: {}}
    // The accepted values at `organizations/foo` are `E1`, `E2`.
    // The accepted values at `projects/bar` are either all or none depending on
    // the value of `constraint_default` (if `ALLOW`, all; if
    // `DENY`, none).
    //
    // Example 5 (no policy inherits parent policy):
    //   `organizations/foo` has no `Policy` set.
    //   `projects/bar` has no `Policy` set.
    // The accepted values at both levels are either all or none depending on
    // the value of `constraint_default` (if `ALLOW`, all; if
    // `DENY`, none).
    //
    // Example 6 (ListConstraint allowing all):
    //   `organizations/foo` has a `Policy` with values:
    //     {allowed_values: "E1" allowed_values: "E2"}
    //   `projects/bar` has a `Policy` with:
    //     {all: ALLOW}
    // The accepted values at `organizations/foo` are `E1`, E2`.
    // Any value is accepted at `projects/bar`.
    //
    // Example 7 (ListConstraint allowing none):
    //   `organizations/foo` has a `Policy` with values:
    //     {allowed_values: "E1" allowed_values: "E2"}
    //   `projects/bar` has a `Policy` with:
    //     {all: DENY}
    // The accepted values at `organizations/foo` are `E1`, E2`.
    // No value is accepted at `projects/bar`.
    //
    // Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
    // Given the following resource hierarchy
    //   O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
    //   `organizations/foo` has a `Policy` with values:
    //     {allowed_values: "under:organizations/O1"}
    //   `projects/bar` has a `Policy` with:
    //     {allowed_values: "under:projects/P3"}
    //     {denied_values: "under:folders/F2"}
    // The accepted values at `organizations/foo` are `organizations/O1`,
    //   `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
    //   `projects/P3`.
    // The accepted values at `projects/bar` are `organizations/O1`,
    //   `folders/F1`, `projects/P1`.
    InheritFromParent bool `protobuf:"varint,5,opt,name=inherit_from_parent,json=inheritFromParent,proto3" json:"inherit_from_parent,omitempty"`
    // contains filtered or unexported fields
}

Used in `policy_type` to specify how `list_policy` behaves at this resource.

`ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

- "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- "folders/<folder-id>", e.g. "folders/1234"
- "organizations/<organization-id>", e.g. "organizations/1234"

The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset.

func (*Policy_ListPolicy) Descriptor Uses

func (*Policy_ListPolicy) Descriptor() ([]byte, []int)

Deprecated: Use Policy_ListPolicy.ProtoReflect.Descriptor instead.

func (*Policy_ListPolicy) GetAllValues Uses

func (x *Policy_ListPolicy) GetAllValues() Policy_ListPolicy_AllValues

func (*Policy_ListPolicy) GetAllowedValues Uses

func (x *Policy_ListPolicy) GetAllowedValues() []string

func (*Policy_ListPolicy) GetDeniedValues Uses

func (x *Policy_ListPolicy) GetDeniedValues() []string

func (*Policy_ListPolicy) GetInheritFromParent Uses

func (x *Policy_ListPolicy) GetInheritFromParent() bool

func (*Policy_ListPolicy) GetSuggestedValue Uses

func (x *Policy_ListPolicy) GetSuggestedValue() string

func (*Policy_ListPolicy) ProtoMessage Uses

func (*Policy_ListPolicy) ProtoMessage()

func (*Policy_ListPolicy) ProtoReflect Uses

func (x *Policy_ListPolicy) ProtoReflect() protoreflect.Message

func (*Policy_ListPolicy) Reset Uses

func (x *Policy_ListPolicy) Reset()

func (*Policy_ListPolicy) String Uses

func (x *Policy_ListPolicy) String() string

type Policy_ListPolicy_ Uses

type Policy_ListPolicy_ struct {
    // List of values either allowed or disallowed.
    ListPolicy *Policy_ListPolicy `protobuf:"bytes,5,opt,name=list_policy,json=listPolicy,proto3,oneof"`
}

type Policy_ListPolicy_AllValues Uses

type Policy_ListPolicy_AllValues int32

This enum can be used to set `Policies` that apply to all possible configuration values rather than specific values in `allowed_values` or `denied_values`.

Settting this to `ALLOW` will mean this `Policy` allows all values. Similarly, setting it to `DENY` will mean no values are allowed. If set to either `ALLOW` or `DENY, `allowed_values` and `denied_values` must be unset. Setting this to `ALL_VALUES_UNSPECIFIED` allows for setting `allowed_values` and `denied_values`.

const (
    // Indicates that allowed_values or denied_values must be set.
    Policy_ListPolicy_ALL_VALUES_UNSPECIFIED Policy_ListPolicy_AllValues = 0
    // A policy with this set allows all values.
    Policy_ListPolicy_ALLOW Policy_ListPolicy_AllValues = 1
    // A policy with this set denies all values.
    Policy_ListPolicy_DENY Policy_ListPolicy_AllValues = 2
)

func (Policy_ListPolicy_AllValues) Descriptor Uses

func (Policy_ListPolicy_AllValues) Descriptor() protoreflect.EnumDescriptor

func (Policy_ListPolicy_AllValues) Enum Uses

func (x Policy_ListPolicy_AllValues) Enum() *Policy_ListPolicy_AllValues

func (Policy_ListPolicy_AllValues) EnumDescriptor Uses

func (Policy_ListPolicy_AllValues) EnumDescriptor() ([]byte, []int)

Deprecated: Use Policy_ListPolicy_AllValues.Descriptor instead.

func (Policy_ListPolicy_AllValues) Number Uses

func (x Policy_ListPolicy_AllValues) Number() protoreflect.EnumNumber

func (Policy_ListPolicy_AllValues) String Uses

func (x Policy_ListPolicy_AllValues) String() string

func (Policy_ListPolicy_AllValues) Type Uses

func (Policy_ListPolicy_AllValues) Type() protoreflect.EnumType

type Policy_RestoreDefault Uses

type Policy_RestoreDefault struct {
    // contains filtered or unexported fields
}

Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource.

Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated.

func (*Policy_RestoreDefault) Descriptor Uses

func (*Policy_RestoreDefault) Descriptor() ([]byte, []int)

Deprecated: Use Policy_RestoreDefault.ProtoReflect.Descriptor instead.

func (*Policy_RestoreDefault) ProtoMessage Uses

func (*Policy_RestoreDefault) ProtoMessage()

func (*Policy_RestoreDefault) ProtoReflect Uses

func (x *Policy_RestoreDefault) ProtoReflect() protoreflect.Message

func (*Policy_RestoreDefault) Reset Uses

func (x *Policy_RestoreDefault) Reset()

func (*Policy_RestoreDefault) String Uses

func (x *Policy_RestoreDefault) String() string

type Policy_RestoreDefault_ Uses

type Policy_RestoreDefault_ struct {
    // Restores the default behavior of the constraint; independent of
    // `Constraint` type.
    RestoreDefault *Policy_RestoreDefault `protobuf:"bytes,7,opt,name=restore_default,json=restoreDefault,proto3,oneof"`
}

Package orgpolicy imports 8 packages (graph) and is imported by 3 packages. Updated 2020-08-13. Refresh now. Tools for package owners.