Package com.google.cloud.orgpolicy.v1

Class Policy.ListPolicy

  • All Implemented Interfaces:
    Policy.ListPolicyOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    Enclosing class:
    Policy
    public static final class Policy.ListPolicy
extends com.google.protobuf.GeneratedMessageV3
implements Policy.ListPolicyOrBuilder
     Used in `policy_type` to specify how `list_policy` behaves at this
 resource.

 `ListPolicy` can define specific values and subtrees of Cloud Resource
 Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
 are allowed or denied by setting the `allowed_values` and `denied_values`
 fields. This is achieved by using the `under:` and optional `is:` prefixes.
 The `under:` prefix is used to denote resource subtree values.
 The `is:` prefix is used to denote specific values, and is required only
 if the value contains a ":". Values prefixed with "is:" are treated the
 same as values with no prefix.
 Ancestry subtrees must be in one of the following formats:
     - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
     - "folders/<folder-id>", e.g. "folders/1234"
     - "organizations/<organization-id>", e.g. "organizations/1234"
 The `supports_under` field of the associated `Constraint`  defines whether
 ancestry prefixes can be used. You can set `allowed_values` and
 `denied_values` in the same `Policy` if `all_values` is
 `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
 values. If `all_values` is set to either `ALLOW` or `DENY`,
 `allowed_values` and `denied_values` must be unset.
    Protobuf type google.cloud.orgpolicy.v1.Policy.ListPolicy
    See Also:
    Serialized Form

    • Field Detail

      • ALLOWED_VALUES_FIELD_NUMBER

        public static final int ALLOWED_VALUES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • DENIED_VALUES_FIELD_NUMBER

        public static final int DENIED_VALUES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • ALL_VALUES_FIELD_NUMBER

        public static final int ALL_VALUES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • SUGGESTED_VALUE_FIELD_NUMBER

        public static final int SUGGESTED_VALUE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • INHERIT_FROM_PARENT_FIELD_NUMBER

        public static final int INHERIT_FROM_PARENT_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getAllowedValuesList

        public com.google.protobuf.ProtocolStringList getAllowedValuesList()
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Specified by:
        getAllowedValuesList in interface Policy.ListPolicyOrBuilder
        Returns:
        A list containing the allowedValues.

      • getAllowedValuesCount

        public int getAllowedValuesCount()
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Specified by:
        getAllowedValuesCount in interface Policy.ListPolicyOrBuilder
        Returns:
        The count of allowedValues.

      • getAllowedValues

        public String getAllowedValues​(int index)
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Specified by:
        getAllowedValues in interface Policy.ListPolicyOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The allowedValues at the given index.

      • getAllowedValuesBytes

        public com.google.protobuf.ByteString getAllowedValuesBytes​(int index)
         List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string allowed_values = 1;
        Specified by:
        getAllowedValuesBytes in interface Policy.ListPolicyOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the allowedValues at the given index.

      • getDeniedValuesList

        public com.google.protobuf.ProtocolStringList getDeniedValuesList()
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Specified by:
        getDeniedValuesList in interface Policy.ListPolicyOrBuilder
        Returns:
        A list containing the deniedValues.

      • getDeniedValuesCount

        public int getDeniedValuesCount()
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Specified by:
        getDeniedValuesCount in interface Policy.ListPolicyOrBuilder
        Returns:
        The count of deniedValues.

      • getDeniedValues

        public String getDeniedValues​(int index)
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Specified by:
        getDeniedValues in interface Policy.ListPolicyOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The deniedValues at the given index.

      • getDeniedValuesBytes

        public com.google.protobuf.ByteString getDeniedValuesBytes​(int index)
         List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
        repeated string denied_values = 2;
        Specified by:
        getDeniedValuesBytes in interface Policy.ListPolicyOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the deniedValues at the given index.

      • getAllValuesValue

        public int getAllValuesValue()
         The policy all_values state.
        .google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;
        Specified by:
        getAllValuesValue in interface Policy.ListPolicyOrBuilder
        Returns:
        The enum numeric value on the wire for allValues.

      • getSuggestedValue

        public String getSuggestedValue()
         Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
        string suggested_value = 4;
        Specified by:
        getSuggestedValue in interface Policy.ListPolicyOrBuilder
        Returns:
        The suggestedValue.

      • getSuggestedValueBytes

        public com.google.protobuf.ByteString getSuggestedValueBytes()
         Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
        string suggested_value = 4;
        Specified by:
        getSuggestedValueBytes in interface Policy.ListPolicyOrBuilder
        Returns:
        The bytes for suggestedValue.

      • getInheritFromParent

        public boolean getInheritFromParent()
         Determines the inheritance behavior for this `Policy`.

 By default, a `ListPolicy` set at a resource supercedes any `Policy` set
 anywhere up the resource hierarchy. However, if `inherit_from_parent` is
 set to `true`, then the values from the effective `Policy` of the parent
 resource are inherited, meaning the values set in this `Policy` are
 added to the values inherited up the hierarchy.

 Setting `Policy` hierarchies that inherit both allowed values and denied
 values isn't recommended in most circumstances to keep the configuration
 simple and understandable. However, it is possible to set a `Policy` with
 `allowed_values` set that inherits a `Policy` with `denied_values` set.
 In this case, the values that are allowed must be in `allowed_values` and
 not present in `denied_values`.

 For example, suppose you have a `Constraint`
 `constraints/serviceuser.services`, which has a `constraint_type` of
 `list_constraint`, and with `constraint_default` set to `ALLOW`.
 Suppose that at the Organization level, a `Policy` is applied that
 restricts the allowed API activations to {`E1`, `E2`}. Then, if a
 `Policy` is applied to a project below the Organization that has
 `inherit_from_parent` set to `false` and field all_values set to DENY,
 then an attempt to activate any API will be denied.

 The following examples demonstrate different possible layerings for
 `projects/bar` parented by `organizations/foo`:

 Example 1 (no inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has `inherit_from_parent` `false` and values:
     {allowed_values: "E3" allowed_values: "E4"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E3`, and `E4`.

 Example 2 (inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {value: "E3" value: "E4" inherit_from_parent: true}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.

 Example 3 (inheriting both allowed and denied values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {denied_values: "E1"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The value accepted at `projects/bar` is `E2`.

 Example 4 (RestoreDefault):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {RestoreDefault: {}}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 5 (no policy inherits parent policy):
   `organizations/foo` has no `Policy` set.
   `projects/bar` has no `Policy` set.
 The accepted values at both levels are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 6 (ListConstraint allowing all):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: ALLOW}
 The accepted values at `organizations/foo` are `E1`, E2`.
 Any value is accepted at `projects/bar`.

 Example 7 (ListConstraint allowing none):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: DENY}
 The accepted values at `organizations/foo` are `E1`, E2`.
 No value is accepted at `projects/bar`.

 Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
 Given the following resource hierarchy
   O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "under:organizations/O1"}
   `projects/bar` has a `Policy` with:
     {allowed_values: "under:projects/P3"}
     {denied_values: "under:folders/F2"}
 The accepted values at `organizations/foo` are `organizations/O1`,
   `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
   `projects/P3`.
 The accepted values at `projects/bar` are `organizations/O1`,
   `folders/F1`, `projects/P1`.
        bool inherit_from_parent = 5;
        Specified by:
        getInheritFromParent in interface Policy.ListPolicyOrBuilder
        Returns:
        The inheritFromParent.

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static Policy.ListPolicy parseFrom​(ByteBuffer data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy.ListPolicy parseFrom​(ByteBuffer data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy.ListPolicy parseFrom​(com.google.protobuf.ByteString data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy.ListPolicy parseFrom​(com.google.protobuf.ByteString data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy.ListPolicy parseFrom​(byte[] data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy.ListPolicy parseFrom​(byte[] data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy.ListPolicy parseFrom​(com.google.protobuf.CodedInputStream input,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws IOException
        Throws:
        IOException

      • newBuilderForType

        public Policy.ListPolicy.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public Policy.ListPolicy.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected Policy.ListPolicy.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getParserForType

        public com.google.protobuf.Parser<Policy.ListPolicy> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public Policy.ListPolicy getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder