docs: docs update (#911)
Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
- [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/google-api-python-client/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
- [ ] Ensure the tests and linter pass
- [ ] Code coverage does not decrease (if any source code was changed)
- [ ] Appropriate docs were updated (if necessary)
Fixes #<issue_number_goes_here> 🦕
diff --git a/docs/dyn/cloudresourcemanager_v1.folders.html b/docs/dyn/cloudresourcemanager_v1.folders.html
index c6ad85f..56479ce 100644
--- a/docs/dyn/cloudresourcemanager_v1.folders.html
+++ b/docs/dyn/cloudresourcemanager_v1.folders.html
@@ -109,9 +109,9 @@
The object takes the form of:
{ # The request sent to the ClearOrgPolicy method.
- "etag": "A String", # The current version, for concurrency control. Not sending an `etag`
+ "etag": "A String", # The current version, for concurrency control. Not sending an `etag`
# will cause the `Policy` to be cleared blindly.
- "constraint": "A String", # Name of the `Constraint` of the `Policy` to clear.
+ "constraint": "A String", # Name of the `Constraint` of the `Policy` to clear.
}
x__xgafv: string, V1 error format.
@@ -139,7 +139,7 @@
<pre>Gets the effective `Policy` on a resource. This is the result of merging
`Policies` in the resource hierarchy. The returned `Policy` will not have
an `etag`set because it is a computed `Policy` across multiple resources.
-Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
+Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
not be expanded.
Args:
@@ -148,7 +148,7 @@
The object takes the form of:
{ # The request sent to the GetEffectiveOrgPolicy method.
- "constraint": "A String", # The name of the `Constraint` to compute the effective `Policy`.
+ "constraint": "A String", # The name of the `Constraint` to compute the effective `Policy`.
}
x__xgafv: string, V1 error format.
@@ -161,16 +161,12 @@
{ # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
# for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
+ "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+ "version": 42, # Version of the `Policy`. Default version is 0;
+ "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
# `Constraint` type.
# `constraint_default` enforcement behavior of the specific `Constraint` at
# this resource.
@@ -184,7 +180,7 @@
# enforcement of the `Constraint` for only those projects, allowing those
# projects to have all services activated.
},
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
+ "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
# resource.
#
# `ListPolicy` can define specific values and subtrees of Cloud Resource
@@ -193,24 +189,27 @@
# fields. This is achieved by using the `under:` and optional `is:` prefixes.
# The `under:` prefix is used to denote resource subtree values.
# The `is:` prefix is used to denote specific values, and is required only
- # if the value contains a ":". Values prefixed with "is:" are treated the
+ # if the value contains a ":". Values prefixed with "is:" are treated the
# same as values with no prefix.
# Ancestry subtrees must be in one of the following formats:
- # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- # - "folders/<folder-id>", e.g. "folders/1234"
- # - "organizations/<organization-id>", e.g. "organizations/1234"
+ # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
+ # - "folders/<folder-id>", e.g. "folders/1234"
+ # - "organizations/<organization-id>", e.g. "organizations/1234"
# The `supports_under` field of the associated `Constraint` defines whether
# ancestry prefixes can be used. You can set `allowed_values` and
# `denied_values` in the same `Policy` if `all_values` is
# `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
# values. If `all_values` is set to either `ALLOW` or `DENY`,
# `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
+ "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
+ "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
+ # that matches the value specified in this `Policy`. If `suggested_value`
+ # is not set, it will inherit the value specified higher in the hierarchy,
+ # unless `inherit_from_parent` is `false`.
+ "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
#
# By default, a `ListPolicy` set at a resource supercedes any `Policy` set
# anywhere up the resource hierarchy. However, if `inherit_from_parent` is
@@ -219,7 +218,7 @@
# added to the values inherited up the hierarchy.
#
# Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
+ # values isn't recommended in most circumstances to keep the configuration
# simple and understandable. However, it is possible to set a `Policy` with
# `allowed_values` set that inherits a `Policy` with `denied_values` set.
# In this case, the values that are allowed must be in `allowed_values` and
@@ -239,31 +238,31 @@
#
# Example 1 (no inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
+ # {allowed_values: "E3" allowed_values: "E4"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E3`, and `E4`.
#
# Example 2 (inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
- # {value: "E3" value: "E4" inherit_from_parent: true}
+ # {value: "E3" value: "E4" inherit_from_parent: true}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
#
# Example 3 (inheriting both allowed and denied values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
+ # {denied_values: "E1"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The value accepted at `projects/bar` is `E2`.
#
# Example 4 (RestoreDefault):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
# {RestoreDefault: {}}
# The accepted values at `organizations/foo` are `E1`, `E2`.
@@ -280,7 +279,7 @@
#
# Example 6 (ListConstraint allowing all):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: ALLOW}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -288,7 +287,7 @@
#
# Example 7 (ListConstraint allowing none):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: DENY}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -298,27 +297,43 @@
# Given the following resource hierarchy
# O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "under:organizations/O1"}
+ # {allowed_values: "under:organizations/O1"}
# `projects/bar` has a `Policy` with:
- # {allowed_values: "under:projects/P3"}
- # {denied_values: "under:folders/F2"}
+ # {allowed_values: "under:projects/P3"}
+ # {denied_values: "under:folders/F2"}
# The accepted values at `organizations/foo` are `organizations/O1`,
# `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
# `projects/P3`.
# The accepted values at `projects/bar` are `organizations/O1`,
# `folders/F1`, `projects/P1`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
+ "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
+ "allValues": "A String", # The policy all_values state.
},
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+ "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
+ # concurrency control.
+ #
+ # When the `Policy` is returned from either a `GetPolicy` or a
+ # `ListOrgPolicy` request, this `etag` indicates the version of the current
+ # `Policy` to use when executing a read-modify-write loop.
+ #
+ # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+ # `etag` will be unset.
+ #
+ # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+ # that was returned from a `GetOrgPolicy` request as part of a
+ # read-modify-write loop for concurrency control. Not setting the `etag`in a
+ # `SetOrgPolicy` request will result in an unconditional write of the
+ # `Policy`.
+ "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
+ # `constraints/serviceuser.services`.
+ #
+ # Immutable after creation.
+ "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+ "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
# configuration is acceptable.
#
# Suppose you have a `Constraint`
@@ -363,21 +378,6 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
}</pre>
</div>
@@ -396,7 +396,7 @@
The object takes the form of:
{ # The request sent to the GetOrgPolicy method.
- "constraint": "A String", # Name of the `Constraint` to get the `Policy`.
+ "constraint": "A String", # Name of the `Constraint` to get the `Policy`.
}
x__xgafv: string, V1 error format.
@@ -409,16 +409,12 @@
{ # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
# for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
+ "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+ "version": 42, # Version of the `Policy`. Default version is 0;
+ "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
# `Constraint` type.
# `constraint_default` enforcement behavior of the specific `Constraint` at
# this resource.
@@ -432,7 +428,7 @@
# enforcement of the `Constraint` for only those projects, allowing those
# projects to have all services activated.
},
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
+ "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
# resource.
#
# `ListPolicy` can define specific values and subtrees of Cloud Resource
@@ -441,24 +437,27 @@
# fields. This is achieved by using the `under:` and optional `is:` prefixes.
# The `under:` prefix is used to denote resource subtree values.
# The `is:` prefix is used to denote specific values, and is required only
- # if the value contains a ":". Values prefixed with "is:" are treated the
+ # if the value contains a ":". Values prefixed with "is:" are treated the
# same as values with no prefix.
# Ancestry subtrees must be in one of the following formats:
- # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- # - "folders/<folder-id>", e.g. "folders/1234"
- # - "organizations/<organization-id>", e.g. "organizations/1234"
+ # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
+ # - "folders/<folder-id>", e.g. "folders/1234"
+ # - "organizations/<organization-id>", e.g. "organizations/1234"
# The `supports_under` field of the associated `Constraint` defines whether
# ancestry prefixes can be used. You can set `allowed_values` and
# `denied_values` in the same `Policy` if `all_values` is
# `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
# values. If `all_values` is set to either `ALLOW` or `DENY`,
# `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
+ "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
+ "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
+ # that matches the value specified in this `Policy`. If `suggested_value`
+ # is not set, it will inherit the value specified higher in the hierarchy,
+ # unless `inherit_from_parent` is `false`.
+ "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
#
# By default, a `ListPolicy` set at a resource supercedes any `Policy` set
# anywhere up the resource hierarchy. However, if `inherit_from_parent` is
@@ -467,7 +466,7 @@
# added to the values inherited up the hierarchy.
#
# Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
+ # values isn't recommended in most circumstances to keep the configuration
# simple and understandable. However, it is possible to set a `Policy` with
# `allowed_values` set that inherits a `Policy` with `denied_values` set.
# In this case, the values that are allowed must be in `allowed_values` and
@@ -487,31 +486,31 @@
#
# Example 1 (no inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
+ # {allowed_values: "E3" allowed_values: "E4"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E3`, and `E4`.
#
# Example 2 (inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
- # {value: "E3" value: "E4" inherit_from_parent: true}
+ # {value: "E3" value: "E4" inherit_from_parent: true}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
#
# Example 3 (inheriting both allowed and denied values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
+ # {denied_values: "E1"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The value accepted at `projects/bar` is `E2`.
#
# Example 4 (RestoreDefault):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
# {RestoreDefault: {}}
# The accepted values at `organizations/foo` are `E1`, `E2`.
@@ -528,7 +527,7 @@
#
# Example 6 (ListConstraint allowing all):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: ALLOW}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -536,7 +535,7 @@
#
# Example 7 (ListConstraint allowing none):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: DENY}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -546,27 +545,43 @@
# Given the following resource hierarchy
# O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "under:organizations/O1"}
+ # {allowed_values: "under:organizations/O1"}
# `projects/bar` has a `Policy` with:
- # {allowed_values: "under:projects/P3"}
- # {denied_values: "under:folders/F2"}
+ # {allowed_values: "under:projects/P3"}
+ # {denied_values: "under:folders/F2"}
# The accepted values at `organizations/foo` are `organizations/O1`,
# `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
# `projects/P3`.
# The accepted values at `projects/bar` are `organizations/O1`,
# `folders/F1`, `projects/P1`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
+ "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
+ "allValues": "A String", # The policy all_values state.
},
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+ "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
+ # concurrency control.
+ #
+ # When the `Policy` is returned from either a `GetPolicy` or a
+ # `ListOrgPolicy` request, this `etag` indicates the version of the current
+ # `Policy` to use when executing a read-modify-write loop.
+ #
+ # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+ # `etag` will be unset.
+ #
+ # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+ # that was returned from a `GetOrgPolicy` request as part of a
+ # read-modify-write loop for concurrency control. Not setting the `etag`in a
+ # `SetOrgPolicy` request will result in an unconditional write of the
+ # `Policy`.
+ "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
+ # `constraints/serviceuser.services`.
+ #
+ # Immutable after creation.
+ "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+ "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
# configuration is acceptable.
#
# Suppose you have a `Constraint`
@@ -611,21 +626,6 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
}</pre>
</div>
@@ -640,9 +640,9 @@
{ # The request sent to the [ListAvailableOrgPolicyConstraints]
# google.cloud.OrgPolicy.v1.ListAvailableOrgPolicyConstraints] method.
- "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported
+ "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported
# and will be ignored. The server may at any point start using this field.
- "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will
+ "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will
# be ignored. The server may at any point start using this field to limit
# page size.
}
@@ -659,15 +659,15 @@
# Returns all `Constraints` that could be set at this level of the hierarchy
# (contrast with the response from `ListPolicies`, which returns all policies
# which are set).
- "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used.
- "constraints": [ # The collection of constraints that are settable on the request resource.
- { # A `Constraint` describes a way in which a resource's configuration can be
+ "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used.
+ "constraints": [ # The collection of constraints that are settable on the request resource.
+ { # A `Constraint` describes a way in which a resource's configuration can be
# restricted. For example, it controls which cloud services can be activated
# across an organization, or whether a Compute Engine instance can have
# serial port connections established. `Constraints` can be configured by the
- # organization's policy adminstrator to fit the needs of the organzation by
+ # organization's policy adminstrator to fit the needs of the organzation by
# setting Policies for `Constraints` at different locations in the
- # organization's resource hierarchy. Policies are inherited down the resource
+ # organization's resource hierarchy. Policies are inherited down the resource
# hierarchy from higher levels, but can also be overridden. For details about
# the inheritance rules please read about
# Policies.
@@ -675,32 +675,32 @@
# `Constraints` have a default behavior determined by the `constraint_default`
# field, which is the enforcement behavior that is used in the absence of a
# `Policy` being defined or inherited for the resource in question.
- "constraintDefault": "A String", # The evaluation behavior of this constraint in the absense of 'Policy'.
- "displayName": "A String", # The human readable name.
+ "listConstraint": { # A `Constraint` that allows or disallows a list of string values, which are # Defines this constraint as being a ListConstraint.
+ # configured by an Organization's policy administrator with a `Policy`.
+ "supportsUnder": True or False, # Indicates whether subtrees of Cloud Resource Manager resource hierarchy
+ # can be used in `Policy.allowed_values` and `Policy.denied_values`. For
+ # example, `"under:folders/123"` would match any resource under the
+ # 'folders/123' folder.
+ "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
+ # that matches the value specified in this `Constraint`.
+ },
+ "version": 42, # Version of the `Constraint`. Default version is 0;
+ "description": "A String", # Detailed description of what this `Constraint` controls as well as how and
+ # where it is enforced.
#
# Mutable.
- "name": "A String", # Immutable value, required to globally be unique. For example,
- # `constraints/serviceuser.services`
- "booleanConstraint": { # A `Constraint` that is either enforced or not. # Defines this constraint as being a BooleanConstraint.
+ "displayName": "A String", # The human readable name.
+ #
+ # Mutable.
+ "booleanConstraint": { # A `Constraint` that is either enforced or not. # Defines this constraint as being a BooleanConstraint.
#
# For example a constraint `constraints/compute.disableSerialPortAccess`.
# If it is enforced on a VM instance, serial port connections will not be
# opened to that instance.
},
- "version": 42, # Version of the `Constraint`. Default version is 0;
- "listConstraint": { # A `Constraint` that allows or disallows a list of string values, which are # Defines this constraint as being a ListConstraint.
- # configured by an Organization's policy administrator with a `Policy`.
- "supportsUnder": True or False, # Indicates whether subtrees of Cloud Resource Manager resource hierarchy
- # can be used in `Policy.allowed_values` and `Policy.denied_values`. For
- # example, `"under:folders/123"` would match any resource under the
- # 'folders/123' folder.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Constraint`.
- },
- "description": "A String", # Detailed description of what this `Constraint` controls as well as how and
- # where it is enforced.
- #
- # Mutable.
+ "constraintDefault": "A String", # The evaluation behavior of this constraint in the absense of 'Policy'.
+ "name": "A String", # Immutable value, required to globally be unique. For example,
+ # `constraints/serviceuser.services`
},
],
}</pre>
@@ -715,7 +715,7 @@
previous_response: The response from the request for the previous page. (required)
Returns:
- A request object that you can call 'execute()' on to request the next
+ A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
</pre>
</div>
@@ -730,9 +730,9 @@
The object takes the form of:
{ # The request sent to the ListOrgPolicies method.
- "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported
+ "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported
# and will be ignored. The server may at any point start using this field.
- "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will
+ "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will
# be ignored. The server may at any point start using this field to limit
# page size.
}
@@ -747,22 +747,16 @@
{ # The response returned from the ListOrgPolicies method. It will be empty
# if no `Policies` are set on the resource.
- "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used, but
- # the server may at any point start supplying a valid token.
- "policies": [ # The `Policies` that are set on the resource. It will be empty if no
+ "policies": [ # The `Policies` that are set on the resource. It will be empty if no
# `Policies` are set.
{ # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
# for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
+ "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+ "version": 42, # Version of the `Policy`. Default version is 0;
+ "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
# `Constraint` type.
# `constraint_default` enforcement behavior of the specific `Constraint` at
# this resource.
@@ -776,7 +770,7 @@
# enforcement of the `Constraint` for only those projects, allowing those
# projects to have all services activated.
},
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
+ "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
# resource.
#
# `ListPolicy` can define specific values and subtrees of Cloud Resource
@@ -785,24 +779,27 @@
# fields. This is achieved by using the `under:` and optional `is:` prefixes.
# The `under:` prefix is used to denote resource subtree values.
# The `is:` prefix is used to denote specific values, and is required only
- # if the value contains a ":". Values prefixed with "is:" are treated the
+ # if the value contains a ":". Values prefixed with "is:" are treated the
# same as values with no prefix.
# Ancestry subtrees must be in one of the following formats:
- # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- # - "folders/<folder-id>", e.g. "folders/1234"
- # - "organizations/<organization-id>", e.g. "organizations/1234"
+ # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
+ # - "folders/<folder-id>", e.g. "folders/1234"
+ # - "organizations/<organization-id>", e.g. "organizations/1234"
# The `supports_under` field of the associated `Constraint` defines whether
# ancestry prefixes can be used. You can set `allowed_values` and
# `denied_values` in the same `Policy` if `all_values` is
# `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
# values. If `all_values` is set to either `ALLOW` or `DENY`,
# `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
+ "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
+ "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
+ # that matches the value specified in this `Policy`. If `suggested_value`
+ # is not set, it will inherit the value specified higher in the hierarchy,
+ # unless `inherit_from_parent` is `false`.
+ "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
#
# By default, a `ListPolicy` set at a resource supercedes any `Policy` set
# anywhere up the resource hierarchy. However, if `inherit_from_parent` is
@@ -811,7 +808,7 @@
# added to the values inherited up the hierarchy.
#
# Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
+ # values isn't recommended in most circumstances to keep the configuration
# simple and understandable. However, it is possible to set a `Policy` with
# `allowed_values` set that inherits a `Policy` with `denied_values` set.
# In this case, the values that are allowed must be in `allowed_values` and
@@ -831,31 +828,31 @@
#
# Example 1 (no inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
+ # {allowed_values: "E3" allowed_values: "E4"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E3`, and `E4`.
#
# Example 2 (inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
- # {value: "E3" value: "E4" inherit_from_parent: true}
+ # {value: "E3" value: "E4" inherit_from_parent: true}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
#
# Example 3 (inheriting both allowed and denied values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
+ # {denied_values: "E1"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The value accepted at `projects/bar` is `E2`.
#
# Example 4 (RestoreDefault):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
# {RestoreDefault: {}}
# The accepted values at `organizations/foo` are `E1`, `E2`.
@@ -872,7 +869,7 @@
#
# Example 6 (ListConstraint allowing all):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: ALLOW}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -880,7 +877,7 @@
#
# Example 7 (ListConstraint allowing none):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: DENY}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -890,27 +887,43 @@
# Given the following resource hierarchy
# O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "under:organizations/O1"}
+ # {allowed_values: "under:organizations/O1"}
# `projects/bar` has a `Policy` with:
- # {allowed_values: "under:projects/P3"}
- # {denied_values: "under:folders/F2"}
+ # {allowed_values: "under:projects/P3"}
+ # {denied_values: "under:folders/F2"}
# The accepted values at `organizations/foo` are `organizations/O1`,
# `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
# `projects/P3`.
# The accepted values at `projects/bar` are `organizations/O1`,
# `folders/F1`, `projects/P1`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
+ "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
+ "allValues": "A String", # The policy all_values state.
},
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+ "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
+ # concurrency control.
+ #
+ # When the `Policy` is returned from either a `GetPolicy` or a
+ # `ListOrgPolicy` request, this `etag` indicates the version of the current
+ # `Policy` to use when executing a read-modify-write loop.
+ #
+ # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+ # `etag` will be unset.
+ #
+ # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+ # that was returned from a `GetOrgPolicy` request as part of a
+ # read-modify-write loop for concurrency control. Not setting the `etag`in a
+ # `SetOrgPolicy` request will result in an unconditional write of the
+ # `Policy`.
+ "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
+ # `constraints/serviceuser.services`.
+ #
+ # Immutable after creation.
+ "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+ "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
# configuration is acceptable.
#
# Suppose you have a `Constraint`
@@ -955,23 +968,10 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
},
],
+ "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used, but
+ # the server may at any point start supplying a valid token.
}</pre>
</div>
@@ -984,7 +984,7 @@
previous_response: The response from the request for the previous page. (required)
Returns:
- A request object that you can call 'execute()' on to request the next
+ A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
</pre>
</div>
@@ -1003,18 +1003,14 @@
The object takes the form of:
{ # The request sent to the SetOrgPolicyRequest method.
- "policy": { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` # `Policy` to set on the resource.
+ "policy": { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` # `Policy` to set on the resource.
# for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
+ "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+ "version": 42, # Version of the `Policy`. Default version is 0;
+ "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
# `Constraint` type.
# `constraint_default` enforcement behavior of the specific `Constraint` at
# this resource.
@@ -1028,7 +1024,7 @@
# enforcement of the `Constraint` for only those projects, allowing those
# projects to have all services activated.
},
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
+ "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
# resource.
#
# `ListPolicy` can define specific values and subtrees of Cloud Resource
@@ -1037,24 +1033,27 @@
# fields. This is achieved by using the `under:` and optional `is:` prefixes.
# The `under:` prefix is used to denote resource subtree values.
# The `is:` prefix is used to denote specific values, and is required only
- # if the value contains a ":". Values prefixed with "is:" are treated the
+ # if the value contains a ":". Values prefixed with "is:" are treated the
# same as values with no prefix.
# Ancestry subtrees must be in one of the following formats:
- # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- # - "folders/<folder-id>", e.g. "folders/1234"
- # - "organizations/<organization-id>", e.g. "organizations/1234"
+ # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
+ # - "folders/<folder-id>", e.g. "folders/1234"
+ # - "organizations/<organization-id>", e.g. "organizations/1234"
# The `supports_under` field of the associated `Constraint` defines whether
# ancestry prefixes can be used. You can set `allowed_values` and
# `denied_values` in the same `Policy` if `all_values` is
# `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
# values. If `all_values` is set to either `ALLOW` or `DENY`,
# `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
+ "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
+ "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
+ # that matches the value specified in this `Policy`. If `suggested_value`
+ # is not set, it will inherit the value specified higher in the hierarchy,
+ # unless `inherit_from_parent` is `false`.
+ "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
#
# By default, a `ListPolicy` set at a resource supercedes any `Policy` set
# anywhere up the resource hierarchy. However, if `inherit_from_parent` is
@@ -1063,7 +1062,7 @@
# added to the values inherited up the hierarchy.
#
# Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
+ # values isn't recommended in most circumstances to keep the configuration
# simple and understandable. However, it is possible to set a `Policy` with
# `allowed_values` set that inherits a `Policy` with `denied_values` set.
# In this case, the values that are allowed must be in `allowed_values` and
@@ -1083,31 +1082,31 @@
#
# Example 1 (no inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
+ # {allowed_values: "E3" allowed_values: "E4"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E3`, and `E4`.
#
# Example 2 (inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
- # {value: "E3" value: "E4" inherit_from_parent: true}
+ # {value: "E3" value: "E4" inherit_from_parent: true}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
#
# Example 3 (inheriting both allowed and denied values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
+ # {denied_values: "E1"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The value accepted at `projects/bar` is `E2`.
#
# Example 4 (RestoreDefault):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
# {RestoreDefault: {}}
# The accepted values at `organizations/foo` are `E1`, `E2`.
@@ -1124,7 +1123,7 @@
#
# Example 6 (ListConstraint allowing all):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: ALLOW}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -1132,7 +1131,7 @@
#
# Example 7 (ListConstraint allowing none):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: DENY}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -1142,27 +1141,43 @@
# Given the following resource hierarchy
# O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "under:organizations/O1"}
+ # {allowed_values: "under:organizations/O1"}
# `projects/bar` has a `Policy` with:
- # {allowed_values: "under:projects/P3"}
- # {denied_values: "under:folders/F2"}
+ # {allowed_values: "under:projects/P3"}
+ # {denied_values: "under:folders/F2"}
# The accepted values at `organizations/foo` are `organizations/O1`,
# `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
# `projects/P3`.
# The accepted values at `projects/bar` are `organizations/O1`,
# `folders/F1`, `projects/P1`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
+ "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
+ "allValues": "A String", # The policy all_values state.
},
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+ "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
+ # concurrency control.
+ #
+ # When the `Policy` is returned from either a `GetPolicy` or a
+ # `ListOrgPolicy` request, this `etag` indicates the version of the current
+ # `Policy` to use when executing a read-modify-write loop.
+ #
+ # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+ # `etag` will be unset.
+ #
+ # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+ # that was returned from a `GetOrgPolicy` request as part of a
+ # read-modify-write loop for concurrency control. Not setting the `etag`in a
+ # `SetOrgPolicy` request will result in an unconditional write of the
+ # `Policy`.
+ "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
+ # `constraints/serviceuser.services`.
+ #
+ # Immutable after creation.
+ "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+ "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
# configuration is acceptable.
#
# Suppose you have a `Constraint`
@@ -1207,21 +1222,6 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
},
}
@@ -1235,16 +1235,12 @@
{ # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
# for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
+ "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+ "version": 42, # Version of the `Policy`. Default version is 0;
+ "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
# `Constraint` type.
# `constraint_default` enforcement behavior of the specific `Constraint` at
# this resource.
@@ -1258,7 +1254,7 @@
# enforcement of the `Constraint` for only those projects, allowing those
# projects to have all services activated.
},
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
+ "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
# resource.
#
# `ListPolicy` can define specific values and subtrees of Cloud Resource
@@ -1267,24 +1263,27 @@
# fields. This is achieved by using the `under:` and optional `is:` prefixes.
# The `under:` prefix is used to denote resource subtree values.
# The `is:` prefix is used to denote specific values, and is required only
- # if the value contains a ":". Values prefixed with "is:" are treated the
+ # if the value contains a ":". Values prefixed with "is:" are treated the
# same as values with no prefix.
# Ancestry subtrees must be in one of the following formats:
- # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- # - "folders/<folder-id>", e.g. "folders/1234"
- # - "organizations/<organization-id>", e.g. "organizations/1234"
+ # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
+ # - "folders/<folder-id>", e.g. "folders/1234"
+ # - "organizations/<organization-id>", e.g. "organizations/1234"
# The `supports_under` field of the associated `Constraint` defines whether
# ancestry prefixes can be used. You can set `allowed_values` and
# `denied_values` in the same `Policy` if `all_values` is
# `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
# values. If `all_values` is set to either `ALLOW` or `DENY`,
# `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
+ "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
+ "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
+ # that matches the value specified in this `Policy`. If `suggested_value`
+ # is not set, it will inherit the value specified higher in the hierarchy,
+ # unless `inherit_from_parent` is `false`.
+ "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
#
# By default, a `ListPolicy` set at a resource supercedes any `Policy` set
# anywhere up the resource hierarchy. However, if `inherit_from_parent` is
@@ -1293,7 +1292,7 @@
# added to the values inherited up the hierarchy.
#
# Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
+ # values isn't recommended in most circumstances to keep the configuration
# simple and understandable. However, it is possible to set a `Policy` with
# `allowed_values` set that inherits a `Policy` with `denied_values` set.
# In this case, the values that are allowed must be in `allowed_values` and
@@ -1313,31 +1312,31 @@
#
# Example 1 (no inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
+ # {allowed_values: "E3" allowed_values: "E4"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E3`, and `E4`.
#
# Example 2 (inherited values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
- # {value: "E3" value: "E4" inherit_from_parent: true}
+ # {value: "E3" value: "E4" inherit_from_parent: true}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
#
# Example 3 (inheriting both allowed and denied values):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
+ # {denied_values: "E1"}
# The accepted values at `organizations/foo` are `E1`, `E2`.
# The value accepted at `projects/bar` is `E2`.
#
# Example 4 (RestoreDefault):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values:"E2"}
+ # {allowed_values: "E1" allowed_values:"E2"}
# `projects/bar` has a `Policy` with values:
# {RestoreDefault: {}}
# The accepted values at `organizations/foo` are `E1`, `E2`.
@@ -1354,7 +1353,7 @@
#
# Example 6 (ListConstraint allowing all):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: ALLOW}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -1362,7 +1361,7 @@
#
# Example 7 (ListConstraint allowing none):
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
+ # {allowed_values: "E1" allowed_values: "E2"}
# `projects/bar` has a `Policy` with:
# {all: DENY}
# The accepted values at `organizations/foo` are `E1`, E2`.
@@ -1372,27 +1371,43 @@
# Given the following resource hierarchy
# O1->{F1, F2}; F1->{P1}; F2->{P2, P3},
# `organizations/foo` has a `Policy` with values:
- # {allowed_values: "under:organizations/O1"}
+ # {allowed_values: "under:organizations/O1"}
# `projects/bar` has a `Policy` with:
- # {allowed_values: "under:projects/P3"}
- # {denied_values: "under:folders/F2"}
+ # {allowed_values: "under:projects/P3"}
+ # {denied_values: "under:folders/F2"}
# The accepted values at `organizations/foo` are `organizations/O1`,
# `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
# `projects/P3`.
# The accepted values at `projects/bar` are `organizations/O1`,
# `folders/F1`, `projects/P1`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`
+ "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`
# is set to `ALL_VALUES_UNSPECIFIED`.
- "A String",
+ "A String",
],
+ "allValues": "A String", # The policy all_values state.
},
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+ "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
+ # concurrency control.
+ #
+ # When the `Policy` is returned from either a `GetPolicy` or a
+ # `ListOrgPolicy` request, this `etag` indicates the version of the current
+ # `Policy` to use when executing a read-modify-write loop.
+ #
+ # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+ # `etag` will be unset.
+ #
+ # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+ # that was returned from a `GetOrgPolicy` request as part of a
+ # read-modify-write loop for concurrency control. Not setting the `etag`in a
+ # `SetOrgPolicy` request will result in an unconditional write of the
+ # `Policy`.
+ "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
+ # `constraints/serviceuser.services`.
+ #
+ # Immutable after creation.
+ "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+ "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
# configuration is acceptable.
#
# Suppose you have a `Constraint`
@@ -1437,21 +1452,6 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
}</pre>
</div>