Package Classes (1.11.1)

An interface for managing organization policies.

The Organization Policy Service provides a simple mechanism for organizations to restrict the allowed configurations across their entire resource hierarchy.

You can use a policy to configure restrictions on resources. For example, you can enforce a policy that restricts which Google Cloud APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

An interface for managing organization policies.

The Organization Policy Service provides a simple mechanism for organizations to restrict the allowed configurations across their entire resource hierarchy.

You can use a policy to configure restrictions on resources. For example, you can enforce a policy that restricts which Google Cloud APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

A pager for iterating through list_constraints requests.

This class thinly wraps an initial ListConstraintsResponse object, and provides an __aiter__ method to iterate through its constraints field.

If there are more pages, the __aiter__ method will make additional ListConstraints requests and continue to iterate through the constraints field on the corresponding responses.

All the usual ListConstraintsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_constraints requests.

This class thinly wraps an initial ListConstraintsResponse object, and provides an __iter__ method to iterate through its constraints field.

If there are more pages, the __iter__ method will make additional ListConstraints requests and continue to iterate through the constraints field on the corresponding responses.

All the usual ListConstraintsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_custom_constraints requests.

This class thinly wraps an initial ListCustomConstraintsResponse object, and provides an __aiter__ method to iterate through its custom_constraints field.

If there are more pages, the __aiter__ method will make additional ListCustomConstraints requests and continue to iterate through the custom_constraints field on the corresponding responses.

All the usual ListCustomConstraintsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_custom_constraints requests.

This class thinly wraps an initial ListCustomConstraintsResponse object, and provides an __iter__ method to iterate through its custom_constraints field.

If there are more pages, the __iter__ method will make additional ListCustomConstraints requests and continue to iterate through the custom_constraints field on the corresponding responses.

All the usual ListCustomConstraintsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_policies requests.

This class thinly wraps an initial ListPoliciesResponse object, and provides an __aiter__ method to iterate through its policies field.

If there are more pages, the __aiter__ method will make additional ListPolicies requests and continue to iterate through the policies field on the corresponding responses.

All the usual ListPoliciesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_policies requests.

This class thinly wraps an initial ListPoliciesResponse object, and provides an __iter__ method to iterate through its policies field.

If there are more pages, the __iter__ method will make additional ListPolicies requests and continue to iterate through the policies field on the corresponding responses.

All the usual ListPoliciesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.

A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Google Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about [policies][google.cloud.OrgPolicy.v2.Policy].

Constraints have a default behavior determined by the constraint_default field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

A constraint that is either enforced or not.

For example, a constraint constraints/compute.disableSerialPortAccess. If it is enforced on a VM instance, serial port connections will not be opened to that instance.

Specifies the default behavior in the absence of any policy for the constraint. This must not be CONSTRAINT_DEFAULT_UNSPECIFIED.

Immutable after creation.

A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy.

The request sent to the [CreateCustomConstraintRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreateCustomConstraint] method.

The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.

A custom constraint defined by customers which can only be applied to the given resource types and organization.

By creating a custom constraint, customers can apply policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement.

Allow or deny type.

The operation for which this constraint will be applied. To apply this constraint only when creating new VMs, the method_types should be CREATE only. To apply this constraint when creating or deleting VMs, the method_types should be CREATE and DELETE.

UPDATE only custom constraints are not supported. Use CREATE or CREATE, UPDATE.

The request sent to the [DeleteCustomConstraint] [google.cloud.orgpolicy.v2.OrgPolicy.DeleteCustomConstraint] method.

The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.

The request sent to the [GetCustomConstraint] [google.cloud.orgpolicy.v2.OrgPolicy.GetCustomConstraint] method.

The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.

The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.

The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

The request sent to the [ListCustomConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListCustomConstraints] method.

The response returned from the [ListCustomConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListCustomConstraints] method. It will be empty if no custom constraints are set on the organization resource.

The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.

The response returned from the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no policies are set on the resource.

Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.

Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.

A rule used to express this policy.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

• projects/<project-id> (for example, projects/tokyo-rain-123)
• folders/<folder-id> (for example, folders/1234)
• organizations/<organization-id> (for example, organizations/1234)

The supports_under field of the associated Constraint defines whether ancestry prefixes can be used.

The request sent to the [UpdateCustomConstraintRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdateCustomConstraint] method.

The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.

API documentation for orgpolicy_v2.services.org_policy.pagers module.