Package com.google.cloud.orgpolicy.v1

Class Policy.ListPolicy.Builder

  • All Implemented Interfaces:
    Policy.ListPolicyOrBuilder, com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Cloneable
    Enclosing class:
    Policy.ListPolicy
    public static final class Policy.ListPolicy.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>
implements Policy.ListPolicyOrBuilder
     Used in `policy_type` to specify how `list_policy` behaves at this
 resource.

 `ListPolicy` can define specific values and subtrees of Cloud Resource
 Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
 are allowed or denied by setting the `allowed_values` and `denied_values`
 fields. This is achieved by using the `under:` and optional `is:` prefixes.
 The `under:` prefix is used to denote resource subtree values.
 The `is:` prefix is used to denote specific values, and is required only
 if the value contains a ":". Values prefixed with "is:" are treated the
 same as values with no prefix.
 Ancestry subtrees must be in one of the following formats:
     - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
     - "folders/<folder-id>", e.g. "folders/1234"
     - "organizations/<organization-id>", e.g. "organizations/1234"
 The `supports_under` field of the associated `Constraint`  defines whether
 ancestry prefixes can be used. You can set `allowed_values` and
 `denied_values` in the same `Policy` if `all_values` is
 `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
 values. If `all_values` is set to either `ALLOW` or `DENY`,
 `allowed_values` and `denied_values` must be unset.
    Protobuf type google.cloud.orgpolicy.v1.Policy.ListPolicy

    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • clear

        public Policy.ListPolicy.Builder clear()
        Specified by:
        clear in interface com.google.protobuf.Message.Builder
        Specified by:
        clear in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clear in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.Message.Builder
        Specified by:
        getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • getDefaultInstanceForType

        public Policy.ListPolicy getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

      • build

        public Policy.ListPolicy build()
        Specified by:
        build in interface com.google.protobuf.Message.Builder
        Specified by:
        build in interface com.google.protobuf.MessageLite.Builder

      • buildPartial

        public Policy.ListPolicy buildPartial()
        Specified by:
        buildPartial in interface com.google.protobuf.Message.Builder
        Specified by:
        buildPartial in interface com.google.protobuf.MessageLite.Builder

      • clone

        public Policy.ListPolicy.Builder clone()
        Specified by:
        clone in interface com.google.protobuf.Message.Builder
        Specified by:
        clone in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clone in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • setField

        public Policy.ListPolicy.Builder setField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                          Object value)
        Specified by:
        setField in interface com.google.protobuf.Message.Builder
        Overrides:
        setField in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • clearField

        public Policy.ListPolicy.Builder clearField​(com.google.protobuf.Descriptors.FieldDescriptor field)
        Specified by:
        clearField in interface com.google.protobuf.Message.Builder
        Overrides:
        clearField in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • clearOneof

        public Policy.ListPolicy.Builder clearOneof​(com.google.protobuf.Descriptors.OneofDescriptor oneof)
        Specified by:
        clearOneof in interface com.google.protobuf.Message.Builder
        Overrides:
        clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • setRepeatedField

        public Policy.ListPolicy.Builder setRepeatedField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                                  int index,
                                                  Object value)
        Specified by:
        setRepeatedField in interface com.google.protobuf.Message.Builder
        Overrides:
        setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • addRepeatedField

        public Policy.ListPolicy.Builder addRepeatedField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                                  Object value)
        Specified by:
        addRepeatedField in interface com.google.protobuf.Message.Builder
        Overrides:
        addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • mergeFrom

        public Policy.ListPolicy.Builder mergeFrom​(com.google.protobuf.Message other)
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<Policy.ListPolicy.Builder>

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • mergeFrom

        public Policy.ListPolicy.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                           com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                    throws IOException
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Specified by:
        mergeFrom in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<Policy.ListPolicy.Builder>
        Throws:
        IOException

      • getAllowedValuesList

        public com.google.protobuf.ProtocolStringList getAllowedValuesList()
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Specified by:
        getAllowedValuesList in interface Policy.ListPolicyOrBuilder
        Returns:
        A list containing the allowedValues.

      • getAllowedValuesCount

        public int getAllowedValuesCount()
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Specified by:
        getAllowedValuesCount in interface Policy.ListPolicyOrBuilder
        Returns:
        The count of allowedValues.

      • getAllowedValues

        public String getAllowedValues​(int index)
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Specified by:
        getAllowedValues in interface Policy.ListPolicyOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The allowedValues at the given index.

      • getAllowedValuesBytes

        public com.google.protobuf.ByteString getAllowedValuesBytes​(int index)
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Specified by:
        getAllowedValuesBytes in interface Policy.ListPolicyOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the allowedValues at the given index.

      • setAllowedValues

        public Policy.ListPolicy.Builder setAllowedValues​(int index,
                                                  String value)
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Parameters:
        index - The index to set the value at.
        value - The allowedValues to set.
        Returns:
        This builder for chaining.

      • addAllowedValues

        public Policy.ListPolicy.Builder addAllowedValues​(String value)
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Parameters:
        value - The allowedValues to add.
        Returns:
        This builder for chaining.

      • addAllAllowedValues

        public Policy.ListPolicy.Builder addAllAllowedValues​(Iterable<String> values)
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Parameters:
        values - The allowedValues to add.
        Returns:
        This builder for chaining.

      • clearAllowedValues

        public Policy.ListPolicy.Builder clearAllowedValues()
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Returns:
        This builder for chaining.

      • addAllowedValuesBytes

        public Policy.ListPolicy.Builder addAllowedValuesBytes​(com.google.protobuf.ByteString value)
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Parameters:
        value - The bytes of the allowedValues to add.
        Returns:
        This builder for chaining.

      • getDeniedValuesList

        public com.google.protobuf.ProtocolStringList getDeniedValuesList()
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Specified by:
        getDeniedValuesList in interface Policy.ListPolicyOrBuilder
        Returns:
        A list containing the deniedValues.

      • getDeniedValuesCount

        public int getDeniedValuesCount()
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Specified by:
        getDeniedValuesCount in interface Policy.ListPolicyOrBuilder
        Returns:
        The count of deniedValues.

      • getDeniedValues

        public String getDeniedValues​(int index)
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Specified by:
        getDeniedValues in interface Policy.ListPolicyOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The deniedValues at the given index.

      • getDeniedValuesBytes

        public com.google.protobuf.ByteString getDeniedValuesBytes​(int index)
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Specified by:
        getDeniedValuesBytes in interface Policy.ListPolicyOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the deniedValues at the given index.

      • setDeniedValues

        public Policy.ListPolicy.Builder setDeniedValues​(int index,
                                                 String value)
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Parameters:
        index - The index to set the value at.
        value - The deniedValues to set.
        Returns:
        This builder for chaining.

      • addDeniedValues

        public Policy.ListPolicy.Builder addDeniedValues​(String value)
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Parameters:
        value - The deniedValues to add.
        Returns:
        This builder for chaining.

      • addAllDeniedValues

        public Policy.ListPolicy.Builder addAllDeniedValues​(Iterable<String> values)
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Parameters:
        values - The deniedValues to add.
        Returns:
        This builder for chaining.

      • clearDeniedValues

        public Policy.ListPolicy.Builder clearDeniedValues()
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Returns:
        This builder for chaining.

      • addDeniedValuesBytes

        public Policy.ListPolicy.Builder addDeniedValuesBytes​(com.google.protobuf.ByteString value)
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Parameters:
        value - The bytes of the deniedValues to add.
        Returns:
        This builder for chaining.

      • getAllValuesValue

        public int getAllValuesValue()
         The policy all_values state.
        .google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
        Specified by:
        getAllValuesValue in interface Policy.ListPolicyOrBuilder
        Returns:
        The enum numeric value on the wire for allValues.

      • setAllValuesValue

        public Policy.ListPolicy.Builder setAllValuesValue​(int value)
         The policy all_values state.
        .google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
        Parameters:
        value - The enum numeric value on the wire for allValues to set.
        Returns:
        This builder for chaining.

      • setAllValues

        public Policy.ListPolicy.Builder setAllValues​(Policy.ListPolicy.AllValues value)
         The policy all_values state.
        .google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
        Parameters:
        value - The allValues to set.
        Returns:
        This builder for chaining.

      • clearAllValues

        public Policy.ListPolicy.Builder clearAllValues()
         The policy all_values state.
        .google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
        Returns:
        This builder for chaining.

      • getSuggestedValue

        public String getSuggestedValue()
         Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
        string suggested_value = 4;
        Specified by:
        getSuggestedValue in interface Policy.ListPolicyOrBuilder
        Returns:
        The suggestedValue.

      • getSuggestedValueBytes

        public com.google.protobuf.ByteString getSuggestedValueBytes()
         Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
        string suggested_value = 4;
        Specified by:
        getSuggestedValueBytes in interface Policy.ListPolicyOrBuilder
        Returns:
        The bytes for suggestedValue.

      • setSuggestedValue

        public Policy.ListPolicy.Builder setSuggestedValue​(String value)
         Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
        string suggested_value = 4;
        Parameters:
        value - The suggestedValue to set.
        Returns:
        This builder for chaining.

      • clearSuggestedValue

        public Policy.ListPolicy.Builder clearSuggestedValue()
         Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
        string suggested_value = 4;
        Returns:
        This builder for chaining.

      • setSuggestedValueBytes

        public Policy.ListPolicy.Builder setSuggestedValueBytes​(com.google.protobuf.ByteString value)
         Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
        string suggested_value = 4;
        Parameters:
        value - The bytes for suggestedValue to set.
        Returns:
        This builder for chaining.

      • getInheritFromParent

        public boolean getInheritFromParent()
         Determines the inheritance behavior for this `Policy`.

 By default, a `ListPolicy` set at a resource supercedes any `Policy` set
 anywhere up the resource hierarchy. However, if `inherit_from_parent` is
 set to `true`, then the values from the effective `Policy` of the parent
 resource are inherited, meaning the values set in this `Policy` are
 added to the values inherited up the hierarchy.

 Setting `Policy` hierarchies that inherit both allowed values and denied
 values isn't recommended in most circumstances to keep the configuration
 simple and understandable. However, it is possible to set a `Policy` with
 `allowed_values` set that inherits a `Policy` with `denied_values` set.
 In this case, the values that are allowed must be in `allowed_values` and
 not present in `denied_values`.

 For example, suppose you have a `Constraint`
 `constraints/serviceuser.services`, which has a `constraint_type` of
 `list_constraint`, and with `constraint_default` set to `ALLOW`.
 Suppose that at the Organization level, a `Policy` is applied that
 restricts the allowed API activations to {`E1`, `E2`}. Then, if a
 `Policy` is applied to a project below the Organization that has
 `inherit_from_parent` set to `false` and field all_values set to DENY,
 then an attempt to activate any API will be denied.

 The following examples demonstrate different possible layerings for
 `projects/bar` parented by `organizations/foo`:

 Example 1 (no inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has `inherit_from_parent` `false` and values:
     {allowed_values: "E3" allowed_values: "E4"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E3`, and `E4`.

 Example 2 (inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {value: "E3" value: "E4" inherit_from_parent: true}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.

 Example 3 (inheriting both allowed and denied values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {denied_values: "E1"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The value accepted at `projects/bar` is `E2`.

 Example 4 (RestoreDefault):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {RestoreDefault: {}}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 5 (no policy inherits parent policy):
   `organizations/foo` has no `Policy` set.
   `projects/bar` has no `Policy` set.
 The accepted values at both levels are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 6 (ListConstraint allowing all):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: ALLOW}
 The accepted values at `organizations/foo` are `E1`, E2`.
 Any value is accepted at `projects/bar`.

 Example 7 (ListConstraint allowing none):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: DENY}
 The accepted values at `organizations/foo` are `E1`, E2`.
 No value is accepted at `projects/bar`.

 Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
 Given the following resource hierarchy
   O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "under:organizations/O1"}
   `projects/bar` has a `Policy` with:
     {allowed_values: "under:projects/P3"}
     {denied_values: "under:folders/F2"}
 The accepted values at `organizations/foo` are `organizations/O1`,
   `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
   `projects/P3`.
 The accepted values at `projects/bar` are `organizations/O1`,
   `folders/F1`, `projects/P1`.
        bool inherit_from_parent = 5;
        Specified by:
        getInheritFromParent in interface Policy.ListPolicyOrBuilder
        Returns:
        The inheritFromParent.

      • setInheritFromParent

        public Policy.ListPolicy.Builder setInheritFromParent​(boolean value)
         Determines the inheritance behavior for this `Policy`.

 By default, a `ListPolicy` set at a resource supercedes any `Policy` set
 anywhere up the resource hierarchy. However, if `inherit_from_parent` is
 set to `true`, then the values from the effective `Policy` of the parent
 resource are inherited, meaning the values set in this `Policy` are
 added to the values inherited up the hierarchy.

 Setting `Policy` hierarchies that inherit both allowed values and denied
 values isn't recommended in most circumstances to keep the configuration
 simple and understandable. However, it is possible to set a `Policy` with
 `allowed_values` set that inherits a `Policy` with `denied_values` set.
 In this case, the values that are allowed must be in `allowed_values` and
 not present in `denied_values`.

 For example, suppose you have a `Constraint`
 `constraints/serviceuser.services`, which has a `constraint_type` of
 `list_constraint`, and with `constraint_default` set to `ALLOW`.
 Suppose that at the Organization level, a `Policy` is applied that
 restricts the allowed API activations to {`E1`, `E2`}. Then, if a
 `Policy` is applied to a project below the Organization that has
 `inherit_from_parent` set to `false` and field all_values set to DENY,
 then an attempt to activate any API will be denied.

 The following examples demonstrate different possible layerings for
 `projects/bar` parented by `organizations/foo`:

 Example 1 (no inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has `inherit_from_parent` `false` and values:
     {allowed_values: "E3" allowed_values: "E4"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E3`, and `E4`.

 Example 2 (inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {value: "E3" value: "E4" inherit_from_parent: true}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.

 Example 3 (inheriting both allowed and denied values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {denied_values: "E1"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The value accepted at `projects/bar` is `E2`.

 Example 4 (RestoreDefault):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {RestoreDefault: {}}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 5 (no policy inherits parent policy):
   `organizations/foo` has no `Policy` set.
   `projects/bar` has no `Policy` set.
 The accepted values at both levels are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 6 (ListConstraint allowing all):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: ALLOW}
 The accepted values at `organizations/foo` are `E1`, E2`.
 Any value is accepted at `projects/bar`.

 Example 7 (ListConstraint allowing none):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: DENY}
 The accepted values at `organizations/foo` are `E1`, E2`.
 No value is accepted at `projects/bar`.

 Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
 Given the following resource hierarchy
   O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "under:organizations/O1"}
   `projects/bar` has a `Policy` with:
     {allowed_values: "under:projects/P3"}
     {denied_values: "under:folders/F2"}
 The accepted values at `organizations/foo` are `organizations/O1`,
   `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
   `projects/P3`.
 The accepted values at `projects/bar` are `organizations/O1`,
   `folders/F1`, `projects/P1`.
        bool inherit_from_parent = 5;
        Parameters:
        value - The inheritFromParent to set.
        Returns:
        This builder for chaining.

      • clearInheritFromParent

        public Policy.ListPolicy.Builder clearInheritFromParent()
         Determines the inheritance behavior for this `Policy`.

 By default, a `ListPolicy` set at a resource supercedes any `Policy` set
 anywhere up the resource hierarchy. However, if `inherit_from_parent` is
 set to `true`, then the values from the effective `Policy` of the parent
 resource are inherited, meaning the values set in this `Policy` are
 added to the values inherited up the hierarchy.

 Setting `Policy` hierarchies that inherit both allowed values and denied
 values isn't recommended in most circumstances to keep the configuration
 simple and understandable. However, it is possible to set a `Policy` with
 `allowed_values` set that inherits a `Policy` with `denied_values` set.
 In this case, the values that are allowed must be in `allowed_values` and
 not present in `denied_values`.

 For example, suppose you have a `Constraint`
 `constraints/serviceuser.services`, which has a `constraint_type` of
 `list_constraint`, and with `constraint_default` set to `ALLOW`.
 Suppose that at the Organization level, a `Policy` is applied that
 restricts the allowed API activations to {`E1`, `E2`}. Then, if a
 `Policy` is applied to a project below the Organization that has
 `inherit_from_parent` set to `false` and field all_values set to DENY,
 then an attempt to activate any API will be denied.

 The following examples demonstrate different possible layerings for
 `projects/bar` parented by `organizations/foo`:

 Example 1 (no inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has `inherit_from_parent` `false` and values:
     {allowed_values: "E3" allowed_values: "E4"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E3`, and `E4`.

 Example 2 (inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {value: "E3" value: "E4" inherit_from_parent: true}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.

 Example 3 (inheriting both allowed and denied values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {denied_values: "E1"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The value accepted at `projects/bar` is `E2`.

 Example 4 (RestoreDefault):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {RestoreDefault: {}}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 5 (no policy inherits parent policy):
   `organizations/foo` has no `Policy` set.
   `projects/bar` has no `Policy` set.
 The accepted values at both levels are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 6 (ListConstraint allowing all):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: ALLOW}
 The accepted values at `organizations/foo` are `E1`, E2`.
 Any value is accepted at `projects/bar`.

 Example 7 (ListConstraint allowing none):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: DENY}
 The accepted values at `organizations/foo` are `E1`, E2`.
 No value is accepted at `projects/bar`.

 Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
 Given the following resource hierarchy
   O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "under:organizations/O1"}
   `projects/bar` has a `Policy` with:
     {allowed_values: "under:projects/P3"}
     {denied_values: "under:folders/F2"}
 The accepted values at `organizations/foo` are `organizations/O1`,
   `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
   `projects/P3`.
 The accepted values at `projects/bar` are `organizations/O1`,
   `folders/F1`, `projects/P1`.
        bool inherit_from_parent = 5;
        Returns:
        This builder for chaining.

      • setUnknownFields

        public final Policy.ListPolicy.Builder setUnknownFields​(com.google.protobuf.UnknownFieldSet unknownFields)
        Specified by:
        setUnknownFields in interface com.google.protobuf.Message.Builder
        Overrides:
        setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>

      • mergeUnknownFields

        public final Policy.ListPolicy.Builder mergeUnknownFields​(com.google.protobuf.UnknownFieldSet unknownFields)
        Specified by:
        mergeUnknownFields in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<Policy.ListPolicy.Builder>