|
429 | 429 | ] |
430 | 430 | }, |
431 | 431 | "get": { |
432 | | - "description": "Gets a custom constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the custom constraint does not exist.", |
| 432 | + "description": "Gets a custom or managed constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the custom or managed constraint does not exist.", |
433 | 433 | "flatPath": "v2/organizations/{organizationsId}/customConstraints/{customConstraintsId}", |
434 | 434 | "httpMethod": "GET", |
435 | 435 | "id": "orgpolicy.organizations.customConstraints.get", |
|
438 | 438 | ], |
439 | 439 | "parameters": { |
440 | 440 | "name": { |
441 | | - "description": "Required. Resource name of the custom constraint. See the custom constraint entry for naming requirements.", |
| 441 | + "description": "Required. Resource name of the custom or managed constraint. See the custom constraint entry for naming requirements.", |
442 | 442 | "location": "path", |
443 | 443 | "pattern": "^organizations/[^/]+/customConstraints/[^/]+$", |
444 | 444 | "required": true, |
|
930 | 930 | } |
931 | 931 | } |
932 | 932 | }, |
933 | | - "revision": "20240524", |
| 933 | + "revision": "20250117", |
934 | 934 | "rootUrl": "https://orgpolicy.googleapis.com/", |
935 | 935 | "schemas": { |
936 | 936 | "GoogleCloudOrgpolicyV2AlternatePolicySpec": { |
937 | | - "description": "Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.", |
| 937 | + "description": "Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run.", |
938 | 938 | "id": "GoogleCloudOrgpolicyV2AlternatePolicySpec", |
939 | 939 | "properties": { |
940 | 940 | "launch": { |
|
949 | 949 | "type": "object" |
950 | 950 | }, |
951 | 951 | "GoogleCloudOrgpolicyV2Constraint": { |
952 | | - "description": "A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Google Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about `policies`. Constraints have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.", |
| 952 | + "description": "A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Google Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules, see `Policy`. Constraints have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.", |
953 | 953 | "id": "GoogleCloudOrgpolicyV2Constraint", |
954 | 954 | "properties": { |
955 | 955 | "booleanConstraint": { |
956 | 956 | "$ref": "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint", |
957 | | - "description": "Defines this constraint as being a BooleanConstraint." |
| 957 | + "description": "Defines this constraint as being a boolean constraint." |
958 | 958 | }, |
959 | 959 | "constraintDefault": { |
960 | 960 | "description": "The evaluation behavior of this constraint in the absence of a policy.", |
|
964 | 964 | "DENY" |
965 | 965 | ], |
966 | 966 | "enumDescriptions": [ |
967 | | - "This is only used for distinguishing unset values and should never be used.", |
| 967 | + "This is only used for distinguishing unset values and should never be used. Results in an error.", |
968 | 968 | "Indicate that all values are allowed for list constraints. Indicate that enforcement is off for boolean constraints.", |
969 | 969 | "Indicate that all values are denied for list constraints. Indicate that enforcement is on for boolean constraints." |
970 | 970 | ], |
|
980 | 980 | }, |
981 | 981 | "listConstraint": { |
982 | 982 | "$ref": "GoogleCloudOrgpolicyV2ConstraintListConstraint", |
983 | | - "description": "Defines this constraint as being a ListConstraint." |
| 983 | + "description": "Defines this constraint as being a list constraint." |
984 | 984 | }, |
985 | 985 | "name": { |
986 | 986 | "description": "Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, \"/projects/123/constraints/compute.disableSerialPortAccess\".", |
|
989 | 989 | "supportsDryRun": { |
990 | 990 | "description": "Shows if dry run is supported for this constraint or not.", |
991 | 991 | "type": "boolean" |
| 992 | + }, |
| 993 | + "supportsSimulation": { |
| 994 | + "description": "Shows if simulation is supported for this constraint or not.", |
| 995 | + "type": "boolean" |
992 | 996 | } |
993 | 997 | }, |
994 | 998 | "type": "object" |
995 | 999 | }, |
996 | 1000 | "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint": { |
997 | | - "description": "A constraint that is either enforced or not. For example, a constraint `constraints/compute.disableSerialPortAccess`. If it is enforced on a VM instance, serial port connections will not be opened to that instance.", |
| 1001 | + "description": "A constraint type is enforced or not enforced, which is configured in the `PolicyRule`. If `customConstraintDefinition` is defined, this constraint is a managed constraint.", |
998 | 1002 | "id": "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint", |
999 | | - "properties": {}, |
| 1003 | + "properties": { |
| 1004 | + "customConstraintDefinition": { |
| 1005 | + "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition", |
| 1006 | + "description": "Custom constraint definition. Defines this as a managed constraint." |
| 1007 | + } |
| 1008 | + }, |
| 1009 | + "type": "object" |
| 1010 | + }, |
| 1011 | + "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition": { |
| 1012 | + "description": "Custom constraint definition. Defines this as a managed constraint.", |
| 1013 | + "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition", |
| 1014 | + "properties": { |
| 1015 | + "actionType": { |
| 1016 | + "description": "Allow or deny type.", |
| 1017 | + "enum": [ |
| 1018 | + "ACTION_TYPE_UNSPECIFIED", |
| 1019 | + "ALLOW", |
| 1020 | + "DENY" |
| 1021 | + ], |
| 1022 | + "enumDescriptions": [ |
| 1023 | + "This is only used for distinguishing unset values and should never be used. Results in an error.", |
| 1024 | + "Allowed action type.", |
| 1025 | + "Deny action type." |
| 1026 | + ], |
| 1027 | + "type": "string" |
| 1028 | + }, |
| 1029 | + "condition": { |
| 1030 | + "description": "Org policy condition/expression. For example: `resource.instanceName.matches(\"[production|test]_.*_(\\d)+\")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.", |
| 1031 | + "type": "string" |
| 1032 | + }, |
| 1033 | + "methodTypes": { |
| 1034 | + "description": "All the operations being applied for this constraint.", |
| 1035 | + "items": { |
| 1036 | + "enum": [ |
| 1037 | + "METHOD_TYPE_UNSPECIFIED", |
| 1038 | + "CREATE", |
| 1039 | + "UPDATE", |
| 1040 | + "DELETE", |
| 1041 | + "REMOVE_GRANT", |
| 1042 | + "GOVERN_TAGS" |
| 1043 | + ], |
| 1044 | + "enumDescriptions": [ |
| 1045 | + "This is only used for distinguishing unset values and should never be used. Results in an error.", |
| 1046 | + "Constraint applied when creating the resource.", |
| 1047 | + "Constraint applied when updating the resource.", |
| 1048 | + "Constraint applied when deleting the resource. Not currently supported.", |
| 1049 | + "Constraint applied when removing an IAM grant.", |
| 1050 | + "Constraint applied when enforcing forced tagging." |
| 1051 | + ], |
| 1052 | + "type": "string" |
| 1053 | + }, |
| 1054 | + "type": "array" |
| 1055 | + }, |
| 1056 | + "parameters": { |
| 1057 | + "additionalProperties": { |
| 1058 | + "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter" |
| 1059 | + }, |
| 1060 | + "description": "Stores the structure of `Parameters` used by the constraint condition. The key of `map` represents the name of the parameter.", |
| 1061 | + "type": "object" |
| 1062 | + }, |
| 1063 | + "resourceTypes": { |
| 1064 | + "description": "The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`.", |
| 1065 | + "items": { |
| 1066 | + "type": "string" |
| 1067 | + }, |
| 1068 | + "type": "array" |
| 1069 | + } |
| 1070 | + }, |
| 1071 | + "type": "object" |
| 1072 | + }, |
| 1073 | + "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter": { |
| 1074 | + "description": "Defines a parameter structure.", |
| 1075 | + "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter", |
| 1076 | + "properties": { |
| 1077 | + "defaultValue": { |
| 1078 | + "description": "Sets the value of the parameter in an assignment if no value is given.", |
| 1079 | + "type": "any" |
| 1080 | + }, |
| 1081 | + "item": { |
| 1082 | + "description": "Determines the parameter's value structure. For example, `LIST` can be specified by defining `type: LIST`, and `item: STRING`.", |
| 1083 | + "enum": [ |
| 1084 | + "TYPE_UNSPECIFIED", |
| 1085 | + "LIST", |
| 1086 | + "STRING", |
| 1087 | + "BOOLEAN" |
| 1088 | + ], |
| 1089 | + "enumDescriptions": [ |
| 1090 | + "This is only used for distinguishing unset values and should never be used. Results in an error.", |
| 1091 | + "List parameter type.", |
| 1092 | + "String parameter type.", |
| 1093 | + "Boolean parameter type." |
| 1094 | + ], |
| 1095 | + "type": "string" |
| 1096 | + }, |
| 1097 | + "metadata": { |
| 1098 | + "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata", |
| 1099 | + "description": "Defines subproperties primarily used by the UI to display user-friendly information." |
| 1100 | + }, |
| 1101 | + "type": { |
| 1102 | + "description": "Type of the parameter.", |
| 1103 | + "enum": [ |
| 1104 | + "TYPE_UNSPECIFIED", |
| 1105 | + "LIST", |
| 1106 | + "STRING", |
| 1107 | + "BOOLEAN" |
| 1108 | + ], |
| 1109 | + "enumDescriptions": [ |
| 1110 | + "This is only used for distinguishing unset values and should never be used. Results in an error.", |
| 1111 | + "List parameter type.", |
| 1112 | + "String parameter type.", |
| 1113 | + "Boolean parameter type." |
| 1114 | + ], |
| 1115 | + "type": "string" |
| 1116 | + }, |
| 1117 | + "validValuesExpr": { |
| 1118 | + "description": "Provides a CEL expression to specify the acceptable parameter values during assignment. For example, parameterName in (\"parameterValue1\", \"parameterValue2\")", |
| 1119 | + "type": "string" |
| 1120 | + } |
| 1121 | + }, |
| 1122 | + "type": "object" |
| 1123 | + }, |
| 1124 | + "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata": { |
| 1125 | + "description": "Defines Metadata structure.", |
| 1126 | + "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata", |
| 1127 | + "properties": { |
| 1128 | + "description": { |
| 1129 | + "description": "Detailed description of what this `parameter` is and use of it. Mutable.", |
| 1130 | + "type": "string" |
| 1131 | + } |
| 1132 | + }, |
1000 | 1133 | "type": "object" |
1001 | 1134 | }, |
1002 | 1135 | "GoogleCloudOrgpolicyV2ConstraintListConstraint": { |
1003 | | - "description": "A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy.", |
| 1136 | + "description": "A constraint type that allows or disallows a list of string values, which are configured in the `PolicyRule`.", |
1004 | 1137 | "id": "GoogleCloudOrgpolicyV2ConstraintListConstraint", |
1005 | 1138 | "properties": { |
1006 | 1139 | "supportsIn": { |
|
1026 | 1159 | "DENY" |
1027 | 1160 | ], |
1028 | 1161 | "enumDescriptions": [ |
1029 | | - "Unspecified. Results in an error.", |
| 1162 | + "This is only used for distinguishing unset values and should never be used. Results in an error.", |
1030 | 1163 | "Allowed action type.", |
1031 | 1164 | "Deny action type." |
1032 | 1165 | ], |
1033 | 1166 | "type": "string" |
1034 | 1167 | }, |
1035 | 1168 | "condition": { |
1036 | | - "description": "Org policy condition/expression. For example: `resource.instanceName.matches(\"[production|test]_.*_(\\d)+\")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.", |
| 1169 | + "description": "A Common Expression Language (CEL) condition which is used in the evaluation of the constraint. For example: `resource.instanceName.matches(\"[production|test]_.*_(\\d)+\")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.", |
1037 | 1170 | "type": "string" |
1038 | 1171 | }, |
1039 | 1172 | "description": { |
|
1056 | 1189 | "GOVERN_TAGS" |
1057 | 1190 | ], |
1058 | 1191 | "enumDescriptions": [ |
1059 | | - "Unspecified. Results in an error.", |
| 1192 | + "This is only used for distinguishing unset values and should never be used. Results in an error.", |
1060 | 1193 | "Constraint applied when creating the resource.", |
1061 | 1194 | "Constraint applied when updating the resource.", |
1062 | | - "Constraint applied when deleting the resource. Not supported yet.", |
| 1195 | + "Constraint applied when deleting the resource. Not currently supported.", |
1063 | 1196 | "Constraint applied when removing an IAM grant.", |
1064 | 1197 | "Constraint applied when enforcing forced tagging." |
1065 | 1198 | ], |
|
1079 | 1212 | "type": "array" |
1080 | 1213 | }, |
1081 | 1214 | "updateTime": { |
1082 | | - "description": "Output only. The last time this custom constraint was updated. This represents the last time that the `CreateCustomConstraint` or `UpdateCustomConstraint` RPC was called", |
| 1215 | + "description": "Output only. The last time this custom constraint was updated. This represents the last time that the `CreateCustomConstraint` or `UpdateCustomConstraint` methods were called.", |
1083 | 1216 | "format": "google-datetime", |
1084 | 1217 | "readOnly": true, |
1085 | 1218 | "type": "string" |
|
1106 | 1239 | "type": "object" |
1107 | 1240 | }, |
1108 | 1241 | "GoogleCloudOrgpolicyV2ListCustomConstraintsResponse": { |
1109 | | - "description": "The response returned from the ListCustomConstraints method. It will be empty if no custom constraints are set on the organization resource.", |
| 1242 | + "description": "The response returned from the ListCustomConstraints method. It will be empty if no custom or managed constraints are set on the organization resource.", |
1110 | 1243 | "id": "GoogleCloudOrgpolicyV2ListCustomConstraintsResponse", |
1111 | 1244 | "properties": { |
1112 | 1245 | "customConstraints": { |
1113 | | - "description": "All custom constraints that exist on the organization resource. It will be empty if no custom constraints are set.", |
| 1246 | + "description": "All custom and managed constraints that exist on the organization resource. It will be empty if no custom constraints are set.", |
1114 | 1247 | "items": { |
1115 | 1248 | "$ref": "GoogleCloudOrgpolicyV2CustomConstraint" |
1116 | 1249 | }, |
|
1164 | 1297 | }, |
1165 | 1298 | "spec": { |
1166 | 1299 | "$ref": "GoogleCloudOrgpolicyV2PolicySpec", |
1167 | | - "description": "Basic information about the Organization Policy." |
| 1300 | + "description": "Basic information about the organization policy." |
1168 | 1301 | } |
1169 | 1302 | }, |
1170 | 1303 | "type": "object" |
|
1221 | 1354 | "description": "If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.", |
1222 | 1355 | "type": "boolean" |
1223 | 1356 | }, |
| 1357 | + "parameters": { |
| 1358 | + "additionalProperties": { |
| 1359 | + "description": "Properties of the object.", |
| 1360 | + "type": "any" |
| 1361 | + }, |
| 1362 | + "description": "Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true }", |
| 1363 | + "type": "object" |
| 1364 | + }, |
1224 | 1365 | "values": { |
1225 | 1366 | "$ref": "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues", |
1226 | 1367 | "description": "List of values to be used for this policy rule. This field can be set only in policies for list constraints." |
|
0 commit comments