GoogleCloudOrgpolicyV2PolicySpecPolicyRule
import type { GoogleCloudOrgpolicyV2PolicySpecPolicyRule } from "https://googleapis.deno.dev/v1/orgpolicy:v2.ts";A rule used to express this policy.
§Properties
Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
A condition which determines whether this rule is used in the evaluation
of the policy. When set, the expression field in the `Expr' must include
from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each
subexpression must be of the form "resource.matchTag('/tag_key_short_name,
'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id',
'tagValues/value_id')". where key_name and value_name are the resource
names for Label Keys and Values. These names are available from the Tag
Manager Service. An example expression is:
"resource.matchTag('123456789/environment, 'prod')". or
"resource.matchTagId('tagKeys/123', 'tagValues/456')".
Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
If true, then the policy is enforced. If false, then any configuration
is acceptable. This field can be set in policies for boolean constraints,
custom constraints and managed constraints.
Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true }
List of values to be used for this policy rule. This field can be set only in policies for list constraints.