policies
Creates, updates, deletes, gets or lists a policies resource.
Overview
| Name | policies |
| Type | Resource |
| Id | google.orgpolicy.policies |
Fields
The following fields are returned by SELECT queries:
- projects_policies_get
- folders_policies_get
- organizations_policies_get
- projects_policies_list
- folders_policies_list
- organizations_policies_list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
projects_policies_get | select | projectsId, policiesId | Gets a policy on a resource. If no policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a policy during read-modify-write. | |
folders_policies_get | select | foldersId, policiesId | Gets a policy on a resource. If no policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a policy during read-modify-write. | |
organizations_policies_get | select | organizationsId, policiesId | Gets a policy on a resource. If no policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a policy during read-modify-write. | |
projects_policies_list | select | projectsId | pageSize, pageToken | Retrieves all of the policies that exist on a particular resource. |
folders_policies_list | select | foldersId | pageSize, pageToken | Retrieves all of the policies that exist on a particular resource. |
organizations_policies_list | select | organizationsId | pageSize, pageToken | Retrieves all of the policies that exist on a particular resource. |
projects_policies_create | insert | projectsId | Creates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Google Cloud resource. | |
folders_policies_create | insert | foldersId | Creates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Google Cloud resource. | |
organizations_policies_create | insert | organizationsId | Creates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Google Cloud resource. | |
projects_policies_patch | update | projectsId, policiesId | updateMask | Updates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields. |
folders_policies_patch | update | foldersId, policiesId | updateMask | Updates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields. |
organizations_policies_patch | update | organizationsId, policiesId | updateMask | Updates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields. |
projects_policies_delete | delete | projectsId, policiesId | etag | Deletes a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or organization policy does not exist. |
folders_policies_delete | delete | foldersId, policiesId | etag | Deletes a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or organization policy does not exist. |
organizations_policies_delete | delete | organizationsId, policiesId | etag | Deletes a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or organization policy does not exist. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
foldersId | string | |
organizationsId | string | |
policiesId | string | |
projectsId | string | |
etag | string | |
pageSize | integer (int32) | |
pageToken | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- projects_policies_get
- folders_policies_get
- organizations_policies_get
- projects_policies_list
- folders_policies_list
- organizations_policies_list
Gets a policy on a resource. If no policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a policy during read-modify-write.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies
WHERE projectsId = '{{ projectsId }}' -- required
AND policiesId = '{{ policiesId }}' -- required;
Gets a policy on a resource. If no policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a policy during read-modify-write.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies
WHERE foldersId = '{{ foldersId }}' -- required
AND policiesId = '{{ policiesId }}' -- required;
Gets a policy on a resource. If no policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a policy during read-modify-write.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies
WHERE organizationsId = '{{ organizationsId }}' -- required
AND policiesId = '{{ policiesId }}' -- required;
Retrieves all of the policies that exist on a particular resource.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies
WHERE projectsId = '{{ projectsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}';
Retrieves all of the policies that exist on a particular resource.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies
WHERE foldersId = '{{ foldersId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}';
Retrieves all of the policies that exist on a particular resource.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies
WHERE organizationsId = '{{ organizationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}';
INSERT examples
- projects_policies_create
- folders_policies_create
- organizations_policies_create
- Manifest
Creates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Google Cloud resource.
INSERT INTO google.orgpolicy.policies (
data__name,
data__spec,
data__alternate,
data__dryRunSpec,
data__etag,
projectsId
)
SELECT
'{{ name }}',
'{{ spec }}',
'{{ alternate }}',
'{{ dryRunSpec }}',
'{{ etag }}',
'{{ projectsId }}'
RETURNING
name,
alternate,
dryRunSpec,
etag,
spec
;
Creates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Google Cloud resource.
INSERT INTO google.orgpolicy.policies (
data__name,
data__spec,
data__alternate,
data__dryRunSpec,
data__etag,
foldersId
)
SELECT
'{{ name }}',
'{{ spec }}',
'{{ alternate }}',
'{{ dryRunSpec }}',
'{{ etag }}',
'{{ foldersId }}'
RETURNING
name,
alternate,
dryRunSpec,
etag,
spec
;
Creates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Google Cloud resource.
INSERT INTO google.orgpolicy.policies (
data__name,
data__spec,
data__alternate,
data__dryRunSpec,
data__etag,
organizationsId
)
SELECT
'{{ name }}',
'{{ spec }}',
'{{ alternate }}',
'{{ dryRunSpec }}',
'{{ etag }}',
'{{ organizationsId }}'
RETURNING
name,
alternate,
dryRunSpec,
etag,
spec
;
# Description fields are for documentation purposes
- name: policies
props:
- name: projectsId
value: string
description: Required parameter for the policies resource.
- name: foldersId
value: string
description: Required parameter for the policies resource.
- name: organizationsId
value: string
description: Required parameter for the policies resource.
- name: name
value: string
description: >
Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
- name: spec
value: object
description: >
Basic information about the organization policy.
- name: alternate
value: object
description: >
Deprecated.
- name: dryRunSpec
value: object
description: >
Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
- name: etag
value: string
description: >
Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
UPDATE examples
- projects_policies_patch
- folders_policies_patch
- organizations_policies_patch
Updates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.
UPDATE google.orgpolicy.policies
SET
data__name = '{{ name }}',
data__spec = '{{ spec }}',
data__alternate = '{{ alternate }}',
data__dryRunSpec = '{{ dryRunSpec }}',
data__etag = '{{ etag }}'
WHERE
projectsId = '{{ projectsId }}' --required
AND policiesId = '{{ policiesId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
alternate,
dryRunSpec,
etag,
spec;
Updates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.
UPDATE google.orgpolicy.policies
SET
data__name = '{{ name }}',
data__spec = '{{ spec }}',
data__alternate = '{{ alternate }}',
data__dryRunSpec = '{{ dryRunSpec }}',
data__etag = '{{ etag }}'
WHERE
foldersId = '{{ foldersId }}' --required
AND policiesId = '{{ policiesId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
alternate,
dryRunSpec,
etag,
spec;
Updates a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.
UPDATE google.orgpolicy.policies
SET
data__name = '{{ name }}',
data__spec = '{{ spec }}',
data__alternate = '{{ alternate }}',
data__dryRunSpec = '{{ dryRunSpec }}',
data__etag = '{{ etag }}'
WHERE
organizationsId = '{{ organizationsId }}' --required
AND policiesId = '{{ policiesId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
alternate,
dryRunSpec,
etag,
spec;
DELETE examples
- projects_policies_delete
- folders_policies_delete
- organizations_policies_delete
Deletes a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or organization policy does not exist.
DELETE FROM google.orgpolicy.policies
WHERE projectsId = '{{ projectsId }}' --required
AND policiesId = '{{ policiesId }}' --required
AND etag = '{{ etag }}';
Deletes a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or organization policy does not exist.
DELETE FROM google.orgpolicy.policies
WHERE foldersId = '{{ foldersId }}' --required
AND policiesId = '{{ policiesId }}' --required
AND etag = '{{ etag }}';
Deletes a policy. Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or organization policy does not exist.
DELETE FROM google.orgpolicy.policies
WHERE organizationsId = '{{ organizationsId }}' --required
AND policiesId = '{{ policiesId }}' --required
AND etag = '{{ etag }}';