GoogleCloudOrgpolicyV2PolicySpecPolicyRule
import type { GoogleCloudOrgpolicyV2PolicySpecPolicyRule } from "https://googleapis.deno.dev/v1/policysimulator:v1.ts";
A rule used to express this policy.
§Properties
Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
A condition which determines whether this rule is used in the evaluation
of the policy. When set, the expression
field in the `Expr' must include
from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each
subexpression must be of the form "resource.matchTag('/tag_key_short_name,
'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id',
'tagValues/value_id')". where key_name and value_name are the resource
names for Label Keys and Values. These names are available from the Tag
Manager Service. An example expression is:
"resource.matchTag('123456789/environment, 'prod')". or
"resource.matchTagId('tagKeys/123', 'tagValues/456')".
Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
If true
, then the policy is enforced. If false
, then any configuration
is acceptable. This field can be set only in policies for boolean
constraints.
List of values to be used for this policy rule. This field can be set only in policies for list constraints.