As of January 1, 2020 this library no longer supports Python 2 on the latest released version. Library versions released prior to that date will continue to be available. For more information please visit Python 2 support on Google Cloud.

Source code for google.cloud.orgpolicy_v2.services.org_policy.client

# -*- coding: utf-8 -*-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
from collections import OrderedDict
from distutils import util
import os
import re
from typing import Dict, Optional, Sequence, Tuple, Type, Union
import pkg_resources

from google.api_core import client_options as client_options_lib  # type: ignore
from google.api_core import exceptions as core_exceptions  # type: ignore
from google.api_core import gapic_v1  # type: ignore
from google.api_core import retry as retries  # type: ignore
from google.auth import credentials as ga_credentials  # type: ignore
from google.auth.transport import mtls  # type: ignore
from google.auth.transport.grpc import SslCredentials  # type: ignore
from google.auth.exceptions import MutualTLSChannelError  # type: ignore
from google.oauth2 import service_account  # type: ignore

from google.cloud.orgpolicy_v2.services.org_policy import pagers
from google.cloud.orgpolicy_v2.types import constraint
from google.cloud.orgpolicy_v2.types import orgpolicy
from .transports.base import OrgPolicyTransport, DEFAULT_CLIENT_INFO
from .transports.grpc import OrgPolicyGrpcTransport
from .transports.grpc_asyncio import OrgPolicyGrpcAsyncIOTransport


class OrgPolicyClientMeta(type):
    """Metaclass for the OrgPolicy client.

    This provides class-level methods for building and retrieving
    support objects (e.g. transport) without polluting the client instance
    objects.
    """

    _transport_registry = OrderedDict()  # type: Dict[str, Type[OrgPolicyTransport]]
    _transport_registry["grpc"] = OrgPolicyGrpcTransport
    _transport_registry["grpc_asyncio"] = OrgPolicyGrpcAsyncIOTransport

    def get_transport_class(cls, label: str = None,) -> Type[OrgPolicyTransport]:
        """Returns an appropriate transport class.

        Args:
            label: The name of the desired transport. If none is
                provided, then the first transport in the registry is used.

        Returns:
            The transport class to use.
        """
        # If a specific transport is requested, return that one.
        if label:
            return cls._transport_registry[label]

        # No transport is requested; return the default (that is, the first one
        # in the dictionary).
        return next(iter(cls._transport_registry.values()))


[docs]class OrgPolicyClient(metaclass=OrgPolicyClientMeta): """An interface for managing organization policies. The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy. You can use a ``policy`` to configure restrictions in Cloud resources. For example, you can enforce a ``policy`` that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder. ``Policies`` are inherited down through the resource hierarchy. A ``policy`` applied to a parent resource automatically applies to all its child resources unless overridden with a ``policy`` lower in the hierarchy. A ``constraint`` defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. ``Policies`` are a collection of ``constraints`` that defines their allowable configuration on a particular resource and its child resources. """ @staticmethod def _get_default_mtls_endpoint(api_endpoint): """Converts api endpoint to mTLS endpoint. Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. Args: api_endpoint (Optional[str]): the api endpoint to convert. Returns: str: converted mTLS api endpoint. """ if not api_endpoint: return api_endpoint mtls_endpoint_re = re.compile( r"(?P<name>[^.]+)(?P<mtls>\.mtls)?(?P<sandbox>\.sandbox)?(?P<googledomain>\.googleapis\.com)?" ) m = mtls_endpoint_re.match(api_endpoint) name, mtls, sandbox, googledomain = m.groups() if mtls or not googledomain: return api_endpoint if sandbox: return api_endpoint.replace( "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" ) return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") DEFAULT_ENDPOINT = "orgpolicy.googleapis.com" DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore DEFAULT_ENDPOINT )
[docs] @classmethod def from_service_account_info(cls, info: dict, *args, **kwargs): """Creates an instance of this client using the provided credentials info. Args: info (dict): The service account private key info. args: Additional arguments to pass to the constructor. kwargs: Additional arguments to pass to the constructor. Returns: OrgPolicyClient: The constructed client. """ credentials = service_account.Credentials.from_service_account_info(info) kwargs["credentials"] = credentials return cls(*args, **kwargs)
[docs] @classmethod def from_service_account_file(cls, filename: str, *args, **kwargs): """Creates an instance of this client using the provided credentials file. Args: filename (str): The path to the service account private key json file. args: Additional arguments to pass to the constructor. kwargs: Additional arguments to pass to the constructor. Returns: OrgPolicyClient: The constructed client. """ credentials = service_account.Credentials.from_service_account_file(filename) kwargs["credentials"] = credentials return cls(*args, **kwargs)
from_service_account_json = from_service_account_file @property def transport(self) -> OrgPolicyTransport: """Returns the transport used by the client instance. Returns: OrgPolicyTransport: The transport used by the client instance. """ return self._transport
[docs] @staticmethod def constraint_path(project: str, constraint: str,) -> str: """Returns a fully-qualified constraint string.""" return "projects/{project}/constraints/{constraint}".format( project=project, constraint=constraint, )
[docs] @staticmethod def parse_constraint_path(path: str) -> Dict[str, str]: """Parses a constraint path into its component segments.""" m = re.match( r"^projects/(?P<project>.+?)/constraints/(?P<constraint>.+?)$", path ) return m.groupdict() if m else {}
[docs] @staticmethod def policy_path(project: str, policy: str,) -> str: """Returns a fully-qualified policy string.""" return "projects/{project}/policies/{policy}".format( project=project, policy=policy, )
[docs] @staticmethod def parse_policy_path(path: str) -> Dict[str, str]: """Parses a policy path into its component segments.""" m = re.match(r"^projects/(?P<project>.+?)/policies/(?P<policy>.+?)$", path) return m.groupdict() if m else {}
[docs] @staticmethod def common_billing_account_path(billing_account: str,) -> str: """Returns a fully-qualified billing_account string.""" return "billingAccounts/{billing_account}".format( billing_account=billing_account, )
[docs] @staticmethod def parse_common_billing_account_path(path: str) -> Dict[str, str]: """Parse a billing_account path into its component segments.""" m = re.match(r"^billingAccounts/(?P<billing_account>.+?)$", path) return m.groupdict() if m else {}
[docs] @staticmethod def common_folder_path(folder: str,) -> str: """Returns a fully-qualified folder string.""" return "folders/{folder}".format(folder=folder,)
[docs] @staticmethod def parse_common_folder_path(path: str) -> Dict[str, str]: """Parse a folder path into its component segments.""" m = re.match(r"^folders/(?P<folder>.+?)$", path) return m.groupdict() if m else {}
[docs] @staticmethod def common_organization_path(organization: str,) -> str: """Returns a fully-qualified organization string.""" return "organizations/{organization}".format(organization=organization,)
[docs] @staticmethod def parse_common_organization_path(path: str) -> Dict[str, str]: """Parse a organization path into its component segments.""" m = re.match(r"^organizations/(?P<organization>.+?)$", path) return m.groupdict() if m else {}
[docs] @staticmethod def common_project_path(project: str,) -> str: """Returns a fully-qualified project string.""" return "projects/{project}".format(project=project,)
[docs] @staticmethod def parse_common_project_path(path: str) -> Dict[str, str]: """Parse a project path into its component segments.""" m = re.match(r"^projects/(?P<project>.+?)$", path) return m.groupdict() if m else {}
[docs] @staticmethod def common_location_path(project: str, location: str,) -> str: """Returns a fully-qualified location string.""" return "projects/{project}/locations/{location}".format( project=project, location=location, )
[docs] @staticmethod def parse_common_location_path(path: str) -> Dict[str, str]: """Parse a location path into its component segments.""" m = re.match(r"^projects/(?P<project>.+?)/locations/(?P<location>.+?)$", path) return m.groupdict() if m else {}
def __init__( self, *, credentials: Optional[ga_credentials.Credentials] = None, transport: Union[str, OrgPolicyTransport, None] = None, client_options: Optional[client_options_lib.ClientOptions] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: """Instantiates the org policy client. Args: credentials (Optional[google.auth.credentials.Credentials]): The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. transport (Union[str, OrgPolicyTransport]): The transport to use. If set to None, a transport is chosen automatically. client_options (google.api_core.client_options.ClientOptions): Custom options for the client. It won't take effect if a ``transport`` instance is provided. (1) The ``api_endpoint`` property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT environment variable can also be used to override the endpoint: "always" (always use the default mTLS endpoint), "never" (always use the default regular endpoint) and "auto" (auto switch to the default mTLS endpoint if client certificate is present, this is the default value). However, the ``api_endpoint`` property takes precedence if provided. (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "true", then the ``client_cert_source`` property can be used to provide client certificate for mutual TLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not set, no client certificate will be used. client_info (google.api_core.gapic_v1.client_info.ClientInfo): The client info used to send a user-agent string along with API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport creation failed for any reason. """ if isinstance(client_options, dict): client_options = client_options_lib.from_dict(client_options) if client_options is None: client_options = client_options_lib.ClientOptions() # Create SSL credentials for mutual TLS if needed. use_client_cert = bool( util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")) ) client_cert_source_func = None is_mtls = False if use_client_cert: if client_options.client_cert_source: is_mtls = True client_cert_source_func = client_options.client_cert_source else: is_mtls = mtls.has_default_client_cert_source() if is_mtls: client_cert_source_func = mtls.default_client_cert_source() else: client_cert_source_func = None # Figure out which api endpoint to use. if client_options.api_endpoint is not None: api_endpoint = client_options.api_endpoint else: use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") if use_mtls_env == "never": api_endpoint = self.DEFAULT_ENDPOINT elif use_mtls_env == "always": api_endpoint = self.DEFAULT_MTLS_ENDPOINT elif use_mtls_env == "auto": if is_mtls: api_endpoint = self.DEFAULT_MTLS_ENDPOINT else: api_endpoint = self.DEFAULT_ENDPOINT else: raise MutualTLSChannelError( "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " "values: never, auto, always" ) # Save or instantiate the transport. # Ordinarily, we provide the transport, but allowing a custom transport # instance provides an extensibility point for unusual situations. if isinstance(transport, OrgPolicyTransport): # transport is a OrgPolicyTransport instance. if credentials or client_options.credentials_file: raise ValueError( "When providing a transport instance, " "provide its credentials directly." ) if client_options.scopes: raise ValueError( "When providing a transport instance, provide its scopes " "directly." ) self._transport = transport else: Transport = type(self).get_transport_class(transport) self._transport = Transport( credentials=credentials, credentials_file=client_options.credentials_file, host=api_endpoint, scopes=client_options.scopes, client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, always_use_jwt_access=( Transport == type(self).get_transport_class("grpc") or Transport == type(self).get_transport_class("grpc_asyncio") ), )
[docs] def list_constraints( self, request: Union[orgpolicy.ListConstraintsRequest, dict] = None, *, parent: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> pagers.ListConstraintsPager: r"""Lists ``Constraints`` that could be applied on the specified resource. Args: request (Union[google.cloud.orgpolicy_v2.types.ListConstraintsRequest, dict]): The request object. The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method. parent (str): Required. The Cloud resource that parents the constraint. Must be in one of the following forms: - ``projects/{project_number}`` - ``projects/{project_id}`` - ``folders/{folder_id}`` - ``organizations/{organization_id}`` This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: google.cloud.orgpolicy_v2.services.org_policy.pagers.ListConstraintsPager: The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method. Iterating over this object will yield results and resolve additional pages automatically. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([parent]) if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # Minor optimization to avoid making a copy if the user passes # in a orgpolicy.ListConstraintsRequest. # There's no risk of modifying the input as we've already verified # there are no flattened fields. if not isinstance(request, orgpolicy.ListConstraintsRequest): request = orgpolicy.ListConstraintsRequest(request) # If we have keyword arguments corresponding to fields on the # request, apply these. if parent is not None: request.parent = parent # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = self._transport._wrapped_methods[self._transport.list_constraints] # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + ( gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), ) # Send the request. response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) # This method is paged; wrap the response in a pager, which provides # an `__iter__` convenience method. response = pagers.ListConstraintsPager( method=rpc, request=request, response=response, metadata=metadata, ) # Done; return the response. return response
[docs] def list_policies( self, request: Union[orgpolicy.ListPoliciesRequest, dict] = None, *, parent: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> pagers.ListPoliciesPager: r"""Retrieves all of the ``Policies`` that exist on a particular resource. Args: request (Union[google.cloud.orgpolicy_v2.types.ListPoliciesRequest, dict]): The request object. The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. parent (str): Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: - ``projects/{project_number}`` - ``projects/{project_id}`` - ``folders/{folder_id}`` - ``organizations/{organization_id}`` This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: google.cloud.orgpolicy_v2.services.org_policy.pagers.ListPoliciesPager: The response returned from the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no Policies are set on the resource. Iterating over this object will yield results and resolve additional pages automatically. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([parent]) if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # Minor optimization to avoid making a copy if the user passes # in a orgpolicy.ListPoliciesRequest. # There's no risk of modifying the input as we've already verified # there are no flattened fields. if not isinstance(request, orgpolicy.ListPoliciesRequest): request = orgpolicy.ListPoliciesRequest(request) # If we have keyword arguments corresponding to fields on the # request, apply these. if parent is not None: request.parent = parent # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = self._transport._wrapped_methods[self._transport.list_policies] # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + ( gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), ) # Send the request. response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) # This method is paged; wrap the response in a pager, which provides # an `__iter__` convenience method. response = pagers.ListPoliciesPager( method=rpc, request=request, response=response, metadata=metadata, ) # Done; return the response. return response
[docs] def get_policy( self, request: Union[orgpolicy.GetPolicyRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> orgpolicy.Policy: r"""Gets a ``Policy`` on a resource. If no ``Policy`` is set on the resource, NOT_FOUND is returned. The ``etag`` value can be used with ``UpdatePolicy()`` to update a ``Policy`` during read-modify-write. Args: request (Union[google.cloud.orgpolicy_v2.types.GetPolicyRequest, dict]): The request object. The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method. name (str): Required. Resource name of the policy. See ``Policy`` for naming requirements. This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: google.cloud.orgpolicy_v2.types.Policy: Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([name]) if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # Minor optimization to avoid making a copy if the user passes # in a orgpolicy.GetPolicyRequest. # There's no risk of modifying the input as we've already verified # there are no flattened fields. if not isinstance(request, orgpolicy.GetPolicyRequest): request = orgpolicy.GetPolicyRequest(request) # If we have keyword arguments corresponding to fields on the # request, apply these. if name is not None: request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = self._transport._wrapped_methods[self._transport.get_policy] # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + ( gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), ) # Send the request. response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) # Done; return the response. return response
[docs] def get_effective_policy( self, request: Union[orgpolicy.GetEffectivePolicyRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> orgpolicy.Policy: r"""Gets the effective ``Policy`` on a resource. This is the result of merging ``Policies`` in the resource hierarchy and evaluating conditions. The returned ``Policy`` will not have an ``etag`` or ``condition`` set because it is a computed ``Policy`` across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded. Args: request (Union[google.cloud.orgpolicy_v2.types.GetEffectivePolicyRequest, dict]): The request object. The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method. name (str): Required. The effective policy to compute. See ``Policy`` for naming rules. This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: google.cloud.orgpolicy_v2.types.Policy: Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([name]) if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # Minor optimization to avoid making a copy if the user passes # in a orgpolicy.GetEffectivePolicyRequest. # There's no risk of modifying the input as we've already verified # there are no flattened fields. if not isinstance(request, orgpolicy.GetEffectivePolicyRequest): request = orgpolicy.GetEffectivePolicyRequest(request) # If we have keyword arguments corresponding to fields on the # request, apply these. if name is not None: request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = self._transport._wrapped_methods[self._transport.get_effective_policy] # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + ( gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), ) # Send the request. response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) # Done; return the response. return response
[docs] def create_policy( self, request: Union[orgpolicy.CreatePolicyRequest, dict] = None, *, parent: str = None, policy: orgpolicy.Policy = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> orgpolicy.Policy: r"""Creates a Policy. Returns a ``google.rpc.Status`` with ``google.rpc.Code.NOT_FOUND`` if the constraint does not exist. Returns a ``google.rpc.Status`` with ``google.rpc.Code.ALREADY_EXISTS`` if the policy already exists on the given Cloud resource. Args: request (Union[google.cloud.orgpolicy_v2.types.CreatePolicyRequest, dict]): The request object. The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method. parent (str): Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms: - ``projects/{project_number}`` - ``projects/{project_id}`` - ``folders/{folder_id}`` - ``organizations/{organization_id}`` This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. policy (google.cloud.orgpolicy_v2.types.Policy): Required. ``Policy`` to create. This corresponds to the ``policy`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: google.cloud.orgpolicy_v2.types.Policy: Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([parent, policy]) if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # Minor optimization to avoid making a copy if the user passes # in a orgpolicy.CreatePolicyRequest. # There's no risk of modifying the input as we've already verified # there are no flattened fields. if not isinstance(request, orgpolicy.CreatePolicyRequest): request = orgpolicy.CreatePolicyRequest(request) # If we have keyword arguments corresponding to fields on the # request, apply these. if parent is not None: request.parent = parent if policy is not None: request.policy = policy # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = self._transport._wrapped_methods[self._transport.create_policy] # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + ( gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), ) # Send the request. response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) # Done; return the response. return response
[docs] def update_policy( self, request: Union[orgpolicy.UpdatePolicyRequest, dict] = None, *, policy: orgpolicy.Policy = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> orgpolicy.Policy: r"""Updates a Policy. Returns a ``google.rpc.Status`` with ``google.rpc.Code.NOT_FOUND`` if the constraint or the policy do not exist. Returns a ``google.rpc.Status`` with ``google.rpc.Code.ABORTED`` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields. Args: request (Union[google.cloud.orgpolicy_v2.types.UpdatePolicyRequest, dict]): The request object. The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method. policy (google.cloud.orgpolicy_v2.types.Policy): Required. ``Policy`` to update. This corresponds to the ``policy`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: google.cloud.orgpolicy_v2.types.Policy: Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([policy]) if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # Minor optimization to avoid making a copy if the user passes # in a orgpolicy.UpdatePolicyRequest. # There's no risk of modifying the input as we've already verified # there are no flattened fields. if not isinstance(request, orgpolicy.UpdatePolicyRequest): request = orgpolicy.UpdatePolicyRequest(request) # If we have keyword arguments corresponding to fields on the # request, apply these. if policy is not None: request.policy = policy # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = self._transport._wrapped_methods[self._transport.update_policy] # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + ( gapic_v1.routing_header.to_grpc_metadata( (("policy.name", request.policy.name),) ), ) # Send the request. response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) # Done; return the response. return response
[docs] def delete_policy( self, request: Union[orgpolicy.DeletePolicyRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> None: r"""Deletes a Policy. Returns a ``google.rpc.Status`` with ``google.rpc.Code.NOT_FOUND`` if the constraint or Org Policy does not exist. Args: request (Union[google.cloud.orgpolicy_v2.types.DeletePolicyRequest, dict]): The request object. The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method. name (str): Required. Name of the policy to delete. See ``Policy`` for naming rules. This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([name]) if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # Minor optimization to avoid making a copy if the user passes # in a orgpolicy.DeletePolicyRequest. # There's no risk of modifying the input as we've already verified # there are no flattened fields. if not isinstance(request, orgpolicy.DeletePolicyRequest): request = orgpolicy.DeletePolicyRequest(request) # If we have keyword arguments corresponding to fields on the # request, apply these. if name is not None: request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = self._transport._wrapped_methods[self._transport.delete_policy] # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + ( gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), ) # Send the request. rpc( request, retry=retry, timeout=timeout, metadata=metadata, )
try: DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( gapic_version=pkg_resources.get_distribution( "google-cloud-org-policy", ).version, ) except pkg_resources.DistributionNotFound: DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() __all__ = ("OrgPolicyClient",)