Package com.google.cloud.orgpolicy.v2

Interface OrgPolicyGrpc.AsyncService

  • All Known Implementing Classes:
    OrgPolicyGrpc.OrgPolicyImplBase
    Enclosing class:
    OrgPolicyGrpc
    public static interface OrgPolicyGrpc.AsyncService
     An interface for managing organization policies.
 The Cloud Org Policy service provides a simple mechanism for organizations to
 restrict the allowed configurations across their entire Cloud Resource
 hierarchy.
 You can use a `policy` to configure restrictions in Cloud resources. For
 example, you can enforce a `policy` that restricts which Google
 Cloud Platform APIs can be activated in a certain part of your resource
 hierarchy, or prevents serial port access to VM instances in a particular
 folder.
 `Policies` are inherited down through the resource hierarchy. A `policy`
 applied to a parent resource automatically applies to all its child resources
 unless overridden with a `policy` lower in the hierarchy.
 A `constraint` defines an aspect of a resource's configuration that can be
 controlled by an organization's policy administrator. `Policies` are a
 collection of `constraints` that defines their allowable configuration on a
 particular resource and its child resources.

    • Method Detail

      • listConstraints

        default void listConstraints​(ListConstraintsRequest request,
                             io.grpc.stub.StreamObserver<ListConstraintsResponse> responseObserver)
         Lists `Constraints` that could be applied on the specified resource.

      • listPolicies

        default void listPolicies​(ListPoliciesRequest request,
                          io.grpc.stub.StreamObserver<ListPoliciesResponse> responseObserver)
         Retrieves all of the `Policies` that exist on a particular resource.

      • getPolicy

        default void getPolicy​(GetPolicyRequest request,
                       io.grpc.stub.StreamObserver<Policy> responseObserver)
         Gets a `Policy` on a resource.
 If no `Policy` is set on the resource, NOT_FOUND is returned. The
 `etag` value can be used with `UpdatePolicy()` to update a
 `Policy` during read-modify-write.

      • getEffectivePolicy

        default void getEffectivePolicy​(GetEffectivePolicyRequest request,
                                io.grpc.stub.StreamObserver<Policy> responseObserver)
         Gets the effective `Policy` on a resource. This is the result of merging
 `Policies` in the resource hierarchy and evaluating conditions. The
 returned `Policy` will not have an `etag` or `condition` set because it is
 a computed `Policy` across multiple resources.
 Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
 not be expanded.

      • createPolicy

        default void createPolicy​(CreatePolicyRequest request,
                          io.grpc.stub.StreamObserver<Policy> responseObserver)
         Creates a Policy.
 Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
 constraint does not exist.
 Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
 policy already exists on the given Cloud resource.

      • updatePolicy

        default void updatePolicy​(UpdatePolicyRequest request,
                          io.grpc.stub.StreamObserver<Policy> responseObserver)
         Updates a Policy.
 Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
 constraint or the policy do not exist.
 Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag
 supplied in the request does not match the persisted etag of the policy
 Note: the supplied policy will perform a full overwrite of all
 fields.

      • deletePolicy

        default void deletePolicy​(DeletePolicyRequest request,
                          io.grpc.stub.StreamObserver<com.google.protobuf.Empty> responseObserver)
         Deletes a Policy.
 Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
 constraint or Org Policy does not exist.