REST Resource: organizations.customConstraints

Resource: CustomConstraint

A custom constraint defined by customers which can only be applied to the given resource types and organization.

By creating a custom constraint, customers can apply policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement.

JSON representation 
{
  "name": string,
  "resourceTypes": [
    string
  ],
  "methodTypes": [
    enum (MethodType)
  ],
  "condition": string,
  "actionType": enum (ActionType),
  "displayName": string,
  "description": string,
  "updateTime": string
}
Fields
name

string

Immutable. Name of the constraint. This is unique within the organization. The name must be of the form:

  • organizations/{organization_id}/customConstraints/{custom_constraint_id}

Example: organizations/123/customConstraints/custom.createOnlyE2TypeVms

The max length is 71 characters and the minimum length is 1. Note that the prefix organizations/{organization_id}/customConstraints/custom. is not counted.
resourceTypes[]

string

Immutable. The resource instance type on which this policy applies. Format will be of the form : <service name>/<type> Example:

  • compute.googleapis.com/Instance.
methodTypes[]

enum (MethodType)

All the operations being applied for this constraint.
condition

string

A Common Expression Language (CEL) condition which is used in the evaluation of the constraint. For example: resource.instanceName.matches("(production|test)_(.+_)?[\d]+") or, resource.management.auto_upgrade == true

The max length of the condition is 1000 characters.
actionType

enum (ActionType)

Allow or deny type.
displayName

string

One line display name for the UI. The max length of the displayName is 200 characters.
description

string

Detailed information about this custom policy constraint. The max length of the description is 2000 characters.
updateTime

string (Timestamp format)

Output only. The last time this custom constraint was updated. This represents the last time that the customConstraints.create or customConstraints.patch methods were called.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

MethodType

The operation for which this constraint will be applied. To apply this constraint only when creating new resources, set methodTypes to CREATE only. To apply this constraint when creating or deleting resources, set methodTypes to CREATE and DELETE.

UPDATE only custom constraints are not supported. Use CREATE or CREATE, UPDATE.

Enums
METHOD_TYPE_UNSPECIFIED This is only used for distinguishing unset values, and results in an error if used.
CREATE Constraint applied when creating the resource.
UPDATE Constraint applied when updating the resource.
DELETE Constraint applied when deleting the resource. Not supported.
REMOVE_GRANT Constraint applied when removing an IAM grant.
GOVERN_TAGS Constraint applied when enforcing forced tagging.

ActionType

Allow or deny type.

Enums
ACTION_TYPE_UNSPECIFIED This is only used for distinguishing unset values, and results in an error if used.
ALLOW Allowed action type.
DENY Deny action type.

Methods

create

 Creates a custom constraint.

delete

 Deletes a custom constraint.

get

 Gets a custom or managed constraint.

list

 Retrieves all of the custom constraints that exist on a particular organization resource.

patch

 Updates a custom constraint.