In some situations it might be preferable to limit the job target type. To do this, administrators who have the Organization Policy Administrator role can configure a policy to control what kind of job targets (HTTP, Pub/Sub, and/or App Engine HTTP) can be created in their organization.
Console
-
Visit the Organization policiespage of the IAM & Adminsection.
-
From the top left dropdown, select the resource (organization or project) to which you wish to apply the constraint.
-
Select Allowed target types for jobsfrom the list of Organization Policies.
-
On the policy page, click the Editbutton.
-
Under Rules, open Add Rule
-
Select Customfor Policy values.
-
Select Allowfor Policy type.
-
Add the type (PUBSUB, HTTP, or APPENGINE) to allowlist.
-
Click on New Policy Valueto add multiple job types.
-
Saveto enforce the policy.
-
Gcloud
-
To see the value of the constraint in an existing policy:
gcloud resource-manager org-policies describe cloudscheduler.allowedTargetTypes -- RESOURCE_TYPE = RESOURCE_ID
Where RESOURCE_TYPE is either
project,folder, ororganization, depending on where in the hierarchy the policy is attached.Which should return something like this:
constraint: constraints/cloudscheduler.allowedTargetTypes etag: ETAG_VALUE listPolicy: allowedValues: - PUBSUB updateTime: '2021-09-04T15:30:45.313018Z' -
To create a
policy.yamlfile with the constraint:cat >policy.yaml constraint: constraints/cloudscheduler.allowedTargetTypes -- RESOURCE_TYPE = RESOURCE_ID etag: ETAG_VALUE listPolicy: allowedValues: - PUBSUB
-
To set the policy:
gcloud resource-manager org-policies set-policy -- RESOURCE_TYPE = RESOURCE_ID policy.yaml
-
To delete the constraint:
gcloud resource-manager org-policies delete -- RESOURCE_TYPE = RESOURCE_ID constraints/cloudscheduler.allowedTargetTypes
