Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 1 | <html><body> |
| 2 | <style> |
| 3 | |
| 4 | body, h1, h2, h3, div, span, p, pre, a { |
| 5 | margin: 0; |
| 6 | padding: 0; |
| 7 | border: 0; |
| 8 | font-weight: inherit; |
| 9 | font-style: inherit; |
| 10 | font-size: 100%; |
| 11 | font-family: inherit; |
| 12 | vertical-align: baseline; |
| 13 | } |
| 14 | |
| 15 | body { |
| 16 | font-size: 13px; |
| 17 | padding: 1em; |
| 18 | } |
| 19 | |
| 20 | h1 { |
| 21 | font-size: 26px; |
| 22 | margin-bottom: 1em; |
| 23 | } |
| 24 | |
| 25 | h2 { |
| 26 | font-size: 24px; |
| 27 | margin-bottom: 1em; |
| 28 | } |
| 29 | |
| 30 | h3 { |
| 31 | font-size: 20px; |
| 32 | margin-bottom: 1em; |
| 33 | margin-top: 1em; |
| 34 | } |
| 35 | |
| 36 | pre, code { |
| 37 | line-height: 1.5; |
| 38 | font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| 39 | } |
| 40 | |
| 41 | pre { |
| 42 | margin-top: 0.5em; |
| 43 | } |
| 44 | |
| 45 | h1, h2, h3, p { |
| 46 | font-family: Arial, sans serif; |
| 47 | } |
| 48 | |
| 49 | h1, h2, h3 { |
| 50 | border-bottom: solid #CCC 1px; |
| 51 | } |
| 52 | |
| 53 | .toc_element { |
| 54 | margin-top: 0.5em; |
| 55 | } |
| 56 | |
| 57 | .firstline { |
| 58 | margin-left: 2 em; |
| 59 | } |
| 60 | |
| 61 | .method { |
| 62 | margin-top: 1em; |
| 63 | border: solid 1px #CCC; |
| 64 | padding: 1em; |
| 65 | background: #EEE; |
| 66 | } |
| 67 | |
| 68 | .details { |
| 69 | font-weight: bold; |
| 70 | font-size: 14px; |
| 71 | } |
| 72 | |
| 73 | </style> |
| 74 | |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 75 | <h1><a href="cloudresourcemanager_v1.html">Cloud Resource Manager API</a> . <a href="cloudresourcemanager_v1.folders.html">folders</a></h1> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 76 | <h2>Instance Methods</h2> |
| 77 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 78 | <code><a href="#clearOrgPolicy">clearOrgPolicy(resource, body=None, x__xgafv=None)</a></code></p> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 79 | <p class="firstline">Clears a `Policy` from a resource.</p> |
| 80 | <p class="toc_element"> |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 81 | <code><a href="#close">close()</a></code></p> |
| 82 | <p class="firstline">Close httplib2 connections.</p> |
| 83 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 84 | <code><a href="#getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body=None, x__xgafv=None)</a></code></p> |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 85 | <p class="firstline">Gets the effective `Policy` on a resource. This is the result of merging `Policies` in the resource hierarchy. The returned `Policy` will not have an `etag`set because it is a computed `Policy` across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.</p> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 86 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 87 | <code><a href="#getOrgPolicy">getOrgPolicy(resource, body=None, x__xgafv=None)</a></code></p> |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 88 | <p class="firstline">Gets a `Policy` on a resource. If no `Policy` is set on the resource, a `Policy` is returned with default values including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The `etag` value can be used with `SetOrgPolicy()` to create or update a `Policy` during read-modify-write.</p> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 89 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 90 | <code><a href="#listAvailableOrgPolicyConstraints">listAvailableOrgPolicyConstraints(resource, body=None, x__xgafv=None)</a></code></p> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 91 | <p class="firstline">Lists `Constraints` that could be applied on the specified resource.</p> |
| 92 | <p class="toc_element"> |
| 93 | <code><a href="#listAvailableOrgPolicyConstraints_next">listAvailableOrgPolicyConstraints_next(previous_request, previous_response)</a></code></p> |
| 94 | <p class="firstline">Retrieves the next page of results.</p> |
| 95 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 96 | <code><a href="#listOrgPolicies">listOrgPolicies(resource, body=None, x__xgafv=None)</a></code></p> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 97 | <p class="firstline">Lists all the `Policies` set for a particular resource.</p> |
| 98 | <p class="toc_element"> |
| 99 | <code><a href="#listOrgPolicies_next">listOrgPolicies_next(previous_request, previous_response)</a></code></p> |
| 100 | <p class="firstline">Retrieves the next page of results.</p> |
| 101 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 102 | <code><a href="#setOrgPolicy">setOrgPolicy(resource, body=None, x__xgafv=None)</a></code></p> |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 103 | <p class="firstline">Updates the specified `Policy` on the resource. Creates a new `Policy` for that `Constraint` on the resource if one does not exist. Not supplying an `etag` on the request `Policy` results in an unconditional write of the `Policy`.</p> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 104 | <h3>Method Details</h3> |
| 105 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 106 | <code class="details" id="clearOrgPolicy">clearOrgPolicy(resource, body=None, x__xgafv=None)</code> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 107 | <pre>Clears a `Policy` from a resource. |
| 108 | |
| 109 | Args: |
| 110 | resource: string, Name of the resource for the `Policy` to clear. (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 111 | body: object, The request body. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 112 | The object takes the form of: |
| 113 | |
| 114 | { # The request sent to the ClearOrgPolicy method. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 115 | "constraint": "A String", # Name of the `Constraint` of the `Policy` to clear. |
| 116 | "etag": "A String", # The current version, for concurrency control. Not sending an `etag` will cause the `Policy` to be cleared blindly. |
| 117 | } |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 118 | |
| 119 | x__xgafv: string, V1 error format. |
| 120 | Allowed values |
| 121 | 1 - v1 error format |
| 122 | 2 - v2 error format |
| 123 | |
| 124 | Returns: |
| 125 | An object of the form: |
| 126 | |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 127 | { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 128 | }</pre> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 129 | </div> |
| 130 | |
| 131 | <div class="method"> |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 132 | <code class="details" id="close">close()</code> |
| 133 | <pre>Close httplib2 connections.</pre> |
| 134 | </div> |
| 135 | |
| 136 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 137 | <code class="details" id="getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body=None, x__xgafv=None)</code> |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 138 | <pre>Gets the effective `Policy` on a resource. This is the result of merging `Policies` in the resource hierarchy. The returned `Policy` will not have an `etag`set because it is a computed `Policy` across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 139 | |
| 140 | Args: |
| 141 | resource: string, The name of the resource to start computing the effective `Policy`. (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 142 | body: object, The request body. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 143 | The object takes the form of: |
| 144 | |
| 145 | { # The request sent to the GetEffectiveOrgPolicy method. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 146 | "constraint": "A String", # The name of the `Constraint` to compute the effective `Policy`. |
| 147 | } |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 148 | |
| 149 | x__xgafv: string, V1 error format. |
| 150 | Allowed values |
| 151 | 1 - v1 error format |
| 152 | 2 - v2 error format |
| 153 | |
| 154 | Returns: |
| 155 | An object of the form: |
| 156 | |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 157 | { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 158 | "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this resource. # For boolean `Constraints`, whether to enforce the `Constraint` or not. |
| 159 | "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`. |
| 160 | }, |
| 161 | "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation. |
| 162 | "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`. |
| 163 | "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset. # List of values either allowed or disallowed. |
| 164 | "allValues": "A String", # The policy all_values state. |
| 165 | "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 166 | "A String", |
| 167 | ], |
| 168 | "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 169 | "A String", |
| 170 | ], |
| 171 | "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`. |
| 172 | "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`. |
| 173 | }, |
| 174 | "restoreDefault": { # Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated. # Restores the default behavior of the constraint; independent of `Constraint` type. |
| 175 | }, |
| 176 | "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored. |
| 177 | "version": 42, # Version of the `Policy`. Default version is 0; |
| 178 | }</pre> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 179 | </div> |
| 180 | |
| 181 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 182 | <code class="details" id="getOrgPolicy">getOrgPolicy(resource, body=None, x__xgafv=None)</code> |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 183 | <pre>Gets a `Policy` on a resource. If no `Policy` is set on the resource, a `Policy` is returned with default values including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The `etag` value can be used with `SetOrgPolicy()` to create or update a `Policy` during read-modify-write. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 184 | |
| 185 | Args: |
| 186 | resource: string, Name of the resource the `Policy` is set on. (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 187 | body: object, The request body. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 188 | The object takes the form of: |
| 189 | |
| 190 | { # The request sent to the GetOrgPolicy method. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 191 | "constraint": "A String", # Name of the `Constraint` to get the `Policy`. |
| 192 | } |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 193 | |
| 194 | x__xgafv: string, V1 error format. |
| 195 | Allowed values |
| 196 | 1 - v1 error format |
| 197 | 2 - v2 error format |
| 198 | |
| 199 | Returns: |
| 200 | An object of the form: |
| 201 | |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 202 | { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 203 | "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this resource. # For boolean `Constraints`, whether to enforce the `Constraint` or not. |
| 204 | "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`. |
| 205 | }, |
| 206 | "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation. |
| 207 | "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`. |
| 208 | "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset. # List of values either allowed or disallowed. |
| 209 | "allValues": "A String", # The policy all_values state. |
| 210 | "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 211 | "A String", |
| 212 | ], |
| 213 | "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 214 | "A String", |
| 215 | ], |
| 216 | "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`. |
| 217 | "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`. |
| 218 | }, |
| 219 | "restoreDefault": { # Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated. # Restores the default behavior of the constraint; independent of `Constraint` type. |
| 220 | }, |
| 221 | "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored. |
| 222 | "version": 42, # Version of the `Policy`. Default version is 0; |
| 223 | }</pre> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 224 | </div> |
| 225 | |
| 226 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 227 | <code class="details" id="listAvailableOrgPolicyConstraints">listAvailableOrgPolicyConstraints(resource, body=None, x__xgafv=None)</code> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 228 | <pre>Lists `Constraints` that could be applied on the specified resource. |
| 229 | |
| 230 | Args: |
| 231 | resource: string, Name of the resource to list `Constraints` for. (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 232 | body: object, The request body. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 233 | The object takes the form of: |
| 234 | |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 235 | { # The request sent to the `ListAvailableOrgPolicyConstraints` method on the project, folder, or organization. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 236 | "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size. |
| 237 | "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field. |
| 238 | } |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 239 | |
| 240 | x__xgafv: string, V1 error format. |
| 241 | Allowed values |
| 242 | 1 - v1 error format |
| 243 | 2 - v2 error format |
| 244 | |
| 245 | Returns: |
| 246 | An object of the form: |
| 247 | |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 248 | { # The response returned from the `ListAvailableOrgPolicyConstraints` method. Returns all `Constraints` that could be set at this level of the hierarchy (contrast with the response from `ListPolicies`, which returns all policies which are set). |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 249 | "constraints": [ # The collection of constraints that are settable on the request resource. |
| 250 | { # A `Constraint` describes a way in which a resource's configuration can be restricted. For example, it controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. `Constraints` can be configured by the organization's policy administrator to fit the needs of the organzation by setting Policies for `Constraints` at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about [Policies](/resource-manager/reference/rest/v1/Policy). `Constraints` have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a `Policy` being defined or inherited for the resource in question. |
| 251 | "booleanConstraint": { # A `Constraint` that is either enforced or not. For example a constraint `constraints/compute.disableSerialPortAccess`. If it is enforced on a VM instance, serial port connections will not be opened to that instance. # Defines this constraint as being a BooleanConstraint. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 252 | }, |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 253 | "constraintDefault": "A String", # The evaluation behavior of this constraint in the absence of 'Policy'. |
| 254 | "description": "A String", # Detailed description of what this `Constraint` controls as well as how and where it is enforced. Mutable. |
| 255 | "displayName": "A String", # The human readable name. Mutable. |
| 256 | "listConstraint": { # A `Constraint` that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a `Policy`. # Defines this constraint as being a ListConstraint. |
| 257 | "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Constraint`. |
| 258 | "supportsUnder": True or False, # Indicates whether subtrees of Cloud Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `"under:folders/123"` would match any resource under the 'folders/123' folder. |
| 259 | }, |
| 260 | "name": "A String", # Immutable value, required to globally be unique. For example, `constraints/serviceuser.services` |
| 261 | "version": 42, # Version of the `Constraint`. Default version is 0; |
| 262 | }, |
| 263 | ], |
| 264 | "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used. |
| 265 | }</pre> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 266 | </div> |
| 267 | |
| 268 | <div class="method"> |
| 269 | <code class="details" id="listAvailableOrgPolicyConstraints_next">listAvailableOrgPolicyConstraints_next(previous_request, previous_response)</code> |
| 270 | <pre>Retrieves the next page of results. |
| 271 | |
| 272 | Args: |
| 273 | previous_request: The request for the previous page. (required) |
| 274 | previous_response: The response from the request for the previous page. (required) |
| 275 | |
| 276 | Returns: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 277 | A request object that you can call 'execute()' on to request the next |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 278 | page. Returns None if there are no more items in the collection. |
| 279 | </pre> |
| 280 | </div> |
| 281 | |
| 282 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 283 | <code class="details" id="listOrgPolicies">listOrgPolicies(resource, body=None, x__xgafv=None)</code> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 284 | <pre>Lists all the `Policies` set for a particular resource. |
| 285 | |
| 286 | Args: |
| 287 | resource: string, Name of the resource to list Policies for. (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 288 | body: object, The request body. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 289 | The object takes the form of: |
| 290 | |
| 291 | { # The request sent to the ListOrgPolicies method. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 292 | "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size. |
| 293 | "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field. |
| 294 | } |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 295 | |
| 296 | x__xgafv: string, V1 error format. |
| 297 | Allowed values |
| 298 | 1 - v1 error format |
| 299 | 2 - v2 error format |
| 300 | |
| 301 | Returns: |
| 302 | An object of the form: |
| 303 | |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 304 | { # The response returned from the `ListOrgPolicies` method. It will be empty if no `Policies` are set on the resource. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 305 | "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used, but the server may at any point start supplying a valid token. |
| 306 | "policies": [ # The `Policies` that are set on the resource. It will be empty if no `Policies` are set. |
| 307 | { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources. |
| 308 | "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this resource. # For boolean `Constraints`, whether to enforce the `Constraint` or not. |
| 309 | "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 310 | }, |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 311 | "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation. |
| 312 | "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`. |
| 313 | "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset. # List of values either allowed or disallowed. |
| 314 | "allValues": "A String", # The policy all_values state. |
| 315 | "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 316 | "A String", |
| 317 | ], |
| 318 | "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 319 | "A String", |
| 320 | ], |
| 321 | "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`. |
| 322 | "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`. |
| 323 | }, |
| 324 | "restoreDefault": { # Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated. # Restores the default behavior of the constraint; independent of `Constraint` type. |
| 325 | }, |
| 326 | "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored. |
| 327 | "version": 42, # Version of the `Policy`. Default version is 0; |
| 328 | }, |
| 329 | ], |
| 330 | }</pre> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 331 | </div> |
| 332 | |
| 333 | <div class="method"> |
| 334 | <code class="details" id="listOrgPolicies_next">listOrgPolicies_next(previous_request, previous_response)</code> |
| 335 | <pre>Retrieves the next page of results. |
| 336 | |
| 337 | Args: |
| 338 | previous_request: The request for the previous page. (required) |
| 339 | previous_response: The response from the request for the previous page. (required) |
| 340 | |
| 341 | Returns: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 342 | A request object that you can call 'execute()' on to request the next |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 343 | page. Returns None if there are no more items in the collection. |
| 344 | </pre> |
| 345 | </div> |
| 346 | |
| 347 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 348 | <code class="details" id="setOrgPolicy">setOrgPolicy(resource, body=None, x__xgafv=None)</code> |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 349 | <pre>Updates the specified `Policy` on the resource. Creates a new `Policy` for that `Constraint` on the resource if one does not exist. Not supplying an `etag` on the request `Policy` results in an unconditional write of the `Policy`. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 350 | |
| 351 | Args: |
| 352 | resource: string, Resource name of the resource to attach the `Policy`. (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 353 | body: object, The request body. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 354 | The object takes the form of: |
| 355 | |
| 356 | { # The request sent to the SetOrgPolicyRequest method. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 357 | "policy": { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources. # `Policy` to set on the resource. |
| 358 | "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this resource. # For boolean `Constraints`, whether to enforce the `Constraint` or not. |
| 359 | "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`. |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 360 | }, |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 361 | "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation. |
| 362 | "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`. |
| 363 | "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset. # List of values either allowed or disallowed. |
| 364 | "allValues": "A String", # The policy all_values state. |
| 365 | "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 366 | "A String", |
| 367 | ], |
| 368 | "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 369 | "A String", |
| 370 | ], |
| 371 | "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`. |
| 372 | "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`. |
| 373 | }, |
| 374 | "restoreDefault": { # Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated. # Restores the default behavior of the constraint; independent of `Constraint` type. |
| 375 | }, |
| 376 | "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored. |
| 377 | "version": 42, # Version of the `Policy`. Default version is 0; |
| 378 | }, |
| 379 | } |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 380 | |
| 381 | x__xgafv: string, V1 error format. |
| 382 | Allowed values |
| 383 | 1 - v1 error format |
| 384 | 2 - v2 error format |
| 385 | |
| 386 | Returns: |
| 387 | An object of the form: |
| 388 | |
Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 389 | { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources. |
Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 390 | "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this resource. # For boolean `Constraints`, whether to enforce the `Constraint` or not. |
| 391 | "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`. |
| 392 | }, |
| 393 | "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation. |
| 394 | "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`. |
| 395 | "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset. # List of values either allowed or disallowed. |
| 396 | "allValues": "A String", # The policy all_values state. |
| 397 | "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 398 | "A String", |
| 399 | ], |
| 400 | "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. |
| 401 | "A String", |
| 402 | ], |
| 403 | "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`. |
| 404 | "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`. |
| 405 | }, |
| 406 | "restoreDefault": { # Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated. # Restores the default behavior of the constraint; independent of `Constraint` type. |
| 407 | }, |
| 408 | "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored. |
| 409 | "version": 42, # Version of the `Policy`. Default version is 0; |
| 410 | }</pre> |
Sai Cheemalapati | e833b79 | 2017-03-24 15:06:46 -0700 | [diff] [blame] | 411 | </div> |
| 412 | |
| 413 | </body></html> |