class Google::Apis::OrgpolicyV2::GoogleCloudOrgpolicyV2PolicySpec

Defines a Cloud Organization `PolicySpec` which is used to specify ` Constraints` for configurations of Cloud Platform resources.

Attributes

etag[RW]

An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a ` GetEffectivePolicy` request, the `etag` will be unset. Corresponds to the JSON property `etag` @return [String]

inherit_from_parent[RW]

Determines the inheritance behavior for this `Policy`. If `inherit_from_parent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints. Corresponds to the JSON property `inheritFromParent` @return [Boolean]

inherit_from_parent?[RW]

Determines the inheritance behavior for this `Policy`. If `inherit_from_parent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints. Corresponds to the JSON property `inheritFromParent` @return [Boolean]

reset[RW]

Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false. Corresponds to the JSON property `reset` @return [Boolean]

reset?[RW]

Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false. Corresponds to the JSON property `reset` @return [Boolean]

rules[RW]

Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set ` enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. Corresponds to the JSON property `rules` @return [Array<Google::Apis::OrgpolicyV2::GoogleCloudOrgpolicyV2PolicySpecPolicyRule>]

update_time[RW]

Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy` . Corresponds to the JSON property `updateTime` @return [String]

Public Class Methods

new(**args) click to toggle source
# File lib/google/apis/orgpolicy_v2/classes.rb, line 278
def initialize(**args)
   update!(**args)
end

Public Instance Methods

update!(**args) click to toggle source

Update properties of this object

# File lib/google/apis/orgpolicy_v2/classes.rb, line 283
def update!(**args)
  @etag = args[:etag] if args.key?(:etag)
  @inherit_from_parent = args[:inherit_from_parent] if args.key?(:inherit_from_parent)
  @reset = args[:reset] if args.key?(:reset)
  @rules = args[:rules] if args.key?(:rules)
  @update_time = args[:update_time] if args.key?(:update_time)
end