OrgPolicyClient

OrgPolicyClient

An interface for managing organization policies.

The Organization Policy Service provides a simple mechanism for organizations to restrict the allowed configurations across their entire resource hierarchy.

You can use a policy to configure restrictions on resources. For example, you can enforce a policy that restricts which Google Cloud APIs can be activated in a certain part of your resource hierarchy, or prevents serial port access to VM instances in a particular folder.

Policies are inherited down through the resource hierarchy. A policy applied to a parent resource automatically applies to all its child resources unless overridden with a policy lower in the hierarchy.

A constraint defines an aspect of a resource's configuration that can be controlled by an organization's policy administrator. Policies are a collection of constraints that defines their allowable configuration on a particular resource and its child resources.

Constructor

new OrgPolicyClient(optionsopt, gaxInstanceopt)

Construct an instance of OrgPolicyClient.

Parameters:
Name Type Attributes Description
options object <optional>

The configuration object. The options accepted by the constructor are described in detail in this document. The common options are:

Properties
Name Type Attributes Description
credentials object <optional>

Credentials object.

Properties
Name Type Attributes Description
client_email string <optional>
private_key string <optional>
email string <optional>

Account email address. Required when using a .pem or .p12 keyFilename.
keyFilename string <optional>

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.
port number <optional>

The port on which to connect to the remote host.
projectId string <optional>

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.
apiEndpoint string <optional>

The domain name of the API remote host.
clientConfig gax.ClientConfig <optional>

Client configuration override. Follows the structure of gapicConfig.
fallback boolean <optional>

Use HTTP/1.1 REST mode. For more information, please check the documentation.
gaxInstance gax <optional>

loaded instance of google-gax. Useful if you need to avoid loading the default gRPC version and want to use the fallback HTTP implementation. Load only fallback version and pass it to the constructor: const gax = require('google-gax/build/src/fallback'); // avoids loading google-gax with gRPC const client = new OrgPolicyClient({fallback: true}, gax);

Members

apiEndpoint

The DNS address for this API service - same as servicePath(), exists for compatibility reasons.

port

The port for this API service.

scopes

The scopes needed to make gRPC calls for every method defined in this service.

servicePath

The DNS address for this API service.

Methods

close() → {Promise}

Terminate the gRPC channel and close the client.

The client will no longer be usable and all future behavior is undefined.

Returns:
Type Description
Promise

A promise that resolves when the client is closed.

customConstraintPath(organization, custom_constraint) → {string}

Return a fully-qualified customConstraint resource name string.

Parameters:
Name Type Description
organization string
custom_constraint string
Returns:
Type Description
string

Resource name string.

folderConstraintPath(folder, constraint) → {string}

Return a fully-qualified folderConstraint resource name string.

Parameters:
Name Type Description
folder string
constraint string
Returns:
Type Description
string

Resource name string.

folderPolicyPath(folder, policy) → {string}

Return a fully-qualified folderPolicy resource name string.

Parameters:
Name Type Description
folder string
policy string
Returns:
Type Description
string

Resource name string.

getProjectId() → {Promise}

Return the project ID used by this class.

Returns:
Type Description
Promise

A promise that resolves to string containing the project ID.

initialize() → {Promise}

Initialize the client. Performs asynchronous operations (such as authentication) and prepares the client. This function will be called automatically when any class method is called for the first time, but if you need to initialize it before calling an actual method, feel free to call initialize() directly.

You can await on this method if you want to make sure the client is initialized.

Returns:
Type Description
Promise

A promise that resolves to an authenticated service stub.

listConstraintsAsync(request, optionsopt) → {Object}

Equivalent to listConstraints, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms:

  • projects/{project_number}
  • projects/{project_id}
  • folders/{folder_id}
  • organizations/{organization_id}
pageSize number

Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
pageToken string

Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Object

An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing Constraint. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.
Example
  /**
   * This snippet has been automatically generated and should be regarded as a code template only.
   * It will require modifications to work.
   * It may require correct/in-range values for request initialization.
   * TODO(developer): Uncomment these variables before running the sample.
   */
  /**
   *  Required. The Google Cloud resource that parents the constraint. Must be in
   *  one of the following forms:
   *  * `projects/{project_number}`
   *  * `projects/{project_id}`
   *  * `folders/{folder_id}`
   *  * `organizations/{organization_id}`
   */
  // const parent = 'abc123'
  /**
   *  Size of the pages to be returned. This is currently unsupported and will
   *  be ignored. The server may at any point start using this field to limit
   *  page size.
   */
  // const pageSize = 1234
  /**
   *  Page token used to retrieve the next page. This is currently unsupported
   *  and will be ignored. The server may at any point start using this field.
   */
  // const pageToken = 'abc123'

  // Imports the Orgpolicy library
  const {OrgPolicyClient} = require('@google-cloud/org-policy').v2;

  // Instantiates a client
  const orgpolicyClient = new OrgPolicyClient();

  async function callListConstraints() {
    // Construct request
    const request = {
      parent,
    };

    // Run request
    const iterable = await orgpolicyClient.listConstraintsAsync(request);
    for await (const response of iterable) {
        console.log(response);
    }
  }

  callListConstraints();

listConstraintsStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The Google Cloud resource that parents the constraint. Must be in one of the following forms:

  • projects/{project_number}
  • projects/{project_id}
  • folders/{folder_id}
  • organizations/{organization_id}
pageSize number

Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
pageToken string

Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Stream

An object stream which emits an object representing Constraint on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using listConstraintsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listCustomConstraintsAsync(request, optionsopt) → {Object}

Equivalent to listCustomConstraints, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The target Google Cloud resource that parents the set of custom constraints that will be returned from this call. Must be in one of the following forms:

  • organizations/{organization_id}
pageSize number

Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
pageToken string

Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Object

An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing CustomConstraint. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.
Example
  /**
   * This snippet has been automatically generated and should be regarded as a code template only.
   * It will require modifications to work.
   * It may require correct/in-range values for request initialization.
   * TODO(developer): Uncomment these variables before running the sample.
   */
  /**
   *  Required. The target Google Cloud resource that parents the set of custom
   *  constraints that will be returned from this call. Must be in one of the
   *  following forms:
   *  * `organizations/{organization_id}`
   */
  // const parent = 'abc123'
  /**
   *  Size of the pages to be returned. This is currently unsupported and will
   *  be ignored. The server may at any point start using this field to limit
   *  page size.
   */
  // const pageSize = 1234
  /**
   *  Page token used to retrieve the next page. This is currently unsupported
   *  and will be ignored. The server may at any point start using this field.
   */
  // const pageToken = 'abc123'

  // Imports the Orgpolicy library
  const {OrgPolicyClient} = require('@google-cloud/org-policy').v2;

  // Instantiates a client
  const orgpolicyClient = new OrgPolicyClient();

  async function callListCustomConstraints() {
    // Construct request
    const request = {
      parent,
    };

    // Run request
    const iterable = await orgpolicyClient.listCustomConstraintsAsync(request);
    for await (const response of iterable) {
        console.log(response);
    }
  }

  callListCustomConstraints();

listCustomConstraintsStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The target Google Cloud resource that parents the set of custom constraints that will be returned from this call. Must be in one of the following forms:

  • organizations/{organization_id}
pageSize number

Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
pageToken string

Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Stream

An object stream which emits an object representing CustomConstraint on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using listCustomConstraintsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listPoliciesAsync(request, optionsopt) → {Object}

Equivalent to listPolicies, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:

  • projects/{project_number}
  • projects/{project_id}
  • folders/{folder_id}
  • organizations/{organization_id}
pageSize number

Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
pageToken string

Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Object

An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing Policy. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.
Example
  /**
   * This snippet has been automatically generated and should be regarded as a code template only.
   * It will require modifications to work.
   * It may require correct/in-range values for request initialization.
   * TODO(developer): Uncomment these variables before running the sample.
   */
  /**
   *  Required. The target Google Cloud resource that parents the set of
   *  constraints and policies that will be returned from this call. Must be in
   *  one of the following forms:
   *  * `projects/{project_number}`
   *  * `projects/{project_id}`
   *  * `folders/{folder_id}`
   *  * `organizations/{organization_id}`
   */
  // const parent = 'abc123'
  /**
   *  Size of the pages to be returned. This is currently unsupported and will
   *  be ignored. The server may at any point start using this field to limit
   *  page size.
   */
  // const pageSize = 1234
  /**
   *  Page token used to retrieve the next page. This is currently unsupported
   *  and will be ignored. The server may at any point start using this field.
   */
  // const pageToken = 'abc123'

  // Imports the Orgpolicy library
  const {OrgPolicyClient} = require('@google-cloud/org-policy').v2;

  // Instantiates a client
  const orgpolicyClient = new OrgPolicyClient();

  async function callListPolicies() {
    // Construct request
    const request = {
      parent,
    };

    // Run request
    const iterable = await orgpolicyClient.listPoliciesAsync(request);
    for await (const response of iterable) {
        console.log(response);
    }
  }

  callListPolicies();

listPoliciesStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The target Google Cloud resource that parents the set of constraints and policies that will be returned from this call. Must be in one of the following forms:

  • projects/{project_number}
  • projects/{project_id}
  • folders/{folder_id}
  • organizations/{organization_id}
pageSize number

Size of the pages to be returned. This is currently unsupported and will be ignored. The server may at any point start using this field to limit page size.
pageToken string

Page token used to retrieve the next page. This is currently unsupported and will be ignored. The server may at any point start using this field.
options object <optional>

Call options. See CallOptions for more details.
Returns:
Type Description
Stream

An object stream which emits an object representing Policy on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using listPoliciesAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

matchConstraintFromFolderConstraintName(folderConstraintName) → {string}

Parse the constraint from FolderConstraint resource.

Parameters:
Name Type Description
folderConstraintName string

A fully-qualified path representing folder_constraint resource.
Returns:
Type Description
string

A string representing the constraint.

matchConstraintFromOrganizationConstraintName(organizationConstraintName) → {string}

Parse the constraint from OrganizationConstraint resource.

Parameters:
Name Type Description
organizationConstraintName string

A fully-qualified path representing organization_constraint resource.
Returns:
Type Description
string

A string representing the constraint.

matchConstraintFromProjectConstraintName(projectConstraintName) → {string}

Parse the constraint from ProjectConstraint resource.

Parameters:
Name Type Description
projectConstraintName string

A fully-qualified path representing project_constraint resource.
Returns:
Type Description
string

A string representing the constraint.

matchCustomConstraintFromCustomConstraintName(customConstraintName) → {string}

Parse the custom_constraint from CustomConstraint resource.

Parameters:
Name Type Description
customConstraintName string

A fully-qualified path representing CustomConstraint resource.
Returns:
Type Description
string

A string representing the custom_constraint.

matchFolderFromFolderConstraintName(folderConstraintName) → {string}

Parse the folder from FolderConstraint resource.

Parameters:
Name Type Description
folderConstraintName string

A fully-qualified path representing folder_constraint resource.
Returns:
Type Description
string

A string representing the folder.

matchFolderFromFolderPolicyName(folderPolicyName) → {string}

Parse the folder from FolderPolicy resource.

Parameters:
Name Type Description
folderPolicyName string

A fully-qualified path representing folder_policy resource.
Returns:
Type Description
string

A string representing the folder.

matchOrganizationFromCustomConstraintName(customConstraintName) → {string}

Parse the organization from CustomConstraint resource.

Parameters:
Name Type Description
customConstraintName string

A fully-qualified path representing CustomConstraint resource.
Returns:
Type Description
string

A string representing the organization.

matchOrganizationFromOrganizationConstraintName(organizationConstraintName) → {string}

Parse the organization from OrganizationConstraint resource.

Parameters:
Name Type Description
organizationConstraintName string

A fully-qualified path representing organization_constraint resource.
Returns:
Type Description
string

A string representing the organization.

matchOrganizationFromOrganizationName(organizationName) → {string}

Parse the organization from Organization resource.

Parameters:
Name Type Description
organizationName string

A fully-qualified path representing Organization resource.
Returns:
Type Description
string

A string representing the organization.

matchOrganizationFromOrganizationPolicyName(organizationPolicyName) → {string}

Parse the organization from OrganizationPolicy resource.

Parameters:
Name Type Description
organizationPolicyName string

A fully-qualified path representing organization_policy resource.
Returns:
Type Description
string

A string representing the organization.

matchPolicyFromFolderPolicyName(folderPolicyName) → {string}

Parse the policy from FolderPolicy resource.

Parameters:
Name Type Description
folderPolicyName string

A fully-qualified path representing folder_policy resource.
Returns:
Type Description
string

A string representing the policy.

matchPolicyFromOrganizationPolicyName(organizationPolicyName) → {string}

Parse the policy from OrganizationPolicy resource.

Parameters:
Name Type Description
organizationPolicyName string

A fully-qualified path representing organization_policy resource.
Returns:
Type Description
string

A string representing the policy.

matchPolicyFromProjectPolicyName(projectPolicyName) → {string}

Parse the policy from ProjectPolicy resource.

Parameters:
Name Type Description
projectPolicyName string

A fully-qualified path representing project_policy resource.
Returns:
Type Description
string

A string representing the policy.

matchProjectFromProjectConstraintName(projectConstraintName) → {string}

Parse the project from ProjectConstraint resource.

Parameters:
Name Type Description
projectConstraintName string

A fully-qualified path representing project_constraint resource.
Returns:
Type Description
string

A string representing the project.

matchProjectFromProjectName(projectName) → {string}

Parse the project from Project resource.

Parameters:
Name Type Description
projectName string

A fully-qualified path representing Project resource.
Returns:
Type Description
string

A string representing the project.

matchProjectFromProjectPolicyName(projectPolicyName) → {string}

Parse the project from ProjectPolicy resource.

Parameters:
Name Type Description
projectPolicyName string

A fully-qualified path representing project_policy resource.
Returns:
Type Description
string

A string representing the project.

organizationConstraintPath(organization, constraint) → {string}

Return a fully-qualified organizationConstraint resource name string.

Parameters:
Name Type Description
organization string
constraint string
Returns:
Type Description
string

Resource name string.

organizationPath(organization) → {string}

Return a fully-qualified organization resource name string.

Parameters:
Name Type Description
organization string
Returns:
Type Description
string

Resource name string.

organizationPolicyPath(organization, policy) → {string}

Return a fully-qualified organizationPolicy resource name string.

Parameters:
Name Type Description
organization string
policy string
Returns:
Type Description
string

Resource name string.

projectConstraintPath(project, constraint) → {string}

Return a fully-qualified projectConstraint resource name string.

Parameters:
Name Type Description
project string
constraint string
Returns:
Type Description
string

Resource name string.

projectPath(project) → {string}

Return a fully-qualified project resource name string.

Parameters:
Name Type Description
project string
Returns:
Type Description
string

Resource name string.

projectPolicyPath(project, policy) → {string}

Return a fully-qualified projectPolicy resource name string.

Parameters:
Name Type Description
project string
policy string
Returns:
Type Description
string

Resource name string.