{ "title": "Organization Policy API", "ownerDomain": "google.com", "schemas": { "GoogleCloudOrgpolicyV2ListConstraintsResponse": { "id": "GoogleCloudOrgpolicyV2ListConstraintsResponse", "description": "The response returned from the ListConstraints method.", "type": "object", "properties": { "constraints": { "description": "The collection of constraints that are available on the targeted resource.", "type": "array", "items": { "$ref": "GoogleCloudOrgpolicyV2Constraint" } }, "nextPageToken": { "description": "Page token used to retrieve the next page. This is not used.", "type": "string" } } }, "GoogleCloudOrgpolicyV2Constraint": { "id": "GoogleCloudOrgpolicyV2Constraint", "description": "A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Trusted Cloud Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules, see `Policy`. Constraints have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question.", "type": "object", "properties": { "name": { "description": "Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, \"/projects/123/constraints/compute.disableSerialPortAccess\".", "type": "string" }, "displayName": { "description": "The human readable name. Mutable.", "type": "string" }, "description": { "description": "Detailed description of what this constraint controls as well as how and where it is enforced. Mutable.", "type": "string" }, "constraintDefault": { "description": "The evaluation behavior of this constraint in the absence of a policy.", "type": "string", "enumDescriptions": [ "This is only used for distinguishing unset values, and results in an error if set.", "Indicate that all values are allowed for list constraints. Indicate that enforcement is off for boolean constraints.", "Indicate that all values are denied for list constraints. Indicate that enforcement is on for boolean constraints." ], "enum": [ "CONSTRAINT_DEFAULT_UNSPECIFIED", "ALLOW", "DENY" ] }, "listConstraint": { "description": "Defines this constraint as being a list constraint.", "$ref": "GoogleCloudOrgpolicyV2ConstraintListConstraint" }, "booleanConstraint": { "description": "Defines this constraint as being a boolean constraint.", "$ref": "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint" }, "supportsDryRun": { "description": "Shows if dry run is supported for this constraint or not.", "type": "boolean" }, "equivalentConstraint": { "description": "Defines the equivalent constraint name, if it exists. Managed constraints can have an equivalent legacy managed constraint, and legacy managed constraints can have an equivalent managed constraint. For example, \"constraints/iam.disableServiceAccountKeyUpload\" is equivalent to \"constraints/iam.managed.disableServiceAccountKeyUpload\".", "type": "string" }, "supportsSimulation": { "description": "Shows if simulation is supported for this constraint or not.", "type": "boolean" } } }, "GoogleCloudOrgpolicyV2ConstraintListConstraint": { "id": "GoogleCloudOrgpolicyV2ConstraintListConstraint", "description": "A constraint type that allows or disallows a list of string values, which are configured in the `PolicyRule`.", "type": "object", "properties": { "supportsIn": { "description": "Indicates whether values grouped into categories can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `\"in:Python\"` would match any value in the 'Python' group.", "type": "boolean" }, "supportsUnder": { "description": "Indicates whether subtrees of the Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `\"under:folders/123\"` would match any resource under the 'folders/123' folder.", "type": "boolean" } } }, "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint": { "id": "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint", "description": "A constraint type is enforced or not enforced, which is configured in the `PolicyRule`. If `customConstraintDefinition` is defined, this constraint is a managed constraint.", "type": "object", "properties": { "customConstraintDefinition": { "description": "Custom constraint definition. Defines this as a managed constraint.", "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition" } } }, "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition": { "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition", "description": "Custom constraint definition. Defines this as a managed constraint.", "type": "object", "properties": { "resourceTypes": { "description": "The resource instance type that this policy applies to, in the format `/`. Example: * `compute.googleapis.com/Instance`.", "type": "array", "items": { "type": "string" } }, "methodTypes": { "description": "All the operations being applied for this constraint.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "This is only used for distinguishing unset values, and results in an error if used.", "Constraint applied when creating the resource.", "Constraint applied when updating the resource.", "Constraint applied when deleting the resource. Not supported.", "Constraint applied when removing an IAM grant.", "Constraint applied when enforcing forced tagging." ], "enum": [ "METHOD_TYPE_UNSPECIFIED", "CREATE", "UPDATE", "DELETE", "REMOVE_GRANT", "GOVERN_TAGS" ] } }, "condition": { "description": "Org policy condition/expression. For example: `resource.instanceName.matches(\"(production|test)_(.+_)?[\\d]+\")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters.", "type": "string" }, "actionType": { "description": "Allow or deny type.", "type": "string", "enumDescriptions": [ "This is only used for distinguishing unset values, and results in an error if used.", "Allowed action type.", "Deny action type." ], "enum": [ "ACTION_TYPE_UNSPECIFIED", "ALLOW", "DENY" ] }, "parameters": { "description": "Stores the structure of `Parameters` used by the constraint condition. The key of `map` represents the name of the parameter.", "type": "object", "additionalProperties": { "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter" } } } }, "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter": { "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter", "description": "Defines a parameter structure.", "type": "object", "properties": { "type": { "description": "Type of the parameter.", "type": "string", "enumDescriptions": [ "This is only used for distinguishing unset values, and results in an error if used.", "List parameter type.", "String parameter type.", "Boolean parameter type." ], "enum": [ "TYPE_UNSPECIFIED", "LIST", "STRING", "BOOLEAN" ] }, "defaultValue": { "description": "Sets the value of the parameter in an assignment if no value is given.", "type": "any" }, "validValuesExpr": { "description": "Provides a CEL expression to specify the acceptable parameter values during assignment. For example, parameterName in (\"parameterValue1\", \"parameterValue2\").", "type": "string" }, "metadata": { "description": "Defines subproperties primarily used by the UI to display user-friendly information.", "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata" }, "item": { "description": "Determines the parameter's value structure. For example, `LIST` can be specified by defining `type: LIST`, and `item: STRING`.", "type": "string", "enumDescriptions": [ "This is only used for distinguishing unset values, and results in an error if used.", "List parameter type.", "String parameter type.", "Boolean parameter type." ], "enum": [ "TYPE_UNSPECIFIED", "LIST", "STRING", "BOOLEAN" ] } } }, "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata": { "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata", "description": "Defines Metadata structure.", "type": "object", "properties": { "description": { "description": "Detailed description of what this `parameter` is and its use. Mutable.", "type": "string" } } }, "GoogleCloudOrgpolicyV2ListPoliciesResponse": { "id": "GoogleCloudOrgpolicyV2ListPoliciesResponse", "description": "The response returned from the ListPolicies method. It will be empty if no policies are set on the resource.", "type": "object", "properties": { "policies": { "description": "All policies that exist on the resource. It will be empty if no policies are set.", "type": "array", "items": { "$ref": "GoogleCloudOrgpolicyV2Policy" } }, "nextPageToken": { "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start supplying a valid token.", "type": "string" } } }, "GoogleCloudOrgpolicyV2Policy": { "id": "GoogleCloudOrgpolicyV2Policy", "description": "Defines an organization policy which is used to specify constraints for configurations of Trusted Cloud Cloud resources.", "type": "object", "properties": { "name": { "description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint that this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.", "type": "string" }, "spec": { "description": "Basic information about the organization policy.", "$ref": "GoogleCloudOrgpolicyV2PolicySpec" }, "alternate": { "description": "Deprecated.", "deprecated": true, "$ref": "GoogleCloudOrgpolicyV2AlternatePolicySpec" }, "dryRunSpec": { "description": "Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.", "$ref": "GoogleCloudOrgpolicyV2PolicySpec" }, "etag": { "description": "Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This entity tag (ETag) is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.", "type": "string" } } }, "GoogleCloudOrgpolicyV2PolicySpec": { "id": "GoogleCloudOrgpolicyV2PolicySpec", "description": "Defines a Trusted Cloud Cloud policy specification which is used to specify constraints for configurations of Trusted Cloud Cloud resources.", "type": "object", "properties": { "etag": { "description": "An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this entity tag (ETag) indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the ETag will be unset.", "type": "string" }, "updateTime": { "description": "Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.", "readOnly": true, "type": "string", "format": "google-datetime" }, "rules": { "description": "In policies for boolean constraints, the following requirements apply: - There must be exactly one policy rule where a condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.", "type": "array", "items": { "$ref": "GoogleCloudOrgpolicyV2PolicySpecPolicyRule" } }, "inheritFromParent": { "description": "Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies that configure list constraints.", "type": "boolean" }, "reset": { "description": "Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.", "type": "boolean" } } }, "GoogleCloudOrgpolicyV2PolicySpecPolicyRule": { "id": "GoogleCloudOrgpolicyV2PolicySpecPolicyRule", "description": "A rule used to express this policy.", "type": "object", "properties": { "values": { "description": "List of values to be used for this policy rule. This field can be set only in policies for list constraints.", "$ref": "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues" }, "allowAll": { "description": "Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.", "type": "boolean" }, "denyAll": { "description": "Setting this to true means that all values are denied. This field can be set only in policies for list constraints.", "type": "boolean" }, "enforce": { "description": "If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set in policies for boolean constraints, custom constraints and managed constraints.", "type": "boolean" }, "condition": { "description": "A condition that determines whether this rule is used to evaluate the policy. When set, the google.type.Expr.expression field must contain 1 to 10 subexpressions, joined by the `||` or `&&` operators. Each subexpression must use the `resource.matchTag()`, `resource.matchTagId()`, `resource.hasTagKey()`, or `resource.hasTagKeyId()` Common Expression Language (CEL) function. The `resource.matchTag()` function takes the following arguments: * `key_name`: the namespaced name of the tag key, with the organization ID and a slash (`/`) as a prefix; for example, `123456789012/environment` * `value_name`: the short name of the tag value For example: `resource.matchTag('123456789012/environment, 'prod')` The `resource.matchTagId()` function takes the following arguments: * `key_id`: the permanent ID of the tag key; for example, `tagKeys/123456789012` * `value_id`: the permanent ID of the tag value; for example, `tagValues/567890123456` For example: `resource.matchTagId('tagKeys/123456789012', 'tagValues/567890123456')` The `resource.hasTagKey()` function takes the following argument: * `key_name`: the namespaced name of the tag key, with the organization ID and a slash (`/`) as a prefix; for example, `123456789012/environment` For example: `resource.hasTagKey('123456789012/environment')` The `resource.hasTagKeyId()` function takes the following arguments: * `key_id`: the permanent ID of the tag key; for example, `tagKeys/123456789012` For example: `resource.hasTagKeyId('tagKeys/123456789012')`", "$ref": "GoogleTypeExpr" }, "parameters": { "description": "Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: ``` { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } ```", "type": "object", "additionalProperties": { "type": "any", "description": "Properties of the object." } } } }, "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues": { "id": "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues", "description": "A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a \":\". Values prefixed with \"is:\" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used.", "type": "object", "properties": { "allowedValues": { "description": "List of values allowed at this resource.", "type": "array", "items": { "type": "string" } }, "deniedValues": { "description": "List of values denied at this resource.", "type": "array", "items": { "type": "string" } } } }, "GoogleTypeExpr": { "id": "GoogleTypeExpr", "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() \u003c 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.", "type": "object", "properties": { "expression": { "description": "Textual representation of an expression in Common Expression Language syntax.", "type": "string" }, "title": { "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.", "type": "string" }, "description": { "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.", "type": "string" }, "location": { "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.", "type": "string" } } }, "GoogleCloudOrgpolicyV2AlternatePolicySpec": { "id": "GoogleCloudOrgpolicyV2AlternatePolicySpec", "description": "Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run.", "type": "object", "properties": { "launch": { "description": "Reference to the launch that will be used while audit logging and to control the launch. Set only in the alternate policy.", "type": "string" }, "spec": { "description": "Specify constraint for configurations of Trusted Cloud Cloud resources.", "$ref": "GoogleCloudOrgpolicyV2PolicySpec" } } }, "GoogleProtobufEmpty": { "id": "GoogleProtobufEmpty", "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }", "type": "object", "properties": {} } }, "kind": "discovery#restDescription", "auth": { "oauth2": { "scopes": { "https://www.googleapis.com/auth/cloud-platform": { "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account." } } } }, "baseUrl": "https://orgpolicy.s3nsapis.fr/", "version": "v2", "fullyEncodeReservedExpansion": true, "rootUrl": "https://orgpolicy.s3nsapis.fr/", "icons": { "x16": "", "x32": "" }, "version_module": true, "revision": "20260509", "resources": { "projects": { "resources": { "constraints": { "methods": { "list": { "id": "orgpolicy.projects.constraints.list", "path": "v2/{+parent}/constraints", "flatPath": "v2/projects/{projectsId}/constraints", "httpMethod": "GET", "parameters": { "parent": { "description": "Required. The Trusted Cloud Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^projects/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleCloudOrgpolicyV2ListConstraintsResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Lists constraints that could be applied on the specified resource." } } }, "policies": { "methods": { "list": { "id": "orgpolicy.projects.policies.list", "path": "v2/{+parent}/policies", "flatPath": "v2/projects/{projectsId}/policies", "httpMethod": "GET", "parameters": { "parent": { "description": "Required. The target Trusted Cloud Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^projects/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleCloudOrgpolicyV2ListPoliciesResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Retrieves all of the policies that exist on a particular resource." }, "get": { "id": "orgpolicy.projects.policies.get", "path": "v2/{+name}", "flatPath": "v2/projects/{projectsId}/policies/{policiesId}", "httpMethod": "GET", "parameters": { "name": { "description": "Required. Resource name of the policy. See Policy for naming requirements.", "pattern": "^projects/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The entity tag (ETag) can be used with `UpdatePolicy()` to update a policy during read-modify-write." }, "getEffectivePolicy": { "id": "orgpolicy.projects.policies.getEffectivePolicy", "path": "v2/{+name}:getEffectivePolicy", "flatPath": "v2/projects/{projectsId}/policies/{policiesId}:getEffectivePolicy", "httpMethod": "GET", "parameters": { "name": { "description": "Required. The effective policy to compute. See Policy for naming requirements.", "pattern": "^projects/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an ETag or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded." }, "create": { "id": "orgpolicy.projects.policies.create", "path": "v2/{+parent}/policies", "flatPath": "v2/projects/{projectsId}/policies", "httpMethod": "POST", "parameters": { "parent": { "description": "Required. The Trusted Cloud Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^projects/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "parent" ], "request": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Trusted Cloud Cloud resource." }, "patch": { "id": "orgpolicy.projects.policies.patch", "path": "v2/{+name}", "flatPath": "v2/projects/{projectsId}/policies/{policiesId}", "httpMethod": "PATCH", "parameters": { "name": { "description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint that this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.", "pattern": "^projects/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" }, "updateMask": { "description": "Field mask used to specify the fields to be overwritten in the policy. The fields specified in the update_mask are relative to the policy, not the full request.", "location": "query", "type": "string", "format": "google-fieldmask" } }, "parameterOrder": [ "name" ], "request": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy doesn't exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the ETag supplied in the request doesn't match the persisted ETag of the policy. Note: the supplied policy will perform a full overwrite of all fields." }, "delete": { "id": "orgpolicy.projects.policies.delete", "path": "v2/{+name}", "flatPath": "v2/projects/{projectsId}/policies/{policiesId}", "httpMethod": "DELETE", "parameters": { "name": { "description": "Required. Name of the policy to delete. See the policy entry for naming rules.", "pattern": "^projects/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" }, "etag": { "description": "Optional. The current entity tag (ETag) of the organization policy. If an ETag is provided and doesn't match the current ETag of the policy, deletion of the policy will be blocked and an `ABORTED` error will be returned.", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist." } } } } }, "folders": { "resources": { "constraints": { "methods": { "list": { "id": "orgpolicy.folders.constraints.list", "path": "v2/{+parent}/constraints", "flatPath": "v2/folders/{foldersId}/constraints", "httpMethod": "GET", "parameters": { "parent": { "description": "Required. The Trusted Cloud Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^folders/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleCloudOrgpolicyV2ListConstraintsResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Lists constraints that could be applied on the specified resource." } } }, "policies": { "methods": { "list": { "id": "orgpolicy.folders.policies.list", "path": "v2/{+parent}/policies", "flatPath": "v2/folders/{foldersId}/policies", "httpMethod": "GET", "parameters": { "parent": { "description": "Required. The target Trusted Cloud Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^folders/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleCloudOrgpolicyV2ListPoliciesResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Retrieves all of the policies that exist on a particular resource." }, "get": { "id": "orgpolicy.folders.policies.get", "path": "v2/{+name}", "flatPath": "v2/folders/{foldersId}/policies/{policiesId}", "httpMethod": "GET", "parameters": { "name": { "description": "Required. Resource name of the policy. See Policy for naming requirements.", "pattern": "^folders/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The entity tag (ETag) can be used with `UpdatePolicy()` to update a policy during read-modify-write." }, "getEffectivePolicy": { "id": "orgpolicy.folders.policies.getEffectivePolicy", "path": "v2/{+name}:getEffectivePolicy", "flatPath": "v2/folders/{foldersId}/policies/{policiesId}:getEffectivePolicy", "httpMethod": "GET", "parameters": { "name": { "description": "Required. The effective policy to compute. See Policy for naming requirements.", "pattern": "^folders/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an ETag or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded." }, "create": { "id": "orgpolicy.folders.policies.create", "path": "v2/{+parent}/policies", "flatPath": "v2/folders/{foldersId}/policies", "httpMethod": "POST", "parameters": { "parent": { "description": "Required. The Trusted Cloud Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^folders/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "parent" ], "request": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Trusted Cloud Cloud resource." }, "patch": { "id": "orgpolicy.folders.policies.patch", "path": "v2/{+name}", "flatPath": "v2/folders/{foldersId}/policies/{policiesId}", "httpMethod": "PATCH", "parameters": { "name": { "description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint that this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.", "pattern": "^folders/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" }, "updateMask": { "description": "Field mask used to specify the fields to be overwritten in the policy. The fields specified in the update_mask are relative to the policy, not the full request.", "location": "query", "type": "string", "format": "google-fieldmask" } }, "parameterOrder": [ "name" ], "request": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy doesn't exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the ETag supplied in the request doesn't match the persisted ETag of the policy. Note: the supplied policy will perform a full overwrite of all fields." }, "delete": { "id": "orgpolicy.folders.policies.delete", "path": "v2/{+name}", "flatPath": "v2/folders/{foldersId}/policies/{policiesId}", "httpMethod": "DELETE", "parameters": { "name": { "description": "Required. Name of the policy to delete. See the policy entry for naming rules.", "pattern": "^folders/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" }, "etag": { "description": "Optional. The current entity tag (ETag) of the organization policy. If an ETag is provided and doesn't match the current ETag of the policy, deletion of the policy will be blocked and an `ABORTED` error will be returned.", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist." } } } } }, "organizations": { "resources": { "constraints": { "methods": { "list": { "id": "orgpolicy.organizations.constraints.list", "path": "v2/{+parent}/constraints", "flatPath": "v2/organizations/{organizationsId}/constraints", "httpMethod": "GET", "parameters": { "parent": { "description": "Required. The Trusted Cloud Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^organizations/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleCloudOrgpolicyV2ListConstraintsResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Lists constraints that could be applied on the specified resource." } } }, "policies": { "methods": { "list": { "id": "orgpolicy.organizations.policies.list", "path": "v2/{+parent}/policies", "flatPath": "v2/organizations/{organizationsId}/policies", "httpMethod": "GET", "parameters": { "parent": { "description": "Required. The target Trusted Cloud Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^organizations/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleCloudOrgpolicyV2ListPoliciesResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Retrieves all of the policies that exist on a particular resource." }, "get": { "id": "orgpolicy.organizations.policies.get", "path": "v2/{+name}", "flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}", "httpMethod": "GET", "parameters": { "name": { "description": "Required. Resource name of the policy. See Policy for naming requirements.", "pattern": "^organizations/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The entity tag (ETag) can be used with `UpdatePolicy()` to update a policy during read-modify-write." }, "getEffectivePolicy": { "id": "orgpolicy.organizations.policies.getEffectivePolicy", "path": "v2/{+name}:getEffectivePolicy", "flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}:getEffectivePolicy", "httpMethod": "GET", "parameters": { "name": { "description": "Required. The effective policy to compute. See Policy for naming requirements.", "pattern": "^organizations/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an ETag or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded." }, "create": { "id": "orgpolicy.organizations.policies.create", "path": "v2/{+parent}/policies", "flatPath": "v2/organizations/{organizationsId}/policies", "httpMethod": "POST", "parameters": { "parent": { "description": "Required. The Trusted Cloud Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`", "pattern": "^organizations/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "parent" ], "request": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Trusted Cloud Cloud resource." }, "patch": { "id": "orgpolicy.organizations.policies.patch", "path": "v2/{+name}", "flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}", "httpMethod": "PATCH", "parameters": { "name": { "description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint that this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.", "pattern": "^organizations/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" }, "updateMask": { "description": "Field mask used to specify the fields to be overwritten in the policy. The fields specified in the update_mask are relative to the policy, not the full request.", "location": "query", "type": "string", "format": "google-fieldmask" } }, "parameterOrder": [ "name" ], "request": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "response": { "$ref": "GoogleCloudOrgpolicyV2Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy doesn't exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the ETag supplied in the request doesn't match the persisted ETag of the policy. Note: the supplied policy will perform a full overwrite of all fields." }, "delete": { "id": "orgpolicy.organizations.policies.delete", "path": "v2/{+name}", "flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}", "httpMethod": "DELETE", "parameters": { "name": { "description": "Required. Name of the policy to delete. See the policy entry for naming rules.", "pattern": "^organizations/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" }, "etag": { "description": "Optional. The current entity tag (ETag) of the organization policy. If an ETag is provided and doesn't match the current ETag of the policy, deletion of the policy will be blocked and an `ABORTED` error will be returned.", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist." } } } } } }, "id": "orgpolicy:v2", "protocol": "rest", "documentationLink": "https://documentation.s3ns.fr/orgpolicy", "ownerName": "Google", "name": "orgpolicy", "description": "The Organization Policy API allows users to configure governance rules on their Trusted Cloud resources across the resource hierarchy.", "canonicalName": "OrgPolicy API", "batchPath": "batch", "servicePath": "", "parameters": { "access_token": { "type": "string", "description": "OAuth access token.", "location": "query" }, "alt": { "type": "string", "description": "Data format for response.", "default": "json", "enum": [ "json", "media", "proto" ], "enumDescriptions": [ "Responses with Content-Type of application/json", "Media download with context-dependent Content-Type", "Responses with Content-Type of application/x-protobuf" ], "location": "query" }, "callback": { "type": "string", "description": "JSONP", "location": "query" }, "fields": { "type": "string", "description": "Selector specifying which fields to include in a partial response.", "location": "query" }, "key": { "type": "string", "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", "location": "query" }, "oauth_token": { "type": "string", "description": "OAuth 2.0 token for the current user.", "location": "query" }, "prettyPrint": { "type": "boolean", "description": "Returns response with indentations and line breaks.", "default": "true", "location": "query" }, "quotaUser": { "type": "string", "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", "location": "query" }, "upload_protocol": { "type": "string", "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", "location": "query" }, "uploadType": { "type": "string", "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", "location": "query" }, "$.xgafv": { "type": "string", "description": "V1 error format.", "enum": [ "1", "2" ], "enumDescriptions": [ "v1 error format", "v2 error format" ], "location": "query" } }, "basePath": "", "discoveryVersion": "v1" }