OrgPolicyClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.orgpolicy_v2.services.org_policy.transports.base.OrgPolicyTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.
You can use a policy
to configure restrictions in Cloud
resources. For example, you can enforce a policy
that restricts
which Google Cloud Platform APIs can be activated in a certain part
of your resource hierarchy, or prevents serial port access to VM
instances in a particular folder.
Policies
are inherited down through the resource hierarchy. A
policy
applied to a parent resource automatically applies to all
its child resources unless overridden with a policy
lower in the
hierarchy.
A constraint
defines an aspect of a resource's configuration
that can be controlled by an organization's policy administrator.
Policies
are a collection of constraints
that defines their
allowable configuration on a particular resource and its child
resources.
Properties
transport
Returns the transport used by the client instance.
Returns | |
---|---|
Type | Description |
OrgPolicyTransport | The transport used by the client instance. |
Methods
OrgPolicyClient
OrgPolicyClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.orgpolicy_v2.services.org_policy.transports.base.OrgPolicyTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiates the org policy client.
Parameters | |
---|---|
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str, OrgPolicyTransport]
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. It won't take effect if a |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. |
__exit__
__exit__(type, value, traceback)
Releases underlying transport's resources.
common_billing_account_path
common_billing_account_path(billing_account: str)
Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str)
Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str)
Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str)
Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str)
Returns a fully-qualified project string.
constraint_path
constraint_path(project: str, constraint: str)
Returns a fully-qualified constraint string.
create_policy
create_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.CreatePolicyRequest, dict]] = None, *, parent: Optional[str] = None, policy: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.Policy] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a Policy.
Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint does not exist.
Returns a google.rpc.Status
with
google.rpc.Code.ALREADY_EXISTS
if the policy already exists
on the given Cloud resource.
from google.cloud import orgpolicy_v2
def sample_create_policy():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
# Initialize request argument(s)
request = orgpolicy_v2.CreatePolicyRequest(
parent="parent_value",
)
# Make the request
response = client.create_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.orgpolicy_v2.types.CreatePolicyRequest, dict]
The request object. The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method. |
parent |
str
Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms: - |
policy |
google.cloud.orgpolicy_v2.types.Policy
Required. |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.orgpolicy_v2.types.Policy | Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources. |
delete_policy
delete_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.DeletePolicyRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Deletes a Policy.
Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint or Org Policy
does not exist.
from google.cloud import orgpolicy_v2
def sample_delete_policy():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
# Initialize request argument(s)
request = orgpolicy_v2.DeletePolicyRequest(
name="name_value",
)
# Make the request
client.delete_policy(request=request)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.orgpolicy_v2.types.DeletePolicyRequest, dict]
The request object. The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method. |
name |
str
Required. Name of the policy to delete. See |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
OrgPolicyClient | The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)
Creates an instance of this client using the provided credentials info.
Parameter | |
---|---|
Name | Description |
info |
dict
The service account private key info. |
Returns | |
---|---|
Type | Description |
OrgPolicyClient | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
OrgPolicyClient | The constructed client. |
get_effective_policy
get_effective_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.GetEffectivePolicyRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets the effective Policy
on a resource. This is the result
of merging Policies
in the resource hierarchy and evaluating
conditions. The returned Policy
will not have an etag
or
condition
set because it is a computed Policy
across
multiple resources. Subtrees of Resource Manager resource
hierarchy with 'under:' prefix will not be expanded.
from google.cloud import orgpolicy_v2
def sample_get_effective_policy():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
# Initialize request argument(s)
request = orgpolicy_v2.GetEffectivePolicyRequest(
name="name_value",
)
# Make the request
response = client.get_effective_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.orgpolicy_v2.types.GetEffectivePolicyRequest, dict]
The request object. The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method. |
name |
str
Required. The effective policy to compute. See |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.orgpolicy_v2.types.Policy | Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources. |
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)
Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source
is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint
if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is "always", use the
default mTLS endpoint; if the environment variabel is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
Parameter | |
---|---|
Name | Description |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. Only the |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If any errors happen. |
Returns | |
---|---|
Type | Description |
Tuple[str, Callable[[], Tuple[bytes, bytes]]] | returns the API endpoint and the client cert source to use. |
get_policy
get_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.GetPolicyRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets a Policy
on a resource.
If no Policy
is set on the resource, NOT_FOUND is returned.
The etag
value can be used with UpdatePolicy()
to update
a Policy
during read-modify-write.
from google.cloud import orgpolicy_v2
def sample_get_policy():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
# Initialize request argument(s)
request = orgpolicy_v2.GetPolicyRequest(
name="name_value",
)
# Make the request
response = client.get_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.orgpolicy_v2.types.GetPolicyRequest, dict]
The request object. The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method. |
name |
str
Required. Resource name of the policy. See |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.orgpolicy_v2.types.Policy | Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources. |
list_constraints
list_constraints(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists Constraints
that could be applied on the specified
resource.
from google.cloud import orgpolicy_v2
def sample_list_constraints():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
# Initialize request argument(s)
request = orgpolicy_v2.ListConstraintsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_constraints(request=request)
# Handle the response
for response in page_result:
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.orgpolicy_v2.types.ListConstraintsRequest, dict]
The request object. The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method. |
parent |
str
Required. The Cloud resource that parents the constraint. Must be in one of the following forms: - |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.orgpolicy_v2.services.org_policy.pagers.ListConstraintsPager | The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method. Iterating over this object will yield results and resolve additional pages automatically. |
list_policies
list_policies(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Retrieves all of the Policies
that exist on a particular
resource.
from google.cloud import orgpolicy_v2
def sample_list_policies():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
# Initialize request argument(s)
request = orgpolicy_v2.ListPoliciesRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_policies(request=request)
# Handle the response
for response in page_result:
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.orgpolicy_v2.types.ListPoliciesRequest, dict]
The request object. The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. |
parent |
str
Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: - |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.orgpolicy_v2.services.org_policy.pagers.ListPoliciesPager | The response returned from the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no Policies are set on the resource. Iterating over this object will yield results and resolve additional pages automatically. |
parse_common_billing_account_path
parse_common_billing_account_path(path: str)
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str)
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str)
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str)
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str)
Parse a project path into its component segments.
parse_constraint_path
parse_constraint_path(path: str)
Parses a constraint path into its component segments.
parse_policy_path
parse_policy_path(path: str)
Parses a policy path into its component segments.
policy_path
policy_path(project: str, policy: str)
Returns a fully-qualified policy string.
update_policy
update_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.UpdatePolicyRequest, dict]] = None, *, policy: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.Policy] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates a Policy.
Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint or the policy do
not exist. Returns a google.rpc.Status
with
google.rpc.Code.ABORTED
if the etag supplied in the request
does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
from google.cloud import orgpolicy_v2
def sample_update_policy():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
# Initialize request argument(s)
request = orgpolicy_v2.UpdatePolicyRequest(
)
# Make the request
response = client.update_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.orgpolicy_v2.types.UpdatePolicyRequest, dict]
The request object. The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method. |
policy |
google.cloud.orgpolicy_v2.types.Policy
Required. |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.orgpolicy_v2.types.Policy | Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources. |