Class Policy.ListPolicy (2.42.0)

public static final class Policy.ListPolicy extends GeneratedMessageV3 implements Policy.ListPolicyOrBuilder

Used in policy_type to specify how list_policy behaves at this resource.

ListPolicy can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied by setting the allowed_values and denied_values fields. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

  • "projects/<project-id>", e.g. "projects/tokyo-rain-123"
  • "folders/<folder-id>", e.g. "folders/1234"
  • "organizations/<organization-id>", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. You can set allowed_values and denied_values in the same Policy if all_values is ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all values. If all_values is set to either ALLOW or DENY, allowed_values and denied_values must be unset.

Protobuf type google.cloud.orgpolicy.v1.Policy.ListPolicy

Static Fields

ALLOWED_VALUES_FIELD_NUMBER

public static final int ALLOWED_VALUES_FIELD_NUMBER
Field Value
Type Description
int

ALL_VALUES_FIELD_NUMBER

public static final int ALL_VALUES_FIELD_NUMBER
Field Value
Type Description
int

DENIED_VALUES_FIELD_NUMBER

public static final int DENIED_VALUES_FIELD_NUMBER
Field Value
Type Description
int

INHERIT_FROM_PARENT_FIELD_NUMBER

public static final int INHERIT_FROM_PARENT_FIELD_NUMBER
Field Value
Type Description
int

SUGGESTED_VALUE_FIELD_NUMBER

public static final int SUGGESTED_VALUE_FIELD_NUMBER
Field Value
Type Description
int

Static Methods

getDefaultInstance()

public static Policy.ListPolicy getDefaultInstance()
Returns
Type Description
Policy.ListPolicy

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
Type Description
Descriptor

newBuilder()

public static Policy.ListPolicy.Builder newBuilder()
Returns
Type Description
Policy.ListPolicy.Builder

newBuilder(Policy.ListPolicy prototype)

public static Policy.ListPolicy.Builder newBuilder(Policy.ListPolicy prototype)
Parameter
Name Description
prototype Policy.ListPolicy
Returns
Type Description
Policy.ListPolicy.Builder

parseDelimitedFrom(InputStream input)

public static Policy.ListPolicy parseDelimitedFrom(InputStream input)
Parameter
Name Description
input InputStream
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
IOException

parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static Policy.ListPolicy parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input InputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
IOException

parseFrom(byte[] data)

public static Policy.ListPolicy parseFrom(byte[] data)
Parameter
Name Description
data byte[]
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)

public static Policy.ListPolicy parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data byte[]
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteString data)

public static Policy.ListPolicy parseFrom(ByteString data)
Parameter
Name Description
data ByteString
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)

public static Policy.ListPolicy parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data ByteString
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(CodedInputStream input)

public static Policy.ListPolicy parseFrom(CodedInputStream input)
Parameter
Name Description
input CodedInputStream
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
IOException

parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public static Policy.ListPolicy parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input CodedInputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
IOException

parseFrom(InputStream input)

public static Policy.ListPolicy parseFrom(InputStream input)
Parameter
Name Description
input InputStream
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
IOException

parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static Policy.ListPolicy parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input InputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
IOException

parseFrom(ByteBuffer data)

public static Policy.ListPolicy parseFrom(ByteBuffer data)
Parameter
Name Description
data ByteBuffer
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)

public static Policy.ListPolicy parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data ByteBuffer
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Policy.ListPolicy
Exceptions
Type Description
InvalidProtocolBufferException

parser()

public static Parser<Policy.ListPolicy> parser()
Returns
Type Description
Parser<ListPolicy>

Methods

equals(Object obj)

public boolean equals(Object obj)
Parameter
Name Description
obj Object
Returns
Type Description
boolean
Overrides

getAllValues()

public Policy.ListPolicy.AllValues getAllValues()

The policy all_values state.

.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;

Returns
Type Description
Policy.ListPolicy.AllValues

The allValues.

getAllValuesValue()

public int getAllValuesValue()

The policy all_values state.

.google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues all_values = 3;

Returns
Type Description
int

The enum numeric value on the wire for allValues.

getAllowedValues(int index)

public String getAllowedValues(int index)

List of values allowed at this resource. Can only be set if all_values is set to ALL_VALUES_UNSPECIFIED.

repeated string allowed_values = 1;

Parameter
Name Description
index int

The index of the element to return.

Returns
Type Description
String

The allowedValues at the given index.

getAllowedValuesBytes(int index)

public ByteString getAllowedValuesBytes(int index)

List of values allowed at this resource. Can only be set if all_values is set to ALL_VALUES_UNSPECIFIED.

repeated string allowed_values = 1;

Parameter
Name Description
index int

The index of the value to return.

Returns
Type Description
ByteString

The bytes of the allowedValues at the given index.

getAllowedValuesCount()

public int getAllowedValuesCount()

List of values allowed at this resource. Can only be set if all_values is set to ALL_VALUES_UNSPECIFIED.

repeated string allowed_values = 1;

Returns
Type Description
int

The count of allowedValues.

getAllowedValuesList()

public ProtocolStringList getAllowedValuesList()

List of values allowed at this resource. Can only be set if all_values is set to ALL_VALUES_UNSPECIFIED.

repeated string allowed_values = 1;

Returns
Type Description
ProtocolStringList

A list containing the allowedValues.

getDefaultInstanceForType()

public Policy.ListPolicy getDefaultInstanceForType()
Returns
Type Description
Policy.ListPolicy

getDeniedValues(int index)

public String getDeniedValues(int index)

List of values denied at this resource. Can only be set if all_values is set to ALL_VALUES_UNSPECIFIED.

repeated string denied_values = 2;

Parameter
Name Description
index int

The index of the element to return.

Returns
Type Description
String

The deniedValues at the given index.

getDeniedValuesBytes(int index)

public ByteString getDeniedValuesBytes(int index)

List of values denied at this resource. Can only be set if all_values is set to ALL_VALUES_UNSPECIFIED.

repeated string denied_values = 2;

Parameter
Name Description
index int

The index of the value to return.

Returns
Type Description
ByteString

The bytes of the deniedValues at the given index.

getDeniedValuesCount()

public int getDeniedValuesCount()

List of values denied at this resource. Can only be set if all_values is set to ALL_VALUES_UNSPECIFIED.

repeated string denied_values = 2;

Returns
Type Description
int

The count of deniedValues.

getDeniedValuesList()

public ProtocolStringList getDeniedValuesList()

List of values denied at this resource. Can only be set if all_values is set to ALL_VALUES_UNSPECIFIED.

repeated string denied_values = 2;

Returns
Type Description
ProtocolStringList

A list containing the deniedValues.

getInheritFromParent()

public boolean getInheritFromParent()

Determines the inheritance behavior for this Policy.

By default, a ListPolicy set at a resource supercedes any Policy set anywhere up the resource hierarchy. However, if inherit_from_parent is set to true, then the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.

Setting Policy hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a Policy with allowed_values set that inherits a Policy with denied_values set. In this case, the values that are allowed must be in allowed_values and not present in denied_values.

For example, suppose you have a Constraint constraints/serviceuser.services, which has a constraint_type of list_constraint, and with constraint_default set to ALLOW. Suppose that at the Organization level, a Policy is applied that restricts the allowed API activations to {E1, E2}. Then, if a Policy is applied to a project below the Organization that has inherit_from_parent set to false and field all_values set to DENY, then an attempt to activate any API will be denied.

The following examples demonstrate different possible layerings for projects/bar parented by organizations/foo:

Example 1 (no inherited values): organizations/foo has a Policy with values: {allowed_values: "E1" allowed_values:"E2"} projects/bar has inherit_from_parent false and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at organizations/foo are E1, E2. The accepted values at projects/bar are E3, and E4.

Example 2 (inherited values): organizations/foo has a Policy with values: {allowed_values: "E1" allowed_values:"E2"} projects/bar has a Policy with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at organizations/foo are E1, E2. The accepted values at projects/bar are E1, E2, E3, and E4.

Example 3 (inheriting both allowed and denied values): organizations/foo has a Policy with values: {allowed_values: "E1" allowed_values: "E2"} projects/bar has a Policy with: {denied_values: "E1"} The accepted values at organizations/foo are E1, E2. The value accepted at projects/bar is E2.

Example 4 (RestoreDefault): organizations/foo has a Policy with values: {allowed_values: "E1" allowed_values:"E2"} projects/bar has a Policy with values: {RestoreDefault: {}} The accepted values at organizations/foo are E1, E2. The accepted values at projects/bar are either all or none depending on the value of constraint_default (if ALLOW, all; if DENY, none).

Example 5 (no policy inherits parent policy): organizations/foo has no Policy set. projects/bar has no Policy set. The accepted values at both levels are either all or none depending on the value of constraint_default (if ALLOW, all; if DENY, none).

Example 6 (ListConstraint allowing all): organizations/foo has a Policy with values: {allowed_values: "E1" allowed_values: "E2"} projects/bar has a Policy with: {all: ALLOW} The accepted values at organizations/foo are E1, E2. Any value is accepted at projects/bar.

Example 7 (ListConstraint allowing none): organizations/foo has a Policy with values: {allowed_values: "E1" allowed_values: "E2"} projects/bar has a Policy with: {all: DENY} The accepted values at organizations/foo are E1, E2. No value is accepted at projects/bar.

Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, organizations/foo has a Policy with values: {allowed_values: "under:organizations/O1"} projects/bar has a Policy with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at organizations/foo are organizations/O1, folders/F1, folders/F2, projects/P1, projects/P2, projects/P3. The accepted values at projects/bar are organizations/O1, folders/F1, projects/P1.

bool inherit_from_parent = 5;

Returns
Type Description
boolean

The inheritFromParent.

getParserForType()

public Parser<Policy.ListPolicy> getParserForType()
Returns
Type Description
Parser<ListPolicy>
Overrides

getSerializedSize()

public int getSerializedSize()
Returns
Type Description
int
Overrides

getSuggestedValue()

public String getSuggestedValue()

Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this Policy. If suggested_value is not set, it will inherit the value specified higher in the hierarchy, unless inherit_from_parent is false.

string suggested_value = 4;

Returns
Type Description
String

The suggestedValue.

getSuggestedValueBytes()

public ByteString getSuggestedValueBytes()

Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this Policy. If suggested_value is not set, it will inherit the value specified higher in the hierarchy, unless inherit_from_parent is false.

string suggested_value = 4;

Returns
Type Description
ByteString

The bytes for suggestedValue.

hashCode()

public int hashCode()
Returns
Type Description
int
Overrides

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
Type Description
FieldAccessorTable
Overrides

isInitialized()

public final boolean isInitialized()
Returns
Type Description
boolean
Overrides

newBuilderForType()

public Policy.ListPolicy.Builder newBuilderForType()
Returns
Type Description
Policy.ListPolicy.Builder

newBuilderForType(GeneratedMessageV3.BuilderParent parent)

protected Policy.ListPolicy.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
Name Description
parent BuilderParent
Returns
Type Description
Policy.ListPolicy.Builder
Overrides

newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)

protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
Name Description
unused UnusedPrivateParameter
Returns
Type Description
Object
Overrides

toBuilder()

public Policy.ListPolicy.Builder toBuilder()
Returns
Type Description
Policy.ListPolicy.Builder

writeTo(CodedOutputStream output)

public void writeTo(CodedOutputStream output)
Parameter
Name Description
output CodedOutputStream
Overrides
Exceptions
Type Description
IOException