{
  "resources": {
    "folders": {
      "resources": {
        "policies": {
          "methods": {
            "getEffectivePolicy": {
              "flatPath": "v2/folders/{foldersId}/policies/{policiesId}:getEffectivePolicy",
              "parameters": {
                "name": {
                  "required": true,
                  "type": "string",
                  "description": "Required. The effective policy to compute. See Policy for naming requirements.",
                  "pattern": "^folders/[^/]+/policies/[^/]+$",
                  "location": "path"
                }
              },
              "id": "orgpolicy.folders.policies.getEffectivePolicy",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+name}:getEffectivePolicy",
              "description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an ETag or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "httpMethod": "GET",
              "parameterOrder": [
                "name"
              ]
            },
            "patch": {
              "request": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "httpMethod": "PATCH",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "parameterOrder": [
                "name"
              ],
              "flatPath": "v2/folders/{foldersId}/policies/{policiesId}",
              "parameters": {
                "name": {
                  "description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint that this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
                  "pattern": "^folders/[^/]+/policies/[^/]+$",
                  "location": "path",
                  "type": "string",
                  "required": true
                },
                "updateMask": {
                  "type": "string",
                  "format": "google-fieldmask",
                  "location": "query",
                  "description": "Field mask used to specify the fields to be overwritten in the policy. The fields specified in the update_mask are relative to the policy, not the full request."
                }
              },
              "id": "orgpolicy.folders.policies.patch",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+name}",
              "description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy doesn't exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the ETag supplied in the request doesn't match the persisted ETag of the policy. Note: the supplied policy will perform a full overwrite of all fields."
            },
            "create": {
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "httpMethod": "POST",
              "parameterOrder": [
                "parent"
              ],
              "request": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "id": "orgpolicy.folders.policies.create",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+parent}/policies",
              "description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Trusted Cloud Cloud resource.",
              "flatPath": "v2/folders/{foldersId}/policies",
              "parameters": {
                "parent": {
                  "required": true,
                  "type": "string",
                  "location": "path",
                  "description": "Required. The Trusted Cloud Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^folders/[^/]+$"
                }
              }
            },
            "list": {
              "path": "v2/{+parent}/policies",
              "description": "Retrieves all of the policies that exist on a particular resource.",
              "id": "orgpolicy.folders.policies.list",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "flatPath": "v2/folders/{foldersId}/policies",
              "parameters": {
                "parent": {
                  "description": "Required. The target Trusted Cloud Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^folders/[^/]+$",
                  "location": "path",
                  "required": true,
                  "type": "string"
                },
                "pageToken": {
                  "type": "string",
                  "location": "query",
                  "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field."
                },
                "pageSize": {
                  "type": "integer",
                  "format": "int32",
                  "location": "query",
                  "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size."
                }
              },
              "parameterOrder": [
                "parent"
              ],
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2ListPoliciesResponse"
              },
              "httpMethod": "GET"
            },
            "get": {
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "GET",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "path": "v2/{+name}",
              "description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The entity tag (ETag) can be used with `UpdatePolicy()` to update a policy during read-modify-write.",
              "id": "orgpolicy.folders.policies.get",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "flatPath": "v2/folders/{foldersId}/policies/{policiesId}",
              "parameters": {
                "name": {
                  "location": "path",
                  "description": "Required. Resource name of the policy. See Policy for naming requirements.",
                  "pattern": "^folders/[^/]+/policies/[^/]+$",
                  "type": "string",
                  "required": true
                }
              }
            },
            "delete": {
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "DELETE",
              "response": {
                "$ref": "GoogleProtobufEmpty"
              },
              "flatPath": "v2/folders/{foldersId}/policies/{policiesId}",
              "parameters": {
                "name": {
                  "description": "Required. Name of the policy to delete. See the policy entry for naming rules.",
                  "pattern": "^folders/[^/]+/policies/[^/]+$",
                  "location": "path",
                  "type": "string",
                  "required": true
                },
                "etag": {
                  "description": "Optional. The current entity tag (ETag) of the organization policy. If an ETag is provided and doesn't match the current ETag of the policy, deletion of the policy will be blocked and an `ABORTED` error will be returned.",
                  "location": "query",
                  "type": "string"
                }
              },
              "path": "v2/{+name}",
              "description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist.",
              "id": "orgpolicy.folders.policies.delete",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ]
            }
          }
        },
        "constraints": {
          "methods": {
            "list": {
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2ListConstraintsResponse"
              },
              "httpMethod": "GET",
              "parameterOrder": [
                "parent"
              ],
              "id": "orgpolicy.folders.constraints.list",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+parent}/constraints",
              "description": "Lists constraints that could be applied on the specified resource.",
              "flatPath": "v2/folders/{foldersId}/constraints",
              "parameters": {
                "pageSize": {
                  "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.",
                  "location": "query",
                  "type": "integer",
                  "format": "int32"
                },
                "pageToken": {
                  "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.",
                  "location": "query",
                  "type": "string"
                },
                "parent": {
                  "location": "path",
                  "description": "Required. The Trusted Cloud Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^folders/[^/]+$",
                  "type": "string",
                  "required": true
                }
              }
            }
          }
        }
      }
    },
    "organizations": {
      "resources": {
        "constraints": {
          "methods": {
            "list": {
              "path": "v2/{+parent}/constraints",
              "description": "Lists constraints that could be applied on the specified resource.",
              "id": "orgpolicy.organizations.constraints.list",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "flatPath": "v2/organizations/{organizationsId}/constraints",
              "parameters": {
                "pageToken": {
                  "type": "string",
                  "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.",
                  "location": "query"
                },
                "parent": {
                  "required": true,
                  "type": "string",
                  "location": "path",
                  "description": "Required. The Trusted Cloud Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^organizations/[^/]+$"
                },
                "pageSize": {
                  "type": "integer",
                  "format": "int32",
                  "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.",
                  "location": "query"
                }
              },
              "parameterOrder": [
                "parent"
              ],
              "httpMethod": "GET",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2ListConstraintsResponse"
              }
            }
          }
        },
        "policies": {
          "methods": {
            "create": {
              "parameterOrder": [
                "parent"
              ],
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "httpMethod": "POST",
              "request": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "path": "v2/{+parent}/policies",
              "description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Trusted Cloud Cloud resource.",
              "id": "orgpolicy.organizations.policies.create",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "flatPath": "v2/organizations/{organizationsId}/policies",
              "parameters": {
                "parent": {
                  "location": "path",
                  "description": "Required. The Trusted Cloud Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^organizations/[^/]+$",
                  "required": true,
                  "type": "string"
                }
              }
            },
            "getEffectivePolicy": {
              "flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}:getEffectivePolicy",
              "parameters": {
                "name": {
                  "location": "path",
                  "description": "Required. The effective policy to compute. See Policy for naming requirements.",
                  "pattern": "^organizations/[^/]+/policies/[^/]+$",
                  "required": true,
                  "type": "string"
                }
              },
              "path": "v2/{+name}:getEffectivePolicy",
              "description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an ETag or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
              "id": "orgpolicy.organizations.policies.getEffectivePolicy",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "GET",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              }
            },
            "patch": {
              "flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}",
              "parameters": {
                "name": {
                  "description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint that this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
                  "pattern": "^organizations/[^/]+/policies/[^/]+$",
                  "location": "path",
                  "type": "string",
                  "required": true
                },
                "updateMask": {
                  "type": "string",
                  "format": "google-fieldmask",
                  "location": "query",
                  "description": "Field mask used to specify the fields to be overwritten in the policy. The fields specified in the update_mask are relative to the policy, not the full request."
                }
              },
              "path": "v2/{+name}",
              "description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy doesn't exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the ETag supplied in the request doesn't match the persisted ETag of the policy. Note: the supplied policy will perform a full overwrite of all fields.",
              "id": "orgpolicy.organizations.policies.patch",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "request": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "parameterOrder": [
                "name"
              ],
              "httpMethod": "PATCH",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              }
            },
            "delete": {
              "response": {
                "$ref": "GoogleProtobufEmpty"
              },
              "httpMethod": "DELETE",
              "parameterOrder": [
                "name"
              ],
              "flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}",
              "parameters": {
                "etag": {
                  "location": "query",
                  "description": "Optional. The current entity tag (ETag) of the organization policy. If an ETag is provided and doesn't match the current ETag of the policy, deletion of the policy will be blocked and an `ABORTED` error will be returned.",
                  "type": "string"
                },
                "name": {
                  "location": "path",
                  "description": "Required. Name of the policy to delete. See the policy entry for naming rules.",
                  "pattern": "^organizations/[^/]+/policies/[^/]+$",
                  "required": true,
                  "type": "string"
                }
              },
              "id": "orgpolicy.organizations.policies.delete",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+name}",
              "description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist."
            },
            "list": {
              "id": "orgpolicy.organizations.policies.list",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+parent}/policies",
              "description": "Retrieves all of the policies that exist on a particular resource.",
              "flatPath": "v2/organizations/{organizationsId}/policies",
              "parameters": {
                "pageToken": {
                  "type": "string",
                  "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.",
                  "location": "query"
                },
                "parent": {
                  "location": "path",
                  "description": "Required. The target Trusted Cloud Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^organizations/[^/]+$",
                  "type": "string",
                  "required": true
                },
                "pageSize": {
                  "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.",
                  "location": "query",
                  "type": "integer",
                  "format": "int32"
                }
              },
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2ListPoliciesResponse"
              },
              "httpMethod": "GET",
              "parameterOrder": [
                "parent"
              ]
            },
            "get": {
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "httpMethod": "GET",
              "parameterOrder": [
                "name"
              ],
              "flatPath": "v2/organizations/{organizationsId}/policies/{policiesId}",
              "parameters": {
                "name": {
                  "description": "Required. Resource name of the policy. See Policy for naming requirements.",
                  "pattern": "^organizations/[^/]+/policies/[^/]+$",
                  "location": "path",
                  "required": true,
                  "type": "string"
                }
              },
              "id": "orgpolicy.organizations.policies.get",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+name}",
              "description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The entity tag (ETag) can be used with `UpdatePolicy()` to update a policy during read-modify-write."
            }
          }
        }
      }
    },
    "projects": {
      "resources": {
        "policies": {
          "methods": {
            "create": {
              "flatPath": "v2/projects/{projectsId}/policies",
              "parameters": {
                "parent": {
                  "location": "path",
                  "description": "Required. The Trusted Cloud Cloud resource that will parent the new policy. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^projects/[^/]+$",
                  "type": "string",
                  "required": true
                }
              },
              "id": "orgpolicy.projects.policies.create",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+parent}/policies",
              "description": "Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Trusted Cloud Cloud resource.",
              "request": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "httpMethod": "POST",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "parameterOrder": [
                "parent"
              ]
            },
            "getEffectivePolicy": {
              "id": "orgpolicy.projects.policies.getEffectivePolicy",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+name}:getEffectivePolicy",
              "description": "Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an ETag or `condition` set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with 'under:' prefix will not be expanded.",
              "flatPath": "v2/projects/{projectsId}/policies/{policiesId}:getEffectivePolicy",
              "parameters": {
                "name": {
                  "description": "Required. The effective policy to compute. See Policy for naming requirements.",
                  "pattern": "^projects/[^/]+/policies/[^/]+$",
                  "location": "path",
                  "required": true,
                  "type": "string"
                }
              },
              "httpMethod": "GET",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "parameterOrder": [
                "name"
              ]
            },
            "patch": {
              "httpMethod": "PATCH",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "parameterOrder": [
                "name"
              ],
              "request": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "id": "orgpolicy.projects.policies.patch",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+name}",
              "description": "Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy doesn't exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the ETag supplied in the request doesn't match the persisted ETag of the policy. Note: the supplied policy will perform a full overwrite of all fields.",
              "flatPath": "v2/projects/{projectsId}/policies/{policiesId}",
              "parameters": {
                "name": {
                  "location": "path",
                  "description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint that this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.",
                  "pattern": "^projects/[^/]+/policies/[^/]+$",
                  "required": true,
                  "type": "string"
                },
                "updateMask": {
                  "type": "string",
                  "format": "google-fieldmask",
                  "description": "Field mask used to specify the fields to be overwritten in the policy. The fields specified in the update_mask are relative to the policy, not the full request.",
                  "location": "query"
                }
              }
            },
            "delete": {
              "flatPath": "v2/projects/{projectsId}/policies/{policiesId}",
              "parameters": {
                "name": {
                  "location": "path",
                  "description": "Required. Name of the policy to delete. See the policy entry for naming rules.",
                  "pattern": "^projects/[^/]+/policies/[^/]+$",
                  "required": true,
                  "type": "string"
                },
                "etag": {
                  "location": "query",
                  "description": "Optional. The current entity tag (ETag) of the organization policy. If an ETag is provided and doesn't match the current ETag of the policy, deletion of the policy will be blocked and an `ABORTED` error will be returned.",
                  "type": "string"
                }
              },
              "id": "orgpolicy.projects.policies.delete",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+name}",
              "description": "Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist.",
              "httpMethod": "DELETE",
              "response": {
                "$ref": "GoogleProtobufEmpty"
              },
              "parameterOrder": [
                "name"
              ]
            },
            "list": {
              "path": "v2/{+parent}/policies",
              "description": "Retrieves all of the policies that exist on a particular resource.",
              "id": "orgpolicy.projects.policies.list",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "flatPath": "v2/projects/{projectsId}/policies",
              "parameters": {
                "pageToken": {
                  "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.",
                  "location": "query",
                  "type": "string"
                },
                "parent": {
                  "type": "string",
                  "required": true,
                  "location": "path",
                  "description": "Required. The target Trusted Cloud Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^projects/[^/]+$"
                },
                "pageSize": {
                  "type": "integer",
                  "format": "int32",
                  "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size.",
                  "location": "query"
                }
              },
              "parameterOrder": [
                "parent"
              ],
              "httpMethod": "GET",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2ListPoliciesResponse"
              }
            },
            "get": {
              "flatPath": "v2/projects/{projectsId}/policies/{policiesId}",
              "parameters": {
                "name": {
                  "location": "path",
                  "description": "Required. Resource name of the policy. See Policy for naming requirements.",
                  "pattern": "^projects/[^/]+/policies/[^/]+$",
                  "required": true,
                  "type": "string"
                }
              },
              "id": "orgpolicy.projects.policies.get",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+name}",
              "description": "Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The entity tag (ETag) can be used with `UpdatePolicy()` to update a policy during read-modify-write.",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2Policy"
              },
              "httpMethod": "GET",
              "parameterOrder": [
                "name"
              ]
            }
          }
        },
        "constraints": {
          "methods": {
            "list": {
              "flatPath": "v2/projects/{projectsId}/constraints",
              "parameters": {
                "pageSize": {
                  "type": "integer",
                  "format": "int32",
                  "location": "query",
                  "description": "Size of the pages to be returned. This is not used, but the server may at any point start using this field to limit page size."
                },
                "parent": {
                  "description": "Required. The Trusted Cloud Cloud resource that parents the constraint. Must be in one of the following forms: * `projects/{project_number}` * `projects/{project_id}` * `folders/{folder_id}` * `organizations/{organization_id}`",
                  "pattern": "^projects/[^/]+$",
                  "location": "path",
                  "required": true,
                  "type": "string"
                },
                "pageToken": {
                  "type": "string",
                  "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start using this field.",
                  "location": "query"
                }
              },
              "id": "orgpolicy.projects.constraints.list",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "path": "v2/{+parent}/constraints",
              "description": "Lists constraints that could be applied on the specified resource.",
              "response": {
                "$ref": "GoogleCloudOrgpolicyV2ListConstraintsResponse"
              },
              "httpMethod": "GET",
              "parameterOrder": [
                "parent"
              ]
            }
          }
        }
      }
    }
  },
  "protocol": "rest",
  "documentationLink": "https://documentation.s3ns.fr/orgpolicy",
  "schemas": {
    "GoogleProtobufEmpty": {
      "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
      "id": "GoogleProtobufEmpty",
      "properties": {},
      "type": "object"
    },
    "GoogleCloudOrgpolicyV2Policy": {
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2Policy",
      "properties": {
        "spec": {
          "description": "Basic information about the organization policy.",
          "$ref": "GoogleCloudOrgpolicyV2PolicySpec"
        },
        "name": {
          "type": "string",
          "description": "Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint that this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number."
        },
        "etag": {
          "description": "Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This entity tag (ETag) is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.",
          "type": "string"
        },
        "alternate": {
          "description": "Deprecated.",
          "deprecated": true,
          "$ref": "GoogleCloudOrgpolicyV2AlternatePolicySpec"
        },
        "dryRunSpec": {
          "description": "Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.",
          "$ref": "GoogleCloudOrgpolicyV2PolicySpec"
        }
      },
      "description": "Defines an organization policy which is used to specify constraints for configurations of Trusted Cloud Cloud resources."
    },
    "GoogleCloudOrgpolicyV2ConstraintListConstraint": {
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2ConstraintListConstraint",
      "properties": {
        "supportsIn": {
          "description": "Indicates whether values grouped into categories can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `\"in:Python\"` would match any value in the 'Python' group.",
          "type": "boolean"
        },
        "supportsUnder": {
          "type": "boolean",
          "description": "Indicates whether subtrees of the Resource Manager resource hierarchy can be used in `Policy.allowed_values` and `Policy.denied_values`. For example, `\"under:folders/123\"` would match any resource under the 'folders/123' folder."
        }
      },
      "description": "A constraint type that allows or disallows a list of string values, which are configured in the `PolicyRule`."
    },
    "GoogleCloudOrgpolicyV2PolicySpec": {
      "description": "Defines a Trusted Cloud Cloud policy specification which is used to specify constraints for configurations of Trusted Cloud Cloud resources.",
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2PolicySpec",
      "properties": {
        "etag": {
          "type": "string",
          "description": "An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this entity tag (ETag) indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the ETag will be unset."
        },
        "updateTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.",
          "readOnly": true
        },
        "inheritFromParent": {
          "type": "boolean",
          "description": "Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies that configure list constraints."
        },
        "reset": {
          "type": "boolean",
          "description": "Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false."
        },
        "rules": {
          "description": "In policies for boolean constraints, the following requirements apply: - There must be exactly one policy rule where a condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.",
          "type": "array",
          "items": {
            "$ref": "GoogleCloudOrgpolicyV2PolicySpecPolicyRule"
          }
        }
      }
    },
    "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition": {
      "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition",
      "properties": {
        "methodTypes": {
          "description": "All the operations being applied for this constraint.",
          "type": "array",
          "items": {
            "type": "string",
            "enumDescriptions": [
              "This is only used for distinguishing unset values, and results in an error if used.",
              "Constraint applied when creating the resource.",
              "Constraint applied when updating the resource.",
              "Constraint applied when deleting the resource. Not supported.",
              "Constraint applied when removing an IAM grant.",
              "Constraint applied when enforcing forced tagging."
            ],
            "enum": [
              "METHOD_TYPE_UNSPECIFIED",
              "CREATE",
              "UPDATE",
              "DELETE",
              "REMOVE_GRANT",
              "GOVERN_TAGS"
            ]
          }
        },
        "actionType": {
          "type": "string",
          "enumDescriptions": [
            "This is only used for distinguishing unset values, and results in an error if used.",
            "Allowed action type.",
            "Deny action type."
          ],
          "enum": [
            "ACTION_TYPE_UNSPECIFIED",
            "ALLOW",
            "DENY"
          ],
          "description": "Allow or deny type."
        },
        "condition": {
          "type": "string",
          "description": "Org policy condition/expression. For example: `resource.instanceName.matches(\"(production|test)_(.+_)?[\\d]+\")` or, `resource.management.auto_upgrade == true` The max length of the condition is 1000 characters."
        },
        "resourceTypes": {
          "description": "The resource instance type that this policy applies to, in the format `/`. Example: * `compute.googleapis.com/Instance`.",
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "parameters": {
          "description": "Stores the structure of `Parameters` used by the constraint condition. The key of `map` represents the name of the parameter.",
          "type": "object",
          "additionalProperties": {
            "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter"
          }
        }
      },
      "type": "object",
      "description": "Custom constraint definition. Defines this as a managed constraint."
    },
    "GoogleCloudOrgpolicyV2Constraint": {
      "id": "GoogleCloudOrgpolicyV2Constraint",
      "properties": {
        "supportsDryRun": {
          "type": "boolean",
          "description": "Shows if dry run is supported for this constraint or not."
        },
        "supportsSimulation": {
          "type": "boolean",
          "description": "Shows if simulation is supported for this constraint or not."
        },
        "constraintDefault": {
          "type": "string",
          "enumDescriptions": [
            "This is only used for distinguishing unset values, and results in an error if set.",
            "Indicate that all values are allowed for list constraints. Indicate that enforcement is off for boolean constraints.",
            "Indicate that all values are denied for list constraints. Indicate that enforcement is on for boolean constraints."
          ],
          "enum": [
            "CONSTRAINT_DEFAULT_UNSPECIFIED",
            "ALLOW",
            "DENY"
          ],
          "description": "The evaluation behavior of this constraint in the absence of a policy."
        },
        "equivalentConstraint": {
          "type": "string",
          "description": "Defines the equivalent constraint name, if it exists. Managed constraints can have an equivalent legacy managed constraint, and legacy managed constraints can have an equivalent managed constraint. For example, \"constraints/iam.disableServiceAccountKeyUpload\" is equivalent to \"constraints/iam.managed.disableServiceAccountKeyUpload\"."
        },
        "booleanConstraint": {
          "description": "Defines this constraint as being a boolean constraint.",
          "$ref": "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint"
        },
        "displayName": {
          "description": "The human readable name. Mutable.",
          "type": "string"
        },
        "description": {
          "description": "Detailed description of what this constraint controls as well as how and where it is enforced. Mutable.",
          "type": "string"
        },
        "listConstraint": {
          "description": "Defines this constraint as being a list constraint.",
          "$ref": "GoogleCloudOrgpolicyV2ConstraintListConstraint"
        },
        "name": {
          "description": "Immutable. The resource name of the constraint. Must be in one of the following forms: * `projects/{project_number}/constraints/{constraint_name}` * `folders/{folder_id}/constraints/{constraint_name}` * `organizations/{organization_id}/constraints/{constraint_name}` For example, \"/projects/123/constraints/compute.disableSerialPortAccess\".",
          "type": "string"
        }
      },
      "type": "object",
      "description": "A constraint describes a way to restrict resource's configuration. For example, you could enforce a constraint that controls which Trusted Cloud Cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization policy administrator to fit the needs of the organization by setting a policy that includes constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules, see `Policy`. Constraints have a default behavior determined by the `constraint_default` field, which is the enforcement behavior that is used in the absence of a policy being defined or inherited for the resource in question."
    },
    "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues": {
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues",
      "properties": {
        "deniedValues": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "List of values denied at this resource."
        },
        "allowedValues": {
          "description": "List of values allowed at this resource.",
          "type": "array",
          "items": {
            "type": "string"
          }
        }
      },
      "description": "A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a \":\". Values prefixed with \"is:\" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used."
    },
    "GoogleTypeExpr": {
      "id": "GoogleTypeExpr",
      "properties": {
        "expression": {
          "description": "Textual representation of an expression in Common Expression Language syntax.",
          "type": "string"
        },
        "location": {
          "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
          "type": "string"
        },
        "description": {
          "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
          "type": "string"
        },
        "title": {
          "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.",
          "type": "string"
        }
      },
      "type": "object",
      "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() \u003c 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information."
    },
    "GoogleCloudOrgpolicyV2ListConstraintsResponse": {
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2ListConstraintsResponse",
      "properties": {
        "constraints": {
          "description": "The collection of constraints that are available on the targeted resource.",
          "type": "array",
          "items": {
            "$ref": "GoogleCloudOrgpolicyV2Constraint"
          }
        },
        "nextPageToken": {
          "description": "Page token used to retrieve the next page. This is not used.",
          "type": "string"
        }
      },
      "description": "The response returned from the ListConstraints method."
    },
    "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter": {
      "description": "Defines a parameter structure.",
      "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameter",
      "properties": {
        "validValuesExpr": {
          "description": "Provides a CEL expression to specify the acceptable parameter values during assignment. For example, parameterName in (\"parameterValue1\", \"parameterValue2\").",
          "type": "string"
        },
        "metadata": {
          "description": "Defines subproperties primarily used by the UI to display user-friendly information.",
          "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata"
        },
        "item": {
          "type": "string",
          "enumDescriptions": [
            "This is only used for distinguishing unset values, and results in an error if used.",
            "List parameter type.",
            "String parameter type.",
            "Boolean parameter type."
          ],
          "enum": [
            "TYPE_UNSPECIFIED",
            "LIST",
            "STRING",
            "BOOLEAN"
          ],
          "description": "Determines the parameter's value structure. For example, `LIST` can be specified by defining `type: LIST`, and `item: STRING`."
        },
        "defaultValue": {
          "type": "any",
          "description": "Sets the value of the parameter in an assignment if no value is given."
        },
        "type": {
          "type": "string",
          "enumDescriptions": [
            "This is only used for distinguishing unset values, and results in an error if used.",
            "List parameter type.",
            "String parameter type.",
            "Boolean parameter type."
          ],
          "enum": [
            "TYPE_UNSPECIFIED",
            "LIST",
            "STRING",
            "BOOLEAN"
          ],
          "description": "Type of the parameter."
        }
      },
      "type": "object"
    },
    "GoogleCloudOrgpolicyV2ListPoliciesResponse": {
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2ListPoliciesResponse",
      "properties": {
        "policies": {
          "description": "All policies that exist on the resource. It will be empty if no policies are set.",
          "type": "array",
          "items": {
            "$ref": "GoogleCloudOrgpolicyV2Policy"
          }
        },
        "nextPageToken": {
          "description": "Page token used to retrieve the next page. This is not used, but the server may at any point start supplying a valid token.",
          "type": "string"
        }
      },
      "description": "The response returned from the ListPolicies method. It will be empty if no policies are set on the resource."
    },
    "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata": {
      "description": "Defines Metadata structure.",
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinitionParameterMetadata",
      "properties": {
        "description": {
          "description": "Detailed description of what this `parameter` is and its use. Mutable.",
          "type": "string"
        }
      }
    },
    "GoogleCloudOrgpolicyV2AlternatePolicySpec": {
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2AlternatePolicySpec",
      "properties": {
        "launch": {
          "type": "string",
          "description": "Reference to the launch that will be used while audit logging and to control the launch. Set only in the alternate policy."
        },
        "spec": {
          "description": "Specify constraint for configurations of Trusted Cloud Cloud resources.",
          "$ref": "GoogleCloudOrgpolicyV2PolicySpec"
        }
      },
      "description": "Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run."
    },
    "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint": {
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2ConstraintBooleanConstraint",
      "properties": {
        "customConstraintDefinition": {
          "description": "Custom constraint definition. Defines this as a managed constraint.",
          "$ref": "GoogleCloudOrgpolicyV2ConstraintCustomConstraintDefinition"
        }
      },
      "description": "A constraint type is enforced or not enforced, which is configured in the `PolicyRule`. If `customConstraintDefinition` is defined, this constraint is a managed constraint."
    },
    "GoogleCloudOrgpolicyV2PolicySpecPolicyRule": {
      "type": "object",
      "id": "GoogleCloudOrgpolicyV2PolicySpecPolicyRule",
      "properties": {
        "parameters": {
          "type": "object",
          "additionalProperties": {
            "type": "any",
            "description": "Properties of the object."
          },
          "description": "Optional. Required for managed constraints if parameters are defined. Passes parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: ``` { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } ```"
        },
        "condition": {
          "$ref": "GoogleTypeExpr",
          "description": "A condition that determines whether this rule is used to evaluate the policy. When set, the google.type.Expr.expression field must contain 1 to 10 subexpressions, joined by the `||` or `&&` operators. Each subexpression must use the `resource.matchTag()`, `resource.matchTagId()`, `resource.hasTagKey()`, or `resource.hasTagKeyId()` Common Expression Language (CEL) function. The `resource.matchTag()` function takes the following arguments: * `key_name`: the namespaced name of the tag key, with the organization ID and a slash (`/`) as a prefix; for example, `123456789012/environment` * `value_name`: the short name of the tag value For example: `resource.matchTag('123456789012/environment, 'prod')` The `resource.matchTagId()` function takes the following arguments: * `key_id`: the permanent ID of the tag key; for example, `tagKeys/123456789012` * `value_id`: the permanent ID of the tag value; for example, `tagValues/567890123456` For example: `resource.matchTagId('tagKeys/123456789012', 'tagValues/567890123456')` The `resource.hasTagKey()` function takes the following argument: * `key_name`: the namespaced name of the tag key, with the organization ID and a slash (`/`) as a prefix; for example, `123456789012/environment` For example: `resource.hasTagKey('123456789012/environment')` The `resource.hasTagKeyId()` function takes the following arguments: * `key_id`: the permanent ID of the tag key; for example, `tagKeys/123456789012` For example: `resource.hasTagKeyId('tagKeys/123456789012')`"
        },
        "enforce": {
          "type": "boolean",
          "description": "If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set in policies for boolean constraints, custom constraints and managed constraints."
        },
        "allowAll": {
          "type": "boolean",
          "description": "Setting this to true means that all values are allowed. This field can be set only in policies for list constraints."
        },
        "denyAll": {
          "type": "boolean",
          "description": "Setting this to true means that all values are denied. This field can be set only in policies for list constraints."
        },
        "values": {
          "$ref": "GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues",
          "description": "List of values to be used for this policy rule. This field can be set only in policies for list constraints."
        }
      },
      "description": "A rule used to express this policy."
    }
  },
  "canonicalName": "OrgPolicy API",
  "servicePath": "",
  "discoveryVersion": "v1",
  "title": "Organization Policy API",
  "baseUrl": "https://orgpolicy.s3nsapis.fr/",
  "basePath": "",
  "id": "orgpolicy:v2",
  "kind": "discovery#restDescription",
  "version_module": true,
  "fullyEncodeReservedExpansion": true,
  "ownerName": "Google",
  "batchPath": "batch",
  "ownerDomain": "google.com",
  "icons": {
    "x16": "",
    "x32": ""
  },
  "version": "v2",
  "rootUrl": "https://orgpolicy.s3nsapis.fr/",
  "auth": {
    "oauth2": {
      "scopes": {
        "https://www.googleapis.com/auth/cloud-platform": {
          "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
        }
      }
    }
  },
  "description": "The Organization Policy API allows users to configure governance rules on their Trusted Cloud resources across the resource hierarchy.",
  "revision": "20260621",
  "parameters": {
    "alt": {
      "description": "Data format for response.",
      "default": "json",
      "location": "query",
      "enum": [
        "json",
        "media",
        "proto"
      ],
      "type": "string",
      "enumDescriptions": [
        "Responses with Content-Type of application/json",
        "Media download with context-dependent Content-Type",
        "Responses with Content-Type of application/x-protobuf"
      ]
    },
    "upload_protocol": {
      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
      "location": "query",
      "type": "string"
    },
    "quotaUser": {
      "location": "query",
      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
      "type": "string"
    },
    "uploadType": {
      "type": "string",
      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
      "location": "query"
    },
    "callback": {
      "type": "string",
      "description": "JSONP",
      "location": "query"
    },
    "fields": {
      "type": "string",
      "location": "query",
      "description": "Selector specifying which fields to include in a partial response."
    },
    "$.xgafv": {
      "type": "string",
      "enumDescriptions": [
        "v1 error format",
        "v2 error format"
      ],
      "enum": [
        "1",
        "2"
      ],
      "description": "V1 error format.",
      "location": "query"
    },
    "key": {
      "location": "query",
      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
      "type": "string"
    },
    "prettyPrint": {
      "location": "query",
      "description": "Returns response with indentations and line breaks.",
      "default": "true",
      "type": "boolean"
    },
    "access_token": {
      "type": "string",
      "location": "query",
      "description": "OAuth access token."
    },
    "oauth_token": {
      "type": "string",
      "description": "OAuth 2.0 token for the current user.",
      "location": "query"
    }
  },
  "name": "orgpolicy"
}
