Clean and regen docs (#401)
diff --git a/docs/dyn/cloudresourcemanager_v1.folders.html b/docs/dyn/cloudresourcemanager_v1.folders.html
index 59da546..c7174cc 100644
--- a/docs/dyn/cloudresourcemanager_v1.folders.html
+++ b/docs/dyn/cloudresourcemanager_v1.folders.html
@@ -78,21 +78,12 @@
<code><a href="#clearOrgPolicy">clearOrgPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Clears a `Policy` from a resource.</p>
<p class="toc_element">
- <code><a href="#clearOrgPolicyV1">clearOrgPolicyV1(resource, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Clears a `Policy` from a resource.</p>
-<p class="toc_element">
<code><a href="#getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the effective `Policy` on a resource. This is the result of merging</p>
<p class="toc_element">
- <code><a href="#getEffectiveOrgPolicyV1">getEffectiveOrgPolicyV1(resource, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Gets the effective `Policy` on a resource. This is the result of merging</p>
-<p class="toc_element">
<code><a href="#getOrgPolicy">getOrgPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Gets a `Policy` on a resource.</p>
<p class="toc_element">
- <code><a href="#getOrgPolicyV1">getOrgPolicyV1(resource, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Gets a `Policy` on a resource.</p>
-<p class="toc_element">
<code><a href="#listAvailableOrgPolicyConstraints">listAvailableOrgPolicyConstraints(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Lists `Constraints` that could be applied on the specified resource.</p>
<p class="toc_element">
@@ -107,9 +98,6 @@
<p class="toc_element">
<code><a href="#setOrgPolicy">setOrgPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Updates the specified `Policy` on the resource. Creates a new `Policy` for</p>
-<p class="toc_element">
- <code><a href="#setOrgPolicyV1">setOrgPolicyV1(resource, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Updates the specified `Policy` on the resource. Creates a new `Policy` for</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="clearOrgPolicy">clearOrgPolicy(resource, body, x__xgafv=None)</code>
@@ -147,41 +135,6 @@
</div>
<div class="method">
- <code class="details" id="clearOrgPolicyV1">clearOrgPolicyV1(resource, body, x__xgafv=None)</code>
- <pre>Clears a `Policy` from a resource.
-
-Args:
- resource: string, Name of the resource for the `Policy` to clear. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{ # The request sent to the ClearOrgPolicy method.
- "etag": "A String", # The current version, for concurrency control. Not sending an `etag`
- # will cause the `Policy` to be cleared blindly.
- "constraint": "A String", # Name of the `Constraint` of the `Policy` to clear.
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # A generic empty message that you can re-use to avoid defining duplicated
- # empty messages in your APIs. A typical example is to use it as the request
- # or the response type of an API method. For instance:
- #
- # service Foo {
- # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
- # }
- #
- # The JSON representation for `Empty` is empty JSON object `{}`.
- }</pre>
-</div>
-
-<div class="method">
<code class="details" id="getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body, x__xgafv=None)</code>
<pre>Gets the effective `Policy` on a resource. This is the result of merging
`Policies` in the resource hierarchy. The returned `Policy` will not have
@@ -210,7 +163,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -240,8 +192,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -331,231 +283,11 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- },
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
- # resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
- # configuration is acceptable.
- #
- # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess`
- # with `constraint_default` set to `ALLOW`. A `Policy` for that
- # `Constraint` exhibits the following behavior:
- # - If the `Policy` at this resource has enforced set to `false`, serial
- # port connection attempts will be allowed.
- # - If the `Policy` at this resource has enforced set to `true`, serial
- # port connection attempts will be refused.
- # - If the `Policy` at this resource is `RestoreDefault`, serial port
- # connection attempts will be allowed.
- # - If no `Policy` is set at this resource or anywhere higher in the
- # resource hierarchy, serial port connection attempts will be allowed.
- # - If no `Policy` is set at this resource, but one exists higher in the
- # resource hierarchy, the behavior is as if the`Policy` were set at
- # this resource.
- #
- # The following examples demonstrate the different possible layerings:
- #
- # Example 1 (nearest `Constraint` wins):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has no `Policy` set.
- # The constraint at `projects/bar` and `organizations/foo` will not be
- # enforced.
- #
- # Example 2 (enforcement gets replaced):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has a `Policy` with:
- # {enforced: true}
- # The constraint at `organizations/foo` is not enforced.
- # The constraint at `projects/bar` is enforced.
- #
- # Example 3 (RestoreDefault):
- # `organizations/foo` has a `Policy` with:
- # {enforced: true}
- # `projects/bar` has a `Policy` with:
- # {RestoreDefault: {}}
- # The constraint at `organizations/foo` is enforced.
- # The constraint at `projects/bar` is not enforced, because
- # `constraint_default` for the `Constraint` is `ALLOW`.
- },
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="getEffectiveOrgPolicyV1">getEffectiveOrgPolicyV1(resource, body, x__xgafv=None)</code>
- <pre>Gets the effective `Policy` on a resource. This is the result of merging
-`Policies` in the resource hierarchy. The returned `Policy` will not have
-an `etag`set because it is a computed `Policy` across multiple resources.
-
-Args:
- resource: string, The name of the resource to start computing the effective `Policy`. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{ # The request sent to the GetEffectiveOrgPolicy method.
- "constraint": "A String", # The name of the `Constraint` to compute the effective `Policy`.
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
- # for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
- # server, not specified by the caller, and represents the last time a call to
- # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
- # be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
- # `Constraint` type.
- # `constraint_default` enforcement behavior of the specific `Constraint` at
- # this resource.
- #
- # Suppose that `constraint_default` is set to `ALLOW` for the
- # `Constraint` `constraints/serviceuser.services`. Suppose that organization
- # foo.com sets a `Policy` at their Organization resource node that restricts
- # the allowed service activations to deny all service activations. They
- # could then set a `Policy` with the `policy_type` `restore_default` on
- # several experimental projects, restoring the `constraint_default`
- # enforcement of the `Constraint` for only those projects, allowing those
- # projects to have all services activated.
- },
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
- # resource.
- #
- # A `ListPolicy` can define specific values that are allowed or denied by
- # setting either the `allowed_values` or `denied_values` fields. It can also
- # be used to allow or deny all values, by setting the `all_values` field. If
- # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values`
- # or `denied_values` must be set (attempting to set both or neither will
- # result in a failed request). If `all_values` is set to either `ALLOW` or
- # `DENY`, `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
"deniedValues": [ # List of values denied at this resource. Can only be set if no values are
# set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
- #
- # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
- # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
- # set to `true`, then the values from the effective `Policy` of the parent
- # resource are inherited, meaning the values set in this `Policy` are
- # added to the values inherited up the hierarchy.
- #
- # Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
- # simple and understandable. However, it is possible to set a `Policy` with
- # `allowed_values` set that inherits a `Policy` with `denied_values` set.
- # In this case, the values that are allowed must be in `allowed_values` and
- # not present in `denied_values`.
- #
- # For example, suppose you have a `Constraint`
- # `constraints/serviceuser.services`, which has a `constraint_type` of
- # `list_constraint`, and with `constraint_default` set to `ALLOW`.
- # Suppose that at the Organization level, a `Policy` is applied that
- # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
- # `Policy` is applied to a project below the Organization that has
- # `inherit_from_parent` set to `false` and field all_values set to DENY,
- # then an attempt to activate any API will be denied.
- #
- # The following examples demonstrate different possible layerings:
- #
- # Example 1 (no inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # ``projects/bar`` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E3`, and `E4`.
- #
- # Example 2 (inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {value: “E3” value: ”E4” inherit_from_parent: true}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
- #
- # Example 3 (inheriting both allowed and denied values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
- # `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The value accepted at `projects/bar` is `E2`.
- #
- # Example 4 (RestoreDefault):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {RestoreDefault: {}}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 5 (no policy inherits parent policy):
- # `organizations/foo` has no `Policy` set.
- # `projects/bar` has no `Policy` set.
- # The accepted values at both levels are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 6 (ListConstraint allowing all):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: ALLOW}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # Any value is accepted at `projects/bar`.
- #
- # Example 7 (ListConstraint allowing none):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: DENY}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # No value is accepted at `projects/bar`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
},
"booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
@@ -603,6 +335,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -653,7 +386,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -683,8 +415,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -774,234 +506,11 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- },
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
- # resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
- # configuration is acceptable.
- #
- # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess`
- # with `constraint_default` set to `ALLOW`. A `Policy` for that
- # `Constraint` exhibits the following behavior:
- # - If the `Policy` at this resource has enforced set to `false`, serial
- # port connection attempts will be allowed.
- # - If the `Policy` at this resource has enforced set to `true`, serial
- # port connection attempts will be refused.
- # - If the `Policy` at this resource is `RestoreDefault`, serial port
- # connection attempts will be allowed.
- # - If no `Policy` is set at this resource or anywhere higher in the
- # resource hierarchy, serial port connection attempts will be allowed.
- # - If no `Policy` is set at this resource, but one exists higher in the
- # resource hierarchy, the behavior is as if the`Policy` were set at
- # this resource.
- #
- # The following examples demonstrate the different possible layerings:
- #
- # Example 1 (nearest `Constraint` wins):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has no `Policy` set.
- # The constraint at `projects/bar` and `organizations/foo` will not be
- # enforced.
- #
- # Example 2 (enforcement gets replaced):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has a `Policy` with:
- # {enforced: true}
- # The constraint at `organizations/foo` is not enforced.
- # The constraint at `projects/bar` is enforced.
- #
- # Example 3 (RestoreDefault):
- # `organizations/foo` has a `Policy` with:
- # {enforced: true}
- # `projects/bar` has a `Policy` with:
- # {RestoreDefault: {}}
- # The constraint at `organizations/foo` is enforced.
- # The constraint at `projects/bar` is not enforced, because
- # `constraint_default` for the `Constraint` is `ALLOW`.
- },
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="getOrgPolicyV1">getOrgPolicyV1(resource, body, x__xgafv=None)</code>
- <pre>Gets a `Policy` on a resource.
-
-If no `Policy` is set on the resource, a `Policy` is returned with default
-values including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The
-`etag` value can be used with `SetOrgPolicy()` to create or update a
-`Policy` during read-modify-write.
-
-Args:
- resource: string, Name of the resource the `Policy` is set on. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{ # The request sent to the GetOrgPolicy method.
- "constraint": "A String", # Name of the `Constraint` to get the `Policy`.
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
- # for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
- # server, not specified by the caller, and represents the last time a call to
- # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
- # be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
- # `Constraint` type.
- # `constraint_default` enforcement behavior of the specific `Constraint` at
- # this resource.
- #
- # Suppose that `constraint_default` is set to `ALLOW` for the
- # `Constraint` `constraints/serviceuser.services`. Suppose that organization
- # foo.com sets a `Policy` at their Organization resource node that restricts
- # the allowed service activations to deny all service activations. They
- # could then set a `Policy` with the `policy_type` `restore_default` on
- # several experimental projects, restoring the `constraint_default`
- # enforcement of the `Constraint` for only those projects, allowing those
- # projects to have all services activated.
- },
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
- # resource.
- #
- # A `ListPolicy` can define specific values that are allowed or denied by
- # setting either the `allowed_values` or `denied_values` fields. It can also
- # be used to allow or deny all values, by setting the `all_values` field. If
- # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values`
- # or `denied_values` must be set (attempting to set both or neither will
- # result in a failed request). If `all_values` is set to either `ALLOW` or
- # `DENY`, `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
"deniedValues": [ # List of values denied at this resource. Can only be set if no values are
# set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
- #
- # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
- # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
- # set to `true`, then the values from the effective `Policy` of the parent
- # resource are inherited, meaning the values set in this `Policy` are
- # added to the values inherited up the hierarchy.
- #
- # Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
- # simple and understandable. However, it is possible to set a `Policy` with
- # `allowed_values` set that inherits a `Policy` with `denied_values` set.
- # In this case, the values that are allowed must be in `allowed_values` and
- # not present in `denied_values`.
- #
- # For example, suppose you have a `Constraint`
- # `constraints/serviceuser.services`, which has a `constraint_type` of
- # `list_constraint`, and with `constraint_default` set to `ALLOW`.
- # Suppose that at the Organization level, a `Policy` is applied that
- # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
- # `Policy` is applied to a project below the Organization that has
- # `inherit_from_parent` set to `false` and field all_values set to DENY,
- # then an attempt to activate any API will be denied.
- #
- # The following examples demonstrate different possible layerings:
- #
- # Example 1 (no inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # ``projects/bar`` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E3`, and `E4`.
- #
- # Example 2 (inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {value: “E3” value: ”E4” inherit_from_parent: true}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
- #
- # Example 3 (inheriting both allowed and denied values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
- # `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The value accepted at `projects/bar` is `E2`.
- #
- # Example 4 (RestoreDefault):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {RestoreDefault: {}}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 5 (no policy inherits parent policy):
- # `organizations/foo` has no `Policy` set.
- # `projects/bar` has no `Policy` set.
- # The accepted values at both levels are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 6 (ListConstraint allowing all):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: ALLOW}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # Any value is accepted at `projects/bar`.
- #
- # Example 7 (ListConstraint allowing none):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: DENY}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # No value is accepted at `projects/bar`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
},
"booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
@@ -1049,6 +558,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -1191,7 +701,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -1221,8 +730,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -1312,8 +821,8 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
+ "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
+ # set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -1364,6 +873,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -1418,7 +928,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -1448,8 +957,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -1539,427 +1048,11 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- },
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
- # resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
- # configuration is acceptable.
- #
- # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess`
- # with `constraint_default` set to `ALLOW`. A `Policy` for that
- # `Constraint` exhibits the following behavior:
- # - If the `Policy` at this resource has enforced set to `false`, serial
- # port connection attempts will be allowed.
- # - If the `Policy` at this resource has enforced set to `true`, serial
- # port connection attempts will be refused.
- # - If the `Policy` at this resource is `RestoreDefault`, serial port
- # connection attempts will be allowed.
- # - If no `Policy` is set at this resource or anywhere higher in the
- # resource hierarchy, serial port connection attempts will be allowed.
- # - If no `Policy` is set at this resource, but one exists higher in the
- # resource hierarchy, the behavior is as if the`Policy` were set at
- # this resource.
- #
- # The following examples demonstrate the different possible layerings:
- #
- # Example 1 (nearest `Constraint` wins):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has no `Policy` set.
- # The constraint at `projects/bar` and `organizations/foo` will not be
- # enforced.
- #
- # Example 2 (enforcement gets replaced):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has a `Policy` with:
- # {enforced: true}
- # The constraint at `organizations/foo` is not enforced.
- # The constraint at `projects/bar` is enforced.
- #
- # Example 3 (RestoreDefault):
- # `organizations/foo` has a `Policy` with:
- # {enforced: true}
- # `projects/bar` has a `Policy` with:
- # {RestoreDefault: {}}
- # The constraint at `organizations/foo` is enforced.
- # The constraint at `projects/bar` is not enforced, because
- # `constraint_default` for the `Constraint` is `ALLOW`.
- },
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
- },
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
- # for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
- # server, not specified by the caller, and represents the last time a call to
- # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
- # be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
- # `Constraint` type.
- # `constraint_default` enforcement behavior of the specific `Constraint` at
- # this resource.
- #
- # Suppose that `constraint_default` is set to `ALLOW` for the
- # `Constraint` `constraints/serviceuser.services`. Suppose that organization
- # foo.com sets a `Policy` at their Organization resource node that restricts
- # the allowed service activations to deny all service activations. They
- # could then set a `Policy` with the `policy_type` `restore_default` on
- # several experimental projects, restoring the `constraint_default`
- # enforcement of the `Constraint` for only those projects, allowing those
- # projects to have all services activated.
- },
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
- # resource.
- #
- # A `ListPolicy` can define specific values that are allowed or denied by
- # setting either the `allowed_values` or `denied_values` fields. It can also
- # be used to allow or deny all values, by setting the `all_values` field. If
- # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values`
- # or `denied_values` must be set (attempting to set both or neither will
- # result in a failed request). If `all_values` is set to either `ALLOW` or
- # `DENY`, `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
- #
- # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
- # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
- # set to `true`, then the values from the effective `Policy` of the parent
- # resource are inherited, meaning the values set in this `Policy` are
- # added to the values inherited up the hierarchy.
- #
- # Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
- # simple and understandable. However, it is possible to set a `Policy` with
- # `allowed_values` set that inherits a `Policy` with `denied_values` set.
- # In this case, the values that are allowed must be in `allowed_values` and
- # not present in `denied_values`.
- #
- # For example, suppose you have a `Constraint`
- # `constraints/serviceuser.services`, which has a `constraint_type` of
- # `list_constraint`, and with `constraint_default` set to `ALLOW`.
- # Suppose that at the Organization level, a `Policy` is applied that
- # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
- # `Policy` is applied to a project below the Organization that has
- # `inherit_from_parent` set to `false` and field all_values set to DENY,
- # then an attempt to activate any API will be denied.
- #
- # The following examples demonstrate different possible layerings:
- #
- # Example 1 (no inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # ``projects/bar`` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E3`, and `E4`.
- #
- # Example 2 (inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {value: “E3” value: ”E4” inherit_from_parent: true}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
- #
- # Example 3 (inheriting both allowed and denied values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
- # `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The value accepted at `projects/bar` is `E2`.
- #
- # Example 4 (RestoreDefault):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {RestoreDefault: {}}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 5 (no policy inherits parent policy):
- # `organizations/foo` has no `Policy` set.
- # `projects/bar` has no `Policy` set.
- # The accepted values at both levels are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 6 (ListConstraint allowing all):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: ALLOW}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # Any value is accepted at `projects/bar`.
- #
- # Example 7 (ListConstraint allowing none):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: DENY}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # No value is accepted at `projects/bar`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- },
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
- # resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
- # configuration is acceptable.
- #
- # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess`
- # with `constraint_default` set to `ALLOW`. A `Policy` for that
- # `Constraint` exhibits the following behavior:
- # - If the `Policy` at this resource has enforced set to `false`, serial
- # port connection attempts will be allowed.
- # - If the `Policy` at this resource has enforced set to `true`, serial
- # port connection attempts will be refused.
- # - If the `Policy` at this resource is `RestoreDefault`, serial port
- # connection attempts will be allowed.
- # - If no `Policy` is set at this resource or anywhere higher in the
- # resource hierarchy, serial port connection attempts will be allowed.
- # - If no `Policy` is set at this resource, but one exists higher in the
- # resource hierarchy, the behavior is as if the`Policy` were set at
- # this resource.
- #
- # The following examples demonstrate the different possible layerings:
- #
- # Example 1 (nearest `Constraint` wins):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has no `Policy` set.
- # The constraint at `projects/bar` and `organizations/foo` will not be
- # enforced.
- #
- # Example 2 (enforcement gets replaced):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has a `Policy` with:
- # {enforced: true}
- # The constraint at `organizations/foo` is not enforced.
- # The constraint at `projects/bar` is enforced.
- #
- # Example 3 (RestoreDefault):
- # `organizations/foo` has a `Policy` with:
- # {enforced: true}
- # `projects/bar` has a `Policy` with:
- # {RestoreDefault: {}}
- # The constraint at `organizations/foo` is enforced.
- # The constraint at `projects/bar` is not enforced, because
- # `constraint_default` for the `Constraint` is `ALLOW`.
- },
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="setOrgPolicyV1">setOrgPolicyV1(resource, body, x__xgafv=None)</code>
- <pre>Updates the specified `Policy` on the resource. Creates a new `Policy` for
-that `Constraint` on the resource if one does not exist.
-
-Not supplying an `etag` on the request `Policy` results in an unconditional
-write of the `Policy`.
-
-Args:
- resource: string, Resource name of the resource to attach the `Policy`. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{ # The request sent to the SetOrgPolicyRequest method.
- "policy": { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` # `Policy` to set on the resource.
- # for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
- # server, not specified by the caller, and represents the last time a call to
- # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
- # be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
- # `Constraint` type.
- # `constraint_default` enforcement behavior of the specific `Constraint` at
- # this resource.
- #
- # Suppose that `constraint_default` is set to `ALLOW` for the
- # `Constraint` `constraints/serviceuser.services`. Suppose that organization
- # foo.com sets a `Policy` at their Organization resource node that restricts
- # the allowed service activations to deny all service activations. They
- # could then set a `Policy` with the `policy_type` `restore_default` on
- # several experimental projects, restoring the `constraint_default`
- # enforcement of the `Constraint` for only those projects, allowing those
- # projects to have all services activated.
- },
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
- # resource.
- #
- # A `ListPolicy` can define specific values that are allowed or denied by
- # setting either the `allowed_values` or `denied_values` fields. It can also
- # be used to allow or deny all values, by setting the `all_values` field. If
- # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values`
- # or `denied_values` must be set (attempting to set both or neither will
- # result in a failed request). If `all_values` is set to either `ALLOW` or
- # `DENY`, `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
"deniedValues": [ # List of values denied at this resource. Can only be set if no values are
# set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
- #
- # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
- # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
- # set to `true`, then the values from the effective `Policy` of the parent
- # resource are inherited, meaning the values set in this `Policy` are
- # added to the values inherited up the hierarchy.
- #
- # Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
- # simple and understandable. However, it is possible to set a `Policy` with
- # `allowed_values` set that inherits a `Policy` with `denied_values` set.
- # In this case, the values that are allowed must be in `allowed_values` and
- # not present in `denied_values`.
- #
- # For example, suppose you have a `Constraint`
- # `constraints/serviceuser.services`, which has a `constraint_type` of
- # `list_constraint`, and with `constraint_default` set to `ALLOW`.
- # Suppose that at the Organization level, a `Policy` is applied that
- # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
- # `Policy` is applied to a project below the Organization that has
- # `inherit_from_parent` set to `false` and field all_values set to DENY,
- # then an attempt to activate any API will be denied.
- #
- # The following examples demonstrate different possible layerings:
- #
- # Example 1 (no inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # ``projects/bar`` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E3`, and `E4`.
- #
- # Example 2 (inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {value: “E3” value: ”E4” inherit_from_parent: true}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
- #
- # Example 3 (inheriting both allowed and denied values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
- # `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The value accepted at `projects/bar` is `E2`.
- #
- # Example 4 (RestoreDefault):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {RestoreDefault: {}}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 5 (no policy inherits parent policy):
- # `organizations/foo` has no `Policy` set.
- # `projects/bar` has no `Policy` set.
- # The accepted values at both levels are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 6 (ListConstraint allowing all):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: ALLOW}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # Any value is accepted at `projects/bar`.
- #
- # Example 7 (ListConstraint allowing none):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: DENY}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # No value is accepted at `projects/bar`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
},
"booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
@@ -2007,6 +1100,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -2039,7 +1133,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -2069,8 +1162,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -2160,8 +1253,8 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
+ "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
+ # set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -2212,6 +1305,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#