Package com.google.cloud.orgpolicy.v2 (2.21.0)

A client to Organization Policy API

The interfaces provided are listed below, along with usage samples.

OrgPolicyClient

Service Description: An interface for managing organization policies.

The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.

You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

Sample for OrgPolicyClient:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 try (OrgPolicyClient orgPolicyClient = OrgPolicyClient.create()) {
   PolicyName name = PolicyName.ofProjectPolicyName("[PROJECT]", "[POLICY]");
   Policy response = orgPolicyClient.getPolicy(name);
 }
 

Classes

AlternatePolicySpec

Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.

Protobuf type google.cloud.orgpolicy.v2.AlternatePolicySpec

AlternatePolicySpec.Builder

Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.

Protobuf type google.cloud.orgpolicy.v2.AlternatePolicySpec

Constraint

A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization's policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about policies.

Constraints have a default behavior determined by the constraint_default field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.

Protobuf type google.cloud.orgpolicy.v2.Constraint

Constraint.BooleanConstraint

A Constraint that is either enforced or not.

For example a constraint constraints/compute.disableSerialPortAccess. If it is enforced on a VM instance, serial port connections will not be opened to that instance.

Protobuf type google.cloud.orgpolicy.v2.Constraint.BooleanConstraint

Constraint.BooleanConstraint.Builder

A Constraint that is either enforced or not.

For example a constraint constraints/compute.disableSerialPortAccess. If it is enforced on a VM instance, serial port connections will not be opened to that instance.

Protobuf type google.cloud.orgpolicy.v2.Constraint.BooleanConstraint

Constraint.Builder

A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization's policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about policies.

Constraints have a default behavior determined by the constraint_default field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.

Protobuf type google.cloud.orgpolicy.v2.Constraint

Constraint.ListConstraint

A Constraint that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a Policy.

Protobuf type google.cloud.orgpolicy.v2.Constraint.ListConstraint

Constraint.ListConstraint.Builder

A Constraint that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a Policy.

Protobuf type google.cloud.orgpolicy.v2.Constraint.ListConstraint

ConstraintName

ConstraintName.Builder

Builder for projects/{project}/constraints/{constraint}.

ConstraintName.FolderConstraintBuilder

Builder for folders/{folder}/constraints/{constraint}.

ConstraintName.OrganizationConstraintBuilder

Builder for organizations/{organization}/constraints/{constraint}.

ConstraintProto

CreatePolicyRequest

The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.

Protobuf type google.cloud.orgpolicy.v2.CreatePolicyRequest

CreatePolicyRequest.Builder

The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.

Protobuf type google.cloud.orgpolicy.v2.CreatePolicyRequest

DeletePolicyRequest

The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.

Protobuf type google.cloud.orgpolicy.v2.DeletePolicyRequest

DeletePolicyRequest.Builder

The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.

Protobuf type google.cloud.orgpolicy.v2.DeletePolicyRequest

FolderName

FolderName.Builder

Builder for folders/{folder}.

GetEffectivePolicyRequest

The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.

Protobuf type google.cloud.orgpolicy.v2.GetEffectivePolicyRequest

GetEffectivePolicyRequest.Builder

The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.

Protobuf type google.cloud.orgpolicy.v2.GetEffectivePolicyRequest

GetPolicyRequest

The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.

Protobuf type google.cloud.orgpolicy.v2.GetPolicyRequest

GetPolicyRequest.Builder

The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.

Protobuf type google.cloud.orgpolicy.v2.GetPolicyRequest

ListConstraintsRequest

The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

Protobuf type google.cloud.orgpolicy.v2.ListConstraintsRequest

ListConstraintsRequest.Builder

The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

Protobuf type google.cloud.orgpolicy.v2.ListConstraintsRequest

ListConstraintsResponse

The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

Protobuf type google.cloud.orgpolicy.v2.ListConstraintsResponse

ListConstraintsResponse.Builder

The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

Protobuf type google.cloud.orgpolicy.v2.ListConstraintsResponse

ListPoliciesRequest

The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.

Protobuf type google.cloud.orgpolicy.v2.ListPoliciesRequest

ListPoliciesRequest.Builder

The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.

Protobuf type google.cloud.orgpolicy.v2.ListPoliciesRequest

ListPoliciesResponse

The response returned from the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no Policies are set on the resource.

Protobuf type google.cloud.orgpolicy.v2.ListPoliciesResponse

ListPoliciesResponse.Builder

The response returned from the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no Policies are set on the resource.

Protobuf type google.cloud.orgpolicy.v2.ListPoliciesResponse

OrgPolicyClient

Service Description: An interface for managing organization policies.

The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.

You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 try (OrgPolicyClient orgPolicyClient = OrgPolicyClient.create()) {
   PolicyName name = PolicyName.ofProjectPolicyName("[PROJECT]", "[POLICY]");
   Policy response = orgPolicyClient.getPolicy(name);
 }
 

Note: close() needs to be called on the OrgPolicyClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of OrgPolicySettings to create(). For example:

To customize credentials:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 OrgPolicySettings orgPolicySettings =
     OrgPolicySettings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 OrgPolicyClient orgPolicyClient = OrgPolicyClient.create(orgPolicySettings);
 

To customize the endpoint:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 OrgPolicySettings orgPolicySettings =
     OrgPolicySettings.newBuilder().setEndpoint(myEndpoint).build();
 OrgPolicyClient orgPolicyClient = OrgPolicyClient.create(orgPolicySettings);
 

To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 OrgPolicySettings orgPolicySettings = OrgPolicySettings.newHttpJsonBuilder().build();
 OrgPolicyClient orgPolicyClient = OrgPolicyClient.create(orgPolicySettings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

OrgPolicyClient.ListConstraintsFixedSizeCollection

OrgPolicyClient.ListConstraintsPage

OrgPolicyClient.ListConstraintsPagedResponse

OrgPolicyClient.ListPoliciesFixedSizeCollection

OrgPolicyClient.ListPoliciesPage

OrgPolicyClient.ListPoliciesPagedResponse

OrgPolicyGrpc

An interface for managing organization policies. The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy. You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder. Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy. A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

OrgPolicyGrpc.OrgPolicyBlockingStub

A stub to allow clients to do synchronous rpc calls to service OrgPolicy.

An interface for managing organization policies. The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy. You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder. Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy. A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

OrgPolicyGrpc.OrgPolicyFutureStub

A stub to allow clients to do ListenableFuture-style rpc calls to service OrgPolicy.

An interface for managing organization policies. The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy. You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder. Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy. A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

OrgPolicyGrpc.OrgPolicyImplBase

Base class for the server implementation of the service OrgPolicy.

An interface for managing organization policies. The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy. You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder. Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy. A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

OrgPolicyGrpc.OrgPolicyStub

A stub to allow clients to do asynchronous rpc calls to service OrgPolicy.

An interface for managing organization policies. The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy. You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder. Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy. A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

OrgPolicyProto

OrgPolicySettings

Settings class to configure an instance of OrgPolicyClient.

The default instance has everything set to sensible defaults:

  • The default service address (orgpolicy.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getPolicy to 30 seconds:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 OrgPolicySettings.Builder orgPolicySettingsBuilder = OrgPolicySettings.newBuilder();
 orgPolicySettingsBuilder
     .getPolicySettings()
     .setRetrySettings(
         orgPolicySettingsBuilder
             .getPolicySettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 OrgPolicySettings orgPolicySettings = orgPolicySettingsBuilder.build();
 

OrgPolicySettings.Builder

Builder for OrgPolicySettings.

OrganizationName

OrganizationName.Builder

Builder for organizations/{organization}.

Policy

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

Protobuf type google.cloud.orgpolicy.v2.Policy

Policy.Builder

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

Protobuf type google.cloud.orgpolicy.v2.Policy

PolicyName

PolicyName.Builder

Builder for projects/{project}/policies/{policy}.

PolicyName.FolderPolicyBuilder

Builder for folders/{folder}/policies/{policy}.

PolicyName.OrganizationPolicyBuilder

Builder for organizations/{organization}/policies/{policy}.

PolicySpec

Defines a Cloud Organization PolicySpec which is used to specify Constraints for configurations of Cloud Platform resources.

Protobuf type google.cloud.orgpolicy.v2.PolicySpec

PolicySpec.Builder

Defines a Cloud Organization PolicySpec which is used to specify Constraints for configurations of Cloud Platform resources.

Protobuf type google.cloud.orgpolicy.v2.PolicySpec

PolicySpec.PolicyRule

A rule used to express this policy.

Protobuf type google.cloud.orgpolicy.v2.PolicySpec.PolicyRule

PolicySpec.PolicyRule.Builder

A rule used to express this policy.

Protobuf type google.cloud.orgpolicy.v2.PolicySpec.PolicyRule

PolicySpec.PolicyRule.StringValues

A message that holds specific allowed and denied values. This message can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

  • "projects/<project-id>", e.g. "projects/tokyo-rain-123"
  • "folders/<folder-id>", e.g. "folders/1234"
  • "organizations/<organization-id>", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used.

Protobuf type google.cloud.orgpolicy.v2.PolicySpec.PolicyRule.StringValues

PolicySpec.PolicyRule.StringValues.Builder

A message that holds specific allowed and denied values. This message can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

  • "projects/<project-id>", e.g. "projects/tokyo-rain-123"
  • "folders/<folder-id>", e.g. "folders/1234"
  • "organizations/<organization-id>", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used.

Protobuf type google.cloud.orgpolicy.v2.PolicySpec.PolicyRule.StringValues

ProjectName

ProjectName.Builder

Builder for projects/{project}.

UpdatePolicyRequest

The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.

Protobuf type google.cloud.orgpolicy.v2.UpdatePolicyRequest

UpdatePolicyRequest.Builder

The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.

Protobuf type google.cloud.orgpolicy.v2.UpdatePolicyRequest

Interfaces

AlternatePolicySpecOrBuilder

Constraint.BooleanConstraintOrBuilder

Constraint.ListConstraintOrBuilder

ConstraintOrBuilder

CreatePolicyRequestOrBuilder

DeletePolicyRequestOrBuilder

GetEffectivePolicyRequestOrBuilder

GetPolicyRequestOrBuilder

ListConstraintsRequestOrBuilder

ListConstraintsResponseOrBuilder

ListPoliciesRequestOrBuilder

ListPoliciesResponseOrBuilder

OrgPolicyGrpc.AsyncService

An interface for managing organization policies. The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy. You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder. Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy. A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

PolicyOrBuilder

PolicySpec.PolicyRule.StringValuesOrBuilder

PolicySpec.PolicyRuleOrBuilder

PolicySpecOrBuilder

UpdatePolicyRequestOrBuilder

Enums

Constraint.ConstraintDefault

Specifies the default behavior in the absence of any Policy for the Constraint. This must not be CONSTRAINT_DEFAULT_UNSPECIFIED.

Immutable after creation.

Protobuf enum google.cloud.orgpolicy.v2.Constraint.ConstraintDefault

Constraint.ConstraintTypeCase

PolicySpec.PolicyRule.KindCase