Method: analyzeOrgPolicyGovernedContainers

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
GovernedContainer
- JSON representation
Try it!

Analyzes organization policies governed containers (projects, folders or organization) under a scope.

HTTP request

GET https://cloudasset.googleapis.com/v1/{scope=*/*}:analyzeOrgPolicyGovernedContainers

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`scope`	`string` Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output containers will also be limited to the ones governed by those in-scope organization policies. organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456") Authorization requires one or more of the following IAM permissions on the specified resource `scope`: `cloudasset.assets.searchAllResources` `cloudasset.assets.analyzeOrgPolicy`

scope

string

Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output containers will also be limited to the ones governed by those in-scope organization policies.

organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

Authorization requires one or more of the following IAM permissions on the specified resource scope:

cloudasset.assets.searchAllResources
cloudasset.assets.analyzeOrgPolicy

Query parameters

Parameters
`constraint`	`string` Required. The name of the constraint to analyze governed containers for. The analysis only contains organization policies for the provided constraint.
`filter`	`string` The expression to filter `AnalyzeOrgPolicyGovernedContainersResponse.governed_containers`. Filtering is currently available for bare literal values and the following fields: * parent * consolidatedPolicy.rules.enforce When filtering by a specific field, the only supported operator is `=`. For example, filtering by parent="//cloudresourcemanager.googleapis.com/folders/001" will return all the containers under "folders/001".
`pageToken`	`string` The pagination token to retrieve the next page.
`pageSize`	`integer` The maximum number of items to return per page. If unspecified, `AnalyzeOrgPolicyGovernedContainersResponse.governed_containers` will contain 100 items with a maximum of 200.

Request body

The request body must be empty.

Response body

The response message for AssetService.AnalyzeOrgPolicyGovernedContainers.

If successful, the response body contains data with the following structure:

JSON representation
{ "governedContainers": [ { object (`GovernedContainer`) } ], "constraint": { object (`AnalyzerOrgPolicyConstraint`) }, "nextPageToken": string }

Fields

Fields
`governedContainers[]`	`object (GovernedContainer)` The list of the analyzed governed containers.
`constraint`	`object (AnalyzerOrgPolicyConstraint)` The definition of the constraint in the request.
`nextPageToken`	`string` The page token to fetch the next page for `AnalyzeOrgPolicyGovernedContainersResponse.governed_containers`.

governedContainers[]

object (GovernedContainer)

The list of the analyzed governed containers.

constraint

object (AnalyzerOrgPolicyConstraint)

The definition of the constraint in the request.

nextPageToken

string

The page token to fetch the next page for AnalyzeOrgPolicyGovernedContainersResponse.governed_containers.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GovernedContainer

The organization/folder/project resource governed by organization policies of AnalyzeOrgPolicyGovernedContainersRequest.constraint.

JSON representation

JSON representation
{ "fullResourceName": string, "parent": string, "consolidatedPolicy": { object (`AnalyzerOrgPolicy`) }, "policyBundle": [ { object (`AnalyzerOrgPolicy`) } ], "project": string, "folders": [ string ], "organization": string, "effectiveTags": [ { object (`EffectiveTagDetails`) } ] }

{
  "fullResourceName": string,
  "parent": string,
  "consolidatedPolicy": {
    object (AnalyzerOrgPolicy)
  },
  "policyBundle": [
    {
      object (AnalyzerOrgPolicy)
    }
  ],
  "project": string,
  "folders": [
    string
  ],
  "organization": string,
  "effectiveTags": [
    {
      object (EffectiveTagDetails)
    }
  ]
}

Fields
`fullResourceName`	`string` The full resource name of an organization/folder/project resource.
`parent`	`string` The full resource name of the parent of `AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.full_resource_name`.
`consolidatedPolicy`	`object (AnalyzerOrgPolicy)` The consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating `AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.policy_bundle`. The evaluation will respect the organization policy hierarchy rules.
`policyBundle[]`	`object (AnalyzerOrgPolicy)` The ordered list of all organization policies from the [AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource][]. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
`project`	`string` The project that this resource belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project.
`folders[]`	`string` The folder(s) that this resource belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to one or more folders.
`organization`	`string` The organization that this resource belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to an organization.
`effectiveTags[]`	`object (EffectiveTagDetails)` The effective tags on this resource.