As of January 1, 2020 this library no longer supports Python 2 on the latest released version.
Library versions released prior to that date will continue to be available. For more information please
visit Python 2 support on Google Cloud.
Source code for google.cloud.orgpolicy_v2.types.constraint
# -*- coding: utf-8 -*-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import proto # type: ignore
__protobuf__ = proto.module(
package="google.cloud.orgpolicy.v2", manifest={"Constraint",},
)
[docs]class Constraint(proto.Message):
r"""A ``constraint`` describes a way to restrict resource's
configuration. For example, you could enforce a constraint that
controls which cloud services can be activated across an
organization, or whether a Compute Engine instance can have serial
port connections established. ``Constraints`` can be configured by
the organization's policy adminstrator to fit the needs of the
organzation by setting a ``policy`` that includes ``constraints`` at
different locations in the organization's resource hierarchy.
Policies are inherited down the resource hierarchy from higher
levels, but can also be overridden. For details about the
inheritance rules please read about
[``policies``][google.cloud.OrgPolicy.v2.Policy].
``Constraints`` have a default behavior determined by the
``constraint_default`` field, which is the enforcement behavior that
is used in the absence of a ``policy`` being defined or inherited
for the resource in question.
Attributes:
name (str):
Immutable. The resource name of the Constraint. Must be in
one of the following forms:
- ``projects/{project_number}/constraints/{constraint_name}``
- ``folders/{folder_id}/constraints/{constraint_name}``
- ``organizations/{organization_id}/constraints/{constraint_name}``
For example,
"/projects/123/constraints/compute.disableSerialPortAccess".
display_name (str):
The human readable name.
Mutable.
description (str):
Detailed description of what this ``Constraint`` controls as
well as how and where it is enforced.
Mutable.
constraint_default (google.cloud.orgpolicy_v2.types.Constraint.ConstraintDefault):
The evaluation behavior of this constraint in
the absence of 'Policy'.
list_constraint (google.cloud.orgpolicy_v2.types.Constraint.ListConstraint):
Defines this constraint as being a
ListConstraint.
boolean_constraint (google.cloud.orgpolicy_v2.types.Constraint.BooleanConstraint):
Defines this constraint as being a
BooleanConstraint.
"""
[docs] class ConstraintDefault(proto.Enum):
r"""Specifies the default behavior in the absence of any ``Policy`` for
the ``Constraint``. This must not be
``CONSTRAINT_DEFAULT_UNSPECIFIED``.
Immutable after creation.
"""
CONSTRAINT_DEFAULT_UNSPECIFIED = 0
ALLOW = 1
DENY = 2
[docs] class ListConstraint(proto.Message):
r"""A ``Constraint`` that allows or disallows a list of string values,
which are configured by an Organization's policy administrator with
a ``Policy``.
Attributes:
supports_in (bool):
Indicates whether values grouped into categories can be used
in ``Policy.allowed_values`` and ``Policy.denied_values``.
For example, ``"in:Python"`` would match any value in the
'Python' group.
supports_under (bool):
Indicates whether subtrees of Cloud Resource Manager
resource hierarchy can be used in ``Policy.allowed_values``
and ``Policy.denied_values``. For example,
``"under:folders/123"`` would match any resource under the
'folders/123' folder.
"""
supports_in = proto.Field(proto.BOOL, number=1,)
supports_under = proto.Field(proto.BOOL, number=2,)
[docs] class BooleanConstraint(proto.Message):
r"""A ``Constraint`` that is either enforced or not.
For example a constraint
``constraints/compute.disableSerialPortAccess``. If it is enforced
on a VM instance, serial port connections will not be opened to that
instance.
"""
name = proto.Field(proto.STRING, number=1,)
display_name = proto.Field(proto.STRING, number=2,)
description = proto.Field(proto.STRING, number=3,)
constraint_default = proto.Field(proto.ENUM, number=4, enum=ConstraintDefault,)
list_constraint = proto.Field(
proto.MESSAGE, number=5, oneof="constraint_type", message=ListConstraint,
)
boolean_constraint = proto.Field(
proto.MESSAGE, number=6, oneof="constraint_type", message=BooleanConstraint,
)
__all__ = tuple(sorted(__protobuf__.manifest))