As of January 1, 2020 this library no longer supports Python 2 on the latest released version. Library versions released prior to that date will continue to be available. For more information please visit Python 2 support on Google Cloud.

OrgPolicy

class google.cloud.orgpolicy_v2.services.org_policy.OrgPolicyAsyncClient(*, credentials: google.auth.credentials.Credentials = None, transport: Union[str, google.cloud.orgpolicy_v2.services.org_policy.transports.base.OrgPolicyTransport] = 'grpc_asyncio', client_options: <module 'google.api_core.client_options' from '/usr/lib/python3.10/site-packages/google/api_core/client_options.py'> = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)[source]

An interface for managing organization policies.

The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.

You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource’s configuration that can be controlled by an organization’s policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

Instantiates the org policy client.

Parameters
  • credentials (Optional[google.auth.credentials.Credentials]) – The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.

  • transport (Union[str, OrgPolicyTransport]) – The transport to use. If set to None, a transport is chosen automatically.

  • client_options (ClientOptions) – Custom options for the client. It won’t take effect if a transport instance is provided. (1) The api_endpoint property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT environment variable can also be used to override the endpoint: “always” (always use the default mTLS endpoint), “never” (always use the default regular endpoint) and “auto” (auto switch to the default mTLS endpoint if client certificate is present, this is the default value). However, the api_endpoint property takes precedence if provided. (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is “true”, then the client_cert_source property can be used to provide client certificate for mutual TLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is “false” or not set, no client certificate will be used.

Raises

google.auth.exceptions.MutualTlsChannelError – If mutual TLS transport creation failed for any reason.

static common_billing_account_path(billing_account: str) str

Returns a fully-qualified billing_account string.

static common_folder_path(folder: str) str

Returns a fully-qualified folder string.

static common_location_path(project: str, location: str) str

Returns a fully-qualified location string.

static common_organization_path(organization: str) str

Returns a fully-qualified organization string.

static common_project_path(project: str) str

Returns a fully-qualified project string.

static constraint_path(project: str, constraint: str) str

Returns a fully-qualified constraint string.

async create_policy(request: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.CreatePolicyRequest] = None, *, parent: Optional[str] = None, policy: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.Policy] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.types.orgpolicy.Policy[source]

Creates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Cloud resource.

Parameters
  • request (google.cloud.orgpolicy_v2.types.CreatePolicyRequest) – The request object. The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.

  • parent (str) –

    Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms:

    • projects/{project_number}

    • projects/{project_id}

    • folders/{folder_id}

    • organizations/{organization_id}

    This corresponds to the parent field on the request instance; if request is provided, this should not be set.

  • policy (google.cloud.orgpolicy_v2.types.Policy) – Required. Policy to create. This corresponds to the policy field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

Defines a Cloud Organization Policy which is used to specify Constraints

for configurations of Cloud Platform resources.

Return type

google.cloud.orgpolicy_v2.types.Policy

async delete_policy(request: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.DeletePolicyRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) None[source]

Deletes a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or Org Policy does not exist.

Parameters
  • request (google.cloud.orgpolicy_v2.types.DeletePolicyRequest) – The request object. The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.

  • name (str) –

    Required. Name of the policy to delete. See Policy for naming rules.

    This corresponds to the name field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

classmethod from_service_account_file(filename: str, *args, **kwargs)[source]
Creates an instance of this client using the provided credentials

file.

Parameters
  • filename (str) – The path to the service account private key json file.

  • args – Additional arguments to pass to the constructor.

  • kwargs – Additional arguments to pass to the constructor.

Returns

The constructed client.

Return type

OrgPolicyAsyncClient

classmethod from_service_account_info(info: dict, *args, **kwargs)[source]
Creates an instance of this client using the provided credentials

info.

Parameters
  • info (dict) – The service account private key info.

  • args – Additional arguments to pass to the constructor.

  • kwargs – Additional arguments to pass to the constructor.

Returns

The constructed client.

Return type

OrgPolicyAsyncClient

classmethod from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials

file.

Parameters
  • filename (str) – The path to the service account private key json file.

  • args – Additional arguments to pass to the constructor.

  • kwargs – Additional arguments to pass to the constructor.

Returns

The constructed client.

Return type

OrgPolicyAsyncClient

async get_effective_policy(request: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.GetEffectivePolicyRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.types.orgpolicy.Policy[source]

Gets the effective Policy on a resource. This is the result of merging Policies in the resource hierarchy and evaluating conditions. The returned Policy will not have an etag or condition set because it is a computed Policy across multiple resources. Subtrees of Resource Manager resource hierarchy with ‘under:’ prefix will not be expanded.

Parameters
  • request (google.cloud.orgpolicy_v2.types.GetEffectivePolicyRequest) – The request object. The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.

  • name (str) –

    Required. The effective policy to compute. See Policy for naming rules.

    This corresponds to the name field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

Defines a Cloud Organization Policy which is used to specify Constraints

for configurations of Cloud Platform resources.

Return type

google.cloud.orgpolicy_v2.types.Policy

async get_policy(request: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.GetPolicyRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.types.orgpolicy.Policy[source]

Gets a Policy on a resource.

If no Policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a Policy during read-modify-write.

Parameters
  • request (google.cloud.orgpolicy_v2.types.GetPolicyRequest) – The request object. The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.

  • name (str) –

    Required. Resource name of the policy. See Policy for naming requirements.

    This corresponds to the name field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

Defines a Cloud Organization Policy which is used to specify Constraints

for configurations of Cloud Platform resources.

Return type

google.cloud.orgpolicy_v2.types.Policy

get_transport_class() Type[google.cloud.orgpolicy_v2.services.org_policy.transports.base.OrgPolicyTransport]

Returns an appropriate transport class.

Parameters

label – The name of the desired transport. If none is provided, then the first transport in the registry is used.

Returns

The transport class to use.

async list_constraints(request: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.services.org_policy.pagers.ListConstraintsAsyncPager[source]

Lists Constraints that could be applied on the specified resource.

Parameters
  • request (google.cloud.orgpolicy_v2.types.ListConstraintsRequest) – The request object. The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

  • parent (str) –

    Required. The Cloud resource that parents the constraint. Must be in one of the following forms:

    • projects/{project_number}

    • projects/{project_id}

    • folders/{folder_id}

    • organizations/{organization_id}

    This corresponds to the parent field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

The response returned from the [ListConstraints]

[google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

Iterating over this object will yield results and resolve additional pages automatically.

Return type

google.cloud.orgpolicy_v2.services.org_policy.pagers.ListConstraintsAsyncPager

async list_policies(request: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.services.org_policy.pagers.ListPoliciesAsyncPager[source]

Retrieves all of the Policies that exist on a particular resource.

Parameters
  • request (google.cloud.orgpolicy_v2.types.ListPoliciesRequest) – The request object. The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.

  • parent (str) –

    Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:

    • projects/{project_number}

    • projects/{project_id}

    • folders/{folder_id}

    • organizations/{organization_id}

    This corresponds to the parent field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

The response returned from the [ListPolicies]

[google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no Policies are set on the resource.

Iterating over this object will yield results and resolve additional pages automatically.

Return type

google.cloud.orgpolicy_v2.services.org_policy.pagers.ListPoliciesAsyncPager

static parse_common_billing_account_path(path: str) Dict[str, str]

Parse a billing_account path into its component segments.

static parse_common_folder_path(path: str) Dict[str, str]

Parse a folder path into its component segments.

static parse_common_location_path(path: str) Dict[str, str]

Parse a location path into its component segments.

static parse_common_organization_path(path: str) Dict[str, str]

Parse a organization path into its component segments.

static parse_common_project_path(path: str) Dict[str, str]

Parse a project path into its component segments.

static parse_constraint_path(path: str) Dict[str, str]

Parses a constraint path into its component segments.

static parse_policy_path(path: str) Dict[str, str]

Parses a policy path into its component segments.

static policy_path(project: str, policy: str) str

Returns a fully-qualified policy string.

property transport: google.cloud.orgpolicy_v2.services.org_policy.transports.base.OrgPolicyTransport

Returns the transport used by the client instance.

Returns

The transport used by the client instance.

Return type

OrgPolicyTransport

async update_policy(request: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.UpdatePolicyRequest] = None, *, policy: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.Policy] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.types.orgpolicy.Policy[source]

Updates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy

Note: the supplied policy will perform a full overwrite of all fields.

Parameters
  • request (google.cloud.orgpolicy_v2.types.UpdatePolicyRequest) – The request object. The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.

  • policy (google.cloud.orgpolicy_v2.types.Policy) – Required. Policy to update. This corresponds to the policy field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

Defines a Cloud Organization Policy which is used to specify Constraints

for configurations of Cloud Platform resources.

Return type

google.cloud.orgpolicy_v2.types.Policy

class google.cloud.orgpolicy_v2.services.org_policy.OrgPolicyClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.orgpolicy_v2.services.org_policy.transports.base.OrgPolicyTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)[source]

An interface for managing organization policies.

The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.

You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource’s configuration that can be controlled by an organization’s policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

Instantiates the org policy client.

Parameters
  • credentials (Optional[google.auth.credentials.Credentials]) – The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.

  • transport (Union[str, OrgPolicyTransport]) – The transport to use. If set to None, a transport is chosen automatically.

  • client_options (google.api_core.client_options.ClientOptions) – Custom options for the client. It won’t take effect if a transport instance is provided. (1) The api_endpoint property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT environment variable can also be used to override the endpoint: “always” (always use the default mTLS endpoint), “never” (always use the default regular endpoint) and “auto” (auto switch to the default mTLS endpoint if client certificate is present, this is the default value). However, the api_endpoint property takes precedence if provided. (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is “true”, then the client_cert_source property can be used to provide client certificate for mutual TLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is “false” or not set, no client certificate will be used.

  • client_info (google.api_core.gapic_v1.client_info.ClientInfo) – The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you’re developing your own client library.

Raises

google.auth.exceptions.MutualTLSChannelError – If mutual TLS transport creation failed for any reason.

static common_billing_account_path(billing_account: str) str[source]

Returns a fully-qualified billing_account string.

static common_folder_path(folder: str) str[source]

Returns a fully-qualified folder string.

static common_location_path(project: str, location: str) str[source]

Returns a fully-qualified location string.

static common_organization_path(organization: str) str[source]

Returns a fully-qualified organization string.

static common_project_path(project: str) str[source]

Returns a fully-qualified project string.

static constraint_path(project: str, constraint: str) str[source]

Returns a fully-qualified constraint string.

create_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.CreatePolicyRequest, dict]] = None, *, parent: Optional[str] = None, policy: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.Policy] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.types.orgpolicy.Policy[source]

Creates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Cloud resource.

Parameters
  • request (Union[google.cloud.orgpolicy_v2.types.CreatePolicyRequest, dict]) – The request object. The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.

  • parent (str) –

    Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms:

    • projects/{project_number}

    • projects/{project_id}

    • folders/{folder_id}

    • organizations/{organization_id}

    This corresponds to the parent field on the request instance; if request is provided, this should not be set.

  • policy (google.cloud.orgpolicy_v2.types.Policy) – Required. Policy to create. This corresponds to the policy field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

Defines a Cloud Organization Policy which is used to specify Constraints

for configurations of Cloud Platform resources.

Return type

google.cloud.orgpolicy_v2.types.Policy

delete_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.DeletePolicyRequest, dict]] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) None[source]

Deletes a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or Org Policy does not exist.

Parameters
  • request (Union[google.cloud.orgpolicy_v2.types.DeletePolicyRequest, dict]) – The request object. The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.

  • name (str) –

    Required. Name of the policy to delete. See Policy for naming rules.

    This corresponds to the name field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

classmethod from_service_account_file(filename: str, *args, **kwargs)[source]
Creates an instance of this client using the provided credentials

file.

Parameters
  • filename (str) – The path to the service account private key json file.

  • args – Additional arguments to pass to the constructor.

  • kwargs – Additional arguments to pass to the constructor.

Returns

The constructed client.

Return type

OrgPolicyClient

classmethod from_service_account_info(info: dict, *args, **kwargs)[source]
Creates an instance of this client using the provided credentials

info.

Parameters
  • info (dict) – The service account private key info.

  • args – Additional arguments to pass to the constructor.

  • kwargs – Additional arguments to pass to the constructor.

Returns

The constructed client.

Return type

OrgPolicyClient

classmethod from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials

file.

Parameters
  • filename (str) – The path to the service account private key json file.

  • args – Additional arguments to pass to the constructor.

  • kwargs – Additional arguments to pass to the constructor.

Returns

The constructed client.

Return type

OrgPolicyClient

get_effective_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.GetEffectivePolicyRequest, dict]] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.types.orgpolicy.Policy[source]

Gets the effective Policy on a resource. This is the result of merging Policies in the resource hierarchy and evaluating conditions. The returned Policy will not have an etag or condition set because it is a computed Policy across multiple resources. Subtrees of Resource Manager resource hierarchy with ‘under:’ prefix will not be expanded.

Parameters
  • request (Union[google.cloud.orgpolicy_v2.types.GetEffectivePolicyRequest, dict]) – The request object. The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.

  • name (str) –

    Required. The effective policy to compute. See Policy for naming rules.

    This corresponds to the name field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

Defines a Cloud Organization Policy which is used to specify Constraints

for configurations of Cloud Platform resources.

Return type

google.cloud.orgpolicy_v2.types.Policy

get_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.GetPolicyRequest, dict]] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.types.orgpolicy.Policy[source]

Gets a Policy on a resource.

If no Policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a Policy during read-modify-write.

Parameters
  • request (Union[google.cloud.orgpolicy_v2.types.GetPolicyRequest, dict]) – The request object. The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.

  • name (str) –

    Required. Resource name of the policy. See Policy for naming requirements.

    This corresponds to the name field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

Defines a Cloud Organization Policy which is used to specify Constraints

for configurations of Cloud Platform resources.

Return type

google.cloud.orgpolicy_v2.types.Policy

list_constraints(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsRequest, dict]] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.services.org_policy.pagers.ListConstraintsPager[source]

Lists Constraints that could be applied on the specified resource.

Parameters
  • request (Union[google.cloud.orgpolicy_v2.types.ListConstraintsRequest, dict]) – The request object. The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

  • parent (str) –

    Required. The Cloud resource that parents the constraint. Must be in one of the following forms:

    • projects/{project_number}

    • projects/{project_id}

    • folders/{folder_id}

    • organizations/{organization_id}

    This corresponds to the parent field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

The response returned from the [ListConstraints]

[google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

Iterating over this object will yield results and resolve additional pages automatically.

Return type

google.cloud.orgpolicy_v2.services.org_policy.pagers.ListConstraintsPager

list_policies(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesRequest, dict]] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.services.org_policy.pagers.ListPoliciesPager[source]

Retrieves all of the Policies that exist on a particular resource.

Parameters
  • request (Union[google.cloud.orgpolicy_v2.types.ListPoliciesRequest, dict]) – The request object. The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.

  • parent (str) –

    Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:

    • projects/{project_number}

    • projects/{project_id}

    • folders/{folder_id}

    • organizations/{organization_id}

    This corresponds to the parent field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

The response returned from the [ListPolicies]

[google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no Policies are set on the resource.

Iterating over this object will yield results and resolve additional pages automatically.

Return type

google.cloud.orgpolicy_v2.services.org_policy.pagers.ListPoliciesPager

static parse_common_billing_account_path(path: str) Dict[str, str][source]

Parse a billing_account path into its component segments.

static parse_common_folder_path(path: str) Dict[str, str][source]

Parse a folder path into its component segments.

static parse_common_location_path(path: str) Dict[str, str][source]

Parse a location path into its component segments.

static parse_common_organization_path(path: str) Dict[str, str][source]

Parse a organization path into its component segments.

static parse_common_project_path(path: str) Dict[str, str][source]

Parse a project path into its component segments.

static parse_constraint_path(path: str) Dict[str, str][source]

Parses a constraint path into its component segments.

static parse_policy_path(path: str) Dict[str, str][source]

Parses a policy path into its component segments.

static policy_path(project: str, policy: str) str[source]

Returns a fully-qualified policy string.

property transport: google.cloud.orgpolicy_v2.services.org_policy.transports.base.OrgPolicyTransport

Returns the transport used by the client instance.

Returns

The transport used by the client

instance.

Return type

OrgPolicyTransport

update_policy(request: Optional[Union[google.cloud.orgpolicy_v2.types.orgpolicy.UpdatePolicyRequest, dict]] = None, *, policy: Optional[google.cloud.orgpolicy_v2.types.orgpolicy.Policy] = None, retry: google.api_core.retry.Retry = <object object>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ()) google.cloud.orgpolicy_v2.types.orgpolicy.Policy[source]

Updates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy

Note: the supplied policy will perform a full overwrite of all fields.

Parameters
  • request (Union[google.cloud.orgpolicy_v2.types.UpdatePolicyRequest, dict]) – The request object. The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.

  • policy (google.cloud.orgpolicy_v2.types.Policy) – Required. Policy to update. This corresponds to the policy field on the request instance; if request is provided, this should not be set.

  • retry (google.api_core.retry.Retry) – Designation of what errors, if any, should be retried.

  • timeout (float) – The timeout for this request.

  • metadata (Sequence[Tuple[str, str]]) – Strings which should be sent along with the request as metadata.

Returns

Defines a Cloud Organization Policy which is used to specify Constraints

for configurations of Cloud Platform resources.

Return type

google.cloud.orgpolicy_v2.types.Policy

class google.cloud.orgpolicy_v2.services.org_policy.pagers.ListConstraintsAsyncPager(method: Callable[[...], Awaitable[google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsResponse]], request: google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsRequest, response: google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsResponse, *, metadata: Sequence[Tuple[str, str]] = ())[source]

A pager for iterating through list_constraints requests.

This class thinly wraps an initial google.cloud.orgpolicy_v2.types.ListConstraintsResponse object, and provides an __aiter__ method to iterate through its constraints field.

If there are more pages, the __aiter__ method will make additional ListConstraints requests and continue to iterate through the constraints field on the corresponding responses.

All the usual google.cloud.orgpolicy_v2.types.ListConstraintsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Instantiates the pager.

Parameters
class google.cloud.orgpolicy_v2.services.org_policy.pagers.ListConstraintsPager(method: Callable[[...], google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsResponse], request: google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsRequest, response: google.cloud.orgpolicy_v2.types.orgpolicy.ListConstraintsResponse, *, metadata: Sequence[Tuple[str, str]] = ())[source]

A pager for iterating through list_constraints requests.

This class thinly wraps an initial google.cloud.orgpolicy_v2.types.ListConstraintsResponse object, and provides an __iter__ method to iterate through its constraints field.

If there are more pages, the __iter__ method will make additional ListConstraints requests and continue to iterate through the constraints field on the corresponding responses.

All the usual google.cloud.orgpolicy_v2.types.ListConstraintsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Instantiate the pager.

Parameters
class google.cloud.orgpolicy_v2.services.org_policy.pagers.ListPoliciesAsyncPager(method: Callable[[...], Awaitable[google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesResponse]], request: google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesRequest, response: google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesResponse, *, metadata: Sequence[Tuple[str, str]] = ())[source]

A pager for iterating through list_policies requests.

This class thinly wraps an initial google.cloud.orgpolicy_v2.types.ListPoliciesResponse object, and provides an __aiter__ method to iterate through its policies field.

If there are more pages, the __aiter__ method will make additional ListPolicies requests and continue to iterate through the policies field on the corresponding responses.

All the usual google.cloud.orgpolicy_v2.types.ListPoliciesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Instantiates the pager.

Parameters
class google.cloud.orgpolicy_v2.services.org_policy.pagers.ListPoliciesPager(method: Callable[[...], google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesResponse], request: google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesRequest, response: google.cloud.orgpolicy_v2.types.orgpolicy.ListPoliciesResponse, *, metadata: Sequence[Tuple[str, str]] = ())[source]

A pager for iterating through list_policies requests.

This class thinly wraps an initial google.cloud.orgpolicy_v2.types.ListPoliciesResponse object, and provides an __iter__ method to iterate through its policies field.

If there are more pages, the __iter__ method will make additional ListPolicies requests and continue to iterate through the policies field on the corresponding responses.

All the usual google.cloud.orgpolicy_v2.types.ListPoliciesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

Instantiate the pager.

Parameters