GoogleCloudSecuritypostureV1PolicyRule
import type { GoogleCloudSecuritypostureV1PolicyRule } from "https://googleapis.deno.dev/v1/securityposture:v1.ts";A rule that defines the allowed and denied values for an organization policy constraint.
§Properties
Whether to allow any value for a list constraint. Valid only for list constraints.
A condition that determines whether this rule is used to evaluate the
policy. When set, the google.type.Expr.expression field must contain 1 to
10 subexpressions, joined by the || or && operators. Each subexpression
must use the resource.matchTag() or resource.matchTagId() Common
Expression Language (CEL) function. The resource.matchTag() function
takes the following arguments: * key_name: the namespaced name of the tag
key, with the organization ID and a slash (/) as a prefix; for example,
123456789012/environment * value_name: the short name of the tag value
For example: resource.matchTag('123456789012/environment, 'prod') The
resource.matchTagId() function takes the following arguments: * key_id:
the permanent ID of the tag key; for example, tagKeys/123456789012 *
value_id: the permanent ID of the tag value; for example,
tagValues/567890123456 For example:
resource.matchTagId('tagKeys/123456789012', 'tagValues/567890123456')
Whether to deny all values for a list constraint. Valid only for list constraints.
Optional. Required for GMCs if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true }
Optional. The resource types policy can support, only used for Google managed constraint and method type is GOVERN_TAGS.
The allowed and denied values for a list constraint. Valid only for list constraints.