ConstraintTarget (schema)

Resource attribute on which constraint should be applied.

Resource attribute on which constraint should be applied.
Example - sourceGroups attribute of Edge CommunicationEntry to be
restricted, is given as:
{
"target_resource_type":"CommunicationEntry",
"attribute":"sourceGroups",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}

Name Description Type Notes

attribute Attribute name of the target entity. string

path_prefix Path prefix of the entity to apply constraint.

Path prefix of the entity to apply constraint.
It should be a valid string prefix for policy path.
This is required to further disambiguiate if multiple policy entities
share the same resource type.
Example - Edge FW and DFW use the same resource type CommunicationMap,
CommunicationEntry, Group, etc.
For multi-tenancy path-prefixes (i.e. path starting with /orgs) following values are supported:
1. When constraint is created under '/infra/constraints/' OR under
'/orgs//projects//infra/constraints/' then '/orgs//projects//'
value is supported.
2. When constraint is created under custom project i.e. '/orgs//projects//infra/constraints/'
then '/orgs//projects//vpcs//' value is supported.
string

target_resource_type Resource type of the target entity. This is required in case the constraint expressions do not specify target resource type.

Target resource type accepts input as DTO Type and or FQDN.
It also supports dot format like SecurityPolicy.Rule in a scenario where same DTO
type shared across across policy sub tree. For example DTO type Rule shared by both security policy
and gateway policy rules. So to specify any constraint for Security policy rule, user can define the target
resource type as SecurityPolicy.Rule.
string

Name	Description	Type
attribute	Attribute name of the target entity.	string
path_prefix	Path prefix of the entity to apply constraint. Path prefix of the entity to apply constraint. It should be a valid string prefix for policy path. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. For multi-tenancy path-prefixes (i.e. path starting with /orgs) following values are supported: 1. When constraint is created under '/infra/constraints/' OR under '/orgs//projects//infra/constraints/' then '/orgs//projects//' value is supported. 2. When constraint is created under custom project i.e. '/orgs//projects//infra/constraints/' then '/orgs//projects//vpcs//' value is supported.	string
target_resource_type	Resource type of the target entity. This is required in case the constraint expressions do not specify target resource type. Target resource type accepts input as DTO Type and or FQDN. It also supports dot format like SecurityPolicy.Rule in a scenario where same DTO type shared across across policy sub tree. For example DTO type Rule shared by both security policy and gateway policy rules. So to specify any constraint for Security policy rule, user can define the target resource type as SecurityPolicy.Rule.	string