An interface for managing organization policies.
The Organization Policy Service provides a simple mechanism for organizations to restrict the allowed configurations across their entire resource hierarchy.
You can use a policy to configure restrictions on resources. For example, you can enforce a policy that restricts which Google Cloud APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.
Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.
A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.
Equality
Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection>
objects compare equal. Objects that compare equal share the same underlying resources.
Performance
Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.
Thread Safety
Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.
Constructors
OrgPolicyClient(OrgPolicyClient const &)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
OrgPolicyClient const &
|
OrgPolicyClient(OrgPolicyClient &&)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
OrgPolicyClient &&
|
OrgPolicyClient(std::shared_ptr< OrgPolicyConnection >, Options)
Parameters | |
---|---|
Name | Description |
connection |
std::shared_ptr< OrgPolicyConnection >
|
opts |
Options
|
Operators
operator=(OrgPolicyClient const &)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
OrgPolicyClient const &
|
Returns | |
---|---|
Type | Description |
OrgPolicyClient & |
operator=(OrgPolicyClient &&)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
OrgPolicyClient &&
|
Returns | |
---|---|
Type | Description |
OrgPolicyClient & |
Functions
ListConstraints(std::string const &, Options)
Lists constraints that could be applied on the specified resource.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms:
|
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::Constraint > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListConstraints(google::cloud::orgpolicy::v2::ListConstraintsRequest, Options)
Lists constraints that could be applied on the specified resource.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::ListConstraintsRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::Constraint > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListPolicies(std::string const &, Options)
Retrieves all of the policies that exist on a particular resource.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:
|
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::Policy > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListPolicies(google::cloud::orgpolicy::v2::ListPoliciesRequest, Options)
Retrieves all of the policies that exist on a particular resource.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::ListPoliciesRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::Policy > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
GetPolicy(std::string const &, Options)
Gets a policy on a resource.
If no policy is set on the resource, NOT_FOUND
is returned. The etag
value can be used with UpdatePolicy()
to update a policy during read-modify-write.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. Resource name of the policy. See Policy for naming requirements. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetPolicy(google::cloud::orgpolicy::v2::GetPolicyRequest const &, Options)
Gets a policy on a resource.
If no policy is set on the resource, NOT_FOUND
is returned. The etag
value can be used with UpdatePolicy()
to update a policy during read-modify-write.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::GetPolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetEffectivePolicy(std::string const &, Options)
Gets the effective policy on a resource.
This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag
or condition
set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The effective policy to compute. See Policy for naming requirements. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetEffectivePolicy(google::cloud::orgpolicy::v2::GetEffectivePolicyRequest const &, Options)
Gets the effective policy on a resource.
This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag
or condition
set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::GetEffectivePolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreatePolicy(std::string const &, google::cloud::orgpolicy::v2::Policy const &, Options)
Creates a policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint does not exist. Returns a google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the policy already exists on the given Google Cloud resource.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The Google Cloud resource that will parent the new policy. Must be in one of the following forms:
|
policy |
google::cloud::orgpolicy::v2::Policy const &
Required. Policy to create. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreatePolicy(google::cloud::orgpolicy::v2::CreatePolicyRequest const &, Options)
Creates a policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint does not exist. Returns a google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the policy already exists on the given Google Cloud resource.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::CreatePolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdatePolicy(google::cloud::orgpolicy::v2::Policy const &, Options)
Updates a policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint or the policy do not exist. Returns a google.rpc.Status
with google.rpc.Code.ABORTED
if the etag supplied in the request does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
Parameters | |
---|---|
Name | Description |
policy |
google::cloud::orgpolicy::v2::Policy const &
Required. Policy to update. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdatePolicy(google::cloud::orgpolicy::v2::UpdatePolicyRequest const &, Options)
Updates a policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint or the policy do not exist. Returns a google.rpc.Status
with google.rpc.Code.ABORTED
if the etag supplied in the request does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::UpdatePolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::Policy > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
DeletePolicy(std::string const &, Options)
Deletes a policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint or organization policy does not exist.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. Name of the policy to delete. See the policy entry for naming rules. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
Status |
a |
DeletePolicy(google::cloud::orgpolicy::v2::DeletePolicyRequest const &, Options)
Deletes a policy.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint or organization policy does not exist.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::DeletePolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
Status |
a |
CreateCustomConstraint(std::string const &, google::cloud::orgpolicy::v2::CustomConstraint const &, Options)
Creates a custom constraint.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the organization does not exist. Returns a google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the constraint already exists on the given organization.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. Must be in the following form:
|
custom_constraint |
google::cloud::orgpolicy::v2::CustomConstraint const &
Required. Custom constraint to create. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::CustomConstraint > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.CustomConstraint) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateCustomConstraint(google::cloud::orgpolicy::v2::CreateCustomConstraintRequest const &, Options)
Creates a custom constraint.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the organization does not exist. Returns a google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the constraint already exists on the given organization.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::CreateCustomConstraintRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::CustomConstraint > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.CustomConstraint) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdateCustomConstraint(google::cloud::orgpolicy::v2::CustomConstraint const &, Options)
Updates a custom constraint.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint does not exist.
Note: the supplied policy will perform a full overwrite of all fields.
Parameters | |
---|---|
Name | Description |
custom_constraint |
google::cloud::orgpolicy::v2::CustomConstraint const &
Required. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::CustomConstraint > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.CustomConstraint) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdateCustomConstraint(google::cloud::orgpolicy::v2::UpdateCustomConstraintRequest const &, Options)
Updates a custom constraint.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint does not exist.
Note: the supplied policy will perform a full overwrite of all fields.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::UpdateCustomConstraintRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::CustomConstraint > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.CustomConstraint) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetCustomConstraint(std::string const &, Options)
Gets a custom constraint.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the custom constraint does not exist.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. Resource name of the custom constraint. See the custom constraint entry for naming requirements. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::CustomConstraint > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.CustomConstraint) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetCustomConstraint(google::cloud::orgpolicy::v2::GetCustomConstraintRequest const &, Options)
Gets a custom constraint.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the custom constraint does not exist.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::GetCustomConstraintRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::orgpolicy::v2::CustomConstraint > |
the result of the RPC. The response message type (google.cloud.orgpolicy.v2.CustomConstraint) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
ListCustomConstraints(std::string const &, Options)
Retrieves all of the custom constraints that exist on a particular organization resource.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The target Google Cloud resource that parents the set of custom constraints that will be returned from this call. Must be in one of the following forms:
|
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::CustomConstraint > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListCustomConstraints(google::cloud::orgpolicy::v2::ListCustomConstraintsRequest, Options)
Retrieves all of the custom constraints that exist on a particular organization resource.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::ListCustomConstraintsRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::orgpolicy::v2::CustomConstraint > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
DeleteCustomConstraint(std::string const &, Options)
Deletes a custom constraint.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint does not exist.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. Name of the custom constraint to delete. See the custom constraint entry for naming rules. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
Status |
a |
DeleteCustomConstraint(google::cloud::orgpolicy::v2::DeleteCustomConstraintRequest const &, Options)
Deletes a custom constraint.
Returns a google.rpc.Status
with google.rpc.Code.NOT_FOUND
if the constraint does not exist.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::orgpolicy::v2::DeleteCustomConstraintRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
Status |
a |