Reference documentation and code samples for the Organization Policy V2 API class Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.
Client for the OrgPolicy service.
An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For
example, you can enforce a policy
that restricts which Google
Cloud Platform APIs can be activated in a certain part of your resource
hierarchy, or prevents serial port access to VM instances in a particular
folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent resource automatically applies to all its child resources
unless overridden with a policy
lower in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be
controlled by an organization's policy administrator. Policies
are a
collection of constraints
that defines their allowable configuration on a
particular resource and its child resources.
Inherits
- Object
Methods
.configure
def self.configure() { |config| ... } -> Client::Configuration
Configure the OrgPolicy Client class.
See Configuration for a description of the configuration fields.
- (config) — Configure the Client client.
- config (Client::Configuration)
# Modify the configuration for all OrgPolicy clients ::Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.configure do |config| config.timeout = 10.0 end
#configure
def configure() { |config| ... } -> Client::Configuration
Configure the OrgPolicy Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on Client.configure.
See Configuration for a description of the configuration fields.
- (config) — Configure the Client client.
- config (Client::Configuration)
#create_policy
def create_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
def create_policy(parent: nil, policy: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
Creates a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the
constraint does not exist.
Returns a google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the
policy already exists on the given Cloud resource.
def create_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
create_policy
via a request object, either of type
CreatePolicyRequest or an equivalent Hash.
- request (::Google::Cloud::OrgPolicy::V2::CreatePolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def create_policy(parent: nil, policy: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
create_policy
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
parent (::String) —
Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms:
projects/{project_number}
projects/{project_id}
folders/{folder_id}
organizations/{organization_id}
-
policy (::Google::Cloud::OrgPolicy::V2::Policy, ::Hash) — Required.
Policy
to create.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::OrgPolicy::V2::Policy)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/org_policy/v2" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::OrgPolicy::V2::CreatePolicyRequest.new # Call the create_policy method. result = client.create_policy request # The returned object is of type Google::Cloud::OrgPolicy::V2::Policy. p result
#delete_policy
def delete_policy(request, options = nil) -> ::Google::Protobuf::Empty
def delete_policy(name: nil) -> ::Google::Protobuf::Empty
Deletes a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the
constraint or Org Policy does not exist.
def delete_policy(request, options = nil) -> ::Google::Protobuf::Empty
delete_policy
via a request object, either of type
DeletePolicyRequest or an equivalent Hash.
- request (::Google::Cloud::OrgPolicy::V2::DeletePolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def delete_policy(name: nil) -> ::Google::Protobuf::Empty
delete_policy
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
name (::String) — Required. Name of the policy to delete.
See
Policy
for naming rules.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Protobuf::Empty)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/org_policy/v2" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::OrgPolicy::V2::DeletePolicyRequest.new # Call the delete_policy method. result = client.delete_policy request # The returned object is of type Google::Protobuf::Empty. p result
#get_effective_policy
def get_effective_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
def get_effective_policy(name: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
Gets the effective Policy
on a resource. This is the result of merging
Policies
in the resource hierarchy and evaluating conditions. The
returned Policy
will not have an etag
or condition
set because it is
a computed Policy
across multiple resources.
Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
not be expanded.
def get_effective_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
get_effective_policy
via a request object, either of type
GetEffectivePolicyRequest or an equivalent Hash.
- request (::Google::Cloud::OrgPolicy::V2::GetEffectivePolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def get_effective_policy(name: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
get_effective_policy
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
name (::String) — Required. The effective policy to compute. See
Policy
for naming rules.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::OrgPolicy::V2::Policy)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/org_policy/v2" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::OrgPolicy::V2::GetEffectivePolicyRequest.new # Call the get_effective_policy method. result = client.get_effective_policy request # The returned object is of type Google::Cloud::OrgPolicy::V2::Policy. p result
#get_policy
def get_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
def get_policy(name: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
Gets a Policy
on a resource.
If no Policy
is set on the resource, NOT_FOUND is returned. The
etag
value can be used with UpdatePolicy()
to update a
Policy
during read-modify-write.
def get_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
get_policy
via a request object, either of type
GetPolicyRequest or an equivalent Hash.
- request (::Google::Cloud::OrgPolicy::V2::GetPolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def get_policy(name: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
get_policy
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
name (::String) — Required. Resource name of the policy. See
Policy
for naming requirements.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::OrgPolicy::V2::Policy)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/org_policy/v2" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::OrgPolicy::V2::GetPolicyRequest.new # Call the get_policy method. result = client.get_policy request # The returned object is of type Google::Cloud::OrgPolicy::V2::Policy. p result
#initialize
def initialize() { |config| ... } -> Client
Create a new OrgPolicy client object.
- (config) — Configure the OrgPolicy client.
- config (Client::Configuration)
- (Client) — a new instance of Client
# Create a client using the default configuration client = ::Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new # Create a client using a custom configuration client = ::Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new do |config| config.timeout = 10.0 end
#list_constraints
def list_constraints(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>
def list_constraints(parent: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>
Lists Constraints
that could be applied on the specified resource.
def list_constraints(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>
list_constraints
via a request object, either of type
ListConstraintsRequest or an equivalent Hash.
- request (::Google::Cloud::OrgPolicy::V2::ListConstraintsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def list_constraints(parent: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>
list_constraints
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
parent (::String) —
Required. The Cloud resource that parents the constraint. Must be in one of the following forms:
projects/{project_number}
projects/{project_id}
folders/{folder_id}
organizations/{organization_id}
- page_size (::Integer) — Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
- page_token (::String) — Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/org_policy/v2" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::OrgPolicy::V2::ListConstraintsRequest.new # Call the list_constraints method. result = client.list_constraints request # The returned object is of type Gapic::PagedEnumerable. You can # iterate over all elements by calling #each, and the enumerable # will lazily make API calls to fetch subsequent pages. Other # methods are also available for managing paging directly. result.each do |response| # Each element is of type ::Google::Cloud::OrgPolicy::V2::Constraint. p response end
#list_policies
def list_policies(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>
def list_policies(parent: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>
Retrieves all of the Policies
that exist on a particular resource.
def list_policies(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>
list_policies
via a request object, either of type
ListPoliciesRequest or an equivalent Hash.
- request (::Google::Cloud::OrgPolicy::V2::ListPoliciesRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def list_policies(parent: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>
list_policies
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
parent (::String) —
Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:
projects/{project_number}
projects/{project_id}
folders/{folder_id}
organizations/{organization_id}
- page_size (::Integer) — Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
- page_token (::String) — Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.
- (response, operation) — Access the result along with the RPC operation
- response (::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>)
- operation (::GRPC::ActiveCall::Operation)
- (::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/org_policy/v2" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::OrgPolicy::V2::ListPoliciesRequest.new # Call the list_policies method. result = client.list_policies request # The returned object is of type Gapic::PagedEnumerable. You can # iterate over all elements by calling #each, and the enumerable # will lazily make API calls to fetch subsequent pages. Other # methods are also available for managing paging directly. result.each do |response| # Each element is of type ::Google::Cloud::OrgPolicy::V2::Policy. p response end
#update_policy
def update_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
def update_policy(policy: nil, update_mask: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
Updates a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the
constraint or the policy do not exist.
Returns a google.rpc.Status
with google.rpc.Code.ABORTED
if the etag
supplied in the request does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
def update_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
update_policy
via a request object, either of type
UpdatePolicyRequest or an equivalent Hash.
- request (::Google::Cloud::OrgPolicy::V2::UpdatePolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def update_policy(policy: nil, update_mask: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
update_policy
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
policy (::Google::Cloud::OrgPolicy::V2::Policy, ::Hash) — Required.
Policy
to update. - update_mask (::Google::Protobuf::FieldMask, ::Hash) — Field mask used to specify the fields to be overwritten in the policy by the set. The fields specified in the update_mask are relative to the policy, not the full request.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::OrgPolicy::V2::Policy)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/org_policy/v2" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::OrgPolicy::V2::UpdatePolicyRequest.new # Call the update_policy method. result = client.update_policy request # The returned object is of type Google::Cloud::OrgPolicy::V2::Policy. p result