Skip to main content

custom_constraints

Creates, updates, deletes, gets or lists a custom_constraints resource.

Overview

Namecustom_constraints
TypeResource
Idgoogle.orgpolicy.custom_constraints

Fields

NameDatatypeDescription
namestringImmutable. Name of the constraint. This is unique within the organization. Format of the name should be * organizations/{organization_id}/customConstraints/{custom_constraint_id} Example: organizations/123/customConstraints/custom.createOnlyE2TypeVms The max length is 70 characters and the minimum length is 1. Note that the prefix organizations/{organization_id}/customConstraints/ is not counted.
descriptionstringDetailed information about this custom policy constraint. The max length of the description is 2000 characters.
actionTypestringAllow or deny type.
conditionstringOrg policy condition/expression. For example: `resource.instanceName.matches("[production
displayNamestringOne line display name for the UI. The max length of the display_name is 200 characters.
methodTypesarrayAll the operations being applied for this constraint.
resourceTypesarrayImmutable. The resource instance type on which this policy applies. Format will be of the form : / Example: * compute.googleapis.com/Instance.
updateTimestringOutput only. The last time this custom constraint was updated. This represents the last time that the CreateCustomConstraint or UpdateCustomConstraint RPC was called

Methods

NameAccessible byRequired ParamsDescription
organizations_custom_constraints_getSELECTcustomConstraintsId, organizationsIdGets a custom constraint. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the custom constraint does not exist.
organizations_custom_constraints_listSELECTorganizationsIdRetrieves all of the custom constraints that exist on a particular organization resource.
organizations_custom_constraints_createINSERTorganizationsIdCreates a custom constraint. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the organization does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the constraint already exists on the given organization.
organizations_custom_constraints_deleteDELETEcustomConstraintsId, organizationsIdDeletes a custom constraint. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist.
organizations_custom_constraints_patchUPDATEcustomConstraintsId, organizationsIdUpdates a custom constraint. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Note: the supplied policy will perform a full overwrite of all fields.

SELECT examples

Retrieves all of the custom constraints that exist on a particular organization resource.

SELECT
name,
description,
actionType,
condition,
displayName,
methodTypes,
resourceTypes,
updateTime
FROM google.orgpolicy.custom_constraints
WHERE organizationsId = '{{ organizationsId }}';

INSERT example

Use the following StackQL query and manifest file to create a new custom_constraints resource.

/*+ create */
INSERT INTO google.orgpolicy.custom_constraints (
organizationsId,
description,
condition,
displayName,
actionType,
name,
resourceTypes,
methodTypes
)
SELECT 
'{{ organizationsId }}',
'{{ description }}',
'{{ condition }}',
'{{ displayName }}',
'{{ actionType }}',
'{{ name }}',
'{{ resourceTypes }}',
'{{ methodTypes }}'
;

UPDATE example

Updates a custom_constraints resource.

/*+ update */
UPDATE google.orgpolicy.custom_constraints
SET 
description = '{{ description }}',
condition = '{{ condition }}',
displayName = '{{ displayName }}',
actionType = '{{ actionType }}',
name = '{{ name }}',
resourceTypes = '{{ resourceTypes }}',
methodTypes = '{{ methodTypes }}'
WHERE 
customConstraintsId = '{{ customConstraintsId }}'
AND organizationsId = '{{ organizationsId }}';

DELETE example

Deletes the specified custom_constraints resource.

/*+ delete */
DELETE FROM google.orgpolicy.custom_constraints
WHERE customConstraintsId = '{{ customConstraintsId }}'
AND organizationsId = '{{ organizationsId }}';