Organization Policy v2 API - Namespace Google.Cloud.OrgPolicy.V2 (2.2.0)



Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.


A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization's policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about [policies][].

Constraints have a default behavior determined by the constraint_default field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.


Container for nested types declared in the Constraint message type.


A Constraint that is either enforced or not.

For example a constraint constraints/compute.disableSerialPortAccess. If it is enforced on a VM instance, serial port connections will not be opened to that instance.


A Constraint that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a Policy.


Resource name for the Constraint resource.


The request sent to the [CreatePolicyRequest] [] method.


The request sent to the [DeletePolicy] [] method.


The request sent to the [GetEffectivePolicy] [] method.


The request sent to the [GetPolicy] [] method.


The request sent to the [ListConstraints] [] method.


The response returned from the [ListConstraints] [] method.


The request sent to the [ListPolicies] [] method.


The response returned from the [ListPolicies] [] method. It will be empty if no Policies are set on the resource.


An interface for managing organization policies.

The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.

You can use a policy to configure restrictions in Cloud resources. For example, you can enforce a policy that restricts which Google Cloud Platform APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.


Base class for server-side implementations of OrgPolicy


Client for OrgPolicy


OrgPolicy client wrapper, for convenient use.


Builder class for OrgPolicyClient to provide simple configuration of credentials, endpoint etc.


OrgPolicy client wrapper implementation, for convenient use.


Settings for OrgPolicyClient instances.


Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.


Resource name for the Policy resource.


Defines a Cloud Organization PolicySpec which is used to specify Constraints for configurations of Cloud Platform resources.


Container for nested types declared in the PolicySpec message type.


A rule used to express this policy.


Container for nested types declared in the PolicyRule message type.


A message that holds specific allowed and denied values. This message can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

  • "projects/<project-id>", e.g. "projects/tokyo-rain-123"
  • "folders/<folder-id>", e.g. "folders/1234"
  • "organizations/<organization-id>", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used.


The request sent to the [UpdatePolicyRequest] [] method.



Enum of possible cases for the "constraint_type" oneof.


Specifies the default behavior in the absence of any Policy for the Constraint. This must not be CONSTRAINT_DEFAULT_UNSPECIFIED.

Immutable after creation.


The possible contents of ConstraintName.


The possible contents of PolicyName.


Enum of possible cases for the "kind" oneof.