OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-02-14 23:30:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

update all APIs

Browse Source 
Like documented in the README

```
rm -f .api.deps .cli.deps && FETCH_APIS=1 make update-json -j8
```
This commit is contained in:
Sebastian Thiel
2024-03-05 18:54:36 +01:00
parent 8a12e9d47e
commit ca974aa0a5
347 changed files with 202580 additions and 50157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
etc/api/orgpolicy/v2/orgpolicy-api.json
View File

@@ -12,7 +12,7 @@
"baseUrl": "https://orgpolicy.googleapis.com/",
"batchPath": "batch",
"canonicalName": "OrgPolicy API",
"description": "The Org Policy API allows users to configure governance rules on their GCP resources across the Cloud Resource Hierarchy.",
"description": "The Organization Policy API allows users to configure governance rules on their Google Cloud resources across the resource hierarchy.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/orgpolicy/docs/reference/rest/index.html",
"fullyEncodeReservedExpansion": true,
@@ -110,7 +110,7 @@
"constraints": {
"methods": {
"list": {
"description": "Lists `Constraints` that could be applied on the specified resource.",
"description": "Lists constraints that could be applied on the specified resource.",
"flatPath": "v2/folders/{foldersId}/constraints",
"httpMethod": "GET",
"id": "orgpolicy.folders.constraints.list",
@@ -130,7 +130,7 @@
"type": "string"
},
"parent": {
"description": "Required. The Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
@@ -150,7 +150,7 @@
"policies": {
"methods": {
"create": {
"description": "Creates a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Cloud resource.",
"description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Google Cloud resource.",
"flatPath": "v2/folders/{foldersId}/policies",
"httpMethod": "POST",
"id": "orgpolicy.folders.policies.create",
@@ -159,7 +159,7 @@
],
"parameters": {
"parent": {
"description": "Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The Google Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
@@ -178,7 +178,7 @@
]
},
"delete": {
"description": "Deletes a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or Org Policy does not exist.",
"description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist.",
"flatPath": "v2/folders/{foldersId}/policies/{policiesId}",
"httpMethod": "DELETE",
"id": "orgpolicy.folders.policies.delete",
@@ -186,8 +186,13 @@
"name"
],
"parameters": {
"etag": {
"description": "Optional. The current etag of policy. If an etag is provided and does not match the current etag of the policy, deletion will be blocked and an ABORTED error will be returned.",
"location": "query",
"type": "string"
},
"name": {
"description": "Required. Name of the policy to delete. See `Policy` for naming rules.",
"description": "Required. Name of the policy to delete. See the policy entry for naming rules.",
"location": "path",
"pattern": "^folders/[^/]+/policies/[^/]+$",
"required": true,
@@ -203,7 +208,7 @@
]
},
"get": {
"description": "Gets a `Policy` on a resource. If no `Policy` is set on the resource, NOT_FOUND is returned. The `etag` value can be used with `UpdatePolicy()` to update a `Policy` during read-modify-write.",
"description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The `etag` value can be used with `UpdatePolicy()` to update a policy during read-modify-write.",
"flatPath": "v2/folders/{foldersId}/policies/{policiesId}",
"httpMethod": "GET",
"id": "orgpolicy.folders.policies.get",
@@ -212,7 +217,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the policy. See `Policy` for naming requirements.",
"description": "Required. Resource name of the policy. See Policy for naming requirements.",
"location": "path",
"pattern": "^folders/[^/]+/policies/[^/]+$",
"required": true,
@@ -228,7 +233,7 @@
]
},
"getEffectivePolicy": {
"description": "Gets the effective `Policy` on a resource. This is the result of merging `Policies` in the resource hierarchy and evaluating conditions. The returned `Policy` will not have an `etag` or `condition` set because it is a computed `Policy` across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
"description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an `etag` or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
"flatPath": "v2/folders/{foldersId}/policies/{policiesId}:getEffectivePolicy",
"httpMethod": "GET",
"id": "orgpolicy.folders.policies.getEffectivePolicy",
@@ -237,7 +242,7 @@
],
"parameters": {
"name": {
"description": "Required. The effective policy to compute. See `Policy` for naming rules.",
"description": "Required. The effective policy to compute. See Policy for naming requirements.",
"location": "path",
"pattern": "^folders/[^/]+/policies/[^/]+$",
"required": true,
@@ -253,7 +258,7 @@
]
},
"list": {
"description": "Retrieves all of the `Policies` that exist on a particular resource.",
"description": "Retrieves all of the policies that exist on a particular resource.",
"flatPath": "v2/folders/{foldersId}/policies",
"httpMethod": "GET",
"id": "orgpolicy.folders.policies.list",
@@ -273,7 +278,7 @@
"type": "string"
},
"parent": {
"description": "Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
@@ -289,7 +294,7 @@
]
},
"patch": {
"description": "Updates a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.",
"description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.",
"flatPath": "v2/folders/{foldersId}/policies/{policiesId}",
"httpMethod": "PATCH",
"id": "orgpolicy.folders.policies.patch",
@@ -298,7 +303,7 @@
],
"parameters": {
"name": {
"description": "Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
"description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
"location": "path",
"pattern": "^folders/[^/]+/policies/[^/]+$",
"required": true,
@@ -331,7 +336,7 @@
"constraints": {
"methods": {
"list": {
"description": "Lists `Constraints` that could be applied on the specified resource.",
"description": "Lists constraints that could be applied on the specified resource.",
"flatPath": "v2/organizations/{organizationsId}/constraints",
"httpMethod": "GET",
"id": "orgpolicy.organizations.constraints.list",
@@ -351,7 +356,7 @@
"type": "string"
},
"parent": {
"description": "Required. The Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -371,7 +376,7 @@
"customConstraints": {
"methods": {
"create": {
"description": "Creates a CustomConstraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the organization does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the constraint already exists on the given organization.",
"description": "Creates a custom constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the organization does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the constraint already exists on the given organization.",
"flatPath": "v2/organizations/{organizationsId}/customConstraints",
"httpMethod": "POST",
"id": "orgpolicy.organizations.customConstraints.create",
@@ -399,7 +404,7 @@
]
},
"delete": {
"description": "Deletes a Custom Constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist.",
"description": "Deletes a custom constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist.",
"flatPath": "v2/organizations/{organizationsId}/customConstraints/{customConstraintsId}",
"httpMethod": "DELETE",
"id": "orgpolicy.organizations.customConstraints.delete",
@@ -408,7 +413,7 @@
],
"parameters": {
"name": {
"description": "Required. Name of the custom constraint to delete. See `CustomConstraint` for naming rules.",
"description": "Required. Name of the custom constraint to delete. See the custom constraint entry for naming rules.",
"location": "path",
"pattern": "^organizations/[^/]+/customConstraints/[^/]+$",
"required": true,
@@ -424,7 +429,7 @@
]
},
"get": {
"description": "Gets a CustomConstraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the CustomConstraint does not exist.",
"description": "Gets a custom constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the custom constraint does not exist.",
"flatPath": "v2/organizations/{organizationsId}/customConstraints/{customConstraintsId}",
"httpMethod": "GET",
"id": "orgpolicy.organizations.customConstraints.get",
@@ -433,7 +438,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the custom constraint. See `CustomConstraint` for naming requirements.",
"description": "Required. Resource name of the custom constraint. See the custom constraint entry for naming requirements.",
"location": "path",
"pattern": "^organizations/[^/]+/customConstraints/[^/]+$",
"required": true,
@@ -449,7 +454,7 @@
]
},
"list": {
"description": "Retrieves all of the `CustomConstraints` that exist on a particular organization resource.",
"description": "Retrieves all of the custom constraints that exist on a particular organization resource.",
"flatPath": "v2/organizations/{organizationsId}/customConstraints",
"httpMethod": "GET",
"id": "orgpolicy.organizations.customConstraints.list",
@@ -469,7 +474,7 @@
"type": "string"
},
"parent": {
"description": "Required. The target Cloud resource that parents the set of custom constraints that will be returned from this call. Must be in one of the following forms: * `organizations/{organization_id}`",
"description": "Required. The target Google Cloud resource that parents the set of custom constraints that will be returned from this call. Must be in one of the following forms: * `organizations/{organization_id}`",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -485,7 +490,7 @@
]
},
"patch": {
"description": "Updates a Custom Constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Note: the supplied policy will perform a full overwrite of all fields.",
"description": "Updates a custom constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Note: the supplied policy will perform a full overwrite of all fields.",
"flatPath": "v2/organizations/{organizationsId}/customConstraints/{customConstraintsId}",
"httpMethod": "PATCH",
"id": "orgpolicy.organizations.customConstraints.patch",
@@ -494,7 +499,7 @@
],
"parameters": {
"name": {
"description": "Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example : \"organizations/123/customConstraints/custom.createOnlyE2TypeVms\" The max length is 70 characters and the min length is 1. Note that the prefix \"organizations/{organization_id}/customConstraints/\" is not counted.",
"description": "Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms` The max length is 70 characters and the minimum length is 1. Note that the prefix `organizations/{organization_id}/customConstraints/` is not counted.",
"location": "path",
"pattern": "^organizations/[^/]+/customConstraints/[^/]+$",
"required": true,
@@ -517,7 +522,7 @@
"policies": {
"methods": {
"create": {
"description": "Creates a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Cloud resource.",
"description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Google Cloud resource.",
"flatPath": "v2/organizations/{organizationsId}/policies",
"httpMethod": "POST",
"id": "orgpolicy.organizations.policies.create",
@@ -526,7 +531,7 @@
],
"parameters": {
"parent": {
"description": "Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The Google Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -545,7 +550,7 @@
]
},
"delete": {
"description": "Deletes a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or Org Policy does not exist.",
"description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist.",
"flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}",
"httpMethod": "DELETE",
"id": "orgpolicy.organizations.policies.delete",
@@ -553,8 +558,13 @@
"name"
],
"parameters": {
"etag": {
"description": "Optional. The current etag of policy. If an etag is provided and does not match the current etag of the policy, deletion will be blocked and an ABORTED error will be returned.",
"location": "query",
"type": "string"
},
"name": {
"description": "Required. Name of the policy to delete. See `Policy` for naming rules.",
"description": "Required. Name of the policy to delete. See the policy entry for naming rules.",
"location": "path",
"pattern": "^organizations/[^/]+/policies/[^/]+$",
"required": true,
@@ -570,7 +580,7 @@
]
},
"get": {
"description": "Gets a `Policy` on a resource. If no `Policy` is set on the resource, NOT_FOUND is returned. The `etag` value can be used with `UpdatePolicy()` to update a `Policy` during read-modify-write.",
"description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The `etag` value can be used with `UpdatePolicy()` to update a policy during read-modify-write.",
"flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}",
"httpMethod": "GET",
"id": "orgpolicy.organizations.policies.get",
@@ -579,7 +589,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the policy. See `Policy` for naming requirements.",
"description": "Required. Resource name of the policy. See Policy for naming requirements.",
"location": "path",
"pattern": "^organizations/[^/]+/policies/[^/]+$",
"required": true,
@@ -595,7 +605,7 @@
]
},
"getEffectivePolicy": {
"description": "Gets the effective `Policy` on a resource. This is the result of merging `Policies` in the resource hierarchy and evaluating conditions. The returned `Policy` will not have an `etag` or `condition` set because it is a computed `Policy` across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
"description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an `etag` or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
"flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}:getEffectivePolicy",
"httpMethod": "GET",
"id": "orgpolicy.organizations.policies.getEffectivePolicy",
@@ -604,7 +614,7 @@
],
"parameters": {
"name": {
"description": "Required. The effective policy to compute. See `Policy` for naming rules.",
"description": "Required. The effective policy to compute. See Policy for naming requirements.",
"location": "path",
"pattern": "^organizations/[^/]+/policies/[^/]+$",
"required": true,
@@ -620,7 +630,7 @@
]
},
"list": {
"description": "Retrieves all of the `Policies` that exist on a particular resource.",
"description": "Retrieves all of the policies that exist on a particular resource.",
"flatPath": "v2/organizations/{organizationsId}/policies",
"httpMethod": "GET",
"id": "orgpolicy.organizations.policies.list",
@@ -640,7 +650,7 @@
"type": "string"
},
"parent": {
"description": "Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -656,7 +666,7 @@
]
},
"patch": {
"description": "Updates a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.",
"description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.",
"flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}",
"httpMethod": "PATCH",
"id": "orgpolicy.organizations.policies.patch",
@@ -665,7 +675,7 @@
],
"parameters": {
"name": {
"description": "Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
"description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
"location": "path",
"pattern": "^organizations/[^/]+/policies/[^/]+$",
"required": true,
@@ -698,7 +708,7 @@
"constraints": {
"methods": {
"list": {
"description": "Lists `Constraints` that could be applied on the specified resource.",
"description": "Lists constraints that could be applied on the specified resource.",
"flatPath": "v2/projects/{projectsId}/constraints",
"httpMethod": "GET",
"id": "orgpolicy.projects.constraints.list",
@@ -718,7 +728,7 @@
"type": "string"
},
"parent": {
"description": "Required. The Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
@@ -738,7 +748,7 @@
"policies": {
"methods": {
"create": {
"description": "Creates a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Cloud resource.",
"description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Google Cloud resource.",
"flatPath": "v2/projects/{projectsId}/policies",
"httpMethod": "POST",
"id": "orgpolicy.projects.policies.create",
@@ -747,7 +757,7 @@
],
"parameters": {
"parent": {
"description": "Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The Google Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
@@ -766,7 +776,7 @@
]
},
"delete": {
"description": "Deletes a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or Org Policy does not exist.",
"description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist.",
"flatPath": "v2/projects/{projectsId}/policies/{policiesId}",
"httpMethod": "DELETE",
"id": "orgpolicy.projects.policies.delete",
@@ -774,8 +784,13 @@
"name"
],
"parameters": {
"etag": {
"description": "Optional. The current etag of policy. If an etag is provided and does not match the current etag of the policy, deletion will be blocked and an ABORTED error will be returned.",
"location": "query",
"type": "string"
},
"name": {
"description": "Required. Name of the policy to delete. See `Policy` for naming rules.",
"description": "Required. Name of the policy to delete. See the policy entry for naming rules.",
"location": "path",
"pattern": "^projects/[^/]+/policies/[^/]+$",
"required": true,
@@ -791,7 +806,7 @@
]
},
"get": {
"description": "Gets a `Policy` on a resource. If no `Policy` is set on the resource, NOT_FOUND is returned. The `etag` value can be used with `UpdatePolicy()` to update a `Policy` during read-modify-write.",
"description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The `etag` value can be used with `UpdatePolicy()` to update a policy during read-modify-write.",
"flatPath": "v2/projects/{projectsId}/policies/{policiesId}",
"httpMethod": "GET",
"id": "orgpolicy.projects.policies.get",
@@ -800,7 +815,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the policy. See `Policy` for naming requirements.",
"description": "Required. Resource name of the policy. See Policy for naming requirements.",
"location": "path",
"pattern": "^projects/[^/]+/policies/[^/]+$",
"required": true,
@@ -816,7 +831,7 @@
]
},
"getEffectivePolicy": {
"description": "Gets the effective `Policy` on a resource. This is the result of merging `Policies` in the resource hierarchy and evaluating conditions. The returned `Policy` will not have an `etag` or `condition` set because it is a computed `Policy` across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
"description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an `etag` or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
"flatPath": "v2/projects/{projectsId}/policies/{policiesId}:getEffectivePolicy",
"httpMethod": "GET",
"id": "orgpolicy.projects.policies.getEffectivePolicy",
@@ -825,7 +840,7 @@
],
"parameters": {
"name": {
"description": "Required. The effective policy to compute. See `Policy` for naming rules.",
"description": "Required. The effective policy to compute. See Policy for naming requirements.",
"location": "path",
"pattern": "^projects/[^/]+/policies/[^/]+$",
"required": true,
@@ -841,7 +856,7 @@
]
},
"list": {
"description": "Retrieves all of the `Policies` that exist on a particular resource.",
"description": "Retrieves all of the policies that exist on a particular resource.",
"flatPath": "v2/projects/{projectsId}/policies",
"httpMethod": "GET",
"id": "orgpolicy.projects.policies.list",
@@ -861,7 +876,7 @@
"type": "string"
},
"parent": {
"description": "Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"description": "Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
@@ -877,7 +892,7 @@
]
},
"patch": {
"description": "Updates a Policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.",
"description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.",
"flatPath": "v2/projects/{projectsId}/policies/{policiesId}",
"httpMethod": "PATCH",
"id": "orgpolicy.projects.policies.patch",
@@ -886,7 +901,7 @@
],
"parameters": {
"name": {
"description": "Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
"description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
"location": "path",
"pattern": "^projects/[^/]+/policies/[^/]+$",
"required": true,
@@ -915,7 +930,7 @@
}
}
},
"revision": "20230123",
"revision": "20240226",
"rootUrl": "https://orgpolicy.googleapis.com/",
"schemas": {
"GoogleCloudOrgpolicyV2AlternatePolicySpec": {
@@ -928,13 +943,13 @@
},
"spec": {
"$ref": "GoogleCloudOrgpolicyV2PolicySpec",
"description": "Specify `Constraint` for configurations of Cloud Platform resources."
"description": "Specify constraint for configurations of Google Cloud resources."
}
},
"type": "object"
},
"GoogleCloudOrgpolicyV2Constraint": {
"description": "A `constraint` describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. `Constraints` can be configured by the organization's policy administrator to fit the needs of the organization by setting a `policy` that includes `constraints` at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about `policies`. `Constraints` have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a `policy` being defined or inherited for the resource in question.",
"description": "A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Google Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about `policies`. Constraints have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.",
"id": "GoogleCloudOrgpolicyV2Constraint",
"properties": {
"booleanConstraint": {
@@ -942,7 +957,7 @@
"description": "Defines this constraint as being a BooleanConstraint."
},
"constraintDefault": {
"description": "The evaluation behavior of this constraint in the absence of 'Policy'.",
"description": "The evaluation behavior of this constraint in the absence of a policy.",
"enum": [
"CONSTRAINT_DEFAULT_UNSPECIFIED",
"ALLOW",
@@ -956,7 +971,7 @@
"type": "string"
},
"description": {
"description": "Detailed description of what this `Constraint` controls as well as how and where it is enforced. Mutable.",
"description": "Detailed description of what this constraint controls as well as how and where it is enforced. Mutable.",
"type": "string"
},
"displayName": {
@@ -968,20 +983,24 @@
"description": "Defines this constraint as being a ListConstraint."
},
"name": {
"description": "Immutable. The resource name of the Constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, \"/projects/123/constraints/compute.disableSerialPortAccess\".",
"description": "Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, \"/projects/123/constraints/compute.disableSerialPortAccess\".",
"type": "string"
},
"supportsDryRun": {
"description": "Shows if dry run is supported for this constraint or not.",
"type": "boolean"
}
},
"type": "object"
},
"GoogleCloudOrgpolicyV2ConstraintBooleanConstraint": {
"description": "A `Constraint` that is either enforced or not. For example a constraint `constraints/compute.disableSerialPortAccess`. If it is enforced on a VM instance, serial port connections will not be opened to that instance.",
"description": "A constraint that is either enforced or not. For example, a constraint `constraints/compute.disableSerialPortAccess`. If it is enforced on a VM instance, serial port connections will not be opened to that instance.",
"id": "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint",
"properties": {},
"type": "object"
},
"GoogleCloudOrgpolicyV2ConstraintListConstraint": {
"description": "A `Constraint` that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a `Policy`.",
"description": "A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy.",
"id": "GoogleCloudOrgpolicyV2ConstraintListConstraint",
"properties": {
"supportsIn": {
@@ -989,14 +1008,14 @@
"type": "boolean"
},
"supportsUnder": {
"description": "Indicates whether subtrees of Cloud Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `\"under:folders/123\"` would match any resource under the 'folders/123' folder.",
"description": "Indicates whether subtrees of the Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `\"under:folders/123\"` would match any resource under the 'folders/123' folder.",
"type": "boolean"
}
},
"type": "object"
},
"GoogleCloudOrgpolicyV2CustomConstraint": {
"description": "A custom constraint defined by customers which can *only* be applied to the given resource types and organization. By creating a custom constraint, customers can applied policies of this custom constraint. *Creating a custom constraint itself does NOT apply any policy enforcement*.",
"description": "A custom constraint defined by customers which can *only* be applied to the given resource types and organization. By creating a custom constraint, customers can apply policies of this custom constraint. *Creating a custom constraint itself does NOT apply any policy enforcement*.",
"id": "GoogleCloudOrgpolicyV2CustomConstraint",
"properties": {
"actionType": {
@@ -1007,14 +1026,14 @@
"DENY"
],
"enumDescriptions": [
"Unspecified. Will results in user error.",
"Unspecified. Results in an error.",
"Allowed action type.",
"Deny action type."
],
"type": "string"
},
"condition": {
"description": "Org policy condition/expression. For example: `resource.instanceName.matches(\"[production|test]_.*_(\\d)+\")'` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.",
"description": "Org policy condition/expression. For example: `resource.instanceName.matches(\"[production|test]_.*_(\\d)+\")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.",
"type": "string"
},
"description": {
@@ -1035,7 +1054,7 @@
"DELETE"
],
"enumDescriptions": [
"Unspecified. Will results in user error.",
"Unspecified. Results in an error.",
"Constraint applied when creating the resource.",
"Constraint applied when updating the resource.",
"Constraint applied when deleting the resource. Not supported yet."
@@ -1045,11 +1064,11 @@
"type": "array"
},
"name": {
"description": "Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example : \"organizations/123/customConstraints/custom.createOnlyE2TypeVms\" The max length is 70 characters and the min length is 1. Note that the prefix \"organizations/{organization_id}/customConstraints/\" is not counted.",
"description": "Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms` The max length is 70 characters and the minimum length is 1. Note that the prefix `organizations/{organization_id}/customConstraints/` is not counted.",
"type": "string"
},
"resourceTypes": {
"description": "Immutable. The Resource Instance type on which this policy applies to. Format will be of the form : \"/\" Example: * `compute.googleapis.com/Instance`.",
"description": "Immutable. The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`.",
"items": {
"type": "string"
},
@@ -1083,11 +1102,11 @@
"type": "object"
},
"GoogleCloudOrgpolicyV2ListCustomConstraintsResponse": {
"description": "The response returned from the ListCustomConstraints method. It will be empty if no `CustomConstraints` are set on the organization resource.",
"description": "The response returned from the ListCustomConstraints method. It will be empty if no custom constraints are set on the organization resource.",
"id": "GoogleCloudOrgpolicyV2ListCustomConstraintsResponse",
"properties": {
"customConstraints": {
"description": "All `CustomConstraints` that exist on the organization resource. It will be empty if no `CustomConstraints` are set.",
"description": "All custom constraints that exist on the organization resource. It will be empty if no custom constraints are set.",
"items": {
"$ref": "GoogleCloudOrgpolicyV2CustomConstraint"
},
@@ -1101,7 +1120,7 @@
"type": "object"
},
"GoogleCloudOrgpolicyV2ListPoliciesResponse": {
"description": "The response returned from the ListPolicies method. It will be empty if no `Policies` are set on the resource.",
"description": "The response returned from the ListPolicies method. It will be empty if no policies are set on the resource.",
"id": "GoogleCloudOrgpolicyV2ListPoliciesResponse",
"properties": {
"nextPageToken": {
@@ -1109,7 +1128,7 @@
"type": "string"
},
"policies": {
"description": "All `Policies` that exist on the resource. It will be empty if no `Policies` are set.",
"description": "All policies that exist on the resource. It will be empty if no policies are set.",
"items": {
"$ref": "GoogleCloudOrgpolicyV2Policy"
},
@@ -1119,19 +1138,24 @@
"type": "object"
},
"GoogleCloudOrgpolicyV2Policy": {
"description": "Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources.",
"description": "Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.",
"id": "GoogleCloudOrgpolicyV2Policy",
"properties": {
"alternate": {
"$ref": "GoogleCloudOrgpolicyV2AlternatePolicySpec",
"deprecated": true,
"description": "Deprecated."
},
"dryRunSpec": {
"$ref": "GoogleCloudOrgpolicyV2PolicySpec",
"description": "dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced."
"description": "Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced."
},
"etag": {
"description": "Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.",
"type": "string"
},
"name": {
"description": "Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
"description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
"type": "string"
},
"spec": {
@@ -1142,30 +1166,30 @@
"type": "object"
},
"GoogleCloudOrgpolicyV2PolicySpec": {
"description": "Defines a Cloud Organization `PolicySpec` which is used to specify `Constraints` for configurations of Cloud Platform resources.",
"description": "Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.",
"id": "GoogleCloudOrgpolicyV2PolicySpec",
"properties": {
"etag": {
"description": "An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.",
"description": "An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset.",
"type": "string"
},
"inheritFromParent": {
"description": "Determines the inheritance behavior for this `Policy`. If `inherit_from_parent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.",
"description": "Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.",
"type": "boolean"
},
"reset": {
"description": "Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.",
"description": "Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.",
"type": "boolean"
},
"rules": {
"description": "Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.",
"description": "In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.",
"items": {
"$ref": "GoogleCloudOrgpolicyV2PolicySpecPolicyRule"
},
"type": "array"
},
"updateTime": {
"description": "Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.",
"description": "Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.",
"format": "google-datetime",
"readOnly": true,
"type": "string"
@@ -1178,7 +1202,7 @@
"id": "GoogleCloudOrgpolicyV2PolicySpecPolicyRule",
"properties": {
"allowAll": {
"description": "Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints.",
"description": "Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.",
"type": "boolean"
},
"condition": {
@@ -1186,22 +1210,22 @@
"description": "A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"&&\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\"."
},
"denyAll": {
"description": "Setting this to true means that all values are denied. This field can be set only in Policies for list constraints.",
"description": "Setting this to true means that all values are denied. This field can be set only in policies for list constraints.",
"type": "boolean"
},
"enforce": {
"description": "If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.",
"description": "If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.",
"type": "boolean"
},
"values": {
"$ref": "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues",
"description": "List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints."
"description": "List of values to be used for this policy rule. This field can be set only in policies for list constraints."
}
},
"type": "object"
},
"GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues": {
"description": "A message that holds specific allowed and denied values. This message can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a \":\". Values prefixed with \"is:\" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - \"projects/\", e.g. \"projects/tokyo-rain-123\" - \"folders/\", e.g. \"folders/1234\" - \"organizations/\", e.g. \"organizations/1234\" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used.",
"description": "A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a \":\". Values prefixed with \"is:\" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used.",
"id": "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues",
"properties": {
"allowedValues": {