An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For example, you can enforce a policy
that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent resource automatically applies to all its child resources unless overridden with a policy
lower in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies
are a collection of constraints
that defines their allowable configuration on a particular resource and its child resources.
Equality
Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection>
objects compare equal. Objects that compare equal share the same underlying resources.
Performance
Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.
Thread Safety
Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.
Constructors
OrgPolicyClient(OrgPolicyClient const &)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
OrgPolicyClient const &
|
OrgPolicyClient(OrgPolicyClient &&)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
OrgPolicyClient &&
|
OrgPolicyClient(std::shared_ptr< OrgPolicyConnection >, Options)
Parameters | |
---|---|
Name | Description |
connection |
std::shared_ptr< OrgPolicyConnection >
|
opts |
Options
|
Operators
operator=(OrgPolicyClient const &)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
OrgPolicyClient const &
|
Returns | |
---|---|
Type | Description |
OrgPolicyClient & |
operator=(OrgPolicyClient &&)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
OrgPolicyClient &&
|
Returns | |
---|---|
Type | Description |
OrgPolicyClient & |
Functions
ListConstraints(std::string const &, Options)
Lists Constraints
that could be applied on the specified resource.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The Cloud resource that parents the constraint. Must be in one of the following forms:
|
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::Constraint > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListConstraints(google::cloud::orgpolicy::v2::ListConstraintsRequest, Options)
Lists Constraints
that could be applied on the specified resource.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::ListConstraintsRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::Constraint > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListPolicies(std::string const &, Options)
Retrieves all of the Policies
that exist on a particular resource.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:
|
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::Policy > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListPolicies(google::cloud::orgpolicy::v2::ListPoliciesRequest, Options)
Retrieves all of the Policies
that exist on a particular resource.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::ListPoliciesRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::Policy > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
GetPolicy(std::string const &, Options)
Gets a Policy
on a resource.
If no Policy
is set on the resource, NOT_FOUND is returned. The etag
value can be used with UpdatePolicy()
to update a Policy
during read-modify-write.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. Resource name of the policy. See |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetPolicy(google::cloud::orgpolicy::v2::GetPolicyRequest const &, Options)
Gets a Policy
on a resource.
If no Policy
is set on the resource, NOT_FOUND is returned. The etag
value can be used with UpdatePolicy()
to update a Policy
during read-modify-write.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::GetPolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetEffectivePolicy(std::string const &, Options)
Gets the effective Policy
on a resource.
This is the result of merging Policies
in the resource hierarchy and evaluating conditions. The returned Policy
will not have an etag
or condition
set because it is a computed Policy
across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The effective policy to compute. See |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetEffectivePolicy(google::cloud::orgpolicy::v2::GetEffectivePolicyRequest const &, Options)
Gets the effective Policy
on a resource.
This is the result of merging Policies
in the resource hierarchy and evaluating conditions. The returned Policy
will not have an etag
or condition
set because it is a computed Policy
across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::GetEffectivePolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreatePolicy(std::string const &, google::cloud::orgpolicy::v2::Policy const &, Options)
Creates a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint does not exist. Returns a google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the policy already exists on the given Cloud resource.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms:
|
policy |
google::cloud::orgpolicy::v2::Policy const &
Required. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreatePolicy(google::cloud::orgpolicy::v2::CreatePolicyRequest const &, Options)
Creates a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint does not exist. Returns a google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the policy already exists on the given Cloud resource.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::CreatePolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdatePolicy(google::cloud::orgpolicy::v2::Policy const &, Options)
Updates a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint or the policy do not exist. Returns a google.rpc.Status
with google.rpc.Code.ABORTED
if the etag supplied in the request does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
Parameters | |
---|---|
Name | Description |
policy |
google::cloud::orgpolicy::v2::Policy const &
Required. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdatePolicy(google::cloud::orgpolicy::v2::UpdatePolicyRequest const &, Options)
Updates a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint or the policy do not exist. Returns a google.rpc.Status
with google.rpc.Code.ABORTED
if the etag supplied in the request does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::UpdatePolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
DeletePolicy(std::string const &, Options)
Deletes a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint or Org Policy does not exist.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. Name of the policy to delete. See |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
Status |
a |
DeletePolicy(google::cloud::orgpolicy::v2::DeletePolicyRequest const &, Options)
Deletes a Policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint or Org Policy does not exist.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::DeletePolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
Status |
a |