Class OrgPolicyClient (2.17.0)

An interface for managing organization policies.

The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.

You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

Equality

Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection> objects compare equal. Objects that compare equal share the same underlying resources.

Performance

Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.

Thread Safety

Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.

Constructors

OrgPolicyClient(OrgPolicyClient const &)

Copy and move support

Parameter
Name Description
OrgPolicyClient const &

OrgPolicyClient(OrgPolicyClient &&)

Copy and move support

Parameter
Name Description
OrgPolicyClient &&

OrgPolicyClient(std::shared_ptr< OrgPolicyConnection >, Options)

Parameters
Name Description
connection std::shared_ptr< OrgPolicyConnection >
opts Options

Operators

operator=(OrgPolicyClient const &)

Copy and move support

Parameter
Name Description
OrgPolicyClient const &
Returns
Type Description
OrgPolicyClient &

operator=(OrgPolicyClient &&)

Copy and move support

Parameter
Name Description
OrgPolicyClient &&
Returns
Type Description
OrgPolicyClient &

Functions

ListConstraints(std::string const &, Options)

Lists Constraints that could be applied on the specified resource.

Parameters
Name Description
parent std::string const &

Required. The Cloud resource that parents the constraint. Must be in one of the following forms:

  • projects/{project_number}
  • projects/{project_id}
  • folders/{folder_id}
  • organizations/{organization_id}
opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::orgpolicy::v2::Constraint >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.orgpolicy.v2.Constraint, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListConstraints(google::cloud::orgpolicy::v2::ListConstraintsRequest, Options)

Lists Constraints that could be applied on the specified resource.

Parameters
Name Description
request google::cloud::orgpolicy::v2::ListConstraintsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.orgpolicy.v2.ListConstraintsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::orgpolicy::v2::Constraint >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.orgpolicy.v2.Constraint, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListPolicies(std::string const &, Options)

Retrieves all of the Policies that exist on a particular resource.

Parameters
Name Description
parent std::string const &

Required. The target Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:

  • projects/{project_number}
  • projects/{project_id}
  • folders/{folder_id}
  • organizations/{organization_id}
opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::orgpolicy::v2::Policy >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.orgpolicy.v2.Policy, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListPolicies(google::cloud::orgpolicy::v2::ListPoliciesRequest, Options)

Retrieves all of the Policies that exist on a particular resource.

Parameters
Name Description
request google::cloud::orgpolicy::v2::ListPoliciesRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.orgpolicy.v2.ListPoliciesRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::orgpolicy::v2::Policy >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.orgpolicy.v2.Policy, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

GetPolicy(std::string const &, Options)

Gets a Policy on a resource.

If no Policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a Policy during read-modify-write.

Parameters
Name Description
name std::string const &

Required. Resource name of the policy. See Policy for naming requirements.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::orgpolicy::v2::Policy >

the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetPolicy(google::cloud::orgpolicy::v2::GetPolicyRequest const &, Options)

Gets a Policy on a resource.

If no Policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a Policy during read-modify-write.

Parameters
Name Description
request google::cloud::orgpolicy::v2::GetPolicyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.orgpolicy.v2.GetPolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::orgpolicy::v2::Policy >

the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetEffectivePolicy(std::string const &, Options)

Gets the effective Policy on a resource.

This is the result of merging Policies in the resource hierarchy and evaluating conditions. The returned Policy will not have an etag or condition set because it is a computed Policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.

Parameters
Name Description
name std::string const &

Required. The effective policy to compute. See Policy for naming rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::orgpolicy::v2::Policy >

the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetEffectivePolicy(google::cloud::orgpolicy::v2::GetEffectivePolicyRequest const &, Options)

Gets the effective Policy on a resource.

This is the result of merging Policies in the resource hierarchy and evaluating conditions. The returned Policy will not have an etag or condition set because it is a computed Policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.

Parameters
Name Description
request google::cloud::orgpolicy::v2::GetEffectivePolicyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.orgpolicy.v2.GetEffectivePolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::orgpolicy::v2::Policy >

the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreatePolicy(std::string const &, google::cloud::orgpolicy::v2::Policy const &, Options)

Creates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Cloud resource.

Parameters
Name Description
parent std::string const &

Required. The Cloud resource that will parent the new Policy. Must be in one of the following forms:

  • projects/{project_number}
  • projects/{project_id}
  • folders/{folder_id}
  • organizations/{organization_id}
policy google::cloud::orgpolicy::v2::Policy const &

Required. Policy to create.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::orgpolicy::v2::Policy >

the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreatePolicy(google::cloud::orgpolicy::v2::CreatePolicyRequest const &, Options)

Creates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Cloud resource.

Parameters
Name Description
request google::cloud::orgpolicy::v2::CreatePolicyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.orgpolicy.v2.CreatePolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::orgpolicy::v2::Policy >

the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

UpdatePolicy(google::cloud::orgpolicy::v2::Policy const &, Options)

Updates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy

Note: the supplied policy will perform a full overwrite of all fields.

Parameters
Name Description
policy google::cloud::orgpolicy::v2::Policy const &

Required. Policy to update.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::orgpolicy::v2::Policy >

the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

UpdatePolicy(google::cloud::orgpolicy::v2::UpdatePolicyRequest const &, Options)

Updates a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy

Note: the supplied policy will perform a full overwrite of all fields.

Parameters
Name Description
request google::cloud::orgpolicy::v2::UpdatePolicyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.orgpolicy.v2.UpdatePolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::orgpolicy::v2::Policy >

the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

DeletePolicy(std::string const &, Options)

Deletes a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or Org Policy does not exist.

Parameters
Name Description
name std::string const &

Required. Name of the policy to delete. See Policy for naming rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
Status

a Status object. If the request failed, the status contains the details of the failure.

DeletePolicy(google::cloud::orgpolicy::v2::DeletePolicyRequest const &, Options)

Deletes a Policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or Org Policy does not exist.

Parameters
Name Description
request google::cloud::orgpolicy::v2::DeletePolicyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.orgpolicy.v2.DeletePolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
Status

a Status object. If the request failed, the status contains the details of the failure.