Package com.google.cloud.orgpolicy.v1

Interface Policy.ListPolicyOrBuilder

All Superinterfaces:

com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder

All Known Implementing Classes:

Policy.ListPolicy, Policy.ListPolicy.Builder

Enclosing class:

Policy

public static interface Policy.ListPolicyOrBuilder
extends com.google.protobuf.MessageOrBuilder

Method Summary

Modifier and Type	Method	Description
String	getAllowedValues(int index)	List of values allowed at this resource.
com.google.protobuf.ByteString	getAllowedValuesBytes(int index)	List of values allowed at this resource.
int	getAllowedValuesCount()	List of values allowed at this resource.
List<String>	getAllowedValuesList()	List of values allowed at this resource.
Policy.ListPolicy.AllValues	getAllValues()	The policy all_values state.
int	getAllValuesValue()	The policy all_values state.
String	getDeniedValues(int index)	List of values denied at this resource.
com.google.protobuf.ByteString	getDeniedValuesBytes(int index)	List of values denied at this resource.
int	getDeniedValuesCount()	List of values denied at this resource.
List<String>	getDeniedValuesList()	List of values denied at this resource.
boolean	getInheritFromParent()	Determines the inheritance behavior for this `Policy`.
String	getSuggestedValue()	Optional.
com.google.protobuf.ByteString	getSuggestedValueBytes()	Optional.

Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

isInitialized

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Method Detail

getAllowedValuesList

List<String> getAllowedValuesList()

 List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
 

repeated string allowed_values = 1;

Returns:

A list containing the allowedValues.

getAllowedValuesCount

int getAllowedValuesCount()

 List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
 

repeated string allowed_values = 1;

Returns:

The count of allowedValues.

getAllowedValues

String getAllowedValues(int index)

 List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
 

repeated string allowed_values = 1;

Parameters:

index - The index of the element to return.

Returns:

The allowedValues at the given index.

getAllowedValuesBytes

com.google.protobuf.ByteString getAllowedValuesBytes(int index)

 List of values allowed  at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
 

repeated string allowed_values = 1;

Parameters:

index - The index of the value to return.

Returns:

The bytes of the allowedValues at the given index.

getDeniedValuesList

List<String> getDeniedValuesList()

 List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
 

repeated string denied_values = 2;

Returns:

A list containing the deniedValues.

getDeniedValuesCount

int getDeniedValuesCount()

 List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
 

repeated string denied_values = 2;

Returns:

The count of deniedValues.

getDeniedValues

String getDeniedValues(int index)

 List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
 

repeated string denied_values = 2;

Parameters:

index - The index of the element to return.

Returns:

The deniedValues at the given index.

getDeniedValuesBytes

com.google.protobuf.ByteString getDeniedValuesBytes(int index)

 List of values denied at this resource. Can only be set if `all_values`
 is set to `ALL_VALUES_UNSPECIFIED`.
 

repeated string denied_values = 2;

Parameters:

index - The index of the value to return.

Returns:

The bytes of the deniedValues at the given index.

getAllValuesValue

int getAllValuesValue()

 The policy all_values state.
 

.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;

Returns:

The enum numeric value on the wire for allValues.

getAllValues

Policy.ListPolicy.AllValues getAllValues()

 The policy all_values state.
 

.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;

Returns:

The allValues.

getSuggestedValue

String getSuggestedValue()

 Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
 

string suggested_value = 4;

Returns:

The suggestedValue.

getSuggestedValueBytes

com.google.protobuf.ByteString getSuggestedValueBytes()

 Optional. The Google Cloud Console will try to default to a configuration
 that matches the value specified in this `Policy`. If `suggested_value`
 is not set, it will inherit the value specified higher in the hierarchy,
 unless `inherit_from_parent` is `false`.
 

string suggested_value = 4;

Returns:

The bytes for suggestedValue.

getInheritFromParent

boolean getInheritFromParent()

 Determines the inheritance behavior for this `Policy`.

 By default, a `ListPolicy` set at a resource supercedes any `Policy` set
 anywhere up the resource hierarchy. However, if `inherit_from_parent` is
 set to `true`, then the values from the effective `Policy` of the parent
 resource are inherited, meaning the values set in this `Policy` are
 added to the values inherited up the hierarchy.

 Setting `Policy` hierarchies that inherit both allowed values and denied
 values isn't recommended in most circumstances to keep the configuration
 simple and understandable. However, it is possible to set a `Policy` with
 `allowed_values` set that inherits a `Policy` with `denied_values` set.
 In this case, the values that are allowed must be in `allowed_values` and
 not present in `denied_values`.

 For example, suppose you have a `Constraint`
 `constraints/serviceuser.services`, which has a `constraint_type` of
 `list_constraint`, and with `constraint_default` set to `ALLOW`.
 Suppose that at the Organization level, a `Policy` is applied that
 restricts the allowed API activations to {`E1`, `E2`}. Then, if a
 `Policy` is applied to a project below the Organization that has
 `inherit_from_parent` set to `false` and field all_values set to DENY,
 then an attempt to activate any API will be denied.

 The following examples demonstrate different possible layerings for
 `projects/bar` parented by `organizations/foo`:

 Example 1 (no inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has `inherit_from_parent` `false` and values:
     {allowed_values: "E3" allowed_values: "E4"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E3`, and `E4`.

 Example 2 (inherited values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {value: "E3" value: "E4" inherit_from_parent: true}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.

 Example 3 (inheriting both allowed and denied values):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {denied_values: "E1"}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The value accepted at `projects/bar` is `E2`.

 Example 4 (RestoreDefault):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values:"E2"}
   `projects/bar` has a `Policy` with values:
     {RestoreDefault: {}}
 The accepted values at `organizations/foo` are `E1`, `E2`.
 The accepted values at `projects/bar` are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 5 (no policy inherits parent policy):
   `organizations/foo` has no `Policy` set.
   `projects/bar` has no `Policy` set.
 The accepted values at both levels are either all or none depending on
 the value of `constraint_default` (if `ALLOW`, all; if
 `DENY`, none).

 Example 6 (ListConstraint allowing all):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: ALLOW}
 The accepted values at `organizations/foo` are `E1`, E2`.
 Any value is accepted at `projects/bar`.

 Example 7 (ListConstraint allowing none):
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "E1" allowed_values: "E2"}
   `projects/bar` has a `Policy` with:
     {all: DENY}
 The accepted values at `organizations/foo` are `E1`, E2`.
 No value is accepted at `projects/bar`.

 Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
 Given the following resource hierarchy
   O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
   `organizations/foo` has a `Policy` with values:
     {allowed_values: "under:organizations/O1"}
   `projects/bar` has a `Policy` with:
     {allowed_values: "under:projects/P3"}
     {denied_values: "under:folders/F2"}
 The accepted values at `organizations/foo` are `organizations/O1`,
   `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
   `projects/P3`.
 The accepted values at `projects/bar` are `organizations/O1`,
   `folders/F1`, `projects/P1`.
 

bool inherit_from_parent = 5;

Returns:

The inheritFromParent.