orgPolicy
import { orgPolicy } from "https://googleapis.deno.dev/v1/orgpolicy:v2.ts";
The Organization Policy API allows users to configure governance rules on their Google Cloud resources across the resource hierarchy.
§Methods
Lists constraints that could be applied on the specified resource.
Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Creates a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint does not exist. Returns a
google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the policy
already exists on the given Google Cloud resource.
Required. The Google Cloud resource that will parent the new policy. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Deletes a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint or organization policy does
not exist.
Required. Name of the policy to delete. See the policy entry for naming rules.
Gets a policy on a resource. If no policy is set on the resource,
NOT_FOUND
is returned. The etag
value can be used with UpdatePolicy()
to update a policy during read-modify-write.
Required. Resource name of the policy. See Policy for naming requirements.
Gets the effective policy on a resource. This is the result of merging
policies in the resource hierarchy and evaluating conditions. The returned
policy will not have an etag
or condition
set because it is an
evaluated policy across multiple resources. Subtrees of Resource Manager
resource hierarchy with 'under:' prefix will not be expanded.
Required. The effective policy to compute. See Policy for naming requirements.
Retrieves all of the policies that exist on a particular resource.
Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Updates a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint or the policy do not exist.
Returns a google.rpc.Status
with google.rpc.Code.ABORTED
if the etag
supplied in the request does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name
is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name}
* folders/{folder_id}/policies/{constraint_name}
* organizations/{organization_id}/policies/{constraint_name}
For example, projects/123/policies/compute.disableSerialPortAccess
. Note: projects/{project_id}/policies/{constraint_name}
is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
Lists constraints that could be applied on the specified resource.
Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Creates a custom constraint. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the organization does not exist. Returns a
google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the constraint
already exists on the given organization.
Required. Must be in the following form: * organizations/{organization_id}
Deletes a custom constraint. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint does not exist.
Required. Name of the custom constraint to delete. See the custom constraint entry for naming rules.
Gets a custom constraint. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the custom constraint does not exist.
Required. Resource name of the custom constraint. See the custom constraint entry for naming requirements.
Retrieves all of the custom constraints that exist on a particular organization resource.
Required. The target Google Cloud resource that parents the set of custom constraints that will be returned from this call. Must be in one of the following forms: * organizations/{organization_id}
Updates a custom constraint. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint does not exist. Note: the
supplied policy will perform a full overwrite of all fields.
Immutable. Name of the constraint. This is unique within the organization. Format of the name should be * organizations/{organization_id}/customConstraints/{custom_constraint_id}
Example: organizations/123/customConstraints/custom.createOnlyE2TypeVms
The max length is 70 characters and the minimum length is 1. Note that the prefix organizations/{organization_id}/customConstraints/
is not counted.
Creates a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint does not exist. Returns a
google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the policy
already exists on the given Google Cloud resource.
Required. The Google Cloud resource that will parent the new policy. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Deletes a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint or organization policy does
not exist.
Required. Name of the policy to delete. See the policy entry for naming rules.
Gets a policy on a resource. If no policy is set on the resource,
NOT_FOUND
is returned. The etag
value can be used with UpdatePolicy()
to update a policy during read-modify-write.
Required. Resource name of the policy. See Policy for naming requirements.
Gets the effective policy on a resource. This is the result of merging
policies in the resource hierarchy and evaluating conditions. The returned
policy will not have an etag
or condition
set because it is an
evaluated policy across multiple resources. Subtrees of Resource Manager
resource hierarchy with 'under:' prefix will not be expanded.
Required. The effective policy to compute. See Policy for naming requirements.
Retrieves all of the policies that exist on a particular resource.
Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Updates a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint or the policy do not exist.
Returns a google.rpc.Status
with google.rpc.Code.ABORTED
if the etag
supplied in the request does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name
is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name}
* folders/{folder_id}/policies/{constraint_name}
* organizations/{organization_id}/policies/{constraint_name}
For example, projects/123/policies/compute.disableSerialPortAccess
. Note: projects/{project_id}/policies/{constraint_name}
is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
Lists constraints that could be applied on the specified resource.
Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Creates a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint does not exist. Returns a
google.rpc.Status
with google.rpc.Code.ALREADY_EXISTS
if the policy
already exists on the given Google Cloud resource.
Required. The Google Cloud resource that will parent the new policy. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Deletes a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint or organization policy does
not exist.
Required. Name of the policy to delete. See the policy entry for naming rules.
Gets a policy on a resource. If no policy is set on the resource,
NOT_FOUND
is returned. The etag
value can be used with UpdatePolicy()
to update a policy during read-modify-write.
Required. Resource name of the policy. See Policy for naming requirements.
Gets the effective policy on a resource. This is the result of merging
policies in the resource hierarchy and evaluating conditions. The returned
policy will not have an etag
or condition
set because it is an
evaluated policy across multiple resources. Subtrees of Resource Manager
resource hierarchy with 'under:' prefix will not be expanded.
Required. The effective policy to compute. See Policy for naming requirements.
Retrieves all of the policies that exist on a particular resource.
Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * projects/{project_number}
* projects/{project_id}
* folders/{folder_id}
* organizations/{organization_id}
Updates a policy. Returns a google.rpc.Status
with
google.rpc.Code.NOT_FOUND
if the constraint or the policy do not exist.
Returns a google.rpc.Status
with google.rpc.Code.ABORTED
if the etag
supplied in the request does not match the persisted etag of the policy
Note: the supplied policy will perform a full overwrite of all fields.
Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name
is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name}
* folders/{folder_id}/policies/{constraint_name}
* organizations/{organization_id}/policies/{constraint_name}
For example, projects/123/policies/compute.disableSerialPortAccess
. Note: projects/{project_id}/policies/{constraint_name}
is also an acceptable name for API requests, but responses will return the name using the equivalent project number.