The Organization Policy API allows users to configure governance rules on their Google Cloud resources across the resource hierarchy.

Defines the root interface for all clients that generate credentials for calling Google APIs. All clients should implement this interface.

Additional options for orgPolicy#foldersConstraintsList.

Additional options for orgPolicy#foldersPoliciesDelete.

Additional options for orgPolicy#foldersPoliciesList.

Additional options for orgPolicy#foldersPoliciesPatch.

Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.

A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Google Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about policies. Constraints have a default behavior determined by the constraint_default field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.

A constraint that is either enforced or not. For example, a constraint constraints/compute.disableSerialPortAccess. If it is enforced on a VM instance, serial port connections will not be opened to that instance.

A Google defined custom constraint. This represents a subset of fields missing from Constraint proto that are required to describe CustomConstraint

A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy.

A custom constraint defined by customers which can only be applied to the given resource types and organization. By creating a custom constraint, customers can apply policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement.

The response returned from the ListConstraints method.

The response returned from the ListCustomConstraints method. It will be empty if no custom constraints are set on the organization resource.

The response returned from the ListPolicies method. It will be empty if no policies are set on the resource.

Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.

Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.

A rule used to express this policy.

A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - projects/ (for example, projects/tokyo-rain-123) - folders/ (for example, folders/1234) - organizations/ (for example, organizations/1234) The supports_under field of the associated Constraint defines whether ancestry prefixes can be used.

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

Additional options for orgPolicy#organizationsConstraintsList.

Additional options for orgPolicy#organizationsCustomConstraintsList.

Additional options for orgPolicy#organizationsPoliciesDelete.

Additional options for orgPolicy#organizationsPoliciesList.

Additional options for orgPolicy#organizationsPoliciesPatch.

Additional options for orgPolicy#projectsConstraintsList.

Additional options for orgPolicy#projectsPoliciesDelete.

Additional options for orgPolicy#projectsPoliciesList.

Additional options for orgPolicy#projectsPoliciesPatch.