google-cloud-org_policy-v2 0.6.0 → 0.8.0

data/proto_docs/google/api/field_behavior.rb

@@ -66,6 +66,20 @@ module Google
       # a non-empty value will be returned. The user will not be aware of what
       # non-empty value to expect.
       NON_EMPTY_DEFAULT = 7
+
+      # Denotes that the field in a resource (a message annotated with
+      # google.api.resource) is used in the resource name to uniquely identify the
+      # resource. For AIP-compliant APIs, this should only be applied to the
+      # `name` field on the resource.
+      #
+      # This behavior should not be applied to references to other resources within
+      # the message.
+      #
+      # The identifier field of resources often have different field behavior
+      # depending on the request it is embedded in (e.g. for Create methods name
+      # is optional and unused, while for Update methods it is required). Instead
+      # of method-specific annotations, only `IDENTIFIER` is required.
+      IDENTIFIER = 8
     end
   end
 end

data/proto_docs/google/cloud/orgpolicy/v2/constraint.rb

@@ -21,24 +21,25 @@ module Google
   module Cloud
     module OrgPolicy
       module V2
-        # A `constraint` describes a way to restrict resource's configuration. For
-        # example, you could enforce a constraint that controls which cloud services
-        # can be activated across an organization, or whether a Compute Engine instance
-        # can have serial port connections established. `Constraints` can be configured
-        # by the organization's policy administrator to fit the needs of the
-        # organization by setting a `policy` that includes `constraints` at different
+        # A constraint describes a way to restrict resource's configuration. For
+        # example, you could enforce a constraint that controls which Google Cloud
+        # services can be activated across an organization, or whether a Compute Engine
+        # instance can have serial port connections established. Constraints can be
+        # configured by the organization policy administrator to fit the needs of the
+        # organization by setting a policy that includes constraints at different
         # locations in the organization's resource hierarchy. Policies are inherited
         # down the resource hierarchy from higher levels, but can also be overridden.
         # For details about the inheritance rules please read about
         # [`policies`][google.cloud.OrgPolicy.v2.Policy].
         #
-        # `Constraints` have a default behavior determined by the `constraint_default`
+        # Constraints have a default behavior determined by the `constraint_default`
         # field, which is the enforcement behavior that is used in the absence of a
-        # `policy` being defined or inherited for the resource in question.
+        # policy being defined or inherited for the resource in question.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Immutable. The resource name of the Constraint. Must be in one of
+        #     Immutable. The resource name of the constraint. Must be in one of
         #     the following forms:
+        #
         #     * `projects/{project_number}/constraints/{constraint_name}`
         #     * `folders/{folder_id}/constraints/{constraint_name}`
         #     * `organizations/{organization_id}/constraints/{constraint_name}`
@@ -51,25 +52,28 @@ module Google
         #     Mutable.
         # @!attribute [rw] description
         #   @return [::String]
-        #     Detailed description of what this `Constraint` controls as well as how and
+        #     Detailed description of what this constraint controls as well as how and
         #     where it is enforced.
         #
         #     Mutable.
         # @!attribute [rw] constraint_default
         #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::ConstraintDefault]
-        #     The evaluation behavior of this constraint in the absence of 'Policy'.
+        #     The evaluation behavior of this constraint in the absence of a policy.
         # @!attribute [rw] list_constraint
         #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::ListConstraint]
         #     Defines this constraint as being a ListConstraint.
         # @!attribute [rw] boolean_constraint
         #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::BooleanConstraint]
         #     Defines this constraint as being a BooleanConstraint.
+        # @!attribute [rw] supports_dry_run
+        #   @return [::Boolean]
+        #     Shows if dry run is supported for this constraint or not.
         class Constraint
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
 
-          # A `Constraint` that allows or disallows a list of string values, which are
-          # configured by an Organization's policy administrator with a `Policy`.
+          # A constraint that allows or disallows a list of string values, which are
+          # configured by an Organization Policy administrator with a policy.
           # @!attribute [rw] supports_in
           #   @return [::Boolean]
           #     Indicates whether values grouped into categories can be used in
@@ -77,7 +81,7 @@ module Google
           #     `"in:Python"` would match any value in the 'Python' group.
           # @!attribute [rw] supports_under
           #   @return [::Boolean]
-          #     Indicates whether subtrees of Cloud Resource Manager resource hierarchy
+          #     Indicates whether subtrees of the Resource Manager resource hierarchy
           #     can be used in `Policy.allowed_values` and `Policy.denied_values`. For
           #     example, `"under:folders/123"` would match any resource under the
           #     'folders/123' folder.
@@ -86,9 +90,9 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
 
-          # A `Constraint` that is either enforced or not.
+          # A constraint that is either enforced or not.
           #
-          # For example a constraint `constraints/compute.disableSerialPortAccess`.
+          # For example, a constraint `constraints/compute.disableSerialPortAccess`.
           # If it is enforced on a VM instance, serial port connections will not be
           # opened to that instance.
           class BooleanConstraint
@@ -96,8 +100,8 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
 
-          # Specifies the default behavior in the absence of any `Policy` for the
-          # `Constraint`. This must not be `CONSTRAINT_DEFAULT_UNSPECIFIED`.
+          # Specifies the default behavior in the absence of any policy for the
+          # constraint. This must not be `CONSTRAINT_DEFAULT_UNSPECIFIED`.
           #
           # Immutable after creation.
           module ConstraintDefault
@@ -114,6 +118,94 @@ module Google
             DENY = 2
           end
         end
+
+        # A custom constraint defined by customers which can *only* be applied to the
+        # given resource types and organization.
+        #
+        # By creating a custom constraint, customers can apply policies of this
+        # custom constraint. *Creating a custom constraint itself does NOT apply any
+        # policy enforcement*.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Immutable. Name of the constraint. This is unique within the organization.
+        #     Format of the name should be
+        #
+        #     * `organizations/{organization_id}/customConstraints/{custom_constraint_id}`
+        #
+        #     Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms`
+        #
+        #     The max length is 70 characters and the minimum length is 1. Note that the
+        #     prefix `organizations/{organization_id}/customConstraints/` is not counted.
+        # @!attribute [rw] resource_types
+        #   @return [::Array<::String>]
+        #     Immutable. The resource instance type on which this policy applies. Format
+        #     will be of the form : `<canonical service name>/<type>` Example:
+        #
+        #      * `compute.googleapis.com/Instance`.
+        # @!attribute [rw] method_types
+        #   @return [::Array<::Google::Cloud::OrgPolicy::V2::CustomConstraint::MethodType>]
+        #     All the operations being applied for this constraint.
+        # @!attribute [rw] condition
+        #   @return [::String]
+        #     Org policy condition/expression. For example:
+        #     `resource.instanceName.matches("[production|test]_.*_(\d)+")` or,
+        #     `resource.management.auto_upgrade == true`
+        #
+        #     The max length of the condition is 1000 characters.
+        # @!attribute [rw] action_type
+        #   @return [::Google::Cloud::OrgPolicy::V2::CustomConstraint::ActionType]
+        #     Allow or deny type.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     One line display name for the UI.
+        #     The max length of the display_name is 200 characters.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Detailed information about this custom policy constraint.
+        #     The max length of the description is 2000 characters.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The last time this custom constraint was updated. This
+        #     represents the last time that the `CreateCustomConstraint` or
+        #     `UpdateCustomConstraint` RPC was called
+        class CustomConstraint
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The operation for which this constraint will be applied. To apply this
+          # constraint only when creating new VMs, the `method_types` should be
+          # `CREATE` only. To apply this constraint when creating or deleting
+          # VMs, the `method_types` should be `CREATE` and `DELETE`.
+          #
+          # `UPDATE` only custom constraints are not supported. Use `CREATE` or
+          # `CREATE, UPDATE`.
+          module MethodType
+            # Unspecified. Results in an error.
+            METHOD_TYPE_UNSPECIFIED = 0
+
+            # Constraint applied when creating the resource.
+            CREATE = 1
+
+            # Constraint applied when updating the resource.
+            UPDATE = 2
+
+            # Constraint applied when deleting the resource.
+            # Not supported yet.
+            DELETE = 3
+          end
+
+          # Allow or deny type.
+          module ActionType
+            # Unspecified. Results in an error.
+            ACTION_TYPE_UNSPECIFIED = 0
+
+            # Allowed action type.
+            ALLOW = 1
+
+            # Deny action type.
+            DENY = 2
+          end
+        end
       end
     end
   end

data/proto_docs/google/cloud/orgpolicy/v2/orgpolicy.rb

@@ -21,18 +21,19 @@ module Google
   module Cloud
     module OrgPolicy
       module V2
-        # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
-        # for configurations of Cloud Platform resources.
+        # Defines an organization policy which is used to specify constraints
+        # for configurations of Google Cloud resources.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Immutable. The resource name of the Policy. Must be one of the following
-        #     forms, where constraint_name is the name of the constraint which this
-        #     Policy configures:
+        #     Immutable. The resource name of the policy. Must be one of the following
+        #     forms, where `constraint_name` is the name of the constraint which this
+        #     policy configures:
+        #
         #     * `projects/{project_number}/policies/{constraint_name}`
         #     * `folders/{folder_id}/policies/{constraint_name}`
         #     * `organizations/{organization_id}/policies/{constraint_name}`
         #
-        #     For example, "projects/123/policies/compute.disableSerialPortAccess".
+        #     For example, `projects/123/policies/compute.disableSerialPortAccess`.
         #
         #     Note: `projects/{project_id}/policies/{constraint_name}` is also an
         #     acceptable name for API requests, but responses will return the name using
@@ -45,9 +46,15 @@ module Google
         #     Deprecated.
         # @!attribute [rw] dry_run_spec
         #   @return [::Google::Cloud::OrgPolicy::V2::PolicySpec]
-        #     dry-run policy.
+        #     Dry-run policy.
         #     Audit-only policy, can be used to monitor how the policy would have
         #     impacted the existing and future resources if it's enforced.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     Optional. An opaque tag indicating the current state of the policy, used
+        #     for concurrency control. This 'etag' is computed by the server based on the
+        #     value of other fields, and may be sent on update and delete requests to
+        #     ensure the client has an up-to-date value before proceeding.
         class Policy
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -62,55 +69,54 @@ module Google
         #     Should be set only in the alternate policy.
         # @!attribute [rw] spec
         #   @return [::Google::Cloud::OrgPolicy::V2::PolicySpec]
-        #     Specify `Constraint` for configurations of Cloud Platform resources.
+        #     Specify constraint for configurations of Google Cloud resources.
         class AlternatePolicySpec
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Defines a Cloud Organization `PolicySpec` which is used to specify
-        # `Constraints` for configurations of Cloud Platform resources.
+        # Defines a Google Cloud policy specification which is used to specify
+        # constraints for configurations of Google Cloud resources.
         # @!attribute [rw] etag
         #   @return [::String]
-        #     An opaque tag indicating the current version of the `Policy`, used for
+        #     An opaque tag indicating the current version of the policySpec, used for
         #     concurrency control.
         #
         #     This field is ignored if used in a `CreatePolicy` request.
         #
-        #     When the `Policy` is returned from either a `GetPolicy` or a
+        #     When the policy is returned from either a `GetPolicy` or a
         #     `ListPolicies` request, this `etag` indicates the version of the
-        #     current `Policy` to use when executing a read-modify-write loop.
+        #     current policySpec to use when executing a read-modify-write loop.
         #
-        #     When the `Policy` is returned from a `GetEffectivePolicy` request, the
+        #     When the policy is returned from a `GetEffectivePolicy` request, the
         #     `etag` will be unset.
         # @!attribute [r] update_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Output only. The time stamp this was previously updated. This
         #     represents the last time a call to `CreatePolicy` or `UpdatePolicy` was
-        #     made for that `Policy`.
+        #     made for that policy.
         # @!attribute [rw] rules
         #   @return [::Array<::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule>]
-        #     Up to 10 PolicyRules are allowed.
+        #     In policies for boolean constraints, the following requirements apply:
         #
-        #     In Policies for boolean constraints, the following requirements apply:
-        #       - There must be one and only one PolicyRule where condition is unset.
-        #       - BooleanPolicyRules with conditions must set `enforced` to the opposite
-        #         of the PolicyRule without a condition.
-        #       - During policy evaluation, PolicyRules with conditions that are
+        #       - There must be one and only one policy rule where condition is unset.
+        #       - Boolean policy rules with conditions must set `enforced` to the
+        #         opposite of the policy rule without a condition.
+        #       - During policy evaluation, policy rules with conditions that are
         #         true for a target resource take precedence.
         # @!attribute [rw] inherit_from_parent
         #   @return [::Boolean]
-        #     Determines the inheritance behavior for this `Policy`.
+        #     Determines the inheritance behavior for this policy.
         #
-        #     If `inherit_from_parent` is true, PolicyRules set higher up in the
+        #     If `inherit_from_parent` is true, policy rules set higher up in the
         #     hierarchy (up to the closest root) are inherited and present in the
         #     effective policy. If it is false, then no rules are inherited, and this
-        #     Policy becomes the new root for evaluation.
-        #     This field can be set only for Policies which configure list constraints.
+        #     policy becomes the new root for evaluation.
+        #     This field can be set only for policies which configure list constraints.
         # @!attribute [rw] reset
         #   @return [::Boolean]
         #     Ignores policies set above this resource and restores the
-        #     `constraint_default` enforcement behavior of the specific `Constraint` at
+        #     `constraint_default` enforcement behavior of the specific constraint at
         #     this resource.
         #     This field can be set in policies for either list or boolean
         #     constraints. If set, `rules` must be empty and `inherit_from_parent`
@@ -122,21 +128,21 @@ module Google
           # A rule used to express this policy.
           # @!attribute [rw] values
           #   @return [::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule::StringValues]
-          #     List of values to be used for this PolicyRule. This field can be set
-          #     only in Policies for list constraints.
+          #     List of values to be used for this policy rule. This field can be set
+          #     only in policies for list constraints.
           # @!attribute [rw] allow_all
           #   @return [::Boolean]
           #     Setting this to true means that all values are allowed. This field can
-          #     be set only in Policies for list constraints.
+          #     be set only in policies for list constraints.
           # @!attribute [rw] deny_all
           #   @return [::Boolean]
           #     Setting this to true means that all values are denied. This field can
-          #     be set only in Policies for list constraints.
+          #     be set only in policies for list constraints.
           # @!attribute [rw] enforce
           #   @return [::Boolean]
-          #     If `true`, then the `Policy` is enforced. If `false`, then any
+          #     If `true`, then the policy is enforced. If `false`, then any
           #     configuration is acceptable.
-          #     This field can be set only in Policies for boolean constraints.
+          #     This field can be set only in policies for boolean constraints.
           # @!attribute [rw] condition
           #   @return [::Google::Type::Expr]
           #     A condition which determines whether this rule is used
@@ -156,7 +162,7 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
 
             # A message that holds specific allowed and denied values.
-            # This message can define specific values and subtrees of Cloud Resource
+            # This message can define specific values and subtrees of the Resource
             # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
             # are allowed or denied. This is achieved by using the `under:` and
             # optional `is:` prefixes.
@@ -165,9 +171,11 @@ module Google
             # if the value contains a ":". Values prefixed with "is:" are treated the
             # same as values with no prefix.
             # Ancestry subtrees must be in one of the following formats:
-            #     - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
-            #     - "folders/<folder-id>", e.g. "folders/1234"
-            #     - "organizations/<organization-id>", e.g. "organizations/1234"
+            #
+            # - `projects/<project-id>` (for example, `projects/tokyo-rain-123`)
+            # - `folders/<folder-id>` (for example, `folders/1234`)
+            # - `organizations/<organization-id>` (for example, `organizations/1234`)
+            #
             # The `supports_under` field of the associated `Constraint`  defines
             # whether ancestry prefixes can be used.
             # @!attribute [rw] allowed_values
@@ -187,8 +195,9 @@ module Google
         # [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The Cloud resource that parents the constraint. Must be in one of
-        #     the following forms:
+        #     Required. The Google Cloud resource that parents the constraint. Must be in
+        #     one of the following forms:
+        #
         #     * `projects/{project_number}`
         #     * `projects/{project_id}`
         #     * `folders/{folder_id}`
@@ -224,9 +233,10 @@ module Google
         # [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The target Cloud resource that parents the set of constraints and
-        #     policies that will be returned from this call. Must be in one of the
-        #     following forms:
+        #     Required. The target Google Cloud resource that parents the set of
+        #     constraints and policies that will be returned from this call. Must be in
+        #     one of the following forms:
+        #
         #     * `projects/{project_number}`
         #     * `projects/{project_id}`
         #     * `folders/{folder_id}`
@@ -247,11 +257,11 @@ module Google
 
         # The response returned from the [ListPolicies]
         # [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty
-        # if no `Policies` are set on the resource.
+        # if no policies are set on the resource.
         # @!attribute [rw] policies
         #   @return [::Array<::Google::Cloud::OrgPolicy::V2::Policy>]
-        #     All `Policies` that exist on the resource. It will be empty if no
-        #     `Policies` are set.
+        #     All policies that exist on the resource. It will be empty if no
+        #     policies are set.
         # @!attribute [rw] next_page_token
         #   @return [::String]
         #     Page token used to retrieve the next page. This is currently not used, but
@@ -265,8 +275,8 @@ module Google
         # [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. Resource name of the policy. See `Policy` for naming
-        #     requirements.
+        #     Required. Resource name of the policy. See
+        #     {::Google::Cloud::OrgPolicy::V2::Policy Policy} for naming requirements.
         class GetPolicyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -276,7 +286,8 @@ module Google
         # [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The effective policy to compute. See `Policy` for naming rules.
+        #     Required. The effective policy to compute. See
+        #     {::Google::Cloud::OrgPolicy::V2::Policy Policy} for naming requirements.
         class GetEffectivePolicyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -286,15 +297,16 @@ module Google
         # [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The Cloud resource that will parent the new Policy. Must be in
-        #     one of the following forms:
+        #     Required. The Google Cloud resource that will parent the new policy. Must
+        #     be in one of the following forms:
+        #
         #     * `projects/{project_number}`
         #     * `projects/{project_id}`
         #     * `folders/{folder_id}`
         #     * `organizations/{organization_id}`
         # @!attribute [rw] policy
         #   @return [::Google::Cloud::OrgPolicy::V2::Policy]
-        #     Required. `Policy` to create.
+        #     Required. Policy to create.
         class CreatePolicyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -304,7 +316,7 @@ module Google
         # [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.
         # @!attribute [rw] policy
         #   @return [::Google::Cloud::OrgPolicy::V2::Policy]
-        #     Required. `Policy` to update.
+        #     Required. Policy to update.
         # @!attribute [rw] update_mask
         #   @return [::Google::Protobuf::FieldMask]
         #     Field mask used to specify the fields to be overwritten in the policy
@@ -320,11 +332,102 @@ module Google
         # @!attribute [rw] name
         #   @return [::String]
         #     Required. Name of the policy to delete.
-        #     See `Policy` for naming rules.
+        #     See the policy entry for naming rules.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     Optional. The current etag of policy. If an etag is provided and does not
+        #     match the current etag of the policy, deletion will be blocked and an
+        #     ABORTED error will be returned.
         class DeletePolicyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
+
+        # The request sent to the [CreateCustomConstraintRequest]
+        # [google.cloud.orgpolicy.v2.OrgPolicy.CreateCustomConstraint] method.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. Must be in the following form:
+        #
+        #     * `organizations/{organization_id}`
+        # @!attribute [rw] custom_constraint
+        #   @return [::Google::Cloud::OrgPolicy::V2::CustomConstraint]
+        #     Required. Custom constraint to create.
+        class CreateCustomConstraintRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to the [GetCustomConstraint]
+        # [google.cloud.orgpolicy.v2.OrgPolicy.GetCustomConstraint] method.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Resource name of the custom constraint. See the custom constraint
+        #     entry for naming requirements.
+        class GetCustomConstraintRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to the [ListCustomConstraints]
+        # [google.cloud.orgpolicy.v2.OrgPolicy.ListCustomConstraints] method.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The target Google Cloud resource that parents the set of custom
+        #     constraints that will be returned from this call. Must be in one of the
+        #     following forms:
+        #
+        #     * `organizations/{organization_id}`
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Size of the pages to be returned. This is currently unsupported and will
+        #     be ignored. The server may at any point start using this field to limit
+        #     page size.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     Page token used to retrieve the next page. This is currently unsupported
+        #     and will be ignored. The server may at any point start using this field.
+        class ListCustomConstraintsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The response returned from the [ListCustomConstraints]
+        # [google.cloud.orgpolicy.v2.OrgPolicy.ListCustomConstraints] method. It will
+        # be empty if no custom constraints are set on the organization resource.
+        # @!attribute [rw] custom_constraints
+        #   @return [::Array<::Google::Cloud::OrgPolicy::V2::CustomConstraint>]
+        #     All custom constraints that exist on the organization resource. It will be
+        #     empty if no custom constraints are set.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     Page token used to retrieve the next page. This is currently not used, but
+        #     the server may at any point start supplying a valid token.
+        class ListCustomConstraintsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to the [UpdateCustomConstraintRequest]
+        # [google.cloud.orgpolicy.v2.OrgPolicy.UpdateCustomConstraint] method.
+        # @!attribute [rw] custom_constraint
+        #   @return [::Google::Cloud::OrgPolicy::V2::CustomConstraint]
+        #     Required. `CustomConstraint` to update.
+        class UpdateCustomConstraintRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to the [DeleteCustomConstraint]
+        # [google.cloud.orgpolicy.v2.OrgPolicy.DeleteCustomConstraint] method.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the custom constraint to delete.
+        #     See the custom constraint entry for naming rules.
+        class DeleteCustomConstraintRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-org_policy-v2
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-06 00:00:00.000000000 Z
+date: 2024-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.19.1
+        version: 0.20.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.19.1
+        version: 0.20.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -215,7 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.2
+rubygems_version: 3.5.3
 signing_key: 
 specification_version: 4
 summary: The Organization Policy API allows users to configure governance rules on