Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Organization Policy V2 API - Class Google::Cloud::OrgPolicy::V2::OrgPolicy::Client (v0.7.0)

Reference documentation and code samples for the Organization Policy V2 API class Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.

Client for the OrgPolicy service.

An interface for managing organization policies.

The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.

You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

Inherits

Object

Includes

Google::Cloud::OrgPolicy::V2::OrgPolicy::Paths

Methods

.configure

def self.configure() { |config| ... } -> Client::Configuration

Configure the OrgPolicy Client class.

See Configuration for a description of the configuration fields.

Yields

(config) — Configure the Client client.

Yield Parameter

config (Client::Configuration)

Returns

(Client::Configuration)

Example

# Modify the configuration for all OrgPolicy clients
::Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.configure do |config|
  config.timeout = 10.0
end

#configure

def configure() { |config| ... } -> Client::Configuration

Configure the OrgPolicy Client instance.

The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on Client.configure.

See Configuration for a description of the configuration fields.

Yields

(config) — Configure the Client client.

Yield Parameter

config (Client::Configuration)

Returns

(Client::Configuration)

#create_policy

def create_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
def create_policy(parent: nil, policy: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Creates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Cloud resource.

Overloads

def create_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Pass arguments to create_policy via a request object, either of type CreatePolicyRequest or an equivalent Hash.

Parameters

request (::Google::Cloud::OrgPolicy::V2::CreatePolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

def create_policy(parent: nil, policy: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Pass arguments to create_policy via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

Parameters

parent (::String) —
Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms:
- projects/{project_number}
- projects/{project_id}
- folders/{folder_id}
- organizations/{organization_id}
policy (::Google::Cloud::OrgPolicy::V2::Policy, ::Hash) — Required. Policy to create.

Yields

(response, operation) — Access the result along with the RPC operation

Yield Parameters

response (::Google::Cloud::OrgPolicy::V2::Policy)
operation (::GRPC::ActiveCall::Operation)

Returns

(::Google::Cloud::OrgPolicy::V2::Policy)

Raises

(::Google::Cloud::Error) — if the RPC is aborted.

Example

Basic example

require "google/cloud/org_policy/v2"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::OrgPolicy::V2::CreatePolicyRequest.new

# Call the create_policy method.
result = client.create_policy request

# The returned object is of type Google::Cloud::OrgPolicy::V2::Policy.
p result

#delete_policy

def delete_policy(request, options = nil) -> ::Google::Protobuf::Empty
def delete_policy(name: nil) -> ::Google::Protobuf::Empty

Deletes a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or Org Policy does not exist.

Overloads

def delete_policy(request, options = nil) -> ::Google::Protobuf::Empty

Pass arguments to delete_policy via a request object, either of type DeletePolicyRequest or an equivalent Hash.

Parameters

request (::Google::Cloud::OrgPolicy::V2::DeletePolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

def delete_policy(name: nil) -> ::Google::Protobuf::Empty

Pass arguments to delete_policy via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

Parameter

name (::String) — Required. Name of the policy to delete. See Policy for naming rules.

Yields

(response, operation) — Access the result along with the RPC operation

Yield Parameters

response (::Google::Protobuf::Empty)
operation (::GRPC::ActiveCall::Operation)

Returns

(::Google::Protobuf::Empty)

Raises

(::Google::Cloud::Error) — if the RPC is aborted.

Example

Basic example

require "google/cloud/org_policy/v2"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::OrgPolicy::V2::DeletePolicyRequest.new

# Call the delete_policy method.
result = client.delete_policy request

# The returned object is of type Google::Protobuf::Empty.
p result

#get_effective_policy

def get_effective_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
def get_effective_policy(name: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Gets the effective Policy on a resource. This is the result of merging Policies in the resource hierarchy and evaluating conditions. The returned Policy will not have an etag or condition set because it is a computed Policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.

Overloads

def get_effective_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Pass arguments to get_effective_policy via a request object, either of type GetEffectivePolicyRequest or an equivalent Hash.

Parameters

request (::Google::Cloud::OrgPolicy::V2::GetEffectivePolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

def get_effective_policy(name: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Pass arguments to get_effective_policy via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

Parameter

name (::String) — Required. The effective policy to compute. See Policy for naming rules.

Yields

(response, operation) — Access the result along with the RPC operation

Yield Parameters

response (::Google::Cloud::OrgPolicy::V2::Policy)
operation (::GRPC::ActiveCall::Operation)

Returns

(::Google::Cloud::OrgPolicy::V2::Policy)

Raises

(::Google::Cloud::Error) — if the RPC is aborted.

Example

Basic example

require "google/cloud/org_policy/v2"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::OrgPolicy::V2::GetEffectivePolicyRequest.new

# Call the get_effective_policy method.
result = client.get_effective_policy request

# The returned object is of type Google::Cloud::OrgPolicy::V2::Policy.
p result

#get_policy

def get_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
def get_policy(name: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Gets a Policy on a resource.

If no Policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a Policy during read-modify-write.

Overloads

def get_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Pass arguments to get_policy via a request object, either of type GetPolicyRequest or an equivalent Hash.

Parameters

request (::Google::Cloud::OrgPolicy::V2::GetPolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

def get_policy(name: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Pass arguments to get_policy via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

Parameter

name (::String) — Required. Resource name of the policy. See Policy for naming requirements.

Yields

(response, operation) — Access the result along with the RPC operation

Yield Parameters

response (::Google::Cloud::OrgPolicy::V2::Policy)
operation (::GRPC::ActiveCall::Operation)

Returns

(::Google::Cloud::OrgPolicy::V2::Policy)

Raises

(::Google::Cloud::Error) — if the RPC is aborted.

Example

Basic example

require "google/cloud/org_policy/v2"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::OrgPolicy::V2::GetPolicyRequest.new

# Call the get_policy method.
result = client.get_policy request

# The returned object is of type Google::Cloud::OrgPolicy::V2::Policy.
p result

#initialize

def initialize() { |config| ... } -> Client

Create a new OrgPolicy client object.

Yields

(config) — Configure the OrgPolicy client.

Yield Parameter

config (Client::Configuration)

Returns

(Client) — a new instance of Client

Example

# Create a client using the default configuration
client = ::Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new

# Create a client using a custom configuration
client = ::Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new do |config|
  config.timeout = 10.0
end

#list_constraints

def list_constraints(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>
def list_constraints(parent: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>

Lists Constraints that could be applied on the specified resource.

Overloads

def list_constraints(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>

Pass arguments to list_constraints via a request object, either of type ListConstraintsRequest or an equivalent Hash.

Parameters

request (::Google::Cloud::OrgPolicy::V2::ListConstraintsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

def list_constraints(parent: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>

Pass arguments to list_constraints via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

Parameters

parent (::String) —
Required. The Cloud resource that parents the constraint. Must be in one of the following forms:
- projects/{project_number}
- projects/{project_id}
- folders/{folder_id}
- organizations/{organization_id}
page_size (::Integer) — Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
page_token (::String) — Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.

Yields

(response, operation) — Access the result along with the RPC operation

Yield Parameters

response (::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>)
operation (::GRPC::ActiveCall::Operation)

Returns

(::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Constraint>)

Raises

(::Google::Cloud::Error) — if the RPC is aborted.

Example

Basic example

require "google/cloud/org_policy/v2"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::OrgPolicy::V2::ListConstraintsRequest.new

# Call the list_constraints method.
result = client.list_constraints request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::OrgPolicy::V2::Constraint.
  p item
end

#list_policies

def list_policies(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>
def list_policies(parent: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>

Retrieves all of the Policies that exist on a particular resource.

Overloads

def list_policies(request, options = nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>

Pass arguments to list_policies via a request object, either of type ListPoliciesRequest or an equivalent Hash.

Parameters

request (::Google::Cloud::OrgPolicy::V2::ListPoliciesRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

def list_policies(parent: nil, page_size: nil, page_token: nil) -> ::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>

Pass arguments to list_policies via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

Parameters

parent (::String) —
Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:
- projects/{project_number}
- projects/{project_id}
- folders/{folder_id}
- organizations/{organization_id}
page_size (::Integer) — Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
page_token (::String) — Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.

Yields

(response, operation) — Access the result along with the RPC operation

Yield Parameters

response (::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>)
operation (::GRPC::ActiveCall::Operation)

Returns

(::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::Policy>)

Raises

(::Google::Cloud::Error) — if the RPC is aborted.

Example

Basic example

require "google/cloud/org_policy/v2"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::OrgPolicy::V2::ListPoliciesRequest.new

# Call the list_policies method.
result = client.list_policies request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::OrgPolicy::V2::Policy.
  p item
end

#update_policy

def update_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy
def update_policy(policy: nil, update_mask: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Updates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy

Note: the supplied policy will perform a full overwrite of all fields.

Overloads

def update_policy(request, options = nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Pass arguments to update_policy via a request object, either of type UpdatePolicyRequest or an equivalent Hash.

Parameters

request (::Google::Cloud::OrgPolicy::V2::UpdatePolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

def update_policy(policy: nil, update_mask: nil) -> ::Google::Cloud::OrgPolicy::V2::Policy

Pass arguments to update_policy via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

Parameters

policy (::Google::Cloud::OrgPolicy::V2::Policy, ::Hash) — Required. Policy to update.
update_mask (::Google::Protobuf::FieldMask, ::Hash) — Field mask used to specify the fields to be overwritten in the policy by the set. The fields specified in the update_mask are relative to the policy, not the full request.

Yields

(response, operation) — Access the result along with the RPC operation

Yield Parameters

response (::Google::Cloud::OrgPolicy::V2::Policy)
operation (::GRPC::ActiveCall::Operation)

Returns

(::Google::Cloud::OrgPolicy::V2::Policy)

Raises

(::Google::Cloud::Error) — if the RPC is aborted.

Example

Basic example

require "google/cloud/org_policy/v2"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::OrgPolicy::V2::UpdatePolicyRequest.new

# Call the update_policy method.
result = client.update_policy request

# The returned object is of type Google::Cloud::OrgPolicy::V2::Policy.
p result