policies_effective_policy
Creates, updates, deletes, gets or lists a policies_effective_policy resource.
Overview
| Name | policies_effective_policy |
| Type | Resource |
| Id | google.orgpolicy.policies_effective_policy |
Fields
The following fields are returned by SELECT queries:
- projects_policies_get_effective_policy
- folders_policies_get_effective_policy
- organizations_policies_get_effective_policy
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * projects/{project_number}/policies/{constraint_name} * folders/{folder_id}/policies/{constraint_name} * organizations/{organization_id}/policies/{constraint_name} For example, projects/123/policies/compute.disableSerialPortAccess. Note: projects/{project_id}/policies/{constraint_name} is also an acceptable name for API requests, but responses will return the name using the equivalent project number. |
alternate | object | Deprecated. (id: GoogleCloudOrgpolicyV2AlternatePolicySpec) |
dryRunSpec | object | Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced. (id: GoogleCloudOrgpolicyV2PolicySpec) |
etag | string | Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
spec | object | Basic information about the organization policy. (id: GoogleCloudOrgpolicyV2PolicySpec) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
projects_policies_get_effective_policy | select | projectsId, policiesId | Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag or condition set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded. | |
folders_policies_get_effective_policy | select | foldersId, policiesId | Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag or condition set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded. | |
organizations_policies_get_effective_policy | select | organizationsId, policiesId | Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag or condition set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
foldersId | string | |
organizationsId | string | |
policiesId | string | |
projectsId | string |
SELECT examples
- projects_policies_get_effective_policy
- folders_policies_get_effective_policy
- organizations_policies_get_effective_policy
Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag or condition set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies_effective_policy
WHERE projectsId = '{{ projectsId }}' -- required
AND policiesId = '{{ policiesId }}' -- required;
Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag or condition set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies_effective_policy
WHERE foldersId = '{{ foldersId }}' -- required
AND policiesId = '{{ policiesId }}' -- required;
Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag or condition set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.
SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies_effective_policy
WHERE organizationsId = '{{ organizationsId }}' -- required
AND policiesId = '{{ policiesId }}' -- required;