orgpolicy

package
v0.0.0-...-6cb3ea0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2021 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	Constraint_ConstraintDefault_name = map[int32]string{
		0: "CONSTRAINT_DEFAULT_UNSPECIFIED",
		1: "ALLOW",
		2: "DENY",
	}
	Constraint_ConstraintDefault_value = map[string]int32{
		"CONSTRAINT_DEFAULT_UNSPECIFIED": 0,
		"ALLOW":                          1,
		"DENY":                           2,
	}
)

Enum value maps for Constraint_ConstraintDefault.

View Source
var File_google_cloud_orgpolicy_v2_constraint_proto protoreflect.FileDescriptor
View Source
var File_google_cloud_orgpolicy_v2_orgpolicy_proto protoreflect.FileDescriptor

Functions

func RegisterOrgPolicyServer

func RegisterOrgPolicyServer(s *grpc.Server, srv OrgPolicyServer)

Types

type AlternatePolicySpec

type AlternatePolicySpec struct {

	// Reference to the launch that will be used while audit logging and to
	// control the launch.
	// Should be set only in the alternate policy.
	Launch string `protobuf:"bytes,1,opt,name=launch,proto3" json:"launch,omitempty"`
	// Specify `Constraint` for configurations of Cloud Platform resources.
	Spec *PolicySpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"`
	// contains filtered or unexported fields
}

Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.

func (*AlternatePolicySpec) Descriptor deprecated

func (*AlternatePolicySpec) Descriptor() ([]byte, []int)

Deprecated: Use AlternatePolicySpec.ProtoReflect.Descriptor instead.

func (*AlternatePolicySpec) GetLaunch

func (x *AlternatePolicySpec) GetLaunch() string

func (*AlternatePolicySpec) GetSpec

func (x *AlternatePolicySpec) GetSpec() *PolicySpec

func (*AlternatePolicySpec) ProtoMessage

func (*AlternatePolicySpec) ProtoMessage()

func (*AlternatePolicySpec) ProtoReflect

func (x *AlternatePolicySpec) ProtoReflect() protoreflect.Message

func (*AlternatePolicySpec) Reset

func (x *AlternatePolicySpec) Reset()

func (*AlternatePolicySpec) String

func (x *AlternatePolicySpec) String() string

type Constraint

type Constraint struct {

	// Immutable. The resource name of the Constraint. Must be in one of
	// the following forms:
	// * `projects/{project_number}/constraints/{constraint_name}`
	// * `folders/{folder_id}/constraints/{constraint_name}`
	// * `organizations/{organization_id}/constraints/{constraint_name}`
	//
	// For example, "/projects/123/constraints/compute.disableSerialPortAccess".
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The human readable name.
	//
	// Mutable.
	DisplayName string `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
	// Detailed description of what this `Constraint` controls as well as how and
	// where it is enforced.
	//
	// Mutable.
	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
	// The evaluation behavior of this constraint in the absence of 'Policy'.
	ConstraintDefault Constraint_ConstraintDefault `` /* 173-byte string literal not displayed */
	// The type of restrictions for this `Constraint`.
	//
	// Immutable after creation.
	//
	// Types that are assignable to ConstraintType:
	//	*Constraint_ListConstraint_
	//	*Constraint_BooleanConstraint_
	ConstraintType isConstraint_ConstraintType `protobuf_oneof:"constraint_type"`
	// contains filtered or unexported fields
}

A `constraint` describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. `Constraints` can be configured by the organization's policy adminstrator to fit the needs of the organzation by setting a `policy` that includes `constraints` at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about [`policies`][google.cloud.OrgPolicy.v2.Policy].

`Constraints` have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a `policy` being defined or inherited for the resource in question.

func (*Constraint) Descriptor deprecated

func (*Constraint) Descriptor() ([]byte, []int)

Deprecated: Use Constraint.ProtoReflect.Descriptor instead.

func (*Constraint) GetBooleanConstraint

func (x *Constraint) GetBooleanConstraint() *Constraint_BooleanConstraint

func (*Constraint) GetConstraintDefault

func (x *Constraint) GetConstraintDefault() Constraint_ConstraintDefault

func (*Constraint) GetConstraintType

func (m *Constraint) GetConstraintType() isConstraint_ConstraintType

func (*Constraint) GetDescription

func (x *Constraint) GetDescription() string

func (*Constraint) GetDisplayName

func (x *Constraint) GetDisplayName() string

func (*Constraint) GetListConstraint

func (x *Constraint) GetListConstraint() *Constraint_ListConstraint

func (*Constraint) GetName

func (x *Constraint) GetName() string

func (*Constraint) ProtoMessage

func (*Constraint) ProtoMessage()

func (*Constraint) ProtoReflect

func (x *Constraint) ProtoReflect() protoreflect.Message

func (*Constraint) Reset

func (x *Constraint) Reset()

func (*Constraint) String

func (x *Constraint) String() string

type Constraint_BooleanConstraint

type Constraint_BooleanConstraint struct {
	// contains filtered or unexported fields
}

A `Constraint` that is either enforced or not.

For example a constraint `constraints/compute.disableSerialPortAccess`. If it is enforced on a VM instance, serial port connections will not be opened to that instance.

func (*Constraint_BooleanConstraint) Descriptor deprecated

func (*Constraint_BooleanConstraint) Descriptor() ([]byte, []int)

Deprecated: Use Constraint_BooleanConstraint.ProtoReflect.Descriptor instead.

func (*Constraint_BooleanConstraint) ProtoMessage

func (*Constraint_BooleanConstraint) ProtoMessage()

func (*Constraint_BooleanConstraint) ProtoReflect

func (*Constraint_BooleanConstraint) Reset

func (x *Constraint_BooleanConstraint) Reset()

func (*Constraint_BooleanConstraint) String

type Constraint_BooleanConstraint_

type Constraint_BooleanConstraint_ struct {
	// Defines this constraint as being a BooleanConstraint.
	BooleanConstraint *Constraint_BooleanConstraint `protobuf:"bytes,6,opt,name=boolean_constraint,json=booleanConstraint,proto3,oneof"`
}

type Constraint_ConstraintDefault

type Constraint_ConstraintDefault int32

Specifies the default behavior in the absence of any `Policy` for the `Constraint`. This must not be `CONSTRAINT_DEFAULT_UNSPECIFIED`.

Immutable after creation.

const (
	// This is only used for distinguishing unset values and should never be
	// used.
	Constraint_CONSTRAINT_DEFAULT_UNSPECIFIED Constraint_ConstraintDefault = 0
	// Indicate that all values are allowed for list constraints.
	// Indicate that enforcement is off for boolean constraints.
	Constraint_ALLOW Constraint_ConstraintDefault = 1
	// Indicate that all values are denied for list constraints.
	// Indicate that enforcement is on for boolean constraints.
	Constraint_DENY Constraint_ConstraintDefault = 2
)

func (Constraint_ConstraintDefault) Descriptor

func (Constraint_ConstraintDefault) Enum

func (Constraint_ConstraintDefault) EnumDescriptor deprecated

func (Constraint_ConstraintDefault) EnumDescriptor() ([]byte, []int)

Deprecated: Use Constraint_ConstraintDefault.Descriptor instead.

func (Constraint_ConstraintDefault) Number

func (Constraint_ConstraintDefault) String

func (Constraint_ConstraintDefault) Type

type Constraint_ListConstraint

type Constraint_ListConstraint struct {

	// Indicates whether values grouped into categories can be used in
	// `Policy.allowed_values` and `Policy.denied_values`. For example,
	// `"in:Python"` would match any value in the 'Python' group.
	SupportsIn bool `protobuf:"varint,1,opt,name=supports_in,json=supportsIn,proto3" json:"supports_in,omitempty"`
	// Indicates whether subtrees of Cloud Resource Manager resource hierarchy
	// can be used in `Policy.allowed_values` and `Policy.denied_values`. For
	// example, `"under:folders/123"` would match any resource under the
	// 'folders/123' folder.
	SupportsUnder bool `protobuf:"varint,2,opt,name=supports_under,json=supportsUnder,proto3" json:"supports_under,omitempty"`
	// contains filtered or unexported fields
}

A `Constraint` that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a `Policy`.

func (*Constraint_ListConstraint) Descriptor deprecated

func (*Constraint_ListConstraint) Descriptor() ([]byte, []int)

Deprecated: Use Constraint_ListConstraint.ProtoReflect.Descriptor instead.

func (*Constraint_ListConstraint) GetSupportsIn

func (x *Constraint_ListConstraint) GetSupportsIn() bool

func (*Constraint_ListConstraint) GetSupportsUnder

func (x *Constraint_ListConstraint) GetSupportsUnder() bool

func (*Constraint_ListConstraint) ProtoMessage

func (*Constraint_ListConstraint) ProtoMessage()

func (*Constraint_ListConstraint) ProtoReflect

func (*Constraint_ListConstraint) Reset

func (x *Constraint_ListConstraint) Reset()

func (*Constraint_ListConstraint) String

func (x *Constraint_ListConstraint) String() string

type Constraint_ListConstraint_

type Constraint_ListConstraint_ struct {
	// Defines this constraint as being a ListConstraint.
	ListConstraint *Constraint_ListConstraint `protobuf:"bytes,5,opt,name=list_constraint,json=listConstraint,proto3,oneof"`
}

type CreatePolicyRequest

type CreatePolicyRequest struct {

	// Required. The Cloud resource that will parent the new Policy. Must be in one of the
	// following forms:
	// * `projects/{project_number}`
	// * `projects/{project_id}`
	// * `folders/{folder_id}`
	// * `organizations/{organization_id}`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. `Policy` to create.
	Policy *Policy `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"`
	// contains filtered or unexported fields
}

The request sent to the CreatePolicyRequest [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.

func (*CreatePolicyRequest) Descriptor deprecated

func (*CreatePolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreatePolicyRequest.ProtoReflect.Descriptor instead.

func (*CreatePolicyRequest) GetParent

func (x *CreatePolicyRequest) GetParent() string

func (*CreatePolicyRequest) GetPolicy

func (x *CreatePolicyRequest) GetPolicy() *Policy

func (*CreatePolicyRequest) ProtoMessage

func (*CreatePolicyRequest) ProtoMessage()

func (*CreatePolicyRequest) ProtoReflect

func (x *CreatePolicyRequest) ProtoReflect() protoreflect.Message

func (*CreatePolicyRequest) Reset

func (x *CreatePolicyRequest) Reset()

func (*CreatePolicyRequest) String

func (x *CreatePolicyRequest) String() string

type DeletePolicyRequest

type DeletePolicyRequest struct {

	// Required. Name of the policy to delete.
	// See `Policy` for naming rules.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.

func (*DeletePolicyRequest) Descriptor deprecated

func (*DeletePolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeletePolicyRequest.ProtoReflect.Descriptor instead.

func (*DeletePolicyRequest) GetName

func (x *DeletePolicyRequest) GetName() string

func (*DeletePolicyRequest) ProtoMessage

func (*DeletePolicyRequest) ProtoMessage()

func (*DeletePolicyRequest) ProtoReflect

func (x *DeletePolicyRequest) ProtoReflect() protoreflect.Message

func (*DeletePolicyRequest) Reset

func (x *DeletePolicyRequest) Reset()

func (*DeletePolicyRequest) String

func (x *DeletePolicyRequest) String() string

type GetEffectivePolicyRequest

type GetEffectivePolicyRequest struct {

	// Required. The effective policy to compute. See `Policy` for naming rules.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.

func (*GetEffectivePolicyRequest) Descriptor deprecated

func (*GetEffectivePolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEffectivePolicyRequest.ProtoReflect.Descriptor instead.

func (*GetEffectivePolicyRequest) GetName

func (x *GetEffectivePolicyRequest) GetName() string

func (*GetEffectivePolicyRequest) ProtoMessage

func (*GetEffectivePolicyRequest) ProtoMessage()

func (*GetEffectivePolicyRequest) ProtoReflect

func (*GetEffectivePolicyRequest) Reset

func (x *GetEffectivePolicyRequest) Reset()

func (*GetEffectivePolicyRequest) String

func (x *GetEffectivePolicyRequest) String() string

type GetPolicyRequest

type GetPolicyRequest struct {

	// Required. Resource name of the policy. See `Policy` for naming requirements.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.

func (*GetPolicyRequest) Descriptor deprecated

func (*GetPolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.

func (*GetPolicyRequest) GetName

func (x *GetPolicyRequest) GetName() string

func (*GetPolicyRequest) ProtoMessage

func (*GetPolicyRequest) ProtoMessage()

func (*GetPolicyRequest) ProtoReflect

func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message

func (*GetPolicyRequest) Reset

func (x *GetPolicyRequest) Reset()

func (*GetPolicyRequest) String

func (x *GetPolicyRequest) String() string

type ListConstraintsRequest

type ListConstraintsRequest struct {

	// Required. The Cloud resource that parents the constraint. Must be in one of the
	// following forms:
	// * `projects/{project_number}`
	// * `projects/{project_id}`
	// * `folders/{folder_id}`
	// * `organizations/{organization_id}`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Size of the pages to be returned. This is currently unsupported and will
	// be ignored. The server may at any point start using this field to limit
	// page size.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Page token used to retrieve the next page. This is currently unsupported
	// and will be ignored. The server may at any point start using this field.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

func (*ListConstraintsRequest) Descriptor deprecated

func (*ListConstraintsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListConstraintsRequest.ProtoReflect.Descriptor instead.

func (*ListConstraintsRequest) GetPageSize

func (x *ListConstraintsRequest) GetPageSize() int32

func (*ListConstraintsRequest) GetPageToken

func (x *ListConstraintsRequest) GetPageToken() string

func (*ListConstraintsRequest) GetParent

func (x *ListConstraintsRequest) GetParent() string

func (*ListConstraintsRequest) ProtoMessage

func (*ListConstraintsRequest) ProtoMessage()

func (*ListConstraintsRequest) ProtoReflect

func (x *ListConstraintsRequest) ProtoReflect() protoreflect.Message

func (*ListConstraintsRequest) Reset

func (x *ListConstraintsRequest) Reset()

func (*ListConstraintsRequest) String

func (x *ListConstraintsRequest) String() string

type ListConstraintsResponse

type ListConstraintsResponse struct {

	// The collection of constraints that are available on the targeted resource.
	Constraints []*Constraint `protobuf:"bytes,1,rep,name=constraints,proto3" json:"constraints,omitempty"`
	// Page token used to retrieve the next page. This is currently not used.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.

func (*ListConstraintsResponse) Descriptor deprecated

func (*ListConstraintsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListConstraintsResponse.ProtoReflect.Descriptor instead.

func (*ListConstraintsResponse) GetConstraints

func (x *ListConstraintsResponse) GetConstraints() []*Constraint

func (*ListConstraintsResponse) GetNextPageToken

func (x *ListConstraintsResponse) GetNextPageToken() string

func (*ListConstraintsResponse) ProtoMessage

func (*ListConstraintsResponse) ProtoMessage()

func (*ListConstraintsResponse) ProtoReflect

func (x *ListConstraintsResponse) ProtoReflect() protoreflect.Message

func (*ListConstraintsResponse) Reset

func (x *ListConstraintsResponse) Reset()

func (*ListConstraintsResponse) String

func (x *ListConstraintsResponse) String() string

type ListPoliciesRequest

type ListPoliciesRequest struct {

	// Required. The target Cloud resource that parents the set of constraints and policies
	// that will be returned from this call. Must be in one of the following
	// forms:
	// * `projects/{project_number}`
	// * `projects/{project_id}`
	// * `folders/{folder_id}`
	// * `organizations/{organization_id}`
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Size of the pages to be returned. This is currently unsupported and will
	// be ignored. The server may at any point start using this field to limit
	// page size.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Page token used to retrieve the next page. This is currently unsupported
	// and will be ignored. The server may at any point start using this field.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.

func (*ListPoliciesRequest) Descriptor deprecated

func (*ListPoliciesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListPoliciesRequest.ProtoReflect.Descriptor instead.

func (*ListPoliciesRequest) GetPageSize

func (x *ListPoliciesRequest) GetPageSize() int32

func (*ListPoliciesRequest) GetPageToken

func (x *ListPoliciesRequest) GetPageToken() string

func (*ListPoliciesRequest) GetParent

func (x *ListPoliciesRequest) GetParent() string

func (*ListPoliciesRequest) ProtoMessage

func (*ListPoliciesRequest) ProtoMessage()

func (*ListPoliciesRequest) ProtoReflect

func (x *ListPoliciesRequest) ProtoReflect() protoreflect.Message

func (*ListPoliciesRequest) Reset

func (x *ListPoliciesRequest) Reset()

func (*ListPoliciesRequest) String

func (x *ListPoliciesRequest) String() string

type ListPoliciesResponse

type ListPoliciesResponse struct {

	// All `Policies` that exist on the resource. It will be empty if no
	// `Policies` are set.
	Policies []*Policy `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
	// Page token used to retrieve the next page. This is currently not used, but
	// the server may at any point start supplying a valid token.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

The response returned from the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no `Policies` are set on the resource.

func (*ListPoliciesResponse) Descriptor deprecated

func (*ListPoliciesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListPoliciesResponse.ProtoReflect.Descriptor instead.

func (*ListPoliciesResponse) GetNextPageToken

func (x *ListPoliciesResponse) GetNextPageToken() string

func (*ListPoliciesResponse) GetPolicies

func (x *ListPoliciesResponse) GetPolicies() []*Policy

func (*ListPoliciesResponse) ProtoMessage

func (*ListPoliciesResponse) ProtoMessage()

func (*ListPoliciesResponse) ProtoReflect

func (x *ListPoliciesResponse) ProtoReflect() protoreflect.Message

func (*ListPoliciesResponse) Reset

func (x *ListPoliciesResponse) Reset()

func (*ListPoliciesResponse) String

func (x *ListPoliciesResponse) String() string

type OrgPolicyClient

type OrgPolicyClient interface {
	// Lists `Constraints` that could be applied on the specified resource.
	ListConstraints(ctx context.Context, in *ListConstraintsRequest, opts ...grpc.CallOption) (*ListConstraintsResponse, error)
	// Retrieves all of the `Policies` that exist on a particular resource.
	ListPolicies(ctx context.Context, in *ListPoliciesRequest, opts ...grpc.CallOption) (*ListPoliciesResponse, error)
	// Gets a `Policy` on a resource.
	//
	// If no `Policy` is set on the resource, NOT_FOUND is returned. The
	// `etag` value can be used with `UpdatePolicy()` to update a
	// `Policy` during read-modify-write.
	GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
	// Gets the effective `Policy` on a resource. This is the result of merging
	// `Policies` in the resource hierarchy and evaluating conditions. The
	// returned `Policy` will not have an `etag` or `condition` set because it is
	// a computed `Policy` across multiple resources.
	// Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
	// not be expanded.
	GetEffectivePolicy(ctx context.Context, in *GetEffectivePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
	// Creates a Policy.
	//
	// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
	// constraint does not exist.
	// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
	// policy already exists on the given Cloud resource.
	CreatePolicy(ctx context.Context, in *CreatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
	// Updates a Policy.
	//
	// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
	// constraint or the policy do not exist.
	// Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag
	// supplied in the request does not match the persisted etag of the policy
	//
	// Note: the supplied policy will perform a full overwrite of all
	// fields.
	UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
	// Deletes a Policy.
	//
	// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
	// constraint or Org Policy does not exist.
	DeletePolicy(ctx context.Context, in *DeletePolicyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
}

OrgPolicyClient is the client API for OrgPolicy service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewOrgPolicyClient

func NewOrgPolicyClient(cc grpc.ClientConnInterface) OrgPolicyClient

type OrgPolicyServer

type OrgPolicyServer interface {
	// Lists `Constraints` that could be applied on the specified resource.
	ListConstraints(context.Context, *ListConstraintsRequest) (*ListConstraintsResponse, error)
	// Retrieves all of the `Policies` that exist on a particular resource.
	ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error)
	// Gets a `Policy` on a resource.
	//
	// If no `Policy` is set on the resource, NOT_FOUND is returned. The
	// `etag` value can be used with `UpdatePolicy()` to update a
	// `Policy` during read-modify-write.
	GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
	// Gets the effective `Policy` on a resource. This is the result of merging
	// `Policies` in the resource hierarchy and evaluating conditions. The
	// returned `Policy` will not have an `etag` or `condition` set because it is
	// a computed `Policy` across multiple resources.
	// Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
	// not be expanded.
	GetEffectivePolicy(context.Context, *GetEffectivePolicyRequest) (*Policy, error)
	// Creates a Policy.
	//
	// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
	// constraint does not exist.
	// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
	// policy already exists on the given Cloud resource.
	CreatePolicy(context.Context, *CreatePolicyRequest) (*Policy, error)
	// Updates a Policy.
	//
	// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
	// constraint or the policy do not exist.
	// Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag
	// supplied in the request does not match the persisted etag of the policy
	//
	// Note: the supplied policy will perform a full overwrite of all
	// fields.
	UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
	// Deletes a Policy.
	//
	// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
	// constraint or Org Policy does not exist.
	DeletePolicy(context.Context, *DeletePolicyRequest) (*emptypb.Empty, error)
}

OrgPolicyServer is the server API for OrgPolicy service.

type Policy

type Policy struct {

	// Immutable. The resource name of the Policy. Must be one of the following
	// forms, where constraint_name is the name of the constraint which this
	// Policy configures:
	// * `projects/{project_number}/policies/{constraint_name}`
	// * `folders/{folder_id}/policies/{constraint_name}`
	// * `organizations/{organization_id}/policies/{constraint_name}`
	//
	// For example, "projects/123/policies/compute.disableSerialPortAccess".
	//
	// Note: `projects/{project_id}/policies/{constraint_name}` is also an
	// acceptable name for API requests, but responses will return the name using
	// the equivalent project number.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Basic information about the Organization Policy.
	Spec *PolicySpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"`
	// An alternate policy configuration that will be used instead of the baseline
	// policy configurations as determined by the launch.
	// Currently the only way the launch can trigger the alternate configuration
	// is via dry-run/darklaunch.
	Alternate *AlternatePolicySpec `protobuf:"bytes,3,opt,name=alternate,proto3" json:"alternate,omitempty"`
	// contains filtered or unexported fields
}

Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources.

func (*Policy) Descriptor deprecated

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) GetAlternate

func (x *Policy) GetAlternate() *AlternatePolicySpec

func (*Policy) GetName

func (x *Policy) GetName() string

func (*Policy) GetSpec

func (x *Policy) GetSpec() *PolicySpec

func (*Policy) ProtoMessage

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset

func (x *Policy) Reset()

func (*Policy) String

func (x *Policy) String() string

type PolicySpec

type PolicySpec struct {

	// An opaque tag indicating the current version of the `Policy`, used for
	// concurrency control.
	//
	// This field is ignored if used in a `CreatePolicy` request.
	//
	// When the `Policy` is returned from either a `GetPolicy` or a
	// `ListPolicies` request, this `etag` indicates the version of the
	// current `Policy` to use when executing a read-modify-write loop.
	//
	// When the `Policy` is returned from a `GetEffectivePolicy` request, the
	// `etag` will be unset.
	Etag string `protobuf:"bytes,1,opt,name=etag,proto3" json:"etag,omitempty"`
	// Output only. The time stamp this was previously updated. This
	// represents the last time a call to `CreatePolicy` or `UpdatePolicy` was
	// made for that `Policy`.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Up to 10 PolicyRules are allowed.
	//
	// In Policies for boolean constraints, the following requirements apply:
	//   - There must be one and only one PolicyRule where condition is unset.
	//   - BooleanPolicyRules with conditions must set `enforced` to the opposite
	//     of the PolicyRule without a condition.
	//   - During policy evaluation, PolicyRules with conditions that are
	//     true for a target resource take precedence.
	Rules []*PolicySpec_PolicyRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
	// Determines the inheritance behavior for this `Policy`.
	//
	// If `inherit_from_parent` is true, PolicyRules set higher up in the
	// hierarchy (up to the closest root) are inherited and present in the
	// effective policy. If it is false, then no rules are inherited, and this
	// Policy becomes the new root for evaluation.
	// This field can be set only for Policies which configure list constraints.
	InheritFromParent bool `protobuf:"varint,4,opt,name=inherit_from_parent,json=inheritFromParent,proto3" json:"inherit_from_parent,omitempty"`
	// Ignores policies set above this resource and restores the
	// `constraint_default` enforcement behavior of the specific `Constraint` at
	// this resource.
	// This field can be set in policies for either list or boolean
	// constraints. If set, `rules` must be empty and `inherit_from_parent`
	// must be set to false.
	Reset_ bool `protobuf:"varint,5,opt,name=reset,proto3" json:"reset,omitempty"`
	// contains filtered or unexported fields
}

Defines a Cloud Organization `PolicySpec` which is used to specify `Constraints` for configurations of Cloud Platform resources.

func (*PolicySpec) Descriptor deprecated

func (*PolicySpec) Descriptor() ([]byte, []int)

Deprecated: Use PolicySpec.ProtoReflect.Descriptor instead.

func (*PolicySpec) GetEtag

func (x *PolicySpec) GetEtag() string

func (*PolicySpec) GetInheritFromParent

func (x *PolicySpec) GetInheritFromParent() bool

func (*PolicySpec) GetReset_

func (x *PolicySpec) GetReset_() bool

func (*PolicySpec) GetRules

func (x *PolicySpec) GetRules() []*PolicySpec_PolicyRule

func (*PolicySpec) GetUpdateTime

func (x *PolicySpec) GetUpdateTime() *timestamppb.Timestamp

func (*PolicySpec) ProtoMessage

func (*PolicySpec) ProtoMessage()

func (*PolicySpec) ProtoReflect

func (x *PolicySpec) ProtoReflect() protoreflect.Message

func (*PolicySpec) Reset

func (x *PolicySpec) Reset()

func (*PolicySpec) String

func (x *PolicySpec) String() string

type PolicySpec_PolicyRule

type PolicySpec_PolicyRule struct {

	// Types that are assignable to Kind:
	//	*PolicySpec_PolicyRule_Values
	//	*PolicySpec_PolicyRule_AllowAll
	//	*PolicySpec_PolicyRule_DenyAll
	//	*PolicySpec_PolicyRule_Enforce
	Kind isPolicySpec_PolicyRule_Kind `protobuf_oneof:"kind"`
	// A condition which determines whether this rule is used
	// in the evaluation of the policy. When set, the `expression` field in
	// the `Expr' must include from 1 to 10 subexpressions, joined by the "||"
	// or "&&" operators. Each subexpression must be of the form
	// "resource.matchLabels(key_name, value_name)",
	// where key_name and value_name are the resource names for Label Keys
	// and Values. These names are available from the Label Manager Service. An
	// example expression is:
	// "resource.matchLabels('labelKeys/123, 'labelValues/456')".
	Condition *expr.Expr `protobuf:"bytes,5,opt,name=condition,proto3" json:"condition,omitempty"`
	// contains filtered or unexported fields
}

A rule used to express this policy.

func (*PolicySpec_PolicyRule) Descriptor deprecated

func (*PolicySpec_PolicyRule) Descriptor() ([]byte, []int)

Deprecated: Use PolicySpec_PolicyRule.ProtoReflect.Descriptor instead.

func (*PolicySpec_PolicyRule) GetAllowAll

func (x *PolicySpec_PolicyRule) GetAllowAll() bool

func (*PolicySpec_PolicyRule) GetCondition

func (x *PolicySpec_PolicyRule) GetCondition() *expr.Expr

func (*PolicySpec_PolicyRule) GetDenyAll

func (x *PolicySpec_PolicyRule) GetDenyAll() bool

func (*PolicySpec_PolicyRule) GetEnforce

func (x *PolicySpec_PolicyRule) GetEnforce() bool

func (*PolicySpec_PolicyRule) GetKind

func (m *PolicySpec_PolicyRule) GetKind() isPolicySpec_PolicyRule_Kind

func (*PolicySpec_PolicyRule) GetValues

func (*PolicySpec_PolicyRule) ProtoMessage

func (*PolicySpec_PolicyRule) ProtoMessage()

func (*PolicySpec_PolicyRule) ProtoReflect

func (x *PolicySpec_PolicyRule) ProtoReflect() protoreflect.Message

func (*PolicySpec_PolicyRule) Reset

func (x *PolicySpec_PolicyRule) Reset()

func (*PolicySpec_PolicyRule) String

func (x *PolicySpec_PolicyRule) String() string

type PolicySpec_PolicyRule_AllowAll

type PolicySpec_PolicyRule_AllowAll struct {
	// Setting this to true means that all values are allowed. This field can
	// be set only in Policies for list constraints.
	AllowAll bool `protobuf:"varint,2,opt,name=allow_all,json=allowAll,proto3,oneof"`
}

type PolicySpec_PolicyRule_DenyAll

type PolicySpec_PolicyRule_DenyAll struct {
	// Setting this to true means that all values are denied. This field can
	// be set only in Policies for list constraints.
	DenyAll bool `protobuf:"varint,3,opt,name=deny_all,json=denyAll,proto3,oneof"`
}

type PolicySpec_PolicyRule_Enforce

type PolicySpec_PolicyRule_Enforce struct {
	// If `true`, then the `Policy` is enforced. If `false`, then any
	// configuration is acceptable.
	// This field can be set only in Policies for boolean constraints.
	Enforce bool `protobuf:"varint,4,opt,name=enforce,proto3,oneof"`
}

type PolicySpec_PolicyRule_StringValues

type PolicySpec_PolicyRule_StringValues struct {

	// List of values allowed at this resource.
	AllowedValues []string `protobuf:"bytes,1,rep,name=allowed_values,json=allowedValues,proto3" json:"allowed_values,omitempty"`
	// List of values denied at this resource.
	DeniedValues []string `protobuf:"bytes,2,rep,name=denied_values,json=deniedValues,proto3" json:"denied_values,omitempty"`
	// contains filtered or unexported fields
}

A message that holds specific allowed and denied values. This message can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

  • "projects/<project-id>", e.g. "projects/tokyo-rain-123"
  • "folders/<folder-id>", e.g. "folders/1234"
  • "organizations/<organization-id>", e.g. "organizations/1234"

The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used.

func (*PolicySpec_PolicyRule_StringValues) Descriptor deprecated

func (*PolicySpec_PolicyRule_StringValues) Descriptor() ([]byte, []int)

Deprecated: Use PolicySpec_PolicyRule_StringValues.ProtoReflect.Descriptor instead.

func (*PolicySpec_PolicyRule_StringValues) GetAllowedValues

func (x *PolicySpec_PolicyRule_StringValues) GetAllowedValues() []string

func (*PolicySpec_PolicyRule_StringValues) GetDeniedValues

func (x *PolicySpec_PolicyRule_StringValues) GetDeniedValues() []string

func (*PolicySpec_PolicyRule_StringValues) ProtoMessage

func (*PolicySpec_PolicyRule_StringValues) ProtoMessage()

func (*PolicySpec_PolicyRule_StringValues) ProtoReflect

func (*PolicySpec_PolicyRule_StringValues) Reset

func (*PolicySpec_PolicyRule_StringValues) String

type PolicySpec_PolicyRule_Values

type PolicySpec_PolicyRule_Values struct {
	// List of values to be used for this PolicyRule. This field can be set
	// only in Policies for list constraints.
	Values *PolicySpec_PolicyRule_StringValues `protobuf:"bytes,1,opt,name=values,proto3,oneof"`
}

type UnimplementedOrgPolicyServer

type UnimplementedOrgPolicyServer struct {
}

UnimplementedOrgPolicyServer can be embedded to have forward compatible implementations.

func (*UnimplementedOrgPolicyServer) CreatePolicy

func (*UnimplementedOrgPolicyServer) DeletePolicy

func (*UnimplementedOrgPolicyServer) GetEffectivePolicy

func (*UnimplementedOrgPolicyServer) GetPolicy

func (*UnimplementedOrgPolicyServer) ListConstraints

func (*UnimplementedOrgPolicyServer) ListPolicies

func (*UnimplementedOrgPolicyServer) UpdatePolicy

type UpdatePolicyRequest

type UpdatePolicyRequest struct {

	// Required. `Policy` to update.
	Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
	// contains filtered or unexported fields
}

The request sent to the UpdatePolicyRequest [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.

func (*UpdatePolicyRequest) Descriptor deprecated

func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.

func (*UpdatePolicyRequest) GetPolicy

func (x *UpdatePolicyRequest) GetPolicy() *Policy

func (*UpdatePolicyRequest) ProtoMessage

func (*UpdatePolicyRequest) ProtoMessage()

func (*UpdatePolicyRequest) ProtoReflect

func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message

func (*UpdatePolicyRequest) Reset

func (x *UpdatePolicyRequest) Reset()

func (*UpdatePolicyRequest) String

func (x *UpdatePolicyRequest) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL