Reference documentation and code samples for the Google Cloud Org Policy V2 Client class Constraint.
A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Google Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden.
For details about the inheritance rules please read about policies
.
Constraints have a default behavior determined by the constraint_default
field, which is the enforcement behavior that is used in the absence of a
policy being defined or inherited for the resource in question.
Generated from protobuf message google.cloud.orgpolicy.v2.Constraint
Namespace
Google \ Cloud \ OrgPolicy \ V2Methods
__construct
Constructor.
data
array
Optional. Data for populating the Message object.
↳ name
string
Immutable. The resource name of the constraint. Must be in one of the following forms: * projects/{project_number}/constraints/{constraint_name}
* folders/{folder_id}/constraints/{constraint_name}
* organizations/{organization_id}/constraints/{constraint_name}
For example, "/projects/123/constraints/compute.disableSerialPortAccess".
↳ display_name
string
The human readable name. Mutable.
↳ description
string
Detailed description of what this constraint controls as well as how and where it is enforced. Mutable.
↳ constraint_default
int
The evaluation behavior of this constraint in the absence of a policy.
↳ list_constraint
Google\Cloud\OrgPolicy\V2\Constraint\ListConstraint
Defines this constraint as being a ListConstraint.
↳ boolean_constraint
Google\Cloud\OrgPolicy\V2\Constraint\BooleanConstraint
Defines this constraint as being a BooleanConstraint.
↳ supports_dry_run
bool
Shows if dry run is supported for this constraint or not.
getName
Immutable. The resource name of the constraint. Must be in one of the following forms:
-
projects/{project_number}/constraints/{constraint_name} -
folders/{folder_id}/constraints/{constraint_name} -
organizations/{organization_id}/constraints/{constraint_name}For example, "/projects/123/constraints/compute.disableSerialPortAccess".
string
setName
Immutable. The resource name of the constraint. Must be in one of the following forms:
-
projects/{project_number}/constraints/{constraint_name} -
folders/{folder_id}/constraints/{constraint_name} -
organizations/{organization_id}/constraints/{constraint_name}For example, "/projects/123/constraints/compute.disableSerialPortAccess".
var
string
$this
getDisplayName
The human readable name.
Mutable.
string
setDisplayName
The human readable name.
Mutable.
var
string
$this
getDescription
Detailed description of what this constraint controls as well as how and where it is enforced.
Mutable.
string
setDescription
Detailed description of what this constraint controls as well as how and where it is enforced.
Mutable.
var
string
$this
getConstraintDefault
The evaluation behavior of this constraint in the absence of a policy.
int
setConstraintDefault
The evaluation behavior of this constraint in the absence of a policy.
var
int
$this
getListConstraint
Defines this constraint as being a ListConstraint.
hasListConstraint
setListConstraint
Defines this constraint as being a ListConstraint.
$this
getBooleanConstraint
Defines this constraint as being a BooleanConstraint.
hasBooleanConstraint
setBooleanConstraint
Defines this constraint as being a BooleanConstraint.
$this
getSupportsDryRun
Shows if dry run is supported for this constraint or not.
bool
setSupportsDryRun
Shows if dry run is supported for this constraint or not.
var
bool
$this
getConstraintType
string
