Variables
Constraint_ConstraintDefault_name, Constraint_ConstraintDefault_value
var
(
Constraint_ConstraintDefault_name
=
map
[
int32
]
string
{
0
:
"CONSTRAINT_DEFAULT_UNSPECIFIED"
,
1
:
"ALLOW"
,
2
:
"DENY"
,
}
Constraint_ConstraintDefault_value
=
map
[
string
]
int32
{
"CONSTRAINT_DEFAULT_UNSPECIFIED"
:
0
,
"ALLOW"
:
1
,
"DENY"
:
2
,
}
)
Enum value maps for Constraint_ConstraintDefault.
CustomConstraint_MethodType_name, CustomConstraint_MethodType_value
var
(
CustomConstraint_MethodType_name
=
map
[
int32
]
string
{
0
:
"METHOD_TYPE_UNSPECIFIED"
,
1
:
"CREATE"
,
2
:
"UPDATE"
,
3
:
"DELETE"
,
4
:
"REMOVE_GRANT"
,
5
:
"GOVERN_TAGS"
,
}
CustomConstraint_MethodType_value
=
map
[
string
]
int32
{
"METHOD_TYPE_UNSPECIFIED"
:
0
,
"CREATE"
:
1
,
"UPDATE"
:
2
,
"DELETE"
:
3
,
"REMOVE_GRANT"
:
4
,
"GOVERN_TAGS"
:
5
,
}
)
Enum value maps for CustomConstraint_MethodType.
CustomConstraint_ActionType_name, CustomConstraint_ActionType_value
var
(
CustomConstraint_ActionType_name
=
map
[
int32
]
string
{
0
:
"ACTION_TYPE_UNSPECIFIED"
,
1
:
"ALLOW"
,
2
:
"DENY"
,
}
CustomConstraint_ActionType_value
=
map
[
string
]
int32
{
"ACTION_TYPE_UNSPECIFIED"
:
0
,
"ALLOW"
:
1
,
"DENY"
:
2
,
}
)
Enum value maps for CustomConstraint_ActionType.
File_google_cloud_orgpolicy_v2_constraint_proto
var
File_google_cloud_orgpolicy_v2_constraint_proto
protoreflect
.
FileDescriptor
File_google_cloud_orgpolicy_v2_orgpolicy_proto
var
File_google_cloud_orgpolicy_v2_orgpolicy_proto
protoreflect
.
FileDescriptor
Functions
func RegisterOrgPolicyServer
func
RegisterOrgPolicyServer
(
s
*
grpc
.
Server
,
srv
OrgPolicyServer
)
AlternatePolicySpec
type
AlternatePolicySpec
struct
{
// Reference to the launch that will be used while audit logging and to
// control the launch.
// Should be set only in the alternate policy.
Launch
string
`protobuf:"bytes,1,opt,name=launch,proto3" json:"launch,omitempty"`
// Specify constraint for configurations of Google Cloud resources.
Spec
*
PolicySpec
`protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"`
// contains filtered or unexported fields
}
Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
func (*AlternatePolicySpec) Descriptor
func
(
*
AlternatePolicySpec
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use AlternatePolicySpec.ProtoReflect.Descriptor instead.
func (*AlternatePolicySpec) GetLaunch
func
(
x
*
AlternatePolicySpec
)
GetLaunch
()
string
func (*AlternatePolicySpec) GetSpec
func
(
x
*
AlternatePolicySpec
)
GetSpec
()
*
PolicySpec
func (*AlternatePolicySpec) ProtoMessage
func
(
*
AlternatePolicySpec
)
ProtoMessage
()
func (*AlternatePolicySpec) ProtoReflect
func
(
x
*
AlternatePolicySpec
)
ProtoReflect
()
protoreflect
.
Message
func (*AlternatePolicySpec) Reset
func
(
x
*
AlternatePolicySpec
)
Reset
()
func (*AlternatePolicySpec) String
func
(
x
*
AlternatePolicySpec
)
String
()
string
Constraint
type
Constraint
struct
{
// Immutable. The resource name of the constraint. Must be in one of
// the following forms:
//
// * `projects/{project_number}/constraints/{constraint_name}`
// * `folders/{folder_id}/constraints/{constraint_name}`
// * `organizations/{organization_id}/constraints/{constraint_name}`
//
// For example, "/projects/123/constraints/compute.disableSerialPortAccess".
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The human readable name.
//
// Mutable.
DisplayName
string
`protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
// Detailed description of what this constraint controls as well as how and
// where it is enforced.
//
// Mutable.
Description
string
`protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// The evaluation behavior of this constraint in the absence of a policy.
ConstraintDefault
Constraint_ConstraintDefault
`protobuf:"varint,4,opt,name=constraint_default,json=constraintDefault,proto3,enum=google.cloud.orgpolicy.v2.Constraint_ConstraintDefault" json:"constraint_default,omitempty"`
// The type of restrictions for this `Constraint`.
//
// Immutable after creation.
//
// Types that are assignable to ConstraintType:
//
// *Constraint_ListConstraint_
// *Constraint_BooleanConstraint_
ConstraintType
isConstraint_ConstraintType
`protobuf_oneof:"constraint_type"`
// Shows if dry run is supported for this constraint or not.
SupportsDryRun
bool
`protobuf:"varint,7,opt,name=supports_dry_run,json=supportsDryRun,proto3" json:"supports_dry_run,omitempty"`
// contains filtered or unexported fields
}
A constraint describes a way to restrict resource's configuration. For
example, you could enforce a constraint that controls which Google Cloud
services can be activated across an organization, or whether a Compute Engine
instance can have serial port connections established. Constraints can be
configured by the organization policy administrator to fit the needs of the
organization by setting a policy that includes constraints at different
locations in the organization's resource hierarchy. Policies are inherited
down the resource hierarchy from higher levels, but can also be overridden.
For details about the inheritance rules please read about
[ policies
][google.cloud.OrgPolicy.v2.Policy].
Constraints have a default behavior determined by the constraint_default
field, which is the enforcement behavior that is used in the absence of a
policy being defined or inherited for the resource in question.
func (*Constraint) Descriptor
func
(
*
Constraint
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use Constraint.ProtoReflect.Descriptor instead.
func (*Constraint) GetBooleanConstraint
func
(
x
*
Constraint
)
GetBooleanConstraint
()
*
Constraint_BooleanConstraint
func (*Constraint) GetConstraintDefault
func
(
x
*
Constraint
)
GetConstraintDefault
()
Constraint_ConstraintDefault
func (*Constraint) GetConstraintType
func
(
m
*
Constraint
)
GetConstraintType
()
isConstraint_ConstraintType
func (*Constraint) GetDescription
func
(
x
*
Constraint
)
GetDescription
()
string
func (*Constraint) GetDisplayName
func
(
x
*
Constraint
)
GetDisplayName
()
string
func (*Constraint) GetListConstraint
func
(
x
*
Constraint
)
GetListConstraint
()
*
Constraint_ListConstraint
func (*Constraint) GetName
func
(
x
*
Constraint
)
GetName
()
string
func (*Constraint) GetSupportsDryRun
func
(
x
*
Constraint
)
GetSupportsDryRun
()
bool
func (*Constraint) ProtoMessage
func
(
*
Constraint
)
ProtoMessage
()
func (*Constraint) ProtoReflect
func
(
x
*
Constraint
)
ProtoReflect
()
protoreflect
.
Message
func (*Constraint) Reset
func
(
x
*
Constraint
)
Reset
()
func (*Constraint) String
func
(
x
*
Constraint
)
String
()
string
Constraint_BooleanConstraint
type
Constraint_BooleanConstraint
struct
{
// contains filtered or unexported fields
}
A constraint that is either enforced or not.
For example, a constraint constraints/compute.disableSerialPortAccess
.
If it is enforced on a VM instance, serial port connections will not be
opened to that instance.
func (*Constraint_BooleanConstraint) Descriptor
func
(
*
Constraint_BooleanConstraint
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use Constraint_BooleanConstraint.ProtoReflect.Descriptor instead.
func (*Constraint_BooleanConstraint) ProtoMessage
func
(
*
Constraint_BooleanConstraint
)
ProtoMessage
()
func (*Constraint_BooleanConstraint) ProtoReflect
func
(
x
*
Constraint_BooleanConstraint
)
ProtoReflect
()
protoreflect
.
Message
func (*Constraint_BooleanConstraint) Reset
func
(
x
*
Constraint_BooleanConstraint
)
Reset
()
func (*Constraint_BooleanConstraint) String
func
(
x
*
Constraint_BooleanConstraint
)
String
()
string
Constraint_BooleanConstraint_
type
Constraint_BooleanConstraint_
struct
{
// Defines this constraint as being a BooleanConstraint.
BooleanConstraint
*
Constraint_BooleanConstraint
`protobuf:"bytes,6,opt,name=boolean_constraint,json=booleanConstraint,proto3,oneof"`
}
Constraint_ConstraintDefault
type
Constraint_ConstraintDefault
int32
Specifies the default behavior in the absence of any policy for the
constraint. This must not be CONSTRAINT_DEFAULT_UNSPECIFIED
.
Immutable after creation.
Constraint_CONSTRAINT_DEFAULT_UNSPECIFIED, Constraint_ALLOW, Constraint_DENY
const
(
// This is only used for distinguishing unset values and should never be
// used.
Constraint_CONSTRAINT_DEFAULT_UNSPECIFIED
Constraint_ConstraintDefault
=
0
// Indicate that all values are allowed for list constraints.
// Indicate that enforcement is off for boolean constraints.
Constraint_ALLOW
Constraint_ConstraintDefault
=
1
// Indicate that all values are denied for list constraints.
// Indicate that enforcement is on for boolean constraints.
Constraint_DENY
Constraint_ConstraintDefault
=
2
)
func (Constraint_ConstraintDefault) Descriptor
func
(
Constraint_ConstraintDefault
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (Constraint_ConstraintDefault) Enum
func
(
x
Constraint_ConstraintDefault
)
Enum
()
*
Constraint_ConstraintDefault
func (Constraint_ConstraintDefault) EnumDescriptor
func
(
Constraint_ConstraintDefault
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use Constraint_ConstraintDefault.Descriptor instead.
func (Constraint_ConstraintDefault) Number
func
(
x
Constraint_ConstraintDefault
)
Number
()
protoreflect
.
EnumNumber
func (Constraint_ConstraintDefault) String
func
(
x
Constraint_ConstraintDefault
)
String
()
string
func (Constraint_ConstraintDefault) Type
func
(
Constraint_ConstraintDefault
)
Type
()
protoreflect
.
EnumType
Constraint_ListConstraint
type
Constraint_ListConstraint
struct
{
// Indicates whether values grouped into categories can be used in
// `Policy.allowed_values` and `Policy.denied_values`. For example,
// `"in:Python"` would match any value in the 'Python' group.
SupportsIn
bool
`protobuf:"varint,1,opt,name=supports_in,json=supportsIn,proto3" json:"supports_in,omitempty"`
// Indicates whether subtrees of the Resource Manager resource hierarchy
// can be used in `Policy.allowed_values` and `Policy.denied_values`. For
// example, `"under:folders/123"` would match any resource under the
// 'folders/123' folder.
SupportsUnder
bool
`protobuf:"varint,2,opt,name=supports_under,json=supportsUnder,proto3" json:"supports_under,omitempty"`
// contains filtered or unexported fields
}
A constraint that allows or disallows a list of string values, which are configured by an Organization Policy administrator with a policy.
func (*Constraint_ListConstraint) Descriptor
func
(
*
Constraint_ListConstraint
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use Constraint_ListConstraint.ProtoReflect.Descriptor instead.
func (*Constraint_ListConstraint) GetSupportsIn
func
(
x
*
Constraint_ListConstraint
)
GetSupportsIn
()
bool
func (*Constraint_ListConstraint) GetSupportsUnder
func
(
x
*
Constraint_ListConstraint
)
GetSupportsUnder
()
bool
func (*Constraint_ListConstraint) ProtoMessage
func
(
*
Constraint_ListConstraint
)
ProtoMessage
()
func (*Constraint_ListConstraint) ProtoReflect
func
(
x
*
Constraint_ListConstraint
)
ProtoReflect
()
protoreflect
.
Message
func (*Constraint_ListConstraint) Reset
func
(
x
*
Constraint_ListConstraint
)
Reset
()
func (*Constraint_ListConstraint) String
func
(
x
*
Constraint_ListConstraint
)
String
()
string
Constraint_ListConstraint_
type
Constraint_ListConstraint_
struct
{
// Defines this constraint as being a ListConstraint.
ListConstraint
*
Constraint_ListConstraint
`protobuf:"bytes,5,opt,name=list_constraint,json=listConstraint,proto3,oneof"`
}
CreateCustomConstraintRequest
type
CreateCustomConstraintRequest
struct
{
// Required. Must be in the following form:
//
// * `organizations/{organization_id}`
Parent
string
`protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. Custom constraint to create.
CustomConstraint
*
CustomConstraint
`protobuf:"bytes,2,opt,name=custom_constraint,json=customConstraint,proto3" json:"custom_constraint,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [CreateCustomConstraintRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreateCustomConstraint] method.
func (*CreateCustomConstraintRequest) Descriptor
func
(
*
CreateCustomConstraintRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use CreateCustomConstraintRequest.ProtoReflect.Descriptor instead.
func (*CreateCustomConstraintRequest) GetCustomConstraint
func
(
x
*
CreateCustomConstraintRequest
)
GetCustomConstraint
()
*
CustomConstraint
func (*CreateCustomConstraintRequest) GetParent
func
(
x
*
CreateCustomConstraintRequest
)
GetParent
()
string
func (*CreateCustomConstraintRequest) ProtoMessage
func
(
*
CreateCustomConstraintRequest
)
ProtoMessage
()
func (*CreateCustomConstraintRequest) ProtoReflect
func
(
x
*
CreateCustomConstraintRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*CreateCustomConstraintRequest) Reset
func
(
x
*
CreateCustomConstraintRequest
)
Reset
()
func (*CreateCustomConstraintRequest) String
func
(
x
*
CreateCustomConstraintRequest
)
String
()
string
CreatePolicyRequest
type
CreatePolicyRequest
struct
{
// Required. The Google Cloud resource that will parent the new policy. Must
// be in one of the following forms:
//
// * `projects/{project_number}`
// * `projects/{project_id}`
// * `folders/{folder_id}`
// * `organizations/{organization_id}`
Parent
string
`protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. Policy to create.
Policy
*
Policy
`protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [CreatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.
func (*CreatePolicyRequest) Descriptor
func
(
*
CreatePolicyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use CreatePolicyRequest.ProtoReflect.Descriptor instead.
func (*CreatePolicyRequest) GetParent
func
(
x
*
CreatePolicyRequest
)
GetParent
()
string
func (*CreatePolicyRequest) GetPolicy
func
(
x
*
CreatePolicyRequest
)
GetPolicy
()
*
Policy
func (*CreatePolicyRequest) ProtoMessage
func
(
*
CreatePolicyRequest
)
ProtoMessage
()
func (*CreatePolicyRequest) ProtoReflect
func
(
x
*
CreatePolicyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*CreatePolicyRequest) Reset
func
(
x
*
CreatePolicyRequest
)
Reset
()
func (*CreatePolicyRequest) String
func
(
x
*
CreatePolicyRequest
)
String
()
string
CustomConstraint
type
CustomConstraint
struct
{
// Immutable. Name of the constraint. This is unique within the organization.
// Format of the name should be
//
// * `organizations/{organization_id}/customConstraints/{custom_constraint_id}`
//
// Example: `organizations/123/customConstraints/custom.createOnlyE2TypeVms`
//
// The max length is 70 characters and the minimum length is 1. Note that the
// prefix `organizations/{organization_id}/customConstraints/` is not counted.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Immutable. The resource instance type on which this policy applies. Format
// will be of the form : `
A custom constraint defined by customers which can only be applied to the given resource types and organization.
By creating a custom constraint, customers can apply policies of this custom constraint. Creating a custom constraint itself does NOT apply any policy enforcement .
func (*CustomConstraint) Descriptor
func
(
*
CustomConstraint
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use CustomConstraint.ProtoReflect.Descriptor instead.
func (*CustomConstraint) GetActionType
func
(
x
*
CustomConstraint
)
GetActionType
()
CustomConstraint_ActionType
func (*CustomConstraint) GetCondition
func
(
x
*
CustomConstraint
)
GetCondition
()
string
func (*CustomConstraint) GetDescription
func
(
x
*
CustomConstraint
)
GetDescription
()
string
func (*CustomConstraint) GetDisplayName
func
(
x
*
CustomConstraint
)
GetDisplayName
()
string
func (*CustomConstraint) GetMethodTypes
func
(
x
*
CustomConstraint
)
GetMethodTypes
()
[]
CustomConstraint_MethodType
func (*CustomConstraint) GetName
func
(
x
*
CustomConstraint
)
GetName
()
string
func (*CustomConstraint) GetResourceTypes
func
(
x
*
CustomConstraint
)
GetResourceTypes
()
[]
string
func (*CustomConstraint) GetUpdateTime
func
(
x
*
CustomConstraint
)
GetUpdateTime
()
*
timestamppb
.
Timestamp
func (*CustomConstraint) ProtoMessage
func
(
*
CustomConstraint
)
ProtoMessage
()
func (*CustomConstraint) ProtoReflect
func
(
x
*
CustomConstraint
)
ProtoReflect
()
protoreflect
.
Message
func (*CustomConstraint) Reset
func
(
x
*
CustomConstraint
)
Reset
()
func (*CustomConstraint) String
func
(
x
*
CustomConstraint
)
String
()
string
CustomConstraint_ActionType
type
CustomConstraint_ActionType
int32
Allow or deny type.
CustomConstraint_ACTION_TYPE_UNSPECIFIED, CustomConstraint_ALLOW, CustomConstraint_DENY
const
(
// Unspecified. Results in an error.
CustomConstraint_ACTION_TYPE_UNSPECIFIED
CustomConstraint_ActionType
=
0
// Allowed action type.
CustomConstraint_ALLOW
CustomConstraint_ActionType
=
1
// Deny action type.
CustomConstraint_DENY
CustomConstraint_ActionType
=
2
)
func (CustomConstraint_ActionType) Descriptor
func
(
CustomConstraint_ActionType
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (CustomConstraint_ActionType) Enum
func
(
x
CustomConstraint_ActionType
)
Enum
()
*
CustomConstraint_ActionType
func (CustomConstraint_ActionType) EnumDescriptor
func
(
CustomConstraint_ActionType
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use CustomConstraint_ActionType.Descriptor instead.
func (CustomConstraint_ActionType) Number
func
(
x
CustomConstraint_ActionType
)
Number
()
protoreflect
.
EnumNumber
func (CustomConstraint_ActionType) String
func
(
x
CustomConstraint_ActionType
)
String
()
string
func (CustomConstraint_ActionType) Type
func
(
CustomConstraint_ActionType
)
Type
()
protoreflect
.
EnumType
CustomConstraint_MethodType
type
CustomConstraint_MethodType
int32
The operation for which this constraint will be applied. To apply this
constraint only when creating new VMs, the method_types
should be CREATE
only. To apply this constraint when creating or deleting
VMs, the method_types
should be CREATE
and DELETE
.
UPDATE
only custom constraints are not supported. Use CREATE
or CREATE, UPDATE
.
CustomConstraint_METHOD_TYPE_UNSPECIFIED, CustomConstraint_CREATE, CustomConstraint_UPDATE, CustomConstraint_DELETE, CustomConstraint_REMOVE_GRANT, CustomConstraint_GOVERN_TAGS
const
(
// Unspecified. Results in an error.
CustomConstraint_METHOD_TYPE_UNSPECIFIED
CustomConstraint_MethodType
=
0
// Constraint applied when creating the resource.
CustomConstraint_CREATE
CustomConstraint_MethodType
=
1
// Constraint applied when updating the resource.
CustomConstraint_UPDATE
CustomConstraint_MethodType
=
2
// Constraint applied when deleting the resource.
// Not supported yet.
CustomConstraint_DELETE
CustomConstraint_MethodType
=
3
// Constraint applied when removing an IAM grant.
CustomConstraint_REMOVE_GRANT
CustomConstraint_MethodType
=
4
// Constraint applied when enforcing forced tagging.
CustomConstraint_GOVERN_TAGS
CustomConstraint_MethodType
=
5
)
func (CustomConstraint_MethodType) Descriptor
func
(
CustomConstraint_MethodType
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (CustomConstraint_MethodType) Enum
func
(
x
CustomConstraint_MethodType
)
Enum
()
*
CustomConstraint_MethodType
func (CustomConstraint_MethodType) EnumDescriptor
func
(
CustomConstraint_MethodType
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use CustomConstraint_MethodType.Descriptor instead.
func (CustomConstraint_MethodType) Number
func
(
x
CustomConstraint_MethodType
)
Number
()
protoreflect
.
EnumNumber
func (CustomConstraint_MethodType) String
func
(
x
CustomConstraint_MethodType
)
String
()
string
func (CustomConstraint_MethodType) Type
func
(
CustomConstraint_MethodType
)
Type
()
protoreflect
.
EnumType
DeleteCustomConstraintRequest
type
DeleteCustomConstraintRequest
struct
{
// Required. Name of the custom constraint to delete.
// See the custom constraint entry for naming rules.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [DeleteCustomConstraint] [google.cloud.orgpolicy.v2.OrgPolicy.DeleteCustomConstraint] method.
func (*DeleteCustomConstraintRequest) Descriptor
func
(
*
DeleteCustomConstraintRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use DeleteCustomConstraintRequest.ProtoReflect.Descriptor instead.
func (*DeleteCustomConstraintRequest) GetName
func
(
x
*
DeleteCustomConstraintRequest
)
GetName
()
string
func (*DeleteCustomConstraintRequest) ProtoMessage
func
(
*
DeleteCustomConstraintRequest
)
ProtoMessage
()
func (*DeleteCustomConstraintRequest) ProtoReflect
func
(
x
*
DeleteCustomConstraintRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*DeleteCustomConstraintRequest) Reset
func
(
x
*
DeleteCustomConstraintRequest
)
Reset
()
func (*DeleteCustomConstraintRequest) String
func
(
x
*
DeleteCustomConstraintRequest
)
String
()
string
DeletePolicyRequest
type
DeletePolicyRequest
struct
{
// Required. Name of the policy to delete.
// See the policy entry for naming rules.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The current etag of policy. If an etag is provided and does not
// match the current etag of the policy, deletion will be blocked and an
// ABORTED error will be returned.
Etag
string
`protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [DeletePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.DeletePolicy] method.
func (*DeletePolicyRequest) Descriptor
func
(
*
DeletePolicyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use DeletePolicyRequest.ProtoReflect.Descriptor instead.
func (*DeletePolicyRequest) GetEtag
func
(
x
*
DeletePolicyRequest
)
GetEtag
()
string
func (*DeletePolicyRequest) GetName
func
(
x
*
DeletePolicyRequest
)
GetName
()
string
func (*DeletePolicyRequest) ProtoMessage
func
(
*
DeletePolicyRequest
)
ProtoMessage
()
func (*DeletePolicyRequest) ProtoReflect
func
(
x
*
DeletePolicyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*DeletePolicyRequest) Reset
func
(
x
*
DeletePolicyRequest
)
Reset
()
func (*DeletePolicyRequest) String
func
(
x
*
DeletePolicyRequest
)
String
()
string
GetCustomConstraintRequest
type
GetCustomConstraintRequest
struct
{
// Required. Resource name of the custom constraint. See the custom constraint
// entry for naming requirements.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [GetCustomConstraint] [google.cloud.orgpolicy.v2.OrgPolicy.GetCustomConstraint] method.
func (*GetCustomConstraintRequest) Descriptor
func
(
*
GetCustomConstraintRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use GetCustomConstraintRequest.ProtoReflect.Descriptor instead.
func (*GetCustomConstraintRequest) GetName
func
(
x
*
GetCustomConstraintRequest
)
GetName
()
string
func (*GetCustomConstraintRequest) ProtoMessage
func
(
*
GetCustomConstraintRequest
)
ProtoMessage
()
func (*GetCustomConstraintRequest) ProtoReflect
func
(
x
*
GetCustomConstraintRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*GetCustomConstraintRequest) Reset
func
(
x
*
GetCustomConstraintRequest
)
Reset
()
func (*GetCustomConstraintRequest) String
func
(
x
*
GetCustomConstraintRequest
)
String
()
string
GetEffectivePolicyRequest
type
GetEffectivePolicyRequest
struct
{
// Required. The effective policy to compute. See
// [Policy][google.cloud.orgpolicy.v2.Policy] for naming requirements.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [GetEffectivePolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetEffectivePolicy] method.
func (*GetEffectivePolicyRequest) Descriptor
func
(
*
GetEffectivePolicyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use GetEffectivePolicyRequest.ProtoReflect.Descriptor instead.
func (*GetEffectivePolicyRequest) GetName
func
(
x
*
GetEffectivePolicyRequest
)
GetName
()
string
func (*GetEffectivePolicyRequest) ProtoMessage
func
(
*
GetEffectivePolicyRequest
)
ProtoMessage
()
func (*GetEffectivePolicyRequest) ProtoReflect
func
(
x
*
GetEffectivePolicyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*GetEffectivePolicyRequest) Reset
func
(
x
*
GetEffectivePolicyRequest
)
Reset
()
func (*GetEffectivePolicyRequest) String
func
(
x
*
GetEffectivePolicyRequest
)
String
()
string
GetPolicyRequest
type
GetPolicyRequest
struct
{
// Required. Resource name of the policy. See
// [Policy][google.cloud.orgpolicy.v2.Policy] for naming requirements.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [GetPolicy] [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.
func (*GetPolicyRequest) Descriptor
func
(
*
GetPolicyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetPolicyRequest) GetName
func
(
x
*
GetPolicyRequest
)
GetName
()
string
func (*GetPolicyRequest) ProtoMessage
func
(
*
GetPolicyRequest
)
ProtoMessage
()
func (*GetPolicyRequest) ProtoReflect
func
(
x
*
GetPolicyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*GetPolicyRequest) Reset
func
(
x
*
GetPolicyRequest
)
Reset
()
func (*GetPolicyRequest) String
func
(
x
*
GetPolicyRequest
)
String
()
string
ListConstraintsRequest
type
ListConstraintsRequest
struct
{
// Required. The Google Cloud resource that parents the constraint. Must be in
// one of the following forms:
//
// * `projects/{project_number}`
// * `projects/{project_id}`
// * `folders/{folder_id}`
// * `organizations/{organization_id}`
Parent
string
`protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Size of the pages to be returned. This is currently unsupported and will
// be ignored. The server may at any point start using this field to limit
// page size.
PageSize
int32
`protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Page token used to retrieve the next page. This is currently unsupported
// and will be ignored. The server may at any point start using this field.
PageToken
string
`protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
func (*ListConstraintsRequest) Descriptor
func
(
*
ListConstraintsRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListConstraintsRequest.ProtoReflect.Descriptor instead.
func (*ListConstraintsRequest) GetPageSize
func
(
x
*
ListConstraintsRequest
)
GetPageSize
()
int32
func (*ListConstraintsRequest) GetPageToken
func
(
x
*
ListConstraintsRequest
)
GetPageToken
()
string
func (*ListConstraintsRequest) GetParent
func
(
x
*
ListConstraintsRequest
)
GetParent
()
string
func (*ListConstraintsRequest) ProtoMessage
func
(
*
ListConstraintsRequest
)
ProtoMessage
()
func (*ListConstraintsRequest) ProtoReflect
func
(
x
*
ListConstraintsRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*ListConstraintsRequest) Reset
func
(
x
*
ListConstraintsRequest
)
Reset
()
func (*ListConstraintsRequest) String
func
(
x
*
ListConstraintsRequest
)
String
()
string
ListConstraintsResponse
type
ListConstraintsResponse
struct
{
// The collection of constraints that are available on the targeted resource.
Constraints
[]
*
Constraint
`protobuf:"bytes,1,rep,name=constraints,proto3" json:"constraints,omitempty"`
// Page token used to retrieve the next page. This is currently not used.
NextPageToken
string
`protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The response returned from the [ListConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
func (*ListConstraintsResponse) Descriptor
func
(
*
ListConstraintsResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListConstraintsResponse.ProtoReflect.Descriptor instead.
func (*ListConstraintsResponse) GetConstraints
func
(
x
*
ListConstraintsResponse
)
GetConstraints
()
[]
*
Constraint
func (*ListConstraintsResponse) GetNextPageToken
func
(
x
*
ListConstraintsResponse
)
GetNextPageToken
()
string
func (*ListConstraintsResponse) ProtoMessage
func
(
*
ListConstraintsResponse
)
ProtoMessage
()
func (*ListConstraintsResponse) ProtoReflect
func
(
x
*
ListConstraintsResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*ListConstraintsResponse) Reset
func
(
x
*
ListConstraintsResponse
)
Reset
()
func (*ListConstraintsResponse) String
func
(
x
*
ListConstraintsResponse
)
String
()
string
ListCustomConstraintsRequest
type
ListCustomConstraintsRequest
struct
{
// Required. The target Google Cloud resource that parents the set of custom
// constraints that will be returned from this call. Must be in one of the
// following forms:
//
// * `organizations/{organization_id}`
Parent
string
`protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Size of the pages to be returned. This is currently unsupported and will
// be ignored. The server may at any point start using this field to limit
// page size.
PageSize
int32
`protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Page token used to retrieve the next page. This is currently unsupported
// and will be ignored. The server may at any point start using this field.
PageToken
string
`protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [ListCustomConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListCustomConstraints] method.
func (*ListCustomConstraintsRequest) Descriptor
func
(
*
ListCustomConstraintsRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListCustomConstraintsRequest.ProtoReflect.Descriptor instead.
func (*ListCustomConstraintsRequest) GetPageSize
func
(
x
*
ListCustomConstraintsRequest
)
GetPageSize
()
int32
func (*ListCustomConstraintsRequest) GetPageToken
func
(
x
*
ListCustomConstraintsRequest
)
GetPageToken
()
string
func (*ListCustomConstraintsRequest) GetParent
func
(
x
*
ListCustomConstraintsRequest
)
GetParent
()
string
func (*ListCustomConstraintsRequest) ProtoMessage
func
(
*
ListCustomConstraintsRequest
)
ProtoMessage
()
func (*ListCustomConstraintsRequest) ProtoReflect
func
(
x
*
ListCustomConstraintsRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*ListCustomConstraintsRequest) Reset
func
(
x
*
ListCustomConstraintsRequest
)
Reset
()
func (*ListCustomConstraintsRequest) String
func
(
x
*
ListCustomConstraintsRequest
)
String
()
string
ListCustomConstraintsResponse
type
ListCustomConstraintsResponse
struct
{
// All custom constraints that exist on the organization resource. It will be
// empty if no custom constraints are set.
CustomConstraints
[]
*
CustomConstraint
`protobuf:"bytes,1,rep,name=custom_constraints,json=customConstraints,proto3" json:"custom_constraints,omitempty"`
// Page token used to retrieve the next page. This is currently not used, but
// the server may at any point start supplying a valid token.
NextPageToken
string
`protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The response returned from the [ListCustomConstraints] [google.cloud.orgpolicy.v2.OrgPolicy.ListCustomConstraints] method. It will be empty if no custom constraints are set on the organization resource.
func (*ListCustomConstraintsResponse) Descriptor
func
(
*
ListCustomConstraintsResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListCustomConstraintsResponse.ProtoReflect.Descriptor instead.
func (*ListCustomConstraintsResponse) GetCustomConstraints
func
(
x
*
ListCustomConstraintsResponse
)
GetCustomConstraints
()
[]
*
CustomConstraint
func (*ListCustomConstraintsResponse) GetNextPageToken
func
(
x
*
ListCustomConstraintsResponse
)
GetNextPageToken
()
string
func (*ListCustomConstraintsResponse) ProtoMessage
func
(
*
ListCustomConstraintsResponse
)
ProtoMessage
()
func (*ListCustomConstraintsResponse) ProtoReflect
func
(
x
*
ListCustomConstraintsResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*ListCustomConstraintsResponse) Reset
func
(
x
*
ListCustomConstraintsResponse
)
Reset
()
func (*ListCustomConstraintsResponse) String
func
(
x
*
ListCustomConstraintsResponse
)
String
()
string
ListPoliciesRequest
type
ListPoliciesRequest
struct
{
// Required. The target Google Cloud resource that parents the set of
// constraints and policies that will be returned from this call. Must be in
// one of the following forms:
//
// * `projects/{project_number}`
// * `projects/{project_id}`
// * `folders/{folder_id}`
// * `organizations/{organization_id}`
Parent
string
`protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Size of the pages to be returned. This is currently unsupported and will
// be ignored. The server may at any point start using this field to limit
// page size.
PageSize
int32
`protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Page token used to retrieve the next page. This is currently unsupported
// and will be ignored. The server may at any point start using this field.
PageToken
string
`protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.
func (*ListPoliciesRequest) Descriptor
func
(
*
ListPoliciesRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListPoliciesRequest.ProtoReflect.Descriptor instead.
func (*ListPoliciesRequest) GetPageSize
func
(
x
*
ListPoliciesRequest
)
GetPageSize
()
int32
func (*ListPoliciesRequest) GetPageToken
func
(
x
*
ListPoliciesRequest
)
GetPageToken
()
string
func (*ListPoliciesRequest) GetParent
func
(
x
*
ListPoliciesRequest
)
GetParent
()
string
func (*ListPoliciesRequest) ProtoMessage
func
(
*
ListPoliciesRequest
)
ProtoMessage
()
func (*ListPoliciesRequest) ProtoReflect
func
(
x
*
ListPoliciesRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*ListPoliciesRequest) Reset
func
(
x
*
ListPoliciesRequest
)
Reset
()
func (*ListPoliciesRequest) String
func
(
x
*
ListPoliciesRequest
)
String
()
string
ListPoliciesResponse
type
ListPoliciesResponse
struct
{
// All policies that exist on the resource. It will be empty if no
// policies are set.
Policies
[]
*
Policy
`protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
// Page token used to retrieve the next page. This is currently not used, but
// the server may at any point start supplying a valid token.
NextPageToken
string
`protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The response returned from the [ListPolicies] [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method. It will be empty if no policies are set on the resource.
func (*ListPoliciesResponse) Descriptor
func
(
*
ListPoliciesResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListPoliciesResponse.ProtoReflect.Descriptor instead.
func (*ListPoliciesResponse) GetNextPageToken
func
(
x
*
ListPoliciesResponse
)
GetNextPageToken
()
string
func (*ListPoliciesResponse) GetPolicies
func
(
x
*
ListPoliciesResponse
)
GetPolicies
()
[]
*
Policy
func (*ListPoliciesResponse) ProtoMessage
func
(
*
ListPoliciesResponse
)
ProtoMessage
()
func (*ListPoliciesResponse) ProtoReflect
func
(
x
*
ListPoliciesResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*ListPoliciesResponse) Reset
func
(
x
*
ListPoliciesResponse
)
Reset
()
func (*ListPoliciesResponse) String
func
(
x
*
ListPoliciesResponse
)
String
()
string
OrgPolicyClient
type
OrgPolicyClient
interface
{
// Lists constraints that could be applied on the specified resource.
ListConstraints
(
ctx
context
.
Context
,
in
*
ListConstraintsRequest
,
opts
...
grpc
.
CallOption
)
(
*
ListConstraintsResponse
,
error
)
// Retrieves all of the policies that exist on a particular resource.
ListPolicies
(
ctx
context
.
Context
,
in
*
ListPoliciesRequest
,
opts
...
grpc
.
CallOption
)
(
*
ListPoliciesResponse
,
error
)
// Gets a policy on a resource.
//
// If no policy is set on the resource, `NOT_FOUND` is returned. The
// `etag` value can be used with `UpdatePolicy()` to update a
// policy during read-modify-write.
GetPolicy
(
ctx
context
.
Context
,
in
*
GetPolicyRequest
,
opts
...
grpc
.
CallOption
)
(
*
Policy
,
error
)
// Gets the effective policy on a resource. This is the result of merging
// policies in the resource hierarchy and evaluating conditions. The
// returned policy will not have an `etag` or `condition` set because it is
// an evaluated policy across multiple resources.
// Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
// not be expanded.
GetEffectivePolicy
(
ctx
context
.
Context
,
in
*
GetEffectivePolicyRequest
,
opts
...
grpc
.
CallOption
)
(
*
Policy
,
error
)
// Creates a policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint does not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
// policy already exists on the given Google Cloud resource.
CreatePolicy
(
ctx
context
.
Context
,
in
*
CreatePolicyRequest
,
opts
...
grpc
.
CallOption
)
(
*
Policy
,
error
)
// Updates a policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint or the policy do not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag
// supplied in the request does not match the persisted etag of the policy
//
// Note: the supplied policy will perform a full overwrite of all
// fields.
UpdatePolicy
(
ctx
context
.
Context
,
in
*
UpdatePolicyRequest
,
opts
...
grpc
.
CallOption
)
(
*
Policy
,
error
)
// Deletes a policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint or organization policy does not exist.
DeletePolicy
(
ctx
context
.
Context
,
in
*
DeletePolicyRequest
,
opts
...
grpc
.
CallOption
)
(
*
emptypb
.
Empty
,
error
)
// Creates a custom constraint.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// organization does not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
// constraint already exists on the given organization.
CreateCustomConstraint
(
ctx
context
.
Context
,
in
*
CreateCustomConstraintRequest
,
opts
...
grpc
.
CallOption
)
(
*
CustomConstraint
,
error
)
// Updates a custom constraint.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint does not exist.
//
// Note: the supplied policy will perform a full overwrite of all
// fields.
UpdateCustomConstraint
(
ctx
context
.
Context
,
in
*
UpdateCustomConstraintRequest
,
opts
...
grpc
.
CallOption
)
(
*
CustomConstraint
,
error
)
// Gets a custom constraint.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// custom constraint does not exist.
GetCustomConstraint
(
ctx
context
.
Context
,
in
*
GetCustomConstraintRequest
,
opts
...
grpc
.
CallOption
)
(
*
CustomConstraint
,
error
)
// Retrieves all of the custom constraints that exist on a particular
// organization resource.
ListCustomConstraints
(
ctx
context
.
Context
,
in
*
ListCustomConstraintsRequest
,
opts
...
grpc
.
CallOption
)
(
*
ListCustomConstraintsResponse
,
error
)
// Deletes a custom constraint.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint does not exist.
DeleteCustomConstraint
(
ctx
context
.
Context
,
in
*
DeleteCustomConstraintRequest
,
opts
...
grpc
.
CallOption
)
(
*
emptypb
.
Empty
,
error
)
}
OrgPolicyClient is the client API for OrgPolicy service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream .
func NewOrgPolicyClient
func
NewOrgPolicyClient
(
cc
grpc
.
ClientConnInterface
)
OrgPolicyClient
OrgPolicyServer
type
OrgPolicyServer
interface
{
// Lists constraints that could be applied on the specified resource.
ListConstraints
(
context
.
Context
,
*
ListConstraintsRequest
)
(
*
ListConstraintsResponse
,
error
)
// Retrieves all of the policies that exist on a particular resource.
ListPolicies
(
context
.
Context
,
*
ListPoliciesRequest
)
(
*
ListPoliciesResponse
,
error
)
// Gets a policy on a resource.
//
// If no policy is set on the resource, `NOT_FOUND` is returned. The
// `etag` value can be used with `UpdatePolicy()` to update a
// policy during read-modify-write.
GetPolicy
(
context
.
Context
,
*
GetPolicyRequest
)
(
*
Policy
,
error
)
// Gets the effective policy on a resource. This is the result of merging
// policies in the resource hierarchy and evaluating conditions. The
// returned policy will not have an `etag` or `condition` set because it is
// an evaluated policy across multiple resources.
// Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
// not be expanded.
GetEffectivePolicy
(
context
.
Context
,
*
GetEffectivePolicyRequest
)
(
*
Policy
,
error
)
// Creates a policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint does not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
// policy already exists on the given Google Cloud resource.
CreatePolicy
(
context
.
Context
,
*
CreatePolicyRequest
)
(
*
Policy
,
error
)
// Updates a policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint or the policy do not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag
// supplied in the request does not match the persisted etag of the policy
//
// Note: the supplied policy will perform a full overwrite of all
// fields.
UpdatePolicy
(
context
.
Context
,
*
UpdatePolicyRequest
)
(
*
Policy
,
error
)
// Deletes a policy.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint or organization policy does not exist.
DeletePolicy
(
context
.
Context
,
*
DeletePolicyRequest
)
(
*
emptypb
.
Empty
,
error
)
// Creates a custom constraint.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// organization does not exist.
// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
// constraint already exists on the given organization.
CreateCustomConstraint
(
context
.
Context
,
*
CreateCustomConstraintRequest
)
(
*
CustomConstraint
,
error
)
// Updates a custom constraint.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint does not exist.
//
// Note: the supplied policy will perform a full overwrite of all
// fields.
UpdateCustomConstraint
(
context
.
Context
,
*
UpdateCustomConstraintRequest
)
(
*
CustomConstraint
,
error
)
// Gets a custom constraint.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// custom constraint does not exist.
GetCustomConstraint
(
context
.
Context
,
*
GetCustomConstraintRequest
)
(
*
CustomConstraint
,
error
)
// Retrieves all of the custom constraints that exist on a particular
// organization resource.
ListCustomConstraints
(
context
.
Context
,
*
ListCustomConstraintsRequest
)
(
*
ListCustomConstraintsResponse
,
error
)
// Deletes a custom constraint.
//
// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
// constraint does not exist.
DeleteCustomConstraint
(
context
.
Context
,
*
DeleteCustomConstraintRequest
)
(
*
emptypb
.
Empty
,
error
)
}
OrgPolicyServer is the server API for OrgPolicy service.
Policy
type
Policy
struct
{
// Immutable. The resource name of the policy. Must be one of the following
// forms, where `constraint_name` is the name of the constraint which this
// policy configures:
//
// * `projects/{project_number}/policies/{constraint_name}`
// * `folders/{folder_id}/policies/{constraint_name}`
// * `organizations/{organization_id}/policies/{constraint_name}`
//
// For example, `projects/123/policies/compute.disableSerialPortAccess`.
//
// Note: `projects/{project_id}/policies/{constraint_name}` is also an
// acceptable name for API requests, but responses will return the name using
// the equivalent project number.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Basic information about the Organization Policy.
Spec
*
PolicySpec
`protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"`
// Deprecated.
//
// Deprecated: Marked as deprecated in google/cloud/orgpolicy/v2/orgpolicy.proto.
Alternate
*
AlternatePolicySpec
`protobuf:"bytes,3,opt,name=alternate,proto3" json:"alternate,omitempty"`
// Dry-run policy.
// Audit-only policy, can be used to monitor how the policy would have
// impacted the existing and future resources if it's enforced.
DryRunSpec
*
PolicySpec
`protobuf:"bytes,4,opt,name=dry_run_spec,json=dryRunSpec,proto3" json:"dry_run_spec,omitempty"`
// Optional. An opaque tag indicating the current state of the policy, used
// for concurrency control. This 'etag' is computed by the server based on the
// value of other fields, and may be sent on update and delete requests to
// ensure the client has an up-to-date value before proceeding.
Etag
string
`protobuf:"bytes,5,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}
Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.
func (*Policy) Descriptor
Deprecated: Use Policy.ProtoReflect.Descriptor instead.
func (*Policy) GetAlternate
func
(
x
*
Policy
)
GetAlternate
()
*
AlternatePolicySpec
Deprecated: Marked as deprecated in google/cloud/orgpolicy/v2/orgpolicy.proto.
func (*Policy) GetDryRunSpec
func
(
x
*
Policy
)
GetDryRunSpec
()
*
PolicySpec
func (*Policy) GetEtag
func (*Policy) GetName
func (*Policy) GetSpec
func
(
x
*
Policy
)
GetSpec
()
*
PolicySpec
func (*Policy) ProtoMessage
func
(
*
Policy
)
ProtoMessage
()
func (*Policy) ProtoReflect
func
(
x
*
Policy
)
ProtoReflect
()
protoreflect
.
Message
func (*Policy) Reset
func
(
x
*
Policy
)
Reset
()
func (*Policy) String
PolicySpec
type
PolicySpec
struct
{
// An opaque tag indicating the current version of the policySpec, used for
// concurrency control.
//
// This field is ignored if used in a `CreatePolicy` request.
//
// When the policy is returned from either a `GetPolicy` or a
// `ListPolicies` request, this `etag` indicates the version of the
// current policySpec to use when executing a read-modify-write loop.
//
// When the policy is returned from a `GetEffectivePolicy` request, the
// `etag` will be unset.
Etag
string
`protobuf:"bytes,1,opt,name=etag,proto3" json:"etag,omitempty"`
// Output only. The time stamp this was previously updated. This
// represents the last time a call to `CreatePolicy` or `UpdatePolicy` was
// made for that policy.
UpdateTime
*
timestamppb
.
Timestamp
`protobuf:"bytes,2,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// In policies for boolean constraints, the following requirements apply:
//
// - There must be one and only one policy rule where condition is unset.
// - Boolean policy rules with conditions must set `enforced` to the
// opposite of the policy rule without a condition.
// - During policy evaluation, policy rules with conditions that are
// true for a target resource take precedence.
Rules
[]
*
PolicySpec_PolicyRule
`protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
// Determines the inheritance behavior for this policy.
//
// If `inherit_from_parent` is true, policy rules set higher up in the
// hierarchy (up to the closest root) are inherited and present in the
// effective policy. If it is false, then no rules are inherited, and this
// policy becomes the new root for evaluation.
// This field can be set only for policies which configure list constraints.
InheritFromParent
bool
`protobuf:"varint,4,opt,name=inherit_from_parent,json=inheritFromParent,proto3" json:"inherit_from_parent,omitempty"`
// Ignores policies set above this resource and restores the
// `constraint_default` enforcement behavior of the specific constraint at
// this resource.
// This field can be set in policies for either list or boolean
// constraints. If set, `rules` must be empty and `inherit_from_parent`
// must be set to false.
Reset_
bool
`protobuf:"varint,5,opt,name=reset,proto3" json:"reset,omitempty"`
// contains filtered or unexported fields
}
Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.
func (*PolicySpec) Descriptor
func
(
*
PolicySpec
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use PolicySpec.ProtoReflect.Descriptor instead.
func (*PolicySpec) GetEtag
func
(
x
*
PolicySpec
)
GetEtag
()
string
func (*PolicySpec) GetInheritFromParent
func
(
x
*
PolicySpec
)
GetInheritFromParent
()
bool
func (*PolicySpec) GetReset_
func
(
x
*
PolicySpec
)
GetReset_
()
bool
func (*PolicySpec) GetRules
func
(
x
*
PolicySpec
)
GetRules
()
[]
*
PolicySpec_PolicyRule
func (*PolicySpec) GetUpdateTime
func
(
x
*
PolicySpec
)
GetUpdateTime
()
*
timestamppb
.
Timestamp
func (*PolicySpec) ProtoMessage
func
(
*
PolicySpec
)
ProtoMessage
()
func (*PolicySpec) ProtoReflect
func
(
x
*
PolicySpec
)
ProtoReflect
()
protoreflect
.
Message
func (*PolicySpec) Reset
func
(
x
*
PolicySpec
)
Reset
()
func (*PolicySpec) String
func
(
x
*
PolicySpec
)
String
()
string
PolicySpec_PolicyRule
type
PolicySpec_PolicyRule
struct
{
// Types that are assignable to Kind:
//
// *PolicySpec_PolicyRule_Values
// *PolicySpec_PolicyRule_AllowAll
// *PolicySpec_PolicyRule_DenyAll
// *PolicySpec_PolicyRule_Enforce
Kind
isPolicySpec_PolicyRule_Kind
`protobuf_oneof:"kind"`
// A condition which determines whether this rule is used
// in the evaluation of the policy. When set, the `expression` field in
// the `Expr' must include from 1 to 10 subexpressions, joined by the "||"
// or "&&" operators. Each subexpression must be of the form
// "resource.matchTag('
A rule used to express this policy.
func (*PolicySpec_PolicyRule) Descriptor
func
(
*
PolicySpec_PolicyRule
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use PolicySpec_PolicyRule.ProtoReflect.Descriptor instead.
func (*PolicySpec_PolicyRule) GetAllowAll
func
(
x
*
PolicySpec_PolicyRule
)
GetAllowAll
()
bool
func (*PolicySpec_PolicyRule) GetCondition
func
(
x
*
PolicySpec_PolicyRule
)
GetCondition
()
*
expr
.
Expr
func (*PolicySpec_PolicyRule) GetDenyAll
func
(
x
*
PolicySpec_PolicyRule
)
GetDenyAll
()
bool
func (*PolicySpec_PolicyRule) GetEnforce
func
(
x
*
PolicySpec_PolicyRule
)
GetEnforce
()
bool
func (*PolicySpec_PolicyRule) GetKind
func
(
m
*
PolicySpec_PolicyRule
)
GetKind
()
isPolicySpec_PolicyRule_Kind
func (*PolicySpec_PolicyRule) GetValues
func
(
x
*
PolicySpec_PolicyRule
)
GetValues
()
*
PolicySpec_PolicyRule_StringValues
func (*PolicySpec_PolicyRule) ProtoMessage
func
(
*
PolicySpec_PolicyRule
)
ProtoMessage
()
func (*PolicySpec_PolicyRule) ProtoReflect
func
(
x
*
PolicySpec_PolicyRule
)
ProtoReflect
()
protoreflect
.
Message
func (*PolicySpec_PolicyRule) Reset
func
(
x
*
PolicySpec_PolicyRule
)
Reset
()
func (*PolicySpec_PolicyRule) String
func
(
x
*
PolicySpec_PolicyRule
)
String
()
string
PolicySpec_PolicyRule_AllowAll
type
PolicySpec_PolicyRule_AllowAll
struct
{
// Setting this to true means that all values are allowed. This field can
// be set only in policies for list constraints.
AllowAll
bool
`protobuf:"varint,2,opt,name=allow_all,json=allowAll,proto3,oneof"`
}
PolicySpec_PolicyRule_DenyAll
type
PolicySpec_PolicyRule_DenyAll
struct
{
// Setting this to true means that all values are denied. This field can
// be set only in policies for list constraints.
DenyAll
bool
`protobuf:"varint,3,opt,name=deny_all,json=denyAll,proto3,oneof"`
}
PolicySpec_PolicyRule_Enforce
type
PolicySpec_PolicyRule_Enforce
struct
{
// If `true`, then the policy is enforced. If `false`, then any
// configuration is acceptable.
// This field can be set only in policies for boolean constraints.
Enforce
bool
`protobuf:"varint,4,opt,name=enforce,proto3,oneof"`
}
PolicySpec_PolicyRule_StringValues
type
PolicySpec_PolicyRule_StringValues
struct
{
// List of values allowed at this resource.
AllowedValues
[]
string
`protobuf:"bytes,1,rep,name=allowed_values,json=allowedValues,proto3" json:"allowed_values,omitempty"`
// List of values denied at this resource.
DeniedValues
[]
string
`protobuf:"bytes,2,rep,name=denied_values,json=deniedValues,proto3" json:"denied_values,omitempty"`
// contains filtered or unexported fields
}
A message that holds specific allowed and denied values.
This message can define specific values and subtrees of the Resource
Manager resource hierarchy ( Organizations
, Folders
, Projects
) that
are allowed or denied. This is achieved by using the under:
and
optional is:
prefixes.
The under:
prefix is used to denote resource subtree values.
The is:
prefix is used to denote specific values, and is required only
if the value contains a ":". Values prefixed with "is:" are treated the
same as values with no prefix.
Ancestry subtrees must be in one of the following formats:
-
projects/<project-id>(for example,projects/tokyo-rain-123) -
folders/<folder-id>(for example,folders/1234) -
organizations/<organization-id>(for example,organizations/1234)
The supports_under
field of the associated Constraint
defines
whether ancestry prefixes can be used.
func (*PolicySpec_PolicyRule_StringValues) Descriptor
func
(
*
PolicySpec_PolicyRule_StringValues
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use PolicySpec_PolicyRule_StringValues.ProtoReflect.Descriptor instead.
func (*PolicySpec_PolicyRule_StringValues) GetAllowedValues
func
(
x
*
PolicySpec_PolicyRule_StringValues
)
GetAllowedValues
()
[]
string
func (*PolicySpec_PolicyRule_StringValues) GetDeniedValues
func
(
x
*
PolicySpec_PolicyRule_StringValues
)
GetDeniedValues
()
[]
string
func (*PolicySpec_PolicyRule_StringValues) ProtoMessage
func
(
*
PolicySpec_PolicyRule_StringValues
)
ProtoMessage
()
func (*PolicySpec_PolicyRule_StringValues) ProtoReflect
func
(
x
*
PolicySpec_PolicyRule_StringValues
)
ProtoReflect
()
protoreflect
.
Message
func (*PolicySpec_PolicyRule_StringValues) Reset
func
(
x
*
PolicySpec_PolicyRule_StringValues
)
Reset
()
func (*PolicySpec_PolicyRule_StringValues) String
func
(
x
*
PolicySpec_PolicyRule_StringValues
)
String
()
string
PolicySpec_PolicyRule_Values
type
PolicySpec_PolicyRule_Values
struct
{
// List of values to be used for this policy rule. This field can be set
// only in policies for list constraints.
Values
*
PolicySpec_PolicyRule_StringValues
`protobuf:"bytes,1,opt,name=values,proto3,oneof"`
}
UnimplementedOrgPolicyServer
type
UnimplementedOrgPolicyServer
struct
{
}
UnimplementedOrgPolicyServer can be embedded to have forward compatible implementations.
func (*UnimplementedOrgPolicyServer) CreateCustomConstraint
func
(
*
UnimplementedOrgPolicyServer
)
CreateCustomConstraint
(
context
.
Context
,
*
CreateCustomConstraintRequest
)
(
*
CustomConstraint
,
error
)
func (*UnimplementedOrgPolicyServer) CreatePolicy
func
(
*
UnimplementedOrgPolicyServer
)
CreatePolicy
(
context
.
Context
,
*
CreatePolicyRequest
)
(
*
Policy
,
error
)
func (*UnimplementedOrgPolicyServer) DeleteCustomConstraint
func
(
*
UnimplementedOrgPolicyServer
)
DeleteCustomConstraint
(
context
.
Context
,
*
DeleteCustomConstraintRequest
)
(
*
emptypb
.
Empty
,
error
)
func (*UnimplementedOrgPolicyServer) DeletePolicy
func
(
*
UnimplementedOrgPolicyServer
)
DeletePolicy
(
context
.
Context
,
*
DeletePolicyRequest
)
(
*
emptypb
.
Empty
,
error
)
func (*UnimplementedOrgPolicyServer) GetCustomConstraint
func
(
*
UnimplementedOrgPolicyServer
)
GetCustomConstraint
(
context
.
Context
,
*
GetCustomConstraintRequest
)
(
*
CustomConstraint
,
error
)
func (*UnimplementedOrgPolicyServer) GetEffectivePolicy
func
(
*
UnimplementedOrgPolicyServer
)
GetEffectivePolicy
(
context
.
Context
,
*
GetEffectivePolicyRequest
)
(
*
Policy
,
error
)
func (*UnimplementedOrgPolicyServer) GetPolicy
func
(
*
UnimplementedOrgPolicyServer
)
GetPolicy
(
context
.
Context
,
*
GetPolicyRequest
)
(
*
Policy
,
error
)
func (*UnimplementedOrgPolicyServer) ListConstraints
func
(
*
UnimplementedOrgPolicyServer
)
ListConstraints
(
context
.
Context
,
*
ListConstraintsRequest
)
(
*
ListConstraintsResponse
,
error
)
func (*UnimplementedOrgPolicyServer) ListCustomConstraints
func
(
*
UnimplementedOrgPolicyServer
)
ListCustomConstraints
(
context
.
Context
,
*
ListCustomConstraintsRequest
)
(
*
ListCustomConstraintsResponse
,
error
)
func (*UnimplementedOrgPolicyServer) ListPolicies
func
(
*
UnimplementedOrgPolicyServer
)
ListPolicies
(
context
.
Context
,
*
ListPoliciesRequest
)
(
*
ListPoliciesResponse
,
error
)
func (*UnimplementedOrgPolicyServer) UpdateCustomConstraint
func
(
*
UnimplementedOrgPolicyServer
)
UpdateCustomConstraint
(
context
.
Context
,
*
UpdateCustomConstraintRequest
)
(
*
CustomConstraint
,
error
)
func (*UnimplementedOrgPolicyServer) UpdatePolicy
func
(
*
UnimplementedOrgPolicyServer
)
UpdatePolicy
(
context
.
Context
,
*
UpdatePolicyRequest
)
(
*
Policy
,
error
)
UpdateCustomConstraintRequest
type
UpdateCustomConstraintRequest
struct
{
// Required. `CustomConstraint` to update.
CustomConstraint
*
CustomConstraint
`protobuf:"bytes,1,opt,name=custom_constraint,json=customConstraint,proto3" json:"custom_constraint,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [UpdateCustomConstraintRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdateCustomConstraint] method.
func (*UpdateCustomConstraintRequest) Descriptor
func
(
*
UpdateCustomConstraintRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use UpdateCustomConstraintRequest.ProtoReflect.Descriptor instead.
func (*UpdateCustomConstraintRequest) GetCustomConstraint
func
(
x
*
UpdateCustomConstraintRequest
)
GetCustomConstraint
()
*
CustomConstraint
func (*UpdateCustomConstraintRequest) ProtoMessage
func
(
*
UpdateCustomConstraintRequest
)
ProtoMessage
()
func (*UpdateCustomConstraintRequest) ProtoReflect
func
(
x
*
UpdateCustomConstraintRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*UpdateCustomConstraintRequest) Reset
func
(
x
*
UpdateCustomConstraintRequest
)
Reset
()
func (*UpdateCustomConstraintRequest) String
func
(
x
*
UpdateCustomConstraintRequest
)
String
()
string
UpdatePolicyRequest
type
UpdatePolicyRequest
struct
{
// Required. Policy to update.
Policy
*
Policy
`protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
// Field mask used to specify the fields to be overwritten in the policy
// by the set. The fields specified in the update_mask are relative to the
// policy, not the full request.
UpdateMask
*
fieldmaskpb
.
FieldMask
`protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}
The request sent to the [UpdatePolicyRequest] [google.cloud.orgpolicy.v2.OrgPolicy.UpdatePolicy] method.
func (*UpdatePolicyRequest) Descriptor
func
(
*
UpdatePolicyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdatePolicyRequest) GetPolicy
func
(
x
*
UpdatePolicyRequest
)
GetPolicy
()
*
Policy
func (*UpdatePolicyRequest) GetUpdateMask
func
(
x
*
UpdatePolicyRequest
)
GetUpdateMask
()
*
fieldmaskpb
.
FieldMask
func (*UpdatePolicyRequest) ProtoMessage
func
(
*
UpdatePolicyRequest
)
ProtoMessage
()
func (*UpdatePolicyRequest) ProtoReflect
func
(
x
*
UpdatePolicyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*UpdatePolicyRequest) Reset
func
(
x
*
UpdatePolicyRequest
)
Reset
()
func (*UpdatePolicyRequest) String
func
(
x
*
UpdatePolicyRequest
)
String
()
string
