Skip to main content

OrgPolicy

google_cloud_orgpolicy_v2::client

Struct OrgPolicy 

Source 
pub struct OrgPolicy { /* private fields */ }
Expand description

Implements a client for the Organization Policy API.

§Example

use google_cloud_gax::paginator::ItemPaginator as _;
async fn sample(
   project_id: &str,
) -> anyhow::Result<()> {
    let client = OrgPolicy::builder().build().await?;
    let mut list = client.list_constraints()
        .set_parent(format!("projects/{project_id}"))
        .by_item();
    while let Some(item) = list.next().await.transpose()? {
        println!("{:?}", item);
    }
    Ok(())
}

§Service Description

An interface for managing organization policies.

The Organization Policy Service provides a simple mechanism for organizations to restrict the allowed configurations across their entire resource hierarchy.

You can use a policy to configure restrictions on resources. For example, you can enforce a policy that restricts which Google Cloud APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource’s configuration that can be controlled by an organization’s policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

§Configuration

To configure OrgPolicy use the with_* methods in the type returned by builder(). The default configuration should work for most applications. Common configuration changes include

  • with_endpoint(): by default this client uses the global default endpoint (https://orgpolicy.googleapis.com). Applications using regional endpoints or running in restricted networks (e.g. a network configured override this default.
  • with_credentials(): by default this client uses Application Default Credentials. Applications using custom authentication may need to override this default.

§Pooling and Cloning

OrgPolicy holds a connection pool internally, it is advised to create one and reuse it. You do not need to wrap OrgPolicy in an Rc or Arc to reuse it, because it already uses an Arc internally.

Implementations§

Source§

impl OrgPolicy

Source

pub fn builder() -> ClientBuilder

Returns a builder for OrgPolicy.

let client = OrgPolicy::builder().build().await?;
Source

pub fn from_stub<T>(stub: impl Into<Arc<T>>) -> Self
where T: OrgPolicy + 'static,

Creates a new client from the provided stub.

The most common case for calling this function is in tests mocking the client’s behavior.

Source

pub fn list_constraints(&self) -> ListConstraints

Lists constraints that could be applied on the specified resource.

§Example
use google_cloud_gax::paginator::ItemPaginator as _;
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, project_id: &str
) -> Result<()> {
    let mut list = client.list_constraints()
        .set_parent(format!("projects/{project_id}"))
        .by_item();
    while let Some(item) = list.next().await.transpose()? {
        println!("{:?}", item);
    }
    Ok(())
}
Source

pub fn list_policies(&self) -> ListPolicies

Retrieves all of the policies that exist on a particular resource.

§Example
use google_cloud_gax::paginator::ItemPaginator as _;
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, project_id: &str
) -> Result<()> {
    let mut list = client.list_policies()
        .set_parent(format!("projects/{project_id}"))
        .by_item();
    while let Some(item) = list.next().await.transpose()? {
        println!("{:?}", item);
    }
    Ok(())
}
Source

pub fn get_policy(&self) -> GetPolicy

Gets a policy on a resource.

If no policy is set on the resource, NOT_FOUND is returned. The etag value can be used with UpdatePolicy() to update a policy during read-modify-write.

§Example
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, project_id: &str, policy_id: &str
) -> Result<()> {
    let response = client.get_policy()
        .set_name(format!("projects/{project_id}/policies/{policy_id}"))
        .send().await?;
    println!("response {:?}", response);
    Ok(())
}
Source

pub fn get_effective_policy(&self) -> GetEffectivePolicy

Gets the effective policy on a resource. This is the result of merging policies in the resource hierarchy and evaluating conditions. The returned policy will not have an etag or condition set because it is an evaluated policy across multiple resources. Subtrees of Resource Manager resource hierarchy with ‘under:’ prefix will not be expanded.

§Example
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, project_id: &str, policy_id: &str
) -> Result<()> {
    let response = client.get_effective_policy()
        .set_name(format!("projects/{project_id}/policies/{policy_id}"))
        .send().await?;
    println!("response {:?}", response);
    Ok(())
}
Source

pub fn create_policy(&self) -> CreatePolicy

Creates a policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the policy already exists on the given Google Cloud resource.

§Example
use google_cloud_orgpolicy_v2::model::Policy;
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, project_id: &str
) -> Result<()> {
    let response = client.create_policy()
        .set_parent(format!("projects/{project_id}"))
        .set_policy(
            Policy::new()/* set fields */
        )
        .send().await?;
    println!("response {:?}", response);
    Ok(())
}
Source

pub fn update_policy(&self) -> UpdatePolicy

Updates a policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or the policy do not exist. Returns a google.rpc.Status with google.rpc.Code.ABORTED if the etag supplied in the request does not match the persisted etag of the policy

Note: the supplied policy will perform a full overwrite of all fields.

§Example
use google_cloud_wkt::FieldMask;
use google_cloud_orgpolicy_v2::model::Policy;
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, project_id: &str, policy_id: &str
) -> Result<()> {
    let response = client.update_policy()
        .set_policy(
            Policy::new().set_name(format!("projects/{project_id}/policies/{policy_id}"))/* set fields */
        )
        .set_update_mask(FieldMask::default().set_paths(["updated.field.path1", "updated.field.path2"]))
        .send().await?;
    println!("response {:?}", response);
    Ok(())
}
Source

pub fn delete_policy(&self) -> DeletePolicy

Deletes a policy.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint or organization policy does not exist.

§Example
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, project_id: &str, policy_id: &str
) -> Result<()> {
    client.delete_policy()
        .set_name(format!("projects/{project_id}/policies/{policy_id}"))
        .send().await?;
    Ok(())
}
Source

pub fn create_custom_constraint(&self) -> CreateCustomConstraint

Creates a custom constraint.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the organization does not exist. Returns a google.rpc.Status with google.rpc.Code.ALREADY_EXISTS if the constraint already exists on the given organization.

§Example
use google_cloud_orgpolicy_v2::model::CustomConstraint;
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, organization_id: &str
) -> Result<()> {
    let response = client.create_custom_constraint()
        .set_parent(format!("organizations/{organization_id}"))
        .set_custom_constraint(
            CustomConstraint::new()/* set fields */
        )
        .send().await?;
    println!("response {:?}", response);
    Ok(())
}
Source

pub fn update_custom_constraint(&self) -> UpdateCustomConstraint

Updates a custom constraint.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist.

Note: the supplied policy will perform a full overwrite of all fields.

§Example
use google_cloud_orgpolicy_v2::model::CustomConstraint;
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, organization_id: &str, custom_constraint_id: &str
) -> Result<()> {
    let response = client.update_custom_constraint()
        .set_custom_constraint(
            CustomConstraint::new().set_name(format!("organizations/{organization_id}/customConstraints/{custom_constraint_id}"))/* set fields */
        )
        .send().await?;
    println!("response {:?}", response);
    Ok(())
}
Source

pub fn get_custom_constraint(&self) -> GetCustomConstraint

Gets a custom or managed constraint.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the custom or managed constraint does not exist.

§Example
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, organization_id: &str, custom_constraint_id: &str
) -> Result<()> {
    let response = client.get_custom_constraint()
        .set_name(format!("organizations/{organization_id}/customConstraints/{custom_constraint_id}"))
        .send().await?;
    println!("response {:?}", response);
    Ok(())
}
Source

pub fn list_custom_constraints(&self) -> ListCustomConstraints

Retrieves all of the custom constraints that exist on a particular organization resource.

§Example
use google_cloud_gax::paginator::ItemPaginator as _;
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, organization_id: &str
) -> Result<()> {
    let mut list = client.list_custom_constraints()
        .set_parent(format!("organizations/{organization_id}"))
        .by_item();
    while let Some(item) = list.next().await.transpose()? {
        println!("{:?}", item);
    }
    Ok(())
}
Source

pub fn delete_custom_constraint(&self) -> DeleteCustomConstraint

Deletes a custom constraint.

Returns a google.rpc.Status with google.rpc.Code.NOT_FOUND if the constraint does not exist.

§Example
use google_cloud_orgpolicy_v2::Result;
async fn sample(
   client: &OrgPolicy, organization_id: &str, custom_constraint_id: &str
) -> Result<()> {
    client.delete_custom_constraint()
        .set_name(format!("organizations/{organization_id}/customConstraints/{custom_constraint_id}"))
        .send().await?;
    Ok(())
}

Trait Implementations§

Source§

impl Clone for OrgPolicy

Source§

fn clone(&self) -> OrgPolicy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for OrgPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FutureExt for T

Source§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
Source§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more