diff --git a/mmv1/products/orgpolicy/api.yaml b/mmv1/products/orgpolicy/api.yaml index 097e62cf1..3bcc2eb9d 100644 --- a/mmv1/products/orgpolicy/api.yaml +++ b/mmv1/products/orgpolicy/api.yaml @@ -494,3 +494,215 @@ objects: + + + + - !ruby/object:Api::Resource + name: OrganizationConstraint + base_url: '{{+parent}}/constraints' + references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + api: 'https://cloud.google.com/orgpolicy/docs' + async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{op_id}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' + description: |- + The response returned from the ListConstraints method. + properties: + + - !ruby/object:Api::Type::String + name: 'nextPageToken' + description: | + Page token used to retrieve the next page. This is currently not used. + - !ruby/object:Api::Type::Array + name: 'constraints' + description: | + The collection of constraints that are available on the targeted resource. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The human readable name. Mutable. + - !ruby/object:Api::Type::NestedObject + name: 'googleManagedConstraint' + description: | + A Google managed constraint. This represents a subset of fields missing from Constraint proto that are required to describe CustomConstraint + properties: + - !ruby/object:Api::Type::Enum + name: 'actionType' + description: | + Allow or deny type. + values: + - :ACTION_TYPE_UNSPECIFIED + - :ALLOW + - :DENY + - !ruby/object:Api::Type::Array + name: 'resourceTypes' + description: | + The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'condition' + description: | + Org policy condition/expression. For example: `resource.instanceName.matches("[production|test]_.*_(\d)+")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters. + - !ruby/object:Api::Type::Array + name: 'methodTypes' + description: | + All the operations being applied for this constraint. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'description' + description: | + Detailed description of what this constraint controls as well as how and where it is enforced. Mutable. + - !ruby/object:Api::Type::Enum + name: 'constraintDefault' + description: | + The evaluation behavior of this constraint in the absence of a policy. + values: + - :CONSTRAINT_DEFAULT_UNSPECIFIED + - :ALLOW + - :DENY + - !ruby/object:Api::Type::Boolean + name: 'supportsDryRun' + description: | + Shows if dry run is supported for this constraint or not. + - !ruby/object:Api::Type::String + name: 'name' + description: | + Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, "/projects/123/constraints/compute.disableSerialPortAccess". + - !ruby/object:Api::Type::NestedObject + name: 'listConstraint' + description: | + A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy. + properties: + - !ruby/object:Api::Type::Boolean + name: 'supportsUnder' + description: | + Indicates whether subtrees of the Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"under:folders/123"` would match any resource under the 'folders/123' folder. + - !ruby/object:Api::Type::Boolean + name: 'supportsIn' + description: | + Indicates whether values grouped into categories can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"in:Python"` would match any value in the 'Python' group. + + + + + - !ruby/object:Api::Resource + name: OrganizationConstraint + base_url: '{{+parent}}/constraints' + references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + api: 'https://cloud.google.com/orgpolicy/docs' + async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{op_id}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' + description: |- + The response returned from the ListConstraints method. + properties: + + - !ruby/object:Api::Type::String + name: 'nextPageToken' + description: | + Page token used to retrieve the next page. This is currently not used. + - !ruby/object:Api::Type::Array + name: 'constraints' + description: | + The collection of constraints that are available on the targeted resource. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The human readable name. Mutable. + - !ruby/object:Api::Type::NestedObject + name: 'googleManagedConstraint' + description: | + A Google managed constraint. This represents a subset of fields missing from Constraint proto that are required to describe CustomConstraint + properties: + - !ruby/object:Api::Type::Enum + name: 'actionType' + description: | + Allow or deny type. + values: + - :ACTION_TYPE_UNSPECIFIED + - :ALLOW + - :DENY + - !ruby/object:Api::Type::Array + name: 'resourceTypes' + description: | + The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'condition' + description: | + Org policy condition/expression. For example: `resource.instanceName.matches("[production|test]_.*_(\d)+")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters. + - !ruby/object:Api::Type::Array + name: 'methodTypes' + description: | + All the operations being applied for this constraint. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'description' + description: | + Detailed description of what this constraint controls as well as how and where it is enforced. Mutable. + - !ruby/object:Api::Type::Enum + name: 'constraintDefault' + description: | + The evaluation behavior of this constraint in the absence of a policy. + values: + - :CONSTRAINT_DEFAULT_UNSPECIFIED + - :ALLOW + - :DENY + - !ruby/object:Api::Type::Boolean + name: 'supportsDryRun' + description: | + Shows if dry run is supported for this constraint or not. + - !ruby/object:Api::Type::String + name: 'name' + description: | + Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, "/projects/123/constraints/compute.disableSerialPortAccess". + - !ruby/object:Api::Type::NestedObject + name: 'listConstraint' + description: | + A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy. + properties: + - !ruby/object:Api::Type::Boolean + name: 'supportsUnder' + description: | + Indicates whether subtrees of the Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"under:folders/123"` would match any resource under the 'folders/123' folder. + - !ruby/object:Api::Type::Boolean + name: 'supportsIn' + description: | + Indicates whether values grouped into categories can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"in:Python"` would match any value in the 'Python' group. +