- 2.53.0 (latest)
- 2.52.0
- 2.51.0
- 2.49.0
- 2.48.0
- 2.47.0
- 2.46.0
- 2.45.0
- 2.44.0
- 2.43.0
- 2.42.0
- 2.41.0
- 2.40.0
- 2.39.0
- 2.37.0
- 2.36.0
- 2.35.0
- 2.34.0
- 2.33.0
- 2.32.0
- 2.31.0
- 2.30.0
- 2.29.0
- 2.28.0
- 2.27.0
- 2.24.0
- 2.23.0
- 2.22.0
- 2.21.0
- 2.20.0
- 2.19.0
- 2.18.0
- 2.17.0
- 2.16.0
- 2.15.0
- 2.14.0
- 2.13.0
- 2.12.0
- 2.11.0
- 2.9.0
- 2.8.0
- 2.7.0
- 2.6.0
- 2.5.0
- 2.4.0
- 2.3.7-SNAPSHOT
- 2.2.1
- 2.1.2
- 2.0.10
A client to Organization Policy API
The interfaces provided are listed below, along with usage samples.
OrgPolicyClient
Service Description: An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For example, you can
enforce a policy
that restricts which Google Cloud Platform APIs can be activated in a certain
part of your resource hierarchy, or prevents serial port access to VM instances in a particular
folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent
resource automatically applies to all its child resources unless overridden with a policy
lower
in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be controlled by an
organization's policy administrator. Policies
are a collection of constraints
that defines
their allowable configuration on a particular resource and its child resources.
Sample for OrgPolicyClient:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (OrgPolicyClient orgPolicyClient = OrgPolicyClient.create()) {
PolicyName name = PolicyName.ofProjectPolicyName("[PROJECT]", "[POLICY]");
Policy response = orgPolicyClient.getPolicy(name);
}
Classes
AlternatePolicySpec
Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
Protobuf type google.cloud.orgpolicy.v2.AlternatePolicySpec
AlternatePolicySpec.Builder
Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
Protobuf type google.cloud.orgpolicy.v2.AlternatePolicySpec
Constraint
A constraint
describes a way to restrict resource's configuration. For
example, you could enforce a constraint that controls which cloud services
can be activated across an organization, or whether a Compute Engine instance
can have serial port connections established. Constraints
can be configured
by the organization's policy administrator to fit the needs of the
organization by setting a policy
that includes constraints
at different
locations in the organization's resource hierarchy. Policies are inherited
down the resource hierarchy from higher levels, but can also be overridden.
For details about the inheritance rules please read about
policies
.
Constraints
have a default behavior determined by the constraint_default
field, which is the enforcement behavior that is used in the absence of a
policy
being defined or inherited for the resource in question.
Protobuf type google.cloud.orgpolicy.v2.Constraint
Constraint.BooleanConstraint
A Constraint
that is either enforced or not.
For example a constraint constraints/compute.disableSerialPortAccess
.
If it is enforced on a VM instance, serial port connections will not be
opened to that instance.
Protobuf type google.cloud.orgpolicy.v2.Constraint.BooleanConstraint
Constraint.BooleanConstraint.Builder
A Constraint
that is either enforced or not.
For example a constraint constraints/compute.disableSerialPortAccess
.
If it is enforced on a VM instance, serial port connections will not be
opened to that instance.
Protobuf type google.cloud.orgpolicy.v2.Constraint.BooleanConstraint
Constraint.Builder
A constraint
describes a way to restrict resource's configuration. For
example, you could enforce a constraint that controls which cloud services
can be activated across an organization, or whether a Compute Engine instance
can have serial port connections established. Constraints
can be configured
by the organization's policy administrator to fit the needs of the
organization by setting a policy
that includes constraints
at different
locations in the organization's resource hierarchy. Policies are inherited
down the resource hierarchy from higher levels, but can also be overridden.
For details about the inheritance rules please read about
policies
.
Constraints
have a default behavior determined by the constraint_default
field, which is the enforcement behavior that is used in the absence of a
policy
being defined or inherited for the resource in question.
Protobuf type google.cloud.orgpolicy.v2.Constraint
Constraint.ListConstraint
A Constraint
that allows or disallows a list of string values, which are
configured by an Organization's policy administrator with a Policy
.
Protobuf type google.cloud.orgpolicy.v2.Constraint.ListConstraint
Constraint.ListConstraint.Builder
A Constraint
that allows or disallows a list of string values, which are
configured by an Organization's policy administrator with a Policy
.
Protobuf type google.cloud.orgpolicy.v2.Constraint.ListConstraint
ConstraintName
ConstraintName.Builder
Builder for projects/{project}/constraints/{constraint}.
ConstraintName.FolderConstraintBuilder
Builder for folders/{folder}/constraints/{constraint}.
ConstraintName.OrganizationConstraintBuilder
Builder for organizations/{organization}/constraints/{constraint}.
ConstraintProto
CreatePolicyRequest
The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.
Protobuf type google.cloud.orgpolicy.v2.CreatePolicyRequest
CreatePolicyRequest.Builder
The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.
Protobuf type google.cloud.orgpolicy.v2.CreatePolicyRequest
DeletePolicyRequest
The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.
Protobuf type google.cloud.orgpolicy.v2.DeletePolicyRequest
DeletePolicyRequest.Builder
The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.
Protobuf type google.cloud.orgpolicy.v2.DeletePolicyRequest
FolderName
FolderName.Builder
Builder for folders/{folder}.
GetEffectivePolicyRequest
The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.
Protobuf type google.cloud.orgpolicy.v2.GetEffectivePolicyRequest
GetEffectivePolicyRequest.Builder
The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.
Protobuf type google.cloud.orgpolicy.v2.GetEffectivePolicyRequest
GetPolicyRequest
The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.
Protobuf type google.cloud.orgpolicy.v2.GetPolicyRequest
GetPolicyRequest.Builder
The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.
Protobuf type google.cloud.orgpolicy.v2.GetPolicyRequest
ListConstraintsRequest
The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
Protobuf type google.cloud.orgpolicy.v2.ListConstraintsRequest
ListConstraintsRequest.Builder
The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
Protobuf type google.cloud.orgpolicy.v2.ListConstraintsRequest
ListConstraintsResponse
The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
Protobuf type google.cloud.orgpolicy.v2.ListConstraintsResponse
ListConstraintsResponse.Builder
The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
Protobuf type google.cloud.orgpolicy.v2.ListConstraintsResponse
ListPoliciesRequest
The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.
Protobuf type google.cloud.orgpolicy.v2.ListPoliciesRequest
ListPoliciesRequest.Builder
The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.
Protobuf type google.cloud.orgpolicy.v2.ListPoliciesRequest
ListPoliciesResponse
The response returned from the [ListPolicies]
[google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty
if no Policies
are set on the resource.
Protobuf type google.cloud.orgpolicy.v2.ListPoliciesResponse
ListPoliciesResponse.Builder
The response returned from the [ListPolicies]
[google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty
if no Policies
are set on the resource.
Protobuf type google.cloud.orgpolicy.v2.ListPoliciesResponse
OrgPolicyClient
Service Description: An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For example, you can
enforce a policy
that restricts which Google Cloud Platform APIs can be activated in a certain
part of your resource hierarchy, or prevents serial port access to VM instances in a particular
folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent
resource automatically applies to all its child resources unless overridden with a policy
lower
in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be controlled by an
organization's policy administrator. Policies
are a collection of constraints
that defines
their allowable configuration on a particular resource and its child resources.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (OrgPolicyClient orgPolicyClient = OrgPolicyClient.create()) {
PolicyName name = PolicyName.ofProjectPolicyName("[PROJECT]", "[POLICY]");
Policy response = orgPolicyClient.getPolicy(name);
}
Note: close() needs to be called on the OrgPolicyClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
The surface of this class includes several types of Java methods for each of the API's methods:
- A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
- A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
- A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of OrgPolicySettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
OrgPolicySettings orgPolicySettings =
OrgPolicySettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
OrgPolicyClient orgPolicyClient = OrgPolicyClient.create(orgPolicySettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
OrgPolicySettings orgPolicySettings =
OrgPolicySettings.newBuilder().setEndpoint(myEndpoint).build();
OrgPolicyClient orgPolicyClient = OrgPolicyClient.create(orgPolicySettings);
To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
OrgPolicySettings orgPolicySettings = OrgPolicySettings.newHttpJsonBuilder().build();
OrgPolicyClient orgPolicyClient = OrgPolicyClient.create(orgPolicySettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
OrgPolicyClient.ListConstraintsFixedSizeCollection
OrgPolicyClient.ListConstraintsPage
OrgPolicyClient.ListConstraintsPagedResponse
OrgPolicyClient.ListPoliciesFixedSizeCollection
OrgPolicyClient.ListPoliciesPage
OrgPolicyClient.ListPoliciesPagedResponse
OrgPolicyGrpc
An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to
restrict the allowed configurations across their entire Cloud Resource
hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For
example, you can enforce a policy
that restricts which Google
Cloud Platform APIs can be activated in a certain part of your resource
hierarchy, or prevents serial port access to VM instances in a particular
folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent resource automatically applies to all its child resources
unless overridden with a policy
lower in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be
controlled by an organization's policy administrator. Policies
are a
collection of constraints
that defines their allowable configuration on a
particular resource and its child resources.
OrgPolicyGrpc.OrgPolicyBlockingStub
An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to
restrict the allowed configurations across their entire Cloud Resource
hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For
example, you can enforce a policy
that restricts which Google
Cloud Platform APIs can be activated in a certain part of your resource
hierarchy, or prevents serial port access to VM instances in a particular
folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent resource automatically applies to all its child resources
unless overridden with a policy
lower in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be
controlled by an organization's policy administrator. Policies
are a
collection of constraints
that defines their allowable configuration on a
particular resource and its child resources.
OrgPolicyGrpc.OrgPolicyFutureStub
An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to
restrict the allowed configurations across their entire Cloud Resource
hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For
example, you can enforce a policy
that restricts which Google
Cloud Platform APIs can be activated in a certain part of your resource
hierarchy, or prevents serial port access to VM instances in a particular
folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent resource automatically applies to all its child resources
unless overridden with a policy
lower in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be
controlled by an organization's policy administrator. Policies
are a
collection of constraints
that defines their allowable configuration on a
particular resource and its child resources.
OrgPolicyGrpc.OrgPolicyImplBase
An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to
restrict the allowed configurations across their entire Cloud Resource
hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For
example, you can enforce a policy
that restricts which Google
Cloud Platform APIs can be activated in a certain part of your resource
hierarchy, or prevents serial port access to VM instances in a particular
folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent resource automatically applies to all its child resources
unless overridden with a policy
lower in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be
controlled by an organization's policy administrator. Policies
are a
collection of constraints
that defines their allowable configuration on a
particular resource and its child resources.
OrgPolicyGrpc.OrgPolicyStub
An interface for managing organization policies.
The Cloud Org Policy service provides a simple mechanism for organizations to
restrict the allowed configurations across their entire Cloud Resource
hierarchy.
You can use a policy
to configure restrictions in Cloud resources. For
example, you can enforce a policy
that restricts which Google
Cloud Platform APIs can be activated in a certain part of your resource
hierarchy, or prevents serial port access to VM instances in a particular
folder.
Policies
are inherited down through the resource hierarchy. A policy
applied to a parent resource automatically applies to all its child resources
unless overridden with a policy
lower in the hierarchy.
A constraint
defines an aspect of a resource's configuration that can be
controlled by an organization's policy administrator. Policies
are a
collection of constraints
that defines their allowable configuration on a
particular resource and its child resources.
OrgPolicyProto
OrgPolicySettings
Settings class to configure an instance of OrgPolicyClient.
The default instance has everything set to sensible defaults:
- The default service address (orgpolicy.googleapis.com) and default port (443) are used.
- Credentials are acquired automatically through Application Default Credentials.
- Retries are configured for idempotent methods but not for non-idempotent methods.
The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.
For example, to set the total timeout of getPolicy to 30 seconds:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
OrgPolicySettings.Builder orgPolicySettingsBuilder = OrgPolicySettings.newBuilder();
orgPolicySettingsBuilder
.getPolicySettings()
.setRetrySettings(
orgPolicySettingsBuilder
.getPolicySettings()
.getRetrySettings()
.toBuilder()
.setTotalTimeout(Duration.ofSeconds(30))
.build());
OrgPolicySettings orgPolicySettings = orgPolicySettingsBuilder.build();
OrgPolicySettings.Builder
Builder for OrgPolicySettings.
OrganizationName
OrganizationName.Builder
Builder for organizations/{organization}.
Policy
Defines a Cloud Organization Policy
which is used to specify Constraints
for configurations of Cloud Platform resources.
Protobuf type google.cloud.orgpolicy.v2.Policy
Policy.Builder
Defines a Cloud Organization Policy
which is used to specify Constraints
for configurations of Cloud Platform resources.
Protobuf type google.cloud.orgpolicy.v2.Policy
PolicyName
PolicyName.Builder
Builder for projects/{project}/policies/{policy}.
PolicyName.FolderPolicyBuilder
Builder for folders/{folder}/policies/{policy}.
PolicyName.OrganizationPolicyBuilder
Builder for organizations/{organization}/policies/{policy}.
PolicySpec
Defines a Cloud Organization PolicySpec
which is used to specify
Constraints
for configurations of Cloud Platform resources.
Protobuf type google.cloud.orgpolicy.v2.PolicySpec
PolicySpec.Builder
Defines a Cloud Organization PolicySpec
which is used to specify
Constraints
for configurations of Cloud Platform resources.
Protobuf type google.cloud.orgpolicy.v2.PolicySpec
PolicySpec.PolicyRule
A rule used to express this policy.
Protobuf type google.cloud.orgpolicy.v2.PolicySpec.PolicyRule
PolicySpec.PolicyRule.Builder
A rule used to express this policy.
Protobuf type google.cloud.orgpolicy.v2.PolicySpec.PolicyRule
PolicySpec.PolicyRule.StringValues
A message that holds specific allowed and denied values.
This message can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (Organizations
, Folders
, Projects
) that
are allowed or denied. This is achieved by using the under:
and
optional is:
prefixes.
The under:
prefix is used to denote resource subtree values.
The is:
prefix is used to denote specific values, and is required only
if the value contains a ":". Values prefixed with "is:" are treated the
same as values with no prefix.
Ancestry subtrees must be in one of the following formats:
- "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- "folders/<folder-id>", e.g. "folders/1234"
- "organizations/<organization-id>", e.g. "organizations/1234"
The
supports_under
field of the associatedConstraint
defines whether ancestry prefixes can be used.
Protobuf type google.cloud.orgpolicy.v2.PolicySpec.PolicyRule.StringValues
PolicySpec.PolicyRule.StringValues.Builder
A message that holds specific allowed and denied values.
This message can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (Organizations
, Folders
, Projects
) that
are allowed or denied. This is achieved by using the under:
and
optional is:
prefixes.
The under:
prefix is used to denote resource subtree values.
The is:
prefix is used to denote specific values, and is required only
if the value contains a ":". Values prefixed with "is:" are treated the
same as values with no prefix.
Ancestry subtrees must be in one of the following formats:
- "projects/<project-id>", e.g. "projects/tokyo-rain-123"
- "folders/<folder-id>", e.g. "folders/1234"
- "organizations/<organization-id>", e.g. "organizations/1234"
The
supports_under
field of the associatedConstraint
defines whether ancestry prefixes can be used.
Protobuf type google.cloud.orgpolicy.v2.PolicySpec.PolicyRule.StringValues
ProjectName
ProjectName.Builder
Builder for projects/{project}.
UpdatePolicyRequest
The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.
Protobuf type google.cloud.orgpolicy.v2.UpdatePolicyRequest
UpdatePolicyRequest.Builder
The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.
Protobuf type google.cloud.orgpolicy.v2.UpdatePolicyRequest
Interfaces
AlternatePolicySpecOrBuilder
Constraint.BooleanConstraintOrBuilder
Constraint.ListConstraintOrBuilder
ConstraintOrBuilder
CreatePolicyRequestOrBuilder
DeletePolicyRequestOrBuilder
GetEffectivePolicyRequestOrBuilder
GetPolicyRequestOrBuilder
ListConstraintsRequestOrBuilder
ListConstraintsResponseOrBuilder
ListPoliciesRequestOrBuilder
ListPoliciesResponseOrBuilder
PolicyOrBuilder
PolicySpec.PolicyRule.StringValuesOrBuilder
PolicySpec.PolicyRuleOrBuilder
PolicySpecOrBuilder
UpdatePolicyRequestOrBuilder
Enums
Constraint.ConstraintDefault
Specifies the default behavior in the absence of any Policy
for the
Constraint
. This must not be CONSTRAINT_DEFAULT_UNSPECIFIED
.
Immutable after creation.
Protobuf enum google.cloud.orgpolicy.v2.Constraint.ConstraintDefault