PolicyTagManagerClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.datacatalog_v1.services.policy_tag_manager.transports.base.PolicyTagManagerTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Policy Tag Manager API service allows clients to manage their policy tags and taxonomies.
Policy tags are used to tag BigQuery columns and apply additional access control policies. A taxonomy is a hierarchical grouping of policy tags that classify data along a common axis.
Properties
transport
Returns the transport used by the client instance.
Returns | |
---|---|
Type | Description |
PolicyTagManagerTransport | The transport used by the client instance. |
Methods
PolicyTagManagerClient
PolicyTagManagerClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.datacatalog_v1.services.policy_tag_manager.transports.base.PolicyTagManagerTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiates the policy tag manager client.
Parameters | |
---|---|
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str, PolicyTagManagerTransport]
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. It won't take effect if a |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. |
common_billing_account_path
common_billing_account_path(billing_account: str)
Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str)
Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str)
Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str)
Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str)
Returns a fully-qualified project string.
create_policy_tag
create_policy_tag(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.CreatePolicyTagRequest] = None, *, parent: Optional[str] = None, policy_tag: Optional[google.cloud.datacatalog_v1.types.policytagmanager.PolicyTag] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a policy tag in a taxonomy.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.CreatePolicyTagRequest
The request object. Request message for CreatePolicyTag. |
parent |
str
Required. Resource name of the taxonomy that the policy tag will belong to. This corresponds to the |
policy_tag |
google.cloud.datacatalog_v1.types.PolicyTag
The policy tag to be created. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.datacatalog_v1.types.PolicyTag | Denotes one policy tag in a taxonomy (e.g. ssn). Policy tags can be defined in a hierarchy. For example, consider the following hierarchy: :literal:\ + Geolocation + LatLong + City + ZipCode\ \ Policy tag "Geolocation" contains 3 child policy tags: "LatLong", "City", and "ZipCode". |
create_taxonomy
create_taxonomy(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.CreateTaxonomyRequest] = None, *, parent: Optional[str] = None, taxonomy: Optional[google.cloud.datacatalog_v1.types.policytagmanager.Taxonomy] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a taxonomy in a specified project. The taxonomy is initially empty, i.e., does not contain policy tags.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.CreateTaxonomyRequest
The request object. Request message for CreateTaxonomy. |
parent |
str
Required. Resource name of the project that the taxonomy will belong to. This corresponds to the |
taxonomy |
google.cloud.datacatalog_v1.types.Taxonomy
The taxonomy to be created. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.datacatalog_v1.types.Taxonomy | A taxonomy is a collection of hierarchical policy tags that classify data along a common axis. For instance a "data sensitivity" taxonomy could contain the following policy tags: :literal:\ + PII + Account number + Age + SSN + Zipcode + Financials + Revenue\ \ A "data origin" taxonomy could contain the following policy tags: :literal:\ + User data + Employee data + Partner data + Public data\ \ |
delete_policy_tag
delete_policy_tag(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.DeletePolicyTagRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Deletes a policy tag. This method also deletes:
- all of its descendant policy tags, if any
- the policies associated with the policy tag and its descendants
- references from BigQuery table schema of the policy tag and its descendants.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.DeletePolicyTagRequest
The request object. Request message for DeletePolicyTag. |
name |
str
Required. Resource name of the policy tag to be deleted. All of its descendant policy tags will also be deleted. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
delete_taxonomy
delete_taxonomy(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.DeleteTaxonomyRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Deletes a taxonomy. This method will also delete all policy tags in this taxonomy, their associated policies, and the policy tags references from BigQuery columns.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.DeleteTaxonomyRequest
The request object. Request message for DeleteTaxonomy. |
name |
str
Required. Resource name of the taxonomy to be deleted. All policy tags in this taxonomy will also be deleted. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
PolicyTagManagerClient | The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)
Creates an instance of this client using the provided credentials info.
Parameter | |
---|---|
Name | Description |
info |
dict
The service account private key info. |
Returns | |
---|---|
Type | Description |
PolicyTagManagerClient | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
PolicyTagManagerClient | The constructed client. |
get_iam_policy
get_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest] = None, *, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets the IAM policy for a policy tag or a taxonomy.
Parameters | |
---|---|
Name | Description |
request |
google.iam.v1.iam_policy_pb2.GetIamPolicyRequest
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.iam.v1.policy_pb2.Policy | Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" developer's="" guide](\=""> |
get_policy_tag
get_policy_tag(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.GetPolicyTagRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets a policy tag.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.GetPolicyTagRequest
The request object. Request message for GetPolicyTag. |
name |
str
Required. Resource name of the requested policy tag. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.datacatalog_v1.types.PolicyTag | Denotes one policy tag in a taxonomy (e.g. ssn). Policy tags can be defined in a hierarchy. For example, consider the following hierarchy: :literal:\ + Geolocation + LatLong + City + ZipCode\ \ Policy tag "Geolocation" contains 3 child policy tags: "LatLong", "City", and "ZipCode". |
get_taxonomy
get_taxonomy(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.GetTaxonomyRequest] = None, *, name: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets a taxonomy.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.GetTaxonomyRequest
The request object. Request message for GetTaxonomy. |
name |
str
Required. Resource name of the requested taxonomy. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.datacatalog_v1.types.Taxonomy | A taxonomy is a collection of hierarchical policy tags that classify data along a common axis. For instance a "data sensitivity" taxonomy could contain the following policy tags: :literal:\ + PII + Account number + Age + SSN + Zipcode + Financials + Revenue\ \ A "data origin" taxonomy could contain the following policy tags: :literal:\ + User data + Employee data + Partner data + Public data\ \ |
list_policy_tags
list_policy_tags(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.ListPolicyTagsRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists all policy tags in a taxonomy.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.ListPolicyTagsRequest
The request object. Request message for ListPolicyTags. |
parent |
str
Required. Resource name of the taxonomy to list the policy tags of. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.datacatalog_v1.services.policy_tag_manager.pagers.ListPolicyTagsPager | Response message for ListPolicyTags. Iterating over this object will yield results and resolve additional pages automatically. |
list_taxonomies
list_taxonomies(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.ListTaxonomiesRequest] = None, *, parent: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists all taxonomies in a project in a particular location that the caller has permission to view.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.ListTaxonomiesRequest
The request object. Request message for ListTaxonomies. |
parent |
str
Required. Resource name of the project to list the taxonomies of. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.datacatalog_v1.services.policy_tag_manager.pagers.ListTaxonomiesPager | Response message for ListTaxonomies. Iterating over this object will yield results and resolve additional pages automatically. |
parse_common_billing_account_path
parse_common_billing_account_path(path: str)
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str)
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str)
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str)
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str)
Parse a project path into its component segments.
parse_policy_tag_path
parse_policy_tag_path(path: str)
Parses a policy_tag path into its component segments.
parse_taxonomy_path
parse_taxonomy_path(path: str)
Parses a taxonomy path into its component segments.
policy_tag_path
policy_tag_path(project: str, location: str, taxonomy: str, policy_tag: str)
Returns a fully-qualified policy_tag string.
set_iam_policy
set_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest] = None, *, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Sets the IAM policy for a policy tag or a taxonomy.
Parameters | |
---|---|
Name | Description |
request |
google.iam.v1.iam_policy_pb2.SetIamPolicyRequest
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.iam.v1.policy_pb2.Policy | Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" developer's="" guide](\=""> |
taxonomy_path
taxonomy_path(project: str, location: str, taxonomy: str)
Returns a fully-qualified taxonomy string.
test_iam_permissions
test_iam_permissions(request: Optional[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest] = None, *, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Returns the permissions that a caller has on a specified policy tag or taxonomy.
Parameters | |
---|---|
Name | Description |
request |
google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse | Response message for TestIamPermissions method. |
update_policy_tag
update_policy_tag(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.UpdatePolicyTagRequest] = None, *, policy_tag: Optional[google.cloud.datacatalog_v1.types.policytagmanager.PolicyTag] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates a policy tag. This method can update the policy tag's display name, description, and parent policy tag.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.UpdatePolicyTagRequest
The request object. Request message for UpdatePolicyTag. |
policy_tag |
google.cloud.datacatalog_v1.types.PolicyTag
The policy tag to update. Only the description, display_name, and parent_policy_tag fields can be updated. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.datacatalog_v1.types.PolicyTag | Denotes one policy tag in a taxonomy (e.g. ssn). Policy tags can be defined in a hierarchy. For example, consider the following hierarchy: :literal:\ + Geolocation + LatLong + City + ZipCode\ \ Policy tag "Geolocation" contains 3 child policy tags: "LatLong", "City", and "ZipCode". |
update_taxonomy
update_taxonomy(request: Optional[google.cloud.datacatalog_v1.types.policytagmanager.UpdateTaxonomyRequest] = None, *, taxonomy: Optional[google.cloud.datacatalog_v1.types.policytagmanager.Taxonomy] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates a taxonomy. This method can update the taxonomy's display name, description, and activated policy types.
Parameters | |
---|---|
Name | Description |
request |
google.cloud.datacatalog_v1.types.UpdateTaxonomyRequest
The request object. Request message for UpdateTaxonomy. |
taxonomy |
google.cloud.datacatalog_v1.types.Taxonomy
The taxonomy to update. Only description, display_name, and activated policy types can be updated. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.datacatalog_v1.types.Taxonomy | A taxonomy is a collection of hierarchical policy tags that classify data along a common axis. For instance a "data sensitivity" taxonomy could contain the following policy tags: :literal:\ + PII + Account number + Age + SSN + Zipcode + Financials + Revenue\ \ A "data origin" taxonomy could contain the following policy tags: :literal:\ + User data + Employee data + Partner data + Public data\ \ |