google-cloud-policy_simulator-v1 1.3.0 → 1.4.0

data/lib/google/cloud/policysimulator/v1/orgpolicy_pb.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/policysimulator/v1/orgpolicy.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'google/api/client_pb'
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
+require 'google/cloud/orgpolicy/v2/constraint_pb'
+require 'google/cloud/orgpolicy/v2/orgpolicy_pb'
+require 'google/longrunning/operations_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/rpc/status_pb'
+
+
+descriptor_data = "\n/google/cloud/policysimulator/v1/orgpolicy.proto\x12\x1fgoogle.cloud.policysimulator.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a*google/cloud/orgpolicy/v2/constraint.proto\x1a)google/cloud/orgpolicy/v2/orgpolicy.proto\x1a#google/longrunning/operations.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xbd\x06\n\x1aOrgPolicyViolationsPreview\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x41\n\x05state\x18\x02 \x01(\x0e\x32-.google.cloud.policysimulator.v1.PreviewStateB\x03\xe0\x41\x03\x12G\n\x07overlay\x18\x03 \x01(\x0b\x32\x31.google.cloud.policysimulator.v1.OrgPolicyOverlayB\x03\xe0\x41\x02\x12\x1d\n\x10violations_count\x18\x04 \x01(\x05\x42\x03\xe0\x41\x03\x12h\n\x0fresource_counts\x18\x05 \x01(\x0b\x32J.google.cloud.policysimulator.v1.OrgPolicyViolationsPreview.ResourceCountsB\x03\xe0\x41\x03\x12M\n\x12\x63ustom_constraints\x18\x06 \x03(\tB1\xe0\x41\x03\xfa\x41+\n)orgpolicy.googleapis.com/CustomConstraint\x12\x34\n\x0b\x63reate_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a\x87\x01\n\x0eResourceCounts\x12\x14\n\x07scanned\x18\x01 \x01(\x05\x42\x03\xe0\x41\x03\x12\x19\n\x0cnoncompliant\x18\x02 \x01(\x05\x42\x03\xe0\x41\x03\x12\x16\n\tcompliant\x18\x03 \x01(\x05\x42\x03\xe0\x41\x03\x12\x17\n\nunenforced\x18\x04 \x01(\x05\x42\x03\xe0\x41\x03\x12\x13\n\x06\x65rrors\x18\x05 \x01(\x05\x42\x03\xe0\x41\x03:\xe7\x01\xea\x41\xe3\x01\n9policysimulator.googleapis.com/OrgPolicyViolationsPreview\x12morganizations/{organization}/locations/{location}/orgPolicyViolationsPreviews/{org_policy_violations_preview}*\x1borgPolicyViolationsPreviews2\x1aorgPolicyViolationsPreview\"\xcf\x03\n\x12OrgPolicyViolation\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x42\n\x08resource\x18\x02 \x01(\x0b\x32\x30.google.cloud.policysimulator.v1.ResourceContext\x12\x46\n\x11\x63ustom_constraint\x18\x03 \x01(\x0b\x32+.google.cloud.orgpolicy.v2.CustomConstraint\x12!\n\x05\x65rror\x18\x04 \x01(\x0b\x32\x12.google.rpc.Status:\xfb\x01\xea\x41\xf7\x01\n1policysimulator.googleapis.com/OrgPolicyViolation\x12\x98\x01organizations/{organization}/locations/{location}/orgPolicyViolationsPreviews/{org_policy_violations_preview}/orgPolicyViolations/{org_policy_violation}*\x13orgPolicyViolations2\x12orgPolicyViolation\"J\n\x0fResourceContext\x12\x10\n\x08resource\x18\x01 \x01(\t\x12\x12\n\nasset_type\x18\x02 \x01(\t\x12\x11\n\tancestors\x18\x03 \x03(\t\"\xcb\x03\n\x10OrgPolicyOverlay\x12V\n\x08policies\x18\x01 \x03(\x0b\x32?.google.cloud.policysimulator.v1.OrgPolicyOverlay.PolicyOverlayB\x03\xe0\x41\x01\x12j\n\x12\x63ustom_constraints\x18\x02 \x03(\x0b\x32I.google.cloud.policysimulator.v1.OrgPolicyOverlay.CustomConstraintOverlayB\x03\xe0\x41\x01\x1a\x63\n\rPolicyOverlay\x12\x1a\n\rpolicy_parent\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x36\n\x06policy\x18\x02 \x01(\x0b\x32!.google.cloud.orgpolicy.v2.PolicyB\x03\xe0\x41\x01\x1a\x8d\x01\n\x17\x43ustomConstraintOverlay\x12%\n\x18\x63ustom_constraint_parent\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12K\n\x11\x63ustom_constraint\x18\x02 \x01(\x0b\x32+.google.cloud.orgpolicy.v2.CustomConstraintB\x03\xe0\x41\x01\"\xa7\x02\n1CreateOrgPolicyViolationsPreviewOperationMetadata\x12\x30\n\x0crequest_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12.\n\nstart_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x41\n\x05state\x18\x03 \x01(\x0e\x32-.google.cloud.policysimulator.v1.PreviewStateB\x03\xe0\x41\x03\x12\x17\n\x0fresources_found\x18\x04 \x01(\x05\x12\x19\n\x11resources_scanned\x18\x05 \x01(\x05\x12\x19\n\x11resources_pending\x18\x06 \x01(\x05\"\xac\x01\n&ListOrgPolicyViolationsPreviewsRequest\x12Q\n\x06parent\x18\x01 \x01(\tBA\xe0\x41\x02\xfa\x41;\x12\x39policysimulator.googleapis.com/OrgPolicyViolationsPreview\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\"\xa7\x01\n\'ListOrgPolicyViolationsPreviewsResponse\x12\x63\n\x1eorg_policy_violations_previews\x18\x01 \x03(\x0b\x32;.google.cloud.policysimulator.v1.OrgPolicyViolationsPreview\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"w\n$GetOrgPolicyViolationsPreviewRequest\x12O\n\x04name\x18\x01 \x01(\tBA\xe0\x41\x02\xfa\x41;\n9policysimulator.googleapis.com/OrgPolicyViolationsPreview\"\x94\x02\n\'CreateOrgPolicyViolationsPreviewRequest\x12Q\n\x06parent\x18\x01 \x01(\tBA\xe0\x41\x02\xfa\x41;\x12\x39policysimulator.googleapis.com/OrgPolicyViolationsPreview\x12g\n\x1dorg_policy_violations_preview\x18\x02 \x01(\x0b\x32;.google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewB\x03\xe0\x41\x02\x12-\n org_policy_violations_preview_id\x18\x03 \x01(\tB\x03\xe0\x41\x01\"\x9c\x01\n\x1eListOrgPolicyViolationsRequest\x12I\n\x06parent\x18\x01 \x01(\tB9\xe0\x41\x02\xfa\x41\x33\x12\x31policysimulator.googleapis.com/OrgPolicyViolation\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\"\x8e\x01\n\x1fListOrgPolicyViolationsResponse\x12R\n\x15org_policy_violations\x18\x01 \x03(\x0b\x32\x33.google.cloud.policysimulator.v1.OrgPolicyViolation\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t*\x82\x01\n\x0cPreviewState\x12\x1d\n\x19PREVIEW_STATE_UNSPECIFIED\x10\x00\x12\x13\n\x0fPREVIEW_PENDING\x10\x01\x12\x13\n\x0fPREVIEW_RUNNING\x10\x02\x12\x15\n\x11PREVIEW_SUCCEEDED\x10\x03\x12\x12\n\x0ePREVIEW_FAILED\x10\x04\x32\xa2\n\n!OrgPolicyViolationsPreviewService\x12\x8b\x02\n\x1fListOrgPolicyViolationsPreviews\x12G.google.cloud.policysimulator.v1.ListOrgPolicyViolationsPreviewsRequest\x1aH.google.cloud.policysimulator.v1.ListOrgPolicyViolationsPreviewsResponse\"U\xda\x41\x06parent\x82\xd3\xe4\x93\x02\x46\x12\x44/v1/{parent=organizations/*/locations/*}/orgPolicyViolationsPreviews\x12\xf8\x01\n\x1dGetOrgPolicyViolationsPreview\x12\x45.google.cloud.policysimulator.v1.GetOrgPolicyViolationsPreviewRequest\x1a;.google.cloud.policysimulator.v1.OrgPolicyViolationsPreview\"S\xda\x41\x04name\x82\xd3\xe4\x93\x02\x46\x12\x44/v1/{name=organizations/*/locations/*/orgPolicyViolationsPreviews/*}\x12\x93\x03\n CreateOrgPolicyViolationsPreview\x12H.google.cloud.policysimulator.v1.CreateOrgPolicyViolationsPreviewRequest\x1a\x1d.google.longrunning.Operation\"\x85\x02\xca\x41O\n\x1aOrgPolicyViolationsPreview\x12\x31\x43reateOrgPolicyViolationsPreviewOperationMetadata\xda\x41\x45parent,org_policy_violations_preview,org_policy_violations_preview_id\x82\xd3\xe4\x93\x02\x65\"D/v1/{parent=organizations/*/locations/*}/orgPolicyViolationsPreviews:\x1dorg_policy_violations_preview\x12\x89\x02\n\x17ListOrgPolicyViolations\x12?.google.cloud.policysimulator.v1.ListOrgPolicyViolationsRequest\x1a@.google.cloud.policysimulator.v1.ListOrgPolicyViolationsResponse\"k\xda\x41\x06parent\x82\xd3\xe4\x93\x02\\\x12Z/v1/{parent=organizations/*/locations/*/orgPolicyViolationsPreviews/*}/orgPolicyViolations\x1aR\xca\x41\x1epolicysimulator.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x9b\x03\n#com.google.cloud.policysimulator.v1B\x0eOrgpolicyProtoP\x01ZMcloud.google.com/go/policysimulator/apiv1/policysimulatorpb;policysimulatorpb\xaa\x02\x1fGoogle.Cloud.PolicySimulator.V1\xca\x02\x1fGoogle\\Cloud\\PolicySimulator\\V1\xea\x02\"Google::Cloud::PolicySimulator::V1\xea\x41\\\n\'iam.googleapis.com/OrganizationLocation\x12\x31organizations/{organization}/locations/{location}\xea\x41J\n!iam.googleapis.com/FolderLocation\x12%folders/{folder}/locations/{location}b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["google.protobuf.Timestamp", "google/protobuf/timestamp.proto"],
+    ["google.cloud.orgpolicy.v2.CustomConstraint", "google/cloud/orgpolicy/v2/constraint.proto"],
+    ["google.rpc.Status", "google/rpc/status.proto"],
+    ["google.cloud.orgpolicy.v2.Policy", "google/cloud/orgpolicy/v2/orgpolicy.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
+    end
+  end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
+end
+
+module Google
+  module Cloud
+    module PolicySimulator
+      module V1
+        OrgPolicyViolationsPreview = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.OrgPolicyViolationsPreview").msgclass
+        OrgPolicyViolationsPreview::ResourceCounts = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.OrgPolicyViolationsPreview.ResourceCounts").msgclass
+        OrgPolicyViolation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.OrgPolicyViolation").msgclass
+        ResourceContext = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.ResourceContext").msgclass
+        OrgPolicyOverlay = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.OrgPolicyOverlay").msgclass
+        OrgPolicyOverlay::PolicyOverlay = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.OrgPolicyOverlay.PolicyOverlay").msgclass
+        OrgPolicyOverlay::CustomConstraintOverlay = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.OrgPolicyOverlay.CustomConstraintOverlay").msgclass
+        CreateOrgPolicyViolationsPreviewOperationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.CreateOrgPolicyViolationsPreviewOperationMetadata").msgclass
+        ListOrgPolicyViolationsPreviewsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.ListOrgPolicyViolationsPreviewsRequest").msgclass
+        ListOrgPolicyViolationsPreviewsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.ListOrgPolicyViolationsPreviewsResponse").msgclass
+        GetOrgPolicyViolationsPreviewRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.GetOrgPolicyViolationsPreviewRequest").msgclass
+        CreateOrgPolicyViolationsPreviewRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.CreateOrgPolicyViolationsPreviewRequest").msgclass
+        ListOrgPolicyViolationsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.ListOrgPolicyViolationsRequest").msgclass
+        ListOrgPolicyViolationsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.ListOrgPolicyViolationsResponse").msgclass
+        PreviewState = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.policysimulator.v1.PreviewState").enummodule
+      end
+    end
+  end
+end

data/lib/google/cloud/policysimulator/v1/orgpolicy_services_pb.rb

@@ -0,0 +1,76 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: google/cloud/policysimulator/v1/orgpolicy.proto for package 'Google.Cloud.PolicySimulator.V1'
+# Original file comments:
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'grpc'
+require 'google/cloud/policysimulator/v1/orgpolicy_pb'
+
+module Google
+  module Cloud
+    module PolicySimulator
+      module V1
+        module OrgPolicyViolationsPreviewService
+          # Violations Preview API service for OrgPolicy.
+          #
+          # An
+          # [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
+          # is a preview of the violations that will exist as soon as a proposed
+          # OrgPolicy change is submitted. To create an
+          # [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview],
+          # the API user specifies the changes they wish to make and requests the
+          # generation of a preview via [GenerateViolationsPreview][]. the OrgPolicy
+          # Simulator service then scans the API user's currently existing resources to
+          # determine these resources violate the newly set OrgPolicy.
+          class Service
+
+            include ::GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.policysimulator.v1.OrgPolicyViolationsPreviewService'
+
+            # ListOrgPolicyViolationsPreviews lists each
+            # [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
+            # in an organization. Each
+            # [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
+            # is available for at least 7 days.
+            rpc :ListOrgPolicyViolationsPreviews, ::Google::Cloud::PolicySimulator::V1::ListOrgPolicyViolationsPreviewsRequest, ::Google::Cloud::PolicySimulator::V1::ListOrgPolicyViolationsPreviewsResponse
+            # GetOrgPolicyViolationsPreview gets the specified
+            # [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
+            # Each
+            # [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
+            # is available for at least 7 days.
+            rpc :GetOrgPolicyViolationsPreview, ::Google::Cloud::PolicySimulator::V1::GetOrgPolicyViolationsPreviewRequest, ::Google::Cloud::PolicySimulator::V1::OrgPolicyViolationsPreview
+            # CreateOrgPolicyViolationsPreview creates an
+            # [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview]
+            # for the proposed changes in the provided
+            # [OrgPolicyViolationsPreview.OrgPolicyOverlay][]. The changes to OrgPolicy
+            # are specified by this `OrgPolicyOverlay`. The resources to scan are
+            # inferred from these specified changes.
+            rpc :CreateOrgPolicyViolationsPreview, ::Google::Cloud::PolicySimulator::V1::CreateOrgPolicyViolationsPreviewRequest, ::Google::Longrunning::Operation
+            # ListOrgPolicyViolations lists the [OrgPolicyViolations][] that are present
+            # in an
+            # [OrgPolicyViolationsPreview][google.cloud.policysimulator.v1.OrgPolicyViolationsPreview].
+            rpc :ListOrgPolicyViolations, ::Google::Cloud::PolicySimulator::V1::ListOrgPolicyViolationsRequest, ::Google::Cloud::PolicySimulator::V1::ListOrgPolicyViolationsResponse
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/policysimulator/v1/simulator_pb.rb

@@ -16,7 +16,7 @@ require 'google/rpc/status_pb'
 require 'google/type/date_pb'
 
 
-descriptor_data = "\n/google/cloud/policysimulator/v1/simulator.proto\x12\x1fgoogle.cloud.policysimulator.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x32google/cloud/policysimulator/v1/explanations.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a#google/longrunning/operations.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\x1a\x16google/type/date.proto\"\xef\x05\n\x06Replay\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x41\n\x05state\x18\x02 \x01(\x0e\x32-.google.cloud.policysimulator.v1.Replay.StateB\x03\xe0\x41\x03\x12\x42\n\x06\x63onfig\x18\x03 \x01(\x0b\x32-.google.cloud.policysimulator.v1.ReplayConfigB\x03\xe0\x41\x02\x12T\n\x0fresults_summary\x18\x05 \x01(\x0b\x32\x36.google.cloud.policysimulator.v1.Replay.ResultsSummaryB\x03\xe0\x41\x03\x1a\xbb\x01\n\x0eResultsSummary\x12\x11\n\tlog_count\x18\x01 \x01(\x05\x12\x17\n\x0funchanged_count\x18\x02 \x01(\x05\x12\x18\n\x10\x64ifference_count\x18\x03 \x01(\x05\x12\x13\n\x0b\x65rror_count\x18\x04 \x01(\x05\x12&\n\x0boldest_date\x18\x05 \x01(\x0b\x32\x11.google.type.Date\x12&\n\x0bnewest_date\x18\x06 \x01(\x0b\x32\x11.google.type.Date\"S\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x0b\n\x07PENDING\x10\x01\x12\x0b\n\x07RUNNING\x10\x02\x12\r\n\tSUCCEEDED\x10\x03\x12\n\n\x06\x46\x41ILED\x10\x04:\xe1\x01\xea\x41\xdd\x01\n%policysimulator.googleapis.com/Replay\x12\x38projects/{project}/locations/{location}/replays/{replay}\x12\x36\x66olders/{folder}/locations/{location}/replays/{replay}\x12\x42organizations/{organization}/locations/{location}/replays/{replay}\"\xe5\x04\n\x0cReplayResult\x12;\n\x04\x64iff\x18\x05 \x01(\x0b\x32+.google.cloud.policysimulator.v1.ReplayDiffH\x00\x12#\n\x05\x65rror\x18\x06 \x01(\x0b\x32\x12.google.rpc.StatusH\x00\x12\x0c\n\x04name\x18\x01 \x01(\t\x12:\n\x06parent\x18\x02 \x01(\tB*\xfa\x41\'\n%policysimulator.googleapis.com/Replay\x12\x42\n\x0c\x61\x63\x63\x65ss_tuple\x18\x03 \x01(\x0b\x32,.google.cloud.policysimulator.v1.AccessTuple\x12)\n\x0elast_seen_date\x18\x04 \x01(\x0b\x32\x11.google.type.Date:\xaf\x02\xea\x41\xab\x02\n+policysimulator.googleapis.com/ReplayResult\x12Pprojects/{project}/locations/{location}/replays/{replay}/results/{replay_result}\x12Nfolders/{folder}/locations/{location}/replays/{replay}/results/{replay_result}\x12Zorganizations/{organization}/locations/{location}/replays/{replay}/results/{replay_result}B\x08\n\x06result\"h\n\x13\x43reateReplayRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12<\n\x06replay\x18\x02 \x01(\x0b\x32\'.google.cloud.policysimulator.v1.ReplayB\x03\xe0\x41\x02\"I\n\x17ReplayOperationMetadata\x12.\n\nstart_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\"O\n\x10GetReplayRequest\x12;\n\x04name\x18\x01 \x01(\tB-\xe0\x41\x02\xfa\x41\'\n%policysimulator.googleapis.com/Replay\"\x80\x01\n\x18ListReplayResultsRequest\x12=\n\x06parent\x18\x01 \x01(\tB-\xe0\x41\x02\xfa\x41\'\n%policysimulator.googleapis.com/Replay\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"{\n\x19ListReplayResultsResponse\x12\x45\n\x0ereplay_results\x18\x01 \x03(\x0b\x32-.google.cloud.policysimulator.v1.ReplayResult\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\xc0\x02\n\x0cReplayConfig\x12X\n\x0epolicy_overlay\x18\x01 \x03(\x0b\x32@.google.cloud.policysimulator.v1.ReplayConfig.PolicyOverlayEntry\x12K\n\nlog_source\x18\x02 \x01(\x0e\x32\x37.google.cloud.policysimulator.v1.ReplayConfig.LogSource\x1aK\n\x12PolicyOverlayEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12$\n\x05value\x18\x02 \x01(\x0b\x32\x15.google.iam.v1.Policy:\x02\x38\x01\"<\n\tLogSource\x12\x1a\n\x16LOG_SOURCE_UNSPECIFIED\x10\x00\x12\x13\n\x0fRECENT_ACCESSES\x10\x01\"S\n\nReplayDiff\x12\x45\n\x0b\x61\x63\x63\x65ss_diff\x18\x02 \x01(\x0b\x32\x30.google.cloud.policysimulator.v1.AccessStateDiff\"\xaa\x03\n\x0f\x41\x63\x63\x65ssStateDiff\x12\x42\n\x08\x62\x61seline\x18\x01 \x01(\x0b\x32\x30.google.cloud.policysimulator.v1.ExplainedAccess\x12\x43\n\tsimulated\x18\x02 \x01(\x0b\x32\x30.google.cloud.policysimulator.v1.ExplainedAccess\x12X\n\raccess_change\x18\x03 \x01(\x0e\x32\x41.google.cloud.policysimulator.v1.AccessStateDiff.AccessChangeType\"\xb3\x01\n\x10\x41\x63\x63\x65ssChangeType\x12\"\n\x1e\x41\x43\x43\x45SS_CHANGE_TYPE_UNSPECIFIED\x10\x00\x12\r\n\tNO_CHANGE\x10\x01\x12\x12\n\x0eUNKNOWN_CHANGE\x10\x02\x12\x12\n\x0e\x41\x43\x43\x45SS_REVOKED\x10\x03\x12\x11\n\rACCESS_GAINED\x10\x04\x12\x18\n\x14\x41\x43\x43\x45SS_MAYBE_REVOKED\x10\x05\x12\x17\n\x13\x41\x43\x43\x45SS_MAYBE_GAINED\x10\x06\"\xbd\x01\n\x0f\x45xplainedAccess\x12\x42\n\x0c\x61\x63\x63\x65ss_state\x18\x01 \x01(\x0e\x32,.google.cloud.policysimulator.v1.AccessState\x12\x42\n\x08policies\x18\x02 \x03(\x0b\x32\x30.google.cloud.policysimulator.v1.ExplainedPolicy\x12\"\n\x06\x65rrors\x18\x03 \x03(\x0b\x32\x12.google.rpc.Status2\x81\x08\n\tSimulator\x12\x87\x02\n\tGetReplay\x12\x31.google.cloud.policysimulator.v1.GetReplayRequest\x1a\'.google.cloud.policysimulator.v1.Replay\"\x9d\x01\xda\x41\x04name\x82\xd3\xe4\x93\x02\x8f\x01\x12+/v1/{name=projects/*/locations/*/replays/*}Z,\x12*/v1/{name=folders/*/locations/*/replays/*}Z2\x12\x30/v1/{name=organizations/*/locations/*/replays/*}\x12\xc8\x02\n\x0c\x43reateReplay\x12\x34.google.cloud.policysimulator.v1.CreateReplayRequest\x1a\x1d.google.longrunning.Operation\"\xe2\x01\xca\x41!\n\x06Replay\x12\x17ReplayOperationMetadata\xda\x41\rparent,replay\x82\xd3\xe4\x93\x02\xa7\x01\"+/v1/{parent=projects/*/locations/*}/replays:\x06replayZ4\"*/v1/{parent=folders/*/locations/*}/replays:\x06replayZ:\"0/v1/{parent=organizations/*/locations/*}/replays:\x06replay\x12\xca\x02\n\x11ListReplayResults\x12\x39.google.cloud.policysimulator.v1.ListReplayResultsRequest\x1a:.google.cloud.policysimulator.v1.ListReplayResultsResponse\"\xbd\x01\xda\x41\x06parent\x82\xd3\xe4\x93\x02\xad\x01\x12\x35/v1/{parent=projects/*/locations/*/replays/*}/resultsZ6\x12\x34/v1/{parent=folders/*/locations/*/replays/*}/resultsZ<\x12:/v1/{parent=organizations/*/locations/*/replays/*}/results\x1aR\xca\x41\x1epolicysimulator.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xf2\x01\n#com.google.cloud.policysimulator.v1B\x0eSimulatorProtoP\x01ZMcloud.google.com/go/policysimulator/apiv1/policysimulatorpb;policysimulatorpb\xf8\x01\x01\xaa\x02\x1fGoogle.Cloud.PolicySimulator.V1\xca\x02\x1fGoogle\\Cloud\\PolicySimulator\\V1\xea\x02\"Google::Cloud::PolicySimulator::V1b\x06proto3"
+descriptor_data = "\n/google/cloud/policysimulator/v1/simulator.proto\x12\x1fgoogle.cloud.policysimulator.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x32google/cloud/policysimulator/v1/explanations.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a#google/longrunning/operations.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\x1a\x16google/type/date.proto\"\xef\x05\n\x06Replay\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x41\n\x05state\x18\x02 \x01(\x0e\x32-.google.cloud.policysimulator.v1.Replay.StateB\x03\xe0\x41\x03\x12\x42\n\x06\x63onfig\x18\x03 \x01(\x0b\x32-.google.cloud.policysimulator.v1.ReplayConfigB\x03\xe0\x41\x02\x12T\n\x0fresults_summary\x18\x05 \x01(\x0b\x32\x36.google.cloud.policysimulator.v1.Replay.ResultsSummaryB\x03\xe0\x41\x03\x1a\xbb\x01\n\x0eResultsSummary\x12\x11\n\tlog_count\x18\x01 \x01(\x05\x12\x17\n\x0funchanged_count\x18\x02 \x01(\x05\x12\x18\n\x10\x64ifference_count\x18\x03 \x01(\x05\x12\x13\n\x0b\x65rror_count\x18\x04 \x01(\x05\x12&\n\x0boldest_date\x18\x05 \x01(\x0b\x32\x11.google.type.Date\x12&\n\x0bnewest_date\x18\x06 \x01(\x0b\x32\x11.google.type.Date\"S\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x0b\n\x07PENDING\x10\x01\x12\x0b\n\x07RUNNING\x10\x02\x12\r\n\tSUCCEEDED\x10\x03\x12\n\n\x06\x46\x41ILED\x10\x04:\xe1\x01\xea\x41\xdd\x01\n%policysimulator.googleapis.com/Replay\x12\x38projects/{project}/locations/{location}/replays/{replay}\x12\x36\x66olders/{folder}/locations/{location}/replays/{replay}\x12\x42organizations/{organization}/locations/{location}/replays/{replay}\"\xe5\x04\n\x0cReplayResult\x12;\n\x04\x64iff\x18\x05 \x01(\x0b\x32+.google.cloud.policysimulator.v1.ReplayDiffH\x00\x12#\n\x05\x65rror\x18\x06 \x01(\x0b\x32\x12.google.rpc.StatusH\x00\x12\x0c\n\x04name\x18\x01 \x01(\t\x12:\n\x06parent\x18\x02 \x01(\tB*\xfa\x41\'\n%policysimulator.googleapis.com/Replay\x12\x42\n\x0c\x61\x63\x63\x65ss_tuple\x18\x03 \x01(\x0b\x32,.google.cloud.policysimulator.v1.AccessTuple\x12)\n\x0elast_seen_date\x18\x04 \x01(\x0b\x32\x11.google.type.Date:\xaf\x02\xea\x41\xab\x02\n+policysimulator.googleapis.com/ReplayResult\x12Pprojects/{project}/locations/{location}/replays/{replay}/results/{replay_result}\x12Nfolders/{folder}/locations/{location}/replays/{replay}/results/{replay_result}\x12Zorganizations/{organization}/locations/{location}/replays/{replay}/results/{replay_result}B\x08\n\x06result\"h\n\x13\x43reateReplayRequest\x12\x13\n\x06parent\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12<\n\x06replay\x18\x02 \x01(\x0b\x32\'.google.cloud.policysimulator.v1.ReplayB\x03\xe0\x41\x02\"I\n\x17ReplayOperationMetadata\x12.\n\nstart_time\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\"O\n\x10GetReplayRequest\x12;\n\x04name\x18\x01 \x01(\tB-\xe0\x41\x02\xfa\x41\'\n%policysimulator.googleapis.com/Replay\"\x80\x01\n\x18ListReplayResultsRequest\x12=\n\x06parent\x18\x01 \x01(\tB-\xe0\x41\x02\xfa\x41\'\n%policysimulator.googleapis.com/Replay\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"{\n\x19ListReplayResultsResponse\x12\x45\n\x0ereplay_results\x18\x01 \x03(\x0b\x32-.google.cloud.policysimulator.v1.ReplayResult\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\xc0\x02\n\x0cReplayConfig\x12X\n\x0epolicy_overlay\x18\x01 \x03(\x0b\x32@.google.cloud.policysimulator.v1.ReplayConfig.PolicyOverlayEntry\x12K\n\nlog_source\x18\x02 \x01(\x0e\x32\x37.google.cloud.policysimulator.v1.ReplayConfig.LogSource\x1aK\n\x12PolicyOverlayEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12$\n\x05value\x18\x02 \x01(\x0b\x32\x15.google.iam.v1.Policy:\x02\x38\x01\"<\n\tLogSource\x12\x1a\n\x16LOG_SOURCE_UNSPECIFIED\x10\x00\x12\x13\n\x0fRECENT_ACCESSES\x10\x01\"S\n\nReplayDiff\x12\x45\n\x0b\x61\x63\x63\x65ss_diff\x18\x02 \x01(\x0b\x32\x30.google.cloud.policysimulator.v1.AccessStateDiff\"\xaa\x03\n\x0f\x41\x63\x63\x65ssStateDiff\x12\x42\n\x08\x62\x61seline\x18\x01 \x01(\x0b\x32\x30.google.cloud.policysimulator.v1.ExplainedAccess\x12\x43\n\tsimulated\x18\x02 \x01(\x0b\x32\x30.google.cloud.policysimulator.v1.ExplainedAccess\x12X\n\raccess_change\x18\x03 \x01(\x0e\x32\x41.google.cloud.policysimulator.v1.AccessStateDiff.AccessChangeType\"\xb3\x01\n\x10\x41\x63\x63\x65ssChangeType\x12\"\n\x1e\x41\x43\x43\x45SS_CHANGE_TYPE_UNSPECIFIED\x10\x00\x12\r\n\tNO_CHANGE\x10\x01\x12\x12\n\x0eUNKNOWN_CHANGE\x10\x02\x12\x12\n\x0e\x41\x43\x43\x45SS_REVOKED\x10\x03\x12\x11\n\rACCESS_GAINED\x10\x04\x12\x18\n\x14\x41\x43\x43\x45SS_MAYBE_REVOKED\x10\x05\x12\x17\n\x13\x41\x43\x43\x45SS_MAYBE_GAINED\x10\x06\"\xbd\x01\n\x0f\x45xplainedAccess\x12\x42\n\x0c\x61\x63\x63\x65ss_state\x18\x01 \x01(\x0e\x32,.google.cloud.policysimulator.v1.AccessState\x12\x42\n\x08policies\x18\x02 \x03(\x0b\x32\x30.google.cloud.policysimulator.v1.ExplainedPolicy\x12\"\n\x06\x65rrors\x18\x03 \x03(\x0b\x32\x12.google.rpc.Status2\x81\x08\n\tSimulator\x12\x87\x02\n\tGetReplay\x12\x31.google.cloud.policysimulator.v1.GetReplayRequest\x1a\'.google.cloud.policysimulator.v1.Replay\"\x9d\x01\xda\x41\x04name\x82\xd3\xe4\x93\x02\x8f\x01\x12+/v1/{name=projects/*/locations/*/replays/*}Z,\x12*/v1/{name=folders/*/locations/*/replays/*}Z2\x12\x30/v1/{name=organizations/*/locations/*/replays/*}\x12\xc8\x02\n\x0c\x43reateReplay\x12\x34.google.cloud.policysimulator.v1.CreateReplayRequest\x1a\x1d.google.longrunning.Operation\"\xe2\x01\xca\x41!\n\x06Replay\x12\x17ReplayOperationMetadata\xda\x41\rparent,replay\x82\xd3\xe4\x93\x02\xa7\x01\"+/v1/{parent=projects/*/locations/*}/replays:\x06replayZ4\"*/v1/{parent=folders/*/locations/*}/replays:\x06replayZ:\"0/v1/{parent=organizations/*/locations/*}/replays:\x06replay\x12\xca\x02\n\x11ListReplayResults\x12\x39.google.cloud.policysimulator.v1.ListReplayResultsRequest\x1a:.google.cloud.policysimulator.v1.ListReplayResultsResponse\"\xbd\x01\xda\x41\x06parent\x82\xd3\xe4\x93\x02\xad\x01\x12\x35/v1/{parent=projects/*/locations/*/replays/*}/resultsZ6\x12\x34/v1/{parent=folders/*/locations/*/replays/*}/resultsZ<\x12:/v1/{parent=organizations/*/locations/*/replays/*}/results\x1aR\xca\x41\x1epolicysimulator.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xef\x01\n#com.google.cloud.policysimulator.v1B\x0eSimulatorProtoP\x01ZMcloud.google.com/go/policysimulator/apiv1/policysimulatorpb;policysimulatorpb\xaa\x02\x1fGoogle.Cloud.PolicySimulator.V1\xca\x02\x1fGoogle\\Cloud\\PolicySimulator\\V1\xea\x02\"Google::Cloud::PolicySimulator::V1b\x06proto3"
 
 pool = Google::Protobuf::DescriptorPool.generated_pool
 

data/proto_docs/google/cloud/orgpolicy/v2/constraint.rb

@@ -0,0 +1,370 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module OrgPolicy
+      module V2
+        # A constraint describes a way to restrict resource's configuration. For
+        # example, you could enforce a constraint that controls which Google Cloud
+        # services can be activated across an organization, or whether a Compute Engine
+        # instance can have serial port connections established. Constraints can be
+        # configured by the organization policy administrator to fit the needs of the
+        # organization by setting a policy that includes constraints at different
+        # locations in the organization's resource hierarchy. Policies are inherited
+        # down the resource hierarchy from higher levels, but can also be overridden.
+        # For details about the inheritance rules, see
+        # {::Google::Cloud::OrgPolicy::V2::Policy `Policy`}.
+        #
+        # Constraints have a default behavior determined by the `constraint_default`
+        # field, which is the enforcement behavior that is used in the absence of a
+        # policy being defined or inherited for the resource in question.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Immutable. The resource name of the constraint. Must be in one of
+        #     the following forms:
+        #
+        #     * `projects/{project_number}/constraints/{constraint_name}`
+        #     * `folders/{folder_id}/constraints/{constraint_name}`
+        #     * `organizations/{organization_id}/constraints/{constraint_name}`
+        #
+        #     For example, "/projects/123/constraints/compute.disableSerialPortAccess".
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     The human readable name.
+        #
+        #     Mutable.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Detailed description of what this constraint controls as well as how and
+        #     where it is enforced.
+        #
+        #     Mutable.
+        # @!attribute [rw] constraint_default
+        #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::ConstraintDefault]
+        #     The evaluation behavior of this constraint in the absence of a policy.
+        # @!attribute [rw] list_constraint
+        #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::ListConstraint]
+        #     Defines this constraint as being a list constraint.
+        #
+        #     Note: The following fields are mutually exclusive: `list_constraint`, `boolean_constraint`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] boolean_constraint
+        #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::BooleanConstraint]
+        #     Defines this constraint as being a boolean constraint.
+        #
+        #     Note: The following fields are mutually exclusive: `boolean_constraint`, `list_constraint`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] supports_dry_run
+        #   @return [::Boolean]
+        #     Shows if dry run is supported for this constraint or not.
+        # @!attribute [rw] equivalent_constraint
+        #   @return [::String]
+        #     Managed constraint and canned constraint sometimes can have
+        #     equivalents. This field is used to store the equivalent constraint name.
+        # @!attribute [rw] supports_simulation
+        #   @return [::Boolean]
+        #     Shows if simulation is supported for this constraint or not.
+        class Constraint
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # A constraint type that allows or disallows a list of string values, which
+          # are configured in the
+          # {::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule `PolicyRule`}.
+          # @!attribute [rw] supports_in
+          #   @return [::Boolean]
+          #     Indicates whether values grouped into categories can be used in
+          #     `Policy.allowed_values` and `Policy.denied_values`. For example,
+          #     `"in:Python"` would match any value in the 'Python' group.
+          # @!attribute [rw] supports_under
+          #   @return [::Boolean]
+          #     Indicates whether subtrees of the Resource Manager resource hierarchy
+          #     can be used in `Policy.allowed_values` and `Policy.denied_values`. For
+          #     example, `"under:folders/123"` would match any resource under the
+          #     'folders/123' folder.
+          class ListConstraint
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Custom constraint definition. Defines this as a managed constraint.
+          # @!attribute [rw] resource_types
+          #   @return [::Array<::String>]
+          #     The resource instance type on which this policy applies. Format will be
+          #     of the form : `<service name>/<type>` Example:
+          #
+          #      * `compute.googleapis.com/Instance`.
+          # @!attribute [rw] method_types
+          #   @return [::Array<::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition::MethodType>]
+          #     All the operations being applied for this constraint.
+          # @!attribute [rw] condition
+          #   @return [::String]
+          #     Org policy condition/expression. For example:
+          #     `resource.instanceName.matches("[production|test]_.*_(\d)+")` or,
+          #     `resource.management.auto_upgrade == true`
+          #
+          #     The max length of the condition is 1000 characters.
+          # @!attribute [rw] action_type
+          #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition::ActionType]
+          #     Allow or deny type.
+          # @!attribute [rw] parameters
+          #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition::Parameter}]
+          #     Stores the structure of
+          #     {::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition::Parameter `Parameters`}
+          #     used by the constraint condition. The key of `map` represents the name of
+          #     the parameter.
+          class CustomConstraintDefinition
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Defines a parameter structure.
+            # @!attribute [rw] type
+            #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition::Parameter::Type]
+            #     Type of the parameter.
+            # @!attribute [rw] default_value
+            #   @return [::Google::Protobuf::Value]
+            #     Sets the value of the parameter in an assignment if no value is given.
+            # @!attribute [rw] valid_values_expr
+            #   @return [::String]
+            #     Provides a CEL expression to specify the acceptable parameter values
+            #     during assignment.
+            #     For example, parameterName in ("parameterValue1", "parameterValue2")
+            # @!attribute [rw] metadata
+            #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition::Parameter::Metadata]
+            #     Defines subproperties primarily used by the UI to display user-friendly
+            #     information.
+            # @!attribute [rw] item
+            #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition::Parameter::Type]
+            #     Determines the parameter's value structure.
+            #     For example, `LIST<STRING>` can be specified by defining `type: LIST`,
+            #     and `item: STRING`.
+            class Parameter
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # Defines Metadata structure.
+              # @!attribute [rw] description
+              #   @return [::String]
+              #     Detailed description of what this `parameter` is and use of it.
+              #     Mutable.
+              class Metadata
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+
+              # All valid types of parameter.
+              module Type
+                # This is only used for distinguishing unset values and should never be
+                # used. Results in an error.
+                TYPE_UNSPECIFIED = 0
+
+                # List parameter type.
+                LIST = 1
+
+                # String parameter type.
+                STRING = 2
+
+                # Boolean parameter type.
+                BOOLEAN = 3
+              end
+            end
+
+            # @!attribute [rw] key
+            #   @return [::String]
+            # @!attribute [rw] value
+            #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition::Parameter]
+            class ParametersEntry
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # The operation for which this constraint will be applied. To apply this
+            # constraint only when creating new resources, the `method_types` should be
+            # `CREATE` only. To apply this constraint when creating or deleting
+            # resources, the `method_types` should be `CREATE` and `DELETE`.
+            #
+            # `UPDATE`-only custom constraints are not supported. Use `CREATE` or
+            # `CREATE, UPDATE`.
+            module MethodType
+              # This is only used for distinguishing unset values and should never be
+              # used. Results in an error.
+              METHOD_TYPE_UNSPECIFIED = 0
+
+              # Constraint applied when creating the resource.
+              CREATE = 1
+
+              # Constraint applied when updating the resource.
+              UPDATE = 2
+
+              # Constraint applied when deleting the resource.
+              # Not currently supported.
+              DELETE = 3
+
+              # Constraint applied when removing an IAM grant.
+              REMOVE_GRANT = 4
+
+              # Constraint applied when enforcing forced tagging.
+              GOVERN_TAGS = 5
+            end
+
+            # Allow or deny type.
+            module ActionType
+              # This is only used for distinguishing unset values and should never be
+              # used. Results in an error.
+              ACTION_TYPE_UNSPECIFIED = 0
+
+              # Allowed action type.
+              ALLOW = 1
+
+              # Deny action type.
+              DENY = 2
+            end
+          end
+
+          # A constraint type is enforced or not enforced, which is configured in the
+          # {::Google::Cloud::OrgPolicy::V2::PolicySpec::PolicyRule `PolicyRule`}.
+          #
+          # If `customConstraintDefinition` is defined, this constraint is a managed
+          # constraint.
+          # @!attribute [rw] custom_constraint_definition
+          #   @return [::Google::Cloud::OrgPolicy::V2::Constraint::CustomConstraintDefinition]
+          #     Custom constraint definition. Defines this as a managed constraint.
+          class BooleanConstraint
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Specifies the default behavior in the absence of any policy for the
+          # constraint. This must not be `CONSTRAINT_DEFAULT_UNSPECIFIED`.
+          #
+          # Immutable after creation.
+          module ConstraintDefault
+            # This is only used for distinguishing unset values and should never be
+            # used. Results in an error.
+            CONSTRAINT_DEFAULT_UNSPECIFIED = 0
+
+            # Indicate that all values are allowed for list constraints.
+            # Indicate that enforcement is off for boolean constraints.
+            ALLOW = 1
+
+            # Indicate that all values are denied for list constraints.
+            # Indicate that enforcement is on for boolean constraints.
+            DENY = 2
+          end
+        end
+
+        # A custom constraint defined by customers which can *only* be applied to the
+        # given resource types and organization.
+        #
+        # By creating a custom constraint, customers can apply policies of this
+        # custom constraint. *Creating a custom constraint itself does NOT apply any
+        # policy enforcement*.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Immutable. Name of the constraint. This is unique within the organization.
+        #     Format of the name should be
+        #
+        #     * `organizations/{organization_id}/customConstraints/{custom_constraint_id}`
+        #
+        #     Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms`
+        #
+        #     The max length is 70 characters and the minimum length is 1. Note that the
+        #     prefix `organizations/{organization_id}/customConstraints/` is not counted.
+        # @!attribute [rw] resource_types
+        #   @return [::Array<::String>]
+        #     Immutable. The resource instance type on which this policy applies. Format
+        #     will be of the form : `<service name>/<type>` Example:
+        #
+        #      * `compute.googleapis.com/Instance`.
+        # @!attribute [rw] method_types
+        #   @return [::Array<::Google::Cloud::OrgPolicy::V2::CustomConstraint::MethodType>]
+        #     All the operations being applied for this constraint.
+        # @!attribute [rw] condition
+        #   @return [::String]
+        #     A Common Expression Language (CEL) condition which is used in the
+        #     evaluation of the constraint. For example:
+        #     `resource.instanceName.matches("[production|test]_.*_(\d)+")` or,
+        #     `resource.management.auto_upgrade == true`
+        #
+        #     The max length of the condition is 1000 characters.
+        # @!attribute [rw] action_type
+        #   @return [::Google::Cloud::OrgPolicy::V2::CustomConstraint::ActionType]
+        #     Allow or deny type.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     One line display name for the UI.
+        #     The max length of the display_name is 200 characters.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Detailed information about this custom policy constraint.
+        #     The max length of the description is 2000 characters.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The last time this custom constraint was updated. This
+        #     represents the last time that the `CreateCustomConstraint` or
+        #     `UpdateCustomConstraint` methods were called.
+        class CustomConstraint
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The operation for which this constraint will be applied. To apply this
+          # constraint only when creating new resources, the `method_types` should be
+          # `CREATE` only. To apply this constraint when creating or deleting
+          # resources, the `method_types` should be `CREATE` and `DELETE`.
+          #
+          # `UPDATE` only custom constraints are not supported. Use `CREATE` or
+          # `CREATE, UPDATE`.
+          module MethodType
+            # This is only used for distinguishing unset values and should never be
+            # used. Results in an error.
+            METHOD_TYPE_UNSPECIFIED = 0
+
+            # Constraint applied when creating the resource.
+            CREATE = 1
+
+            # Constraint applied when updating the resource.
+            UPDATE = 2
+
+            # Constraint applied when deleting the resource.
+            # Not currently supported.
+            DELETE = 3
+
+            # Constraint applied when removing an IAM grant.
+            REMOVE_GRANT = 4
+
+            # Constraint applied when enforcing forced tagging.
+            GOVERN_TAGS = 5
+          end
+
+          # Allow or deny type.
+          module ActionType
+            # This is only used for distinguishing unset values and should never be
+            # used. Results in an error.
+            ACTION_TYPE_UNSPECIFIED = 0
+
+            # Allowed action type.
+            ALLOW = 1
+
+            # Deny action type.
+            DENY = 2
+          end
+        end
+      end
+    end
+  end
+end