GoogleCloudOrgpolicyV2PolicySpecPolicyRule

import type { GoogleCloudOrgpolicyV2PolicySpecPolicyRule } from "https://googleapis.deno.dev/v1/orgpolicy:v2.ts";

A rule used to express this policy.

interface GoogleCloudOrgpolicyV2PolicySpecPolicyRule {

allowAll?: boolean;

condition?: GoogleTypeExpr;

denyAll?: boolean;

enforce?: boolean;

values?: GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues;

}

§Properties

allowAll?: boolean

[src]

Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.

condition?: GoogleTypeExpr

[src]

A condition which determines whether this rule is used in the evaluation of the policy. When set, the expression field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".

denyAll?: boolean

[src]

Setting this to true means that all values are denied. This field can be set only in policies for list constraints.

enforce?: boolean

[src]

If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.

values?: GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues

[src]

List of values to be used for this policy rule. This field can be set only in policies for list constraints.