policies

Creates, updates, deletes, gets or lists a policies resource.

Overview

Name	`policies`
Type	Resource
Id	`google.iamv2beta.policies`

Fields

The following fields are returned by SELECT queries:

get
list_policies

Successful response

Name	Datatype	Description
`name`	`string`	Immutable. The resource name of the `Policy`, which must be unique. Format: `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, `/`, must be written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the full resource name. For projects, requests can use the alphanumeric or the numeric ID. Responses always contain the numeric ID.
`annotations`	`object`	A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters. Values can be up to 255 characters.
`createTime`	`string (google-datetime)`	Output only. The time when the `Policy` was created.
`deleteTime`	`string (google-datetime)`	Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
`displayName`	`string`	A user-specified description of the `Policy`. This value can be up to 63 characters.
`etag`	`string`	An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help manage concurrent updates, so they do not cause one update to be overwritten by another. If this field is present in a CreatePolicyRequest, the value is ignored.
`kind`	`string`	Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
`rules`	`array`	A list of rules that specify the behavior of the `Policy`. All of the rules should be of the `kind` specified in the `Policy`.
`uid`	`string`	Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is created.
`updateTime`	`string (google-datetime)`	Output only. The time when the `Policy` was last updated.

Successful response

Name	Datatype	Description
`name`	`string`	Immutable. The resource name of the `Policy`, which must be unique. Format: `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, `/`, must be written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the full resource name. For projects, requests can use the alphanumeric or the numeric ID. Responses always contain the numeric ID.
`annotations`	`object`	A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters. Values can be up to 255 characters.
`createTime`	`string (google-datetime)`	Output only. The time when the `Policy` was created.
`deleteTime`	`string (google-datetime)`	Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
`displayName`	`string`	A user-specified description of the `Policy`. This value can be up to 63 characters.
`etag`	`string`	An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help manage concurrent updates, so they do not cause one update to be overwritten by another. If this field is present in a CreatePolicyRequest, the value is ignored.
`kind`	`string`	Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
`rules`	`array`	A list of rules that specify the behavior of the `Policy`. All of the rules should be of the `kind` specified in the `Policy`.
`uid`	`string`	Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is created.
`updateTime`	`string (google-datetime)`	Output only. The time when the `Policy` was last updated.

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`get`	`select`	`policiesId`, `policiesId1`, `policiesId2`		Gets a policy.
`list_policies`	`select`	`policiesId`, `policiesId1`	`pageSize`, `pageToken`	Retrieves the policies of the specified kind that are attached to a resource. The response lists only policy metadata. In particular, policy rules are omitted.
`create_policy`	`insert`	`policiesId`, `policiesId1`	`policyId`	Creates a policy.
`update`	`replace`	`policiesId`, `policiesId1`, `policiesId2`		Updates the specified policy. You can update only the rules and the display name for the policy. To update a policy, you should use a read-modify-write loop: 1. Use GetPolicy to read the current version of the policy. 2. Modify the policy as needed. 3. Use `UpdatePolicy` to write the updated policy. This pattern helps prevent conflicts between concurrent updates.
`delete`	`delete`	`policiesId`, `policiesId1`, `policiesId2`	`etag`	Deletes a policy. This action is permanent.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`policiesId`	`string`
`policiesId1`	`string`
`policiesId2`	`string`
`etag`	`string`
`pageSize`	`integer (int32)`
`pageToken`	`string`
`policyId`	`string`

`SELECT` examples

get
list_policies

Gets a policy.

SELECT
name,
annotations,
createTime,
deleteTime,
displayName,
etag,
kind,
rules,
uid,
updateTime
FROM google.iamv2beta.policies
WHERE policiesId = '{{ policiesId }}' -- required
AND policiesId1 = '{{ policiesId1 }}' -- required
AND policiesId2 = '{{ policiesId2 }}' -- required;

Retrieves the policies of the specified kind that are attached to a resource. The response lists only policy metadata. In particular, policy rules are omitted.

SELECT
name,
annotations,
createTime,
deleteTime,
displayName,
etag,
kind,
rules,
uid,
updateTime
FROM google.iamv2beta.policies
WHERE policiesId = '{{ policiesId }}' -- required
AND policiesId1 = '{{ policiesId1 }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}';

`INSERT` examples

create_policy
Manifest

Creates a policy.

INSERT INTO google.iamv2beta.policies (
data__name,
data__uid,
data__displayName,
data__annotations,
data__etag,
data__rules,
policiesId,
policiesId1,
policyId
)
SELECT 
'{{ name }}',
'{{ uid }}',
'{{ displayName }}',
'{{ annotations }}',
'{{ etag }}',
'{{ rules }}',
'{{ policiesId }}',
'{{ policiesId1 }}',
'{{ policyId }}'
RETURNING
name,
done,
error,
metadata,
response
;

# Description fields are for documentation purposes
- name: policies
  props:
    - name: policiesId
      value: string
      description: Required parameter for the policies resource.
    - name: policiesId1
      value: string
      description: Required parameter for the policies resource.
    - name: name
      value: string
      description: >
        Immutable. The resource name of the `Policy`, which must be unique. Format: `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, `/`, must be written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the full resource name. For projects, requests can use the alphanumeric or the numeric ID. Responses always contain the numeric ID.
        
    - name: uid
      value: string
      description: >
        Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is created.
        
    - name: displayName
      value: string
      description: >
        A user-specified description of the `Policy`. This value can be up to 63 characters.
        
    - name: annotations
      value: object
      description: >
        A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters. Values can be up to 255 characters.
        
    - name: etag
      value: string
      description: >
        An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help manage concurrent updates, so they do not cause one update to be overwritten by another. If this field is present in a CreatePolicyRequest, the value is ignored.
        
    - name: rules
      value: array
      description: >
        A list of rules that specify the behavior of the `Policy`. All of the rules should be of the `kind` specified in the `Policy`.
        
    - name: policyId
      value: string

`REPLACE` examples

update

Updates the specified policy. You can update only the rules and the display name for the policy. To update a policy, you should use a read-modify-write loop: 1. Use GetPolicy to read the current version of the policy. 2. Modify the policy as needed. 3. Use UpdatePolicy to write the updated policy. This pattern helps prevent conflicts between concurrent updates.

REPLACE google.iamv2beta.policies
SET 
data__name = '{{ name }}',
data__uid = '{{ uid }}',
data__displayName = '{{ displayName }}',
data__annotations = '{{ annotations }}',
data__etag = '{{ etag }}',
data__rules = '{{ rules }}'
WHERE 
policiesId = '{{ policiesId }}' --required
AND policiesId1 = '{{ policiesId1 }}' --required
AND policiesId2 = '{{ policiesId2 }}' --required
RETURNING
name,
done,
error,
metadata,
response;

`DELETE` examples

delete

Deletes a policy. This action is permanent.

DELETE FROM google.iamv2beta.policies
WHERE policiesId = '{{ policiesId }}' --required
AND policiesId1 = '{{ policiesId1 }}' --required
AND policiesId2 = '{{ policiesId2 }}' --required
AND etag = '{{ etag }}';

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

REPLACE examples​

DELETE examples​