OrganizationsAsyncClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Union[str, google.cloud.resourcemanager_v3.services.organizations.transports.base.OrganizationsTransport] = 'grpc_asyncio', client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Allows users to manage their organization resources.
Properties
transport
Returns the transport used by the client instance.
Type | Description |
OrganizationsTransport | The transport used by the client instance. |
Methods
OrganizationsAsyncClient
OrganizationsAsyncClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Union[str, google.cloud.resourcemanager_v3.services.organizations.transports.base.OrganizationsTransport] = 'grpc_asyncio', client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiates the organizations client.
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str,
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
ClientOptions
Custom options for the client. It won't take effect if a |
Type | Description |
google.auth.exceptions.MutualTlsChannelError | If mutual TLS transport creation failed for any reason. |
common_billing_account_path
common_billing_account_path(billing_account: str)
Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str)
Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str)
Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str)
Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str)
Returns a fully-qualified project string.
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
OrganizationsAsyncClient | The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)
Creates an instance of this client using the provided credentials info.
Name | Description |
info |
dict
The service account private key info. |
Type | Description |
OrganizationsAsyncClient | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
OrganizationsAsyncClient | The constructed client. |
get_iam_policy
get_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]] = None, *, resource: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets the access control policy for an organization resource. The
policy may be empty if no such policy or resource exists. The
resource
field should be the organization's resource name,
for example: "organizations/123".
Authorization requires the IAM permission
resourcemanager.organizations.getIamPolicy
on the specified
organization.
from google.cloud import resourcemanager_v3
from google.iam.v1 import iam_policy_pb2 # type: ignore
async def sample_get_iam_policy():
# Create a client
client = resourcemanager_v3.OrganizationsAsyncClient()
# Initialize request argument(s)
request = iam_policy_pb2.GetIamPolicyRequest(
resource="resource_value",
)
# Make the request
response = await client.get_iam_policy(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.iam.v1.policy_pb2.Policy | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="" }="" **yaml="" example:**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:" 3="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" documentation](\=""> |
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)
Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source
is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint
if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is "always", use the
default mTLS endpoint; if the environment variabel is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
Name | Description |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. Only the |
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If any errors happen. |
Type | Description |
Tuple[str, Callable[[], Tuple[bytes, bytes]]] | returns the API endpoint and the client cert source to use. |
get_organization
get_organization(request: Optional[Union[google.cloud.resourcemanager_v3.types.organizations.GetOrganizationRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Fetches an organization resource identified by the specified resource name.
from google.cloud import resourcemanager_v3
async def sample_get_organization():
# Create a client
client = resourcemanager_v3.OrganizationsAsyncClient()
# Initialize request argument(s)
request = resourcemanager_v3.GetOrganizationRequest(
name="name_value",
)
# Make the request
response = await client.get_organization(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.resourcemanager_v3.types.GetOrganizationRequest, dict]
The request object. The request sent to the |
name |
Required. The resource name of the Organization to fetch. This is the organization's relative path in the API, formatted as "organizations/[organizationId]". For example, "organizations/1234". This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.resourcemanager_v3.types.Organization | The root node in the resource hierarchy to which a particular entity's (a company, for example) resources belong. |
get_transport_class
get_transport_class()
Returns an appropriate transport class.
organization_path
organization_path(organization: str)
Returns a fully-qualified organization string.
parse_common_billing_account_path
parse_common_billing_account_path(path: str)
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str)
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str)
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str)
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str)
Parse a project path into its component segments.
parse_organization_path
parse_organization_path(path: str)
Parses a organization path into its component segments.
search_organizations
search_organizations(request: Optional[Union[google.cloud.resourcemanager_v3.types.organizations.SearchOrganizationsRequest, dict]] = None, *, query: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Searches organization resources that are visible to the user and satisfy the specified filter. This method returns organizations in an unspecified order. New organizations do not necessarily appear at the end of the results, and may take a small amount of time to appear.
Search will only return organizations on which the user has the
permission resourcemanager.organizations.get
from google.cloud import resourcemanager_v3
async def sample_search_organizations():
# Create a client
client = resourcemanager_v3.OrganizationsAsyncClient()
# Initialize request argument(s)
request = resourcemanager_v3.SearchOrganizationsRequest(
)
# Make the request
page_result = client.search_organizations(request=request)
# Handle the response
async for response in page_result:
print(response)
Name | Description |
request |
Union[google.cloud.resourcemanager_v3.types.SearchOrganizationsRequest, dict]
The request object. The request sent to the |
query |
Optional. An optional query string used to filter the Organizations to return in the response. Query rules are case-insensitive. :: Field Description |------------------|-------------------------------------------- directoryCustomerId, owner.directoryCustomerId Filters by directory customer id. domain Filters by domain. Organizations may be queried by |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.resourcemanager_v3.services.organizations.pagers.SearchOrganizationsAsyncPager | The response returned from the SearchOrganizations method. Iterating over this object will yield results and resolve additional pages automatically. |
set_iam_policy
set_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]] = None, *, resource: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Sets the access control policy on an organization resource.
Replaces any existing policy. The resource
field should be
the organization's resource name, for example:
"organizations/123".
Authorization requires the IAM permission
resourcemanager.organizations.setIamPolicy
on the specified
organization.
from google.cloud import resourcemanager_v3
from google.iam.v1 import iam_policy_pb2 # type: ignore
async def sample_set_iam_policy():
# Create a client
client = resourcemanager_v3.OrganizationsAsyncClient()
# Initialize request argument(s)
request = iam_policy_pb2.SetIamPolicyRequest(
resource="resource_value",
)
# Make the request
response = await client.set_iam_policy(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.iam.v1.policy_pb2.Policy | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="" }="" **yaml="" example:**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:" 3="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" documentation](\=""> |
test_iam_permissions
test_iam_permissions(request: Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]] = None, *, resource: Optional[str] = None, permissions: Optional[Sequence[str]] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Returns the permissions that a caller has on the specified
organization. The resource
field should be the
organization's resource name, for example: "organizations/123".
There are no permissions required for making this API call.
from google.cloud import resourcemanager_v3
from google.iam.v1 import iam_policy_pb2 # type: ignore
async def sample_test_iam_permissions():
# Create a client
client = resourcemanager_v3.OrganizationsAsyncClient()
# Initialize request argument(s)
request = iam_policy_pb2.TestIamPermissionsRequest(
resource="resource_value",
permissions=['permissions_value_1', 'permissions_value_2'],
)
# Make the request
response = await client.test_iam_permissions(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the |
permissions |
:class:
The set of permissions to check for the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse | Response message for TestIamPermissions method. |