custom_constraints

Creates, updates, deletes, gets or lists a custom_constraints resource.

Overview

Name	`custom_constraints`
Type	Resource
Id	`google.orgpolicy.custom_constraints`

Fields

The following fields are returned by SELECT queries:

organizations_custom_constraints_get
organizations_custom_constraints_list

Successful response

Name	Datatype	Description
`name`	`string`	Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms` The max length is 70 characters and the minimum length is 1. Note that the prefix `organizations/{organization_id}/customConstraints/` is not counted.
`actionType`	`string`	Allow or deny type.
`condition`	`string`	A Common Expression Language (CEL) condition which is used in the evaluation of the constraint. For example: `resource.instanceName.matches("[production\|test]_.*_(\d)+")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.
`description`	`string`	Detailed information about this custom policy constraint. The max length of the description is 2000 characters.
`displayName`	`string`	One line display name for the UI. The max length of the display_name is 200 characters.
`methodTypes`	`array`	All the operations being applied for this constraint.
`resourceTypes`	`array`	Immutable. The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`.
`updateTime`	`string (google-datetime)`	Output only. The last time this custom constraint was updated. This represents the last time that the `CreateCustomConstraint` or `UpdateCustomConstraint` methods were called.

Successful response

Name	Datatype	Description
`name`	`string`	Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms` The max length is 70 characters and the minimum length is 1. Note that the prefix `organizations/{organization_id}/customConstraints/` is not counted.
`actionType`	`string`	Allow or deny type.
`condition`	`string`	A Common Expression Language (CEL) condition which is used in the evaluation of the constraint. For example: `resource.instanceName.matches("[production\|test]_.*_(\d)+")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.
`description`	`string`	Detailed information about this custom policy constraint. The max length of the description is 2000 characters.
`displayName`	`string`	One line display name for the UI. The max length of the display_name is 200 characters.
`methodTypes`	`array`	All the operations being applied for this constraint.
`resourceTypes`	`array`	Immutable. The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`.
`updateTime`	`string (google-datetime)`	Output only. The last time this custom constraint was updated. This represents the last time that the `CreateCustomConstraint` or `UpdateCustomConstraint` methods were called.

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`organizations_custom_constraints_get`	`select`	`organizationsId`, `customConstraintsId`		Gets a custom or managed constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the custom or managed constraint does not exist.
`organizations_custom_constraints_list`	`select`	`organizationsId`	`pageSize`, `pageToken`	Retrieves all of the custom constraints that exist on a particular organization resource.
`organizations_custom_constraints_create`	`insert`	`organizationsId`		Creates a custom constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the organization does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the constraint already exists on the given organization.
`organizations_custom_constraints_patch`	`update`	`organizationsId`, `customConstraintsId`		Updates a custom constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Note: the supplied policy will perform a full overwrite of all fields.
`organizations_custom_constraints_delete`	`delete`	`organizationsId`, `customConstraintsId`		Deletes a custom constraint. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`customConstraintsId`	`string`
`organizationsId`	`string`
`pageSize`	`integer (int32)`
`pageToken`	`string`

`SELECT` examples

organizations_custom_constraints_get
organizations_custom_constraints_list

Gets a custom or managed constraint. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the custom or managed constraint does not exist.

SELECT
name,
actionType,
condition,
description,
displayName,
methodTypes,
resourceTypes,
updateTime
FROM google.orgpolicy.custom_constraints
WHERE organizationsId = '{{ organizationsId }}' -- required
AND customConstraintsId = '{{ customConstraintsId }}' -- required;

Retrieves all of the custom constraints that exist on a particular organization resource.

SELECT
name,
actionType,
condition,
description,
displayName,
methodTypes,
resourceTypes,
updateTime
FROM google.orgpolicy.custom_constraints
WHERE organizationsId = '{{ organizationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}';

`INSERT` examples

organizations_custom_constraints_create
Manifest

Creates a custom constraint. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the organization does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the constraint already exists on the given organization.

INSERT INTO google.orgpolicy.custom_constraints (
data__name,
data__resourceTypes,
data__methodTypes,
data__condition,
data__actionType,
data__displayName,
data__description,
organizationsId
)
SELECT 
'{{ name }}',
'{{ resourceTypes }}',
'{{ methodTypes }}',
'{{ condition }}',
'{{ actionType }}',
'{{ displayName }}',
'{{ description }}',
'{{ organizationsId }}'
RETURNING
name,
actionType,
condition,
description,
displayName,
methodTypes,
resourceTypes,
updateTime
;

# Description fields are for documentation purposes
- name: custom_constraints
  props:
    - name: organizationsId
      value: string
      description: Required parameter for the custom_constraints resource.
    - name: name
      value: string
      description: >
        Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * `organizations/{organization_id}/customConstraints/{custom_constraint_id}` Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms` The max length is 70 characters and the minimum length is 1. Note that the prefix `organizations/{organization_id}/customConstraints/` is not counted.
        
    - name: resourceTypes
      value: array
      description: >
        Immutable. The resource instance type on which this policy applies. Format will be of the form : `/` Example: * `compute.googleapis.com/Instance`.
        
    - name: methodTypes
      value: array
      description: >
        All the operations being applied for this constraint.
        
    - name: condition
      value: string
      description: >
        A Common Expression Language (CEL) condition which is used in the evaluation of the constraint. For example: `resource.instanceName.matches("[production|test]_.*_(\d)+")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.
        
    - name: actionType
      value: string
      description: >
        Allow or deny type.
        
      valid_values: ['ACTION_TYPE_UNSPECIFIED', 'ALLOW', 'DENY']
    - name: displayName
      value: string
      description: >
        One line display name for the UI. The max length of the display_name is 200 characters.
        
    - name: description
      value: string
      description: >
        Detailed information about this custom policy constraint. The max length of the description is 2000 characters.
        

`UPDATE` examples

organizations_custom_constraints_patch

Updates a custom constraint. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Note: the supplied policy will perform a full overwrite of all fields.

UPDATE google.orgpolicy.custom_constraints
SET 
data__name = '{{ name }}',
data__resourceTypes = '{{ resourceTypes }}',
data__methodTypes = '{{ methodTypes }}',
data__condition = '{{ condition }}',
data__actionType = '{{ actionType }}',
data__displayName = '{{ displayName }}',
data__description = '{{ description }}'
WHERE 
organizationsId = '{{ organizationsId }}' --required
AND customConstraintsId = '{{ customConstraintsId }}' --required
RETURNING
name,
actionType,
condition,
description,
displayName,
methodTypes,
resourceTypes,
updateTime;

`DELETE` examples

organizations_custom_constraints_delete

Deletes a custom constraint. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist.

DELETE FROM google.orgpolicy.custom_constraints
WHERE organizationsId = '{{ organizationsId }}' --required
AND customConstraintsId = '{{ customConstraintsId }}' --required;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

UPDATE examples​

DELETE examples​