Variables
Constraint_ConstraintDefault_name, Constraint_ConstraintDefault_value
var (
Constraint_ConstraintDefault_name = map[int32]string{
0: "CONSTRAINT_DEFAULT_UNSPECIFIED",
1: "ALLOW",
2: "DENY",
}
Constraint_ConstraintDefault_value = map[string]int32{
"CONSTRAINT_DEFAULT_UNSPECIFIED": 0,
"ALLOW": 1,
"DENY": 2,
}
)
Enum value maps for Constraint_ConstraintDefault.
File_google_cloud_orgpolicy_v2_constraint_proto
var File_google_cloud_orgpolicy_v2_constraint_proto protoreflect.FileDescriptor
File_google_cloud_orgpolicy_v2_orgpolicy_proto
var File_google_cloud_orgpolicy_v2_orgpolicy_proto protoreflect.FileDescriptor
Functions
func RegisterOrgPolicyServer
func RegisterOrgPolicyServer(s *grpc.Server, srv OrgPolicyServer)
AlternatePolicySpec
type AlternatePolicySpec struct {
// Reference to the launch that will be used while audit logging and to
// control the launch.
// Should be set only in the alternate policy.
Launch string `protobuf:"bytes,1,opt,name=launch,proto3" json:"launch,omitempty"`
// Specify `Constraint` for configurations of Cloud Platform resources.
Spec *PolicySpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"`
// contains filtered or unexported fields
}
Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
func (*AlternatePolicySpec) Descriptor
func (*AlternatePolicySpec) Descriptor() ([]byte, []int)
Deprecated: Use AlternatePolicySpec.ProtoReflect.Descriptor instead.
func (*AlternatePolicySpec) GetLaunch
func (x *AlternatePolicySpec) GetLaunch() string
func (*AlternatePolicySpec) GetSpec
func (x *AlternatePolicySpec) GetSpec() *PolicySpec
func (*AlternatePolicySpec) ProtoMessage
func (*AlternatePolicySpec) ProtoMessage()
func (*AlternatePolicySpec) ProtoReflect
func (x *AlternatePolicySpec) ProtoReflect() protoreflect.Message
func (*AlternatePolicySpec) Reset
func (x *AlternatePolicySpec) Reset()
func (*AlternatePolicySpec) String
func (x *AlternatePolicySpec) String() string
Constraint
type Constraint struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
DisplayName string `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
ConstraintDefault Constraint_ConstraintDefault "" /* 173 byte string literal not displayed */
ConstraintType isConstraint_ConstraintType `protobuf_oneof:"constraint_type"`
}
A constraint
describes a way to restrict resource's configuration. For
example, you could enforce a constraint that controls which cloud services
can be activated across an organization, or whether a Compute Engine instance
can have serial port connections established. Constraints
can be configured
by the organization's policy administrator to fit the needs of the
organization by setting a policy
that includes constraints
at different
locations in the organization's resource hierarchy. Policies are inherited
down the resource hierarchy from higher levels, but can also be overridden.
For details about the inheritance rules please read about
[policies
][google.cloud.OrgPolicy.v2.Policy].
Constraints
have a default behavior determined by the constraint_default
field, which is the enforcement behavior that is used in the absence of a
policy
being defined or inherited for the resource in question.
func (*Constraint) Descriptor
func (*Constraint) Descriptor() ([]byte, []int)
Deprecated: Use Constraint.ProtoReflect.Descriptor instead.
func (*Constraint) GetBooleanConstraint
func (x *Constraint) GetBooleanConstraint() *Constraint_BooleanConstraint
func (*Constraint) GetConstraintDefault
func (x *Constraint) GetConstraintDefault() Constraint_ConstraintDefault
func (*Constraint) GetConstraintType
func (m *Constraint) GetConstraintType() isConstraint_ConstraintType
func (*Constraint) GetDescription
func (x *Constraint) GetDescription() string
func (*Constraint) GetDisplayName
func (x *Constraint) GetDisplayName() string
func (*Constraint) GetListConstraint
func (x *Constraint) GetListConstraint() *Constraint_ListConstraint
func (*Constraint) GetName
func (x *Constraint) GetName() string
func (*Constraint) ProtoMessage
func (*Constraint) ProtoMessage()
func (*Constraint) ProtoReflect
func (x *Constraint) ProtoReflect() protoreflect.Message
func (*Constraint) Reset
func (x *Constraint) Reset()
func (*Constraint) String
func (x *Constraint) String() string
Constraint_BooleanConstraint
type Constraint_BooleanConstraint struct {
// contains filtered or unexported fields
}
A Constraint
that is either enforced or not.
For example a constraint constraints/compute.disableSerialPortAccess
.
If it is enforced on a VM instance, serial port connections will not be
opened to that instance.
func (*Constraint_BooleanConstraint) Descriptor
func (*Constraint_BooleanConstraint) Descriptor() ([]byte, []int)
Deprecated: Use Constraint_BooleanConstraint.ProtoReflect.Descriptor instead.
func (*Constraint_BooleanConstraint) ProtoMessage
func (*Constraint_BooleanConstraint) ProtoMessage()
func (*Constraint_BooleanConstraint) ProtoReflect
func (x *Constraint_BooleanConstraint) ProtoReflect() protoreflect.Message
func (*Constraint_BooleanConstraint) Reset
func (x *Constraint_BooleanConstraint) Reset()
func (*Constraint_BooleanConstraint) String
func (x *Constraint_BooleanConstraint) String() string
Constraint_BooleanConstraint_
type Constraint_BooleanConstraint_ struct {
// Defines this constraint as being a BooleanConstraint.
BooleanConstraint *Constraint_BooleanConstraint `protobuf:"bytes,6,opt,name=boolean_constraint,json=booleanConstraint,proto3,oneof"`
}
Constraint_ConstraintDefault
type Constraint_ConstraintDefault int32
Specifies the default behavior in the absence of any Policy
for the
Constraint
. This must not be CONSTRAINT_DEFAULT_UNSPECIFIED
.
Immutable after creation.
Constraint_CONSTRAINT_DEFAULT_UNSPECIFIED, Constraint_ALLOW, Constraint_DENY
const (
// This is only used for distinguishing unset values and should never be
// used.
Constraint_CONSTRAINT_DEFAULT_UNSPECIFIED Constraint_ConstraintDefault = 0
// Indicate that all values are allowed for list constraints.
// Indicate that enforcement is off for boolean constraints.
Constraint_ALLOW Constraint_ConstraintDefault = 1
// Indicate that all values are denied for list constraints.
// Indicate that enforcement is on for boolean constraints.
Constraint_DENY Constraint_ConstraintDefault = 2
)
func (Constraint_ConstraintDefault) Descriptor
func (Constraint_ConstraintDefault) Descriptor() protoreflect.EnumDescriptor
func (Constraint_ConstraintDefault) Enum
func (x Constraint_ConstraintDefault) Enum() *Constraint_ConstraintDefault
func (Constraint_ConstraintDefault) EnumDescriptor
func (Constraint_ConstraintDefault) EnumDescriptor() ([]byte, []int)
Deprecated: Use Constraint_ConstraintDefault.Descriptor instead.
func (Constraint_ConstraintDefault) Number
func (x Constraint_ConstraintDefault) Number() protoreflect.EnumNumber
func (Constraint_ConstraintDefault) String
func (x Constraint_ConstraintDefault) String() string
func (Constraint_ConstraintDefault) Type
func (Constraint_ConstraintDefault) Type() protoreflect.EnumType
Constraint_ListConstraint
type Constraint_ListConstraint struct {
// Indicates whether values grouped into categories can be used in
// `Policy.allowed_values` and `Policy.denied_values`. For example,
// `"in:Python"` would match any value in the 'Python' group.
SupportsIn bool `protobuf:"varint,1,opt,name=supports_in,json=supportsIn,proto3" json:"supports_in,omitempty"`
// Indicates whether subtrees of Cloud Resource Manager resource hierarchy
// can be used in `Policy.allowed_values` and `Policy.denied_values`. For
// example, `"under:folders/123"` would match any resource under the
// 'folders/123' folder.
SupportsUnder bool `protobuf:"varint,2,opt,name=supports_under,json=supportsUnder,proto3" json:"supports_under,omitempty"`
// contains filtered or unexported fields
}
A Constraint
that allows or disallows a list of string values, which are
configured by an Organization's policy administrator with a Policy
.
func (*Constraint_ListConstraint) Descriptor
func (*Constraint_ListConstraint) Descriptor() ([]byte, []int)
Deprecated: Use Constraint_ListConstraint.ProtoReflect.Descriptor instead.
func (*Constraint_ListConstraint) GetSupportsIn
func (x *Constraint_ListConstraint) GetSupportsIn() bool
func (*Constraint_ListConstraint) GetSupportsUnder
func (x *Constraint_ListConstraint) GetSupportsUnder() bool
func (*Constraint_ListConstraint) ProtoMessage
func (*Constraint_ListConstraint) ProtoMessage()
func (*Constraint_ListConstraint) ProtoReflect
func (x *Constraint_ListConstraint) ProtoReflect() protoreflect.Message
func (*Constraint_ListConstraint) Reset
func (x *Constraint_ListConstraint) Reset()
func (*Constraint_ListConstraint) String
func (x *Constraint_ListConstraint) String() string
Constraint_ListConstraint_
type Constraint_ListConstraint_ struct {
// Defines this constraint as being a ListConstraint.
ListConstraint *Constraint_ListConstraint `protobuf:"bytes,5,opt,name=list_constraint,json=listConstraint,proto3,oneof"`
}
CreatePolicyRequest
type CreatePolicyRequest struct {
// Required. The Cloud resource that will parent the new Policy. Must be in
// one of the following forms:
// * `projects/{project_number}`
// * `projects/{project_id}`
// * `folders/{folder_id}`
// * `organizations/{organization_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. `Policy` to create.
Policy *Policy `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.
func (*CreatePolicyRequest) Descriptor
func (*CreatePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreatePolicyRequest.ProtoReflect.Descriptor instead.
func (*CreatePolicyRequest) GetParent
func (x *CreatePolicyRequest) GetParent() string
func (*CreatePolicyRequest) GetPolicy
func (x *CreatePolicyRequest) GetPolicy() *Policy
func (*CreatePolicyRequest) ProtoMessage
func (*CreatePolicyRequest) ProtoMessage()
func (*CreatePolicyRequest) ProtoReflect
func (x *CreatePolicyRequest) ProtoReflect() protoreflect.Message
func (*CreatePolicyRequest) Reset
func (x *CreatePolicyRequest) Reset()
func (*CreatePolicyRequest) String
func (x *CreatePolicyRequest) String() string
DeletePolicyRequest
type DeletePolicyRequest struct {
// Required. Name of the policy to delete.
// See `Policy` for naming rules.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.
func (*DeletePolicyRequest) Descriptor
func (*DeletePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeletePolicyRequest.ProtoReflect.Descriptor instead.
func (*DeletePolicyRequest) GetName
func (x *DeletePolicyRequest) GetName() string
func (*DeletePolicyRequest) ProtoMessage
func (*DeletePolicyRequest) ProtoMessage()
func (*DeletePolicyRequest) ProtoReflect
func (x *DeletePolicyRequest) ProtoReflect() protoreflect.Message
func (*DeletePolicyRequest) Reset
func (x *DeletePolicyRequest) Reset()
func (*DeletePolicyRequest) String
func (x *DeletePolicyRequest) String() string
GetEffectivePolicyRequest
type GetEffectivePolicyRequest struct {
// Required. The effective policy to compute. See `Policy` for naming rules.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.
func (*GetEffectivePolicyRequest) Descriptor
func (*GetEffectivePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetEffectivePolicyRequest.ProtoReflect.Descriptor instead.
func (*GetEffectivePolicyRequest) GetName
func (x *GetEffectivePolicyRequest) GetName() string
func (*GetEffectivePolicyRequest) ProtoMessage
func (*GetEffectivePolicyRequest) ProtoMessage()
func (*GetEffectivePolicyRequest) ProtoReflect
func (x *GetEffectivePolicyRequest) ProtoReflect() protoreflect.Message
func (*GetEffectivePolicyRequest) Reset
func (x *GetEffectivePolicyRequest) Reset()
func (*GetEffectivePolicyRequest) String
func (x *GetEffectivePolicyRequest) String() string
GetPolicyRequest
type GetPolicyRequest struct {
// Required. Resource name of the policy. See `Policy` for naming
// requirements.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.
func (*GetPolicyRequest) Descriptor
func (*GetPolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetPolicyRequest) GetName
func (x *GetPolicyRequest) GetName() string
func (*GetPolicyRequest) ProtoMessage
func (*GetPolicyRequest) ProtoMessage()
func (*GetPolicyRequest) ProtoReflect
func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message
func (*GetPolicyRequest) Reset
func (x *GetPolicyRequest) Reset()
func (*GetPolicyRequest) String
func (x *GetPolicyRequest) String() string
ListConstraintsRequest
type ListConstraintsRequest struct {
// Required. The Cloud resource that parents the constraint. Must be in one of
// the following forms:
// * `projects/{project_number}`
// * `projects/{project_id}`
// * `folders/{folder_id}`
// * `organizations/{organization_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Size of the pages to be returned. This is currently unsupported and will
// be ignored. The server may at any point start using this field to limit
// page size.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Page token used to retrieve the next page. This is currently unsupported
// and will be ignored. The server may at any point start using this field.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
func (*ListConstraintsRequest) Descriptor
func (*ListConstraintsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListConstraintsRequest.ProtoReflect.Descriptor instead.
func (*ListConstraintsRequest) GetPageSize
func (x *ListConstraintsRequest) GetPageSize() int32
func (*ListConstraintsRequest) GetPageToken
func (x *ListConstraintsRequest) GetPageToken() string
func (*ListConstraintsRequest) GetParent
func (x *ListConstraintsRequest) GetParent() string
func (*ListConstraintsRequest) ProtoMessage
func (*ListConstraintsRequest) ProtoMessage()
func (*ListConstraintsRequest) ProtoReflect
func (x *ListConstraintsRequest) ProtoReflect() protoreflect.Message
func (*ListConstraintsRequest) Reset
func (x *ListConstraintsRequest) Reset()
func (*ListConstraintsRequest) String
func (x *ListConstraintsRequest) String() string
ListConstraintsResponse
type ListConstraintsResponse struct {
// The collection of constraints that are available on the targeted resource.
Constraints []*Constraint `protobuf:"bytes,1,rep,name=constraints,proto3" json:"constraints,omitempty"`
// Page token used to retrieve the next page. This is currently not used.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
func (*ListConstraintsResponse) Descriptor
func (*ListConstraintsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListConstraintsResponse.ProtoReflect.Descriptor instead.
func (*ListConstraintsResponse) GetConstraints
func (x *ListConstraintsResponse) GetConstraints() []*Constraint
func (*ListConstraintsResponse) GetNextPageToken
func (x *ListConstraintsResponse) GetNextPageToken() string
func (*ListConstraintsResponse) ProtoMessage
func (*ListConstraintsResponse) ProtoMessage()
func (*ListConstraintsResponse) ProtoReflect
func (x *ListConstraintsResponse) ProtoReflect() protoreflect.Message
func (*ListConstraintsResponse) Reset
func (x *ListConstraintsResponse) Reset()
func (*ListConstraintsResponse) String
func (x *ListConstraintsResponse) String() string
ListPoliciesRequest
type ListPoliciesRequest struct {
// Required. The target Cloud resource that parents the set of constraints and
// policies that will be returned from this call. Must be in one of the
// following forms:
// * `projects/{project_number}`
// * `projects/{project_id}`
// * `folders/{folder_id}`
// * `organizations/{organization_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Size of the pages to be returned. This is currently unsupported and will
// be ignored. The server may at any point start using this field to limit
// page size.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Page token used to retrieve the next page. This is currently unsupported
// and will be ignored. The server may at any point start using this field.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.
func (*ListPoliciesRequest) Descriptor
func (*ListPoliciesRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListPoliciesRequest.ProtoReflect.Descriptor instead.
func (*ListPoliciesRequest) GetPageSize
func (x *ListPoliciesRequest) GetPageSize() int32
func (*ListPoliciesRequest) GetPageToken
func (x *ListPoliciesRequest) GetPageToken() string
func (*ListPoliciesRequest) GetParent
func (x *ListPoliciesRequest) GetParent() string
func (*ListPoliciesRequest) ProtoMessage
func (*ListPoliciesRequest) ProtoMessage()
func (*ListPoliciesRequest) ProtoReflect
func (x *ListPoliciesRequest) ProtoReflect() protoreflect.Message
func (*ListPoliciesRequest) Reset
func (x *ListPoliciesRequest) Reset()
func (*ListPoliciesRequest) String
func (x *ListPoliciesRequest) String() string
ListPoliciesResponse
type ListPoliciesResponse struct {
// All `Policies` that exist on the resource. It will be empty if no
// `Policies` are set.
Policies []*Policy `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
// Page token used to retrieve the next page. This is currently not used, but
// the server may at any point start supplying a valid token.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The response returned from the [ListPolicies]
[google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty
if no Policies
are set on the resource.
func (*ListPoliciesResponse) Descriptor
func (*ListPoliciesResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListPoliciesResponse.ProtoReflect.Descriptor instead.
func (*ListPoliciesResponse) GetNextPageToken
func (x *ListPoliciesResponse) GetNextPageToken() string
func (*ListPoliciesResponse) GetPolicies
func (x *ListPoliciesResponse) GetPolicies() []*Policy
func (*ListPoliciesResponse) ProtoMessage
func (*ListPoliciesResponse) ProtoMessage()
func (*ListPoliciesResponse) ProtoReflect
func (x *ListPoliciesResponse) ProtoReflect() protoreflect.Message
func (*ListPoliciesResponse) Reset
func (x *ListPoliciesResponse) Reset()
func (*ListPoliciesResponse) String
func (x *ListPoliciesResponse) String() string
OrgPolicyClient
type OrgPolicyClient interface {
// Lists `Constraints` that could be applied on the specified resource.
ListConstraints(ctx context.Context, in *ListConstraintsRequest, opts ...grpc.CallOption) (*ListConstraintsResponse, error)
// Retrieves all of the `Policies` that exist on a particular resource.
ListPolicies(ctx context.Context, in *ListPoliciesRequest, opts ...grpc.CallOption) (*ListPoliciesResponse, error)
// Gets a `Policy` on a resource.
//
// If no `Policy` is set on the resource, NOT_FOUND is returned. The
// `etag` value can be used with `UpdatePolicy()` to update a
// `Policy` during read-modify-write.
GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Gets the effective `Policy` on a resource. This is the result of merging
// `Policies` in the resource hierarchy and evaluating conditions. The
// returned `Policy` will not have an `etag` or `condition` set because it is
// a computed `Policy` across multiple resources.
// Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
// not be expanded.
GetEffectivePolicy(ctx context.Context, in *GetEffectivePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Creates a Policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint does not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
// policy already exists on the given Cloud resource.
CreatePolicy(ctx context.Context, in *CreatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Updates a Policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint or the policy do not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag
// supplied in the request does not match the persisted etag of the policy
//
// Note: the supplied policy will perform a full overwrite of all
// fields.
UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Deletes a Policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint or Org Policy does not exist.
DeletePolicy(ctx context.Context, in *DeletePolicyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
}
OrgPolicyClient is the client API for OrgPolicy service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewOrgPolicyClient
func NewOrgPolicyClient(cc grpc.ClientConnInterface) OrgPolicyClient
OrgPolicyServer
type OrgPolicyServer interface {
// Lists `Constraints` that could be applied on the specified resource.
ListConstraints(context.Context, *ListConstraintsRequest) (*ListConstraintsResponse, error)
// Retrieves all of the `Policies` that exist on a particular resource.
ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error)
// Gets a `Policy` on a resource.
//
// If no `Policy` is set on the resource, NOT_FOUND is returned. The
// `etag` value can be used with `UpdatePolicy()` to update a
// `Policy` during read-modify-write.
GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
// Gets the effective `Policy` on a resource. This is the result of merging
// `Policies` in the resource hierarchy and evaluating conditions. The
// returned `Policy` will not have an `etag` or `condition` set because it is
// a computed `Policy` across multiple resources.
// Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
// not be expanded.
GetEffectivePolicy(context.Context, *GetEffectivePolicyRequest) (*Policy, error)
// Creates a Policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint does not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
// policy already exists on the given Cloud resource.
CreatePolicy(context.Context, *CreatePolicyRequest) (*Policy, error)
// Updates a Policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint or the policy do not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag
// supplied in the request does not match the persisted etag of the policy
//
// Note: the supplied policy will perform a full overwrite of all
// fields.
UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
// Deletes a Policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint or Org Policy does not exist.
DeletePolicy(context.Context, *DeletePolicyRequest) (*emptypb.Empty, error)
}
OrgPolicyServer is the server API for OrgPolicy service.
Policy
type Policy struct {
// Immutable. The resource name of the Policy. Must be one of the following
// forms, where constraint_name is the name of the constraint which this
// Policy configures:
// * `projects/{project_number}/policies/{constraint_name}`
// * `folders/{folder_id}/policies/{constraint_name}`
// * `organizations/{organization_id}/policies/{constraint_name}`
//
// For example, "projects/123/policies/compute.disableSerialPortAccess".
//
// Note: `projects/{project_id}/policies/{constraint_name}` is also an
// acceptable name for API requests, but responses will return the name using
// the equivalent project number.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Basic information about the Organization Policy.
Spec *PolicySpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"`
// Deprecated.
//
// Deprecated: Marked as deprecated in google/cloud/orgpolicy/v2/orgpolicy.proto.
Alternate *AlternatePolicySpec `protobuf:"bytes,3,opt,name=alternate,proto3" json:"alternate,omitempty"`
// dry-run policy.
// Audit-only policy, can be used to monitor how the policy would have
// impacted the existing and future resources if it's enforced.
DryRunSpec *PolicySpec `protobuf:"bytes,4,opt,name=dry_run_spec,json=dryRunSpec,proto3" json:"dry_run_spec,omitempty"`
// contains filtered or unexported fields
}
Defines a Cloud Organization Policy
which is used to specify Constraints
for configurations of Cloud Platform resources.
func (*Policy) Descriptor
Deprecated: Use Policy.ProtoReflect.Descriptor instead.
func (*Policy) GetAlternate
func (x *Policy) GetAlternate() *AlternatePolicySpec
Deprecated: Marked as deprecated in google/cloud/orgpolicy/v2/orgpolicy.proto.
func (*Policy) GetDryRunSpec
func (x *Policy) GetDryRunSpec() *PolicySpec
func (*Policy) GetName
func (*Policy) GetSpec
func (x *Policy) GetSpec() *PolicySpec
func (*Policy) ProtoMessage
func (*Policy) ProtoMessage()
func (*Policy) ProtoReflect
func (x *Policy) ProtoReflect() protoreflect.Message
func (*Policy) Reset
func (x *Policy) Reset()
func (*Policy) String
PolicySpec
type PolicySpec struct {
// An opaque tag indicating the current version of the `Policy`, used for
// concurrency control.
//
// This field is ignored if used in a `CreatePolicy` request.
//
// When the `Policy` is returned from either a `GetPolicy` or a
// `ListPolicies` request, this `etag` indicates the version of the
// current `Policy` to use when executing a read-modify-write loop.
//
// When the `Policy` is returned from a `GetEffectivePolicy` request, the
// `etag` will be unset.
Etag string `protobuf:"bytes,1,opt,name=etag,proto3" json:"etag,omitempty"`
// Output only. The time stamp this was previously updated. This
// represents the last time a call to `CreatePolicy` or `UpdatePolicy` was
// made for that `Policy`.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Up to 10 PolicyRules are allowed.
//
// In Policies for boolean constraints, the following requirements apply:
// - There must be one and only one PolicyRule where condition is unset.
// - BooleanPolicyRules with conditions must set `enforced` to the opposite
// of the PolicyRule without a condition.
// - During policy evaluation, PolicyRules with conditions that are
// true for a target resource take precedence.
Rules []*PolicySpec_PolicyRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
// Determines the inheritance behavior for this `Policy`.
//
// If `inherit_from_parent` is true, PolicyRules set higher up in the
// hierarchy (up to the closest root) are inherited and present in the
// effective policy. If it is false, then no rules are inherited, and this
// Policy becomes the new root for evaluation.
// This field can be set only for Policies which configure list constraints.
InheritFromParent bool `protobuf:"varint,4,opt,name=inherit_from_parent,json=inheritFromParent,proto3" json:"inherit_from_parent,omitempty"`
// Ignores policies set above this resource and restores the
// `constraint_default` enforcement behavior of the specific `Constraint` at
// this resource.
// This field can be set in policies for either list or boolean
// constraints. If set, `rules` must be empty and `inherit_from_parent`
// must be set to false.
Reset_ bool `protobuf:"varint,5,opt,name=reset,proto3" json:"reset,omitempty"`
// contains filtered or unexported fields
}
Defines a Cloud Organization PolicySpec
which is used to specify
Constraints
for configurations of Cloud Platform resources.
func (*PolicySpec) Descriptor
func (*PolicySpec) Descriptor() ([]byte, []int)
Deprecated: Use PolicySpec.ProtoReflect.Descriptor instead.
func (*PolicySpec) GetEtag
func (x *PolicySpec) GetEtag() string
func (*PolicySpec) GetInheritFromParent
func (x *PolicySpec) GetInheritFromParent() bool
func (*PolicySpec) GetReset_
func (x *PolicySpec) GetReset_() bool
func (*PolicySpec) GetRules
func (x *PolicySpec) GetRules() []*PolicySpec_PolicyRule
func (*PolicySpec) GetUpdateTime
func (x *PolicySpec) GetUpdateTime() *timestamppb.Timestamp
func (*PolicySpec) ProtoMessage
func (*PolicySpec) ProtoMessage()
func (*PolicySpec) ProtoReflect
func (x *PolicySpec) ProtoReflect() protoreflect.Message
func (*PolicySpec) Reset
func (x *PolicySpec) Reset()
func (*PolicySpec) String
func (x *PolicySpec) String() string
PolicySpec_PolicyRule
type PolicySpec_PolicyRule struct {
// Types that are assignable to Kind:
// *PolicySpec_PolicyRule_Values
// *PolicySpec_PolicyRule_AllowAll
// *PolicySpec_PolicyRule_DenyAll
// *PolicySpec_PolicyRule_Enforce
Kind isPolicySpec_PolicyRule_Kind `protobuf_oneof:"kind"`
// A condition which determines whether this rule is used
// in the evaluation of the policy. When set, the `expression` field in
// the `Expr' must include from 1 to 10 subexpressions, joined by the "||"
// or "&&" operators. Each subexpression must be of the form
// "resource.matchTag('
A rule used to express this policy.
func (*PolicySpec_PolicyRule) Descriptor
func (*PolicySpec_PolicyRule) Descriptor() ([]byte, []int)
Deprecated: Use PolicySpec_PolicyRule.ProtoReflect.Descriptor instead.
func (*PolicySpec_PolicyRule) GetAllowAll
func (x *PolicySpec_PolicyRule) GetAllowAll() bool
func (*PolicySpec_PolicyRule) GetCondition
func (x *PolicySpec_PolicyRule) GetCondition() *expr.Expr
func (*PolicySpec_PolicyRule) GetDenyAll
func (x *PolicySpec_PolicyRule) GetDenyAll() bool
func (*PolicySpec_PolicyRule) GetEnforce
func (x *PolicySpec_PolicyRule) GetEnforce() bool
func (*PolicySpec_PolicyRule) GetKind
func (m *PolicySpec_PolicyRule) GetKind() isPolicySpec_PolicyRule_Kind
func (*PolicySpec_PolicyRule) GetValues
func (x *PolicySpec_PolicyRule) GetValues() *PolicySpec_PolicyRule_StringValues
func (*PolicySpec_PolicyRule) ProtoMessage
func (*PolicySpec_PolicyRule) ProtoMessage()
func (*PolicySpec_PolicyRule) ProtoReflect
func (x *PolicySpec_PolicyRule) ProtoReflect() protoreflect.Message
func (*PolicySpec_PolicyRule) Reset
func (x *PolicySpec_PolicyRule) Reset()
func (*PolicySpec_PolicyRule) String
func (x *PolicySpec_PolicyRule) String() string
PolicySpec_PolicyRule_AllowAll
type PolicySpec_PolicyRule_AllowAll struct {
// Setting this to true means that all values are allowed. This field can
// be set only in Policies for list constraints.
AllowAll bool `protobuf:"varint,2,opt,name=allow_all,json=allowAll,proto3,oneof"`
}
PolicySpec_PolicyRule_DenyAll
type PolicySpec_PolicyRule_DenyAll struct {
// Setting this to true means that all values are denied. This field can
// be set only in Policies for list constraints.
DenyAll bool `protobuf:"varint,3,opt,name=deny_all,json=denyAll,proto3,oneof"`
}
PolicySpec_PolicyRule_Enforce
type PolicySpec_PolicyRule_Enforce struct {
// If `true`, then the `Policy` is enforced. If `false`, then any
// configuration is acceptable.
// This field can be set only in Policies for boolean constraints.
Enforce bool `protobuf:"varint,4,opt,name=enforce,proto3,oneof"`
}
PolicySpec_PolicyRule_StringValues
type PolicySpec_PolicyRule_StringValues struct {
// List of values allowed at this resource.
AllowedValues []string `protobuf:"bytes,1,rep,name=allowed_values,json=allowedValues,proto3" json:"allowed_values,omitempty"`
// List of values denied at this resource.
DeniedValues []string `protobuf:"bytes,2,rep,name=denied_values,json=deniedValues,proto3" json:"denied_values,omitempty"`
// contains filtered or unexported fields
}
A message that holds specific allowed and denied values.
This message can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (Organizations
, Folders
, Projects
) that
are allowed or denied. This is achieved by using the under:
and
optional is:
prefixes.
The under:
prefix is used to denote resource subtree values.
The is:
prefix is used to denote specific values, and is required only
if the value contains a ":". Values prefixed with "is:" are treated the
same as values with no prefix.
Ancestry subtrees must be in one of the following formats:
- "projects/
- "folders/
- "organizations/
The supports_under
field of the associated Constraint
defines
whether ancestry prefixes can be used.
func (*PolicySpec_PolicyRule_StringValues) Descriptor
func (*PolicySpec_PolicyRule_StringValues) Descriptor() ([]byte, []int)
Deprecated: Use PolicySpec_PolicyRule_StringValues.ProtoReflect.Descriptor instead.
func (*PolicySpec_PolicyRule_StringValues) GetAllowedValues
func (x *PolicySpec_PolicyRule_StringValues) GetAllowedValues() []string
func (*PolicySpec_PolicyRule_StringValues) GetDeniedValues
func (x *PolicySpec_PolicyRule_StringValues) GetDeniedValues() []string
func (*PolicySpec_PolicyRule_StringValues) ProtoMessage
func (*PolicySpec_PolicyRule_StringValues) ProtoMessage()
func (*PolicySpec_PolicyRule_StringValues) ProtoReflect
func (x *PolicySpec_PolicyRule_StringValues) ProtoReflect() protoreflect.Message
func (*PolicySpec_PolicyRule_StringValues) Reset
func (x *PolicySpec_PolicyRule_StringValues) Reset()
func (*PolicySpec_PolicyRule_StringValues) String
func (x *PolicySpec_PolicyRule_StringValues) String() string
PolicySpec_PolicyRule_Values
type PolicySpec_PolicyRule_Values struct {
// List of values to be used for this PolicyRule. This field can be set
// only in Policies for list constraints.
Values *PolicySpec_PolicyRule_StringValues `protobuf:"bytes,1,opt,name=values,proto3,oneof"`
}
UnimplementedOrgPolicyServer
type UnimplementedOrgPolicyServer struct {
}
UnimplementedOrgPolicyServer can be embedded to have forward compatible implementations.
func (*UnimplementedOrgPolicyServer) CreatePolicy
func (*UnimplementedOrgPolicyServer) CreatePolicy(context.Context, *CreatePolicyRequest) (*Policy, error)
func (*UnimplementedOrgPolicyServer) DeletePolicy
func (*UnimplementedOrgPolicyServer) DeletePolicy(context.Context, *DeletePolicyRequest) (*emptypb.Empty, error)
func (*UnimplementedOrgPolicyServer) GetEffectivePolicy
func (*UnimplementedOrgPolicyServer) GetEffectivePolicy(context.Context, *GetEffectivePolicyRequest) (*Policy, error)
func (*UnimplementedOrgPolicyServer) GetPolicy
func (*UnimplementedOrgPolicyServer) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
func (*UnimplementedOrgPolicyServer) ListConstraints
func (*UnimplementedOrgPolicyServer) ListConstraints(context.Context, *ListConstraintsRequest) (*ListConstraintsResponse, error)
func (*UnimplementedOrgPolicyServer) ListPolicies
func (*UnimplementedOrgPolicyServer) ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error)
func (*UnimplementedOrgPolicyServer) UpdatePolicy
func (*UnimplementedOrgPolicyServer) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
UpdatePolicyRequest
type UpdatePolicyRequest struct {
// Required. `Policy` to update.
Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
// Field mask used to specify the fields to be overwritten in the policy
// by the set. The fields specified in the update_mask are relative to the
// policy, not the full request.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.
func (*UpdatePolicyRequest) Descriptor
func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdatePolicyRequest) GetPolicy
func (x *UpdatePolicyRequest) GetPolicy() *Policy
func (*UpdatePolicyRequest) GetUpdateMask
func (x *UpdatePolicyRequest) GetUpdateMask() *fieldmaskpb.FieldMask
func (*UpdatePolicyRequest) ProtoMessage
func (*UpdatePolicyRequest) ProtoMessage()
func (*UpdatePolicyRequest) ProtoReflect
func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message
func (*UpdatePolicyRequest) Reset
func (x *UpdatePolicyRequest) Reset()
func (*UpdatePolicyRequest) String
func (x *UpdatePolicyRequest) String() string