Skip to main content

policies

Creates, updates, deletes, gets or lists a policies resource.

Overview

Namepolicies
TypeResource
Idgoogle.iamv2.policies

Fields

NameDatatypeDescription
namestringImmutable. The resource name of the Policy, which must be unique. Format: policies/{attachment_point}/denypolicies/{policy_id} The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, /, must be written as %2F. For example, policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy. For organizations and folders, use the numeric ID in the full resource name. For projects, requests can use the alphanumeric or the numeric ID. Responses always contain the numeric ID.
annotationsobjectA key-value map to store arbitrary metadata for the Policy. Keys can be up to 63 characters. Values can be up to 255 characters.
createTimestringOutput only. The time when the Policy was created.
deleteTimestringOutput only. The time when the Policy was deleted. Empty if the policy is not deleted.
displayNamestringA user-specified description of the Policy. This value can be up to 63 characters.
etagstringAn opaque tag that identifies the current version of the Policy. IAM uses this value to help manage concurrent updates, so they do not cause one update to be overwritten by another. If this field is present in a CreatePolicyRequest, the value is ignored.
kindstringOutput only. The kind of the Policy. Always contains the value DenyPolicy.
rulesarrayA list of rules that specify the behavior of the Policy. All of the rules should be of the kind specified in the Policy.
uidstringImmutable. The globally unique ID of the Policy. Assigned automatically when the Policy is created.
updateTimestringOutput only. The time when the Policy was last updated.

Methods

NameAccessible byRequired ParamsDescription
getSELECTpoliciesId, policiesId1, policiesId2Gets a policy.
list_policiesSELECTpoliciesId, policiesId1Retrieves the policies of the specified kind that are attached to a resource. The response lists only policy metadata. In particular, policy rules are omitted.
create_policyINSERTpoliciesId, policiesId1Creates a policy.
deleteDELETEpoliciesId, policiesId1, policiesId2Deletes a policy. This action is permanent.
updateREPLACEpoliciesId, policiesId1, policiesId2Updates the specified policy. You can update only the rules and the display name for the policy. To update a policy, you should use a read-modify-write loop: 1. Use GetPolicy to read the current version of the policy. 2. Modify the policy as needed. 3. Use UpdatePolicy to write the updated policy. This pattern helps prevent conflicts between concurrent updates.

SELECT examples

Retrieves the policies of the specified kind that are attached to a resource. The response lists only policy metadata. In particular, policy rules are omitted.

SELECT
name,
annotations,
createTime,
deleteTime,
displayName,
etag,
kind,
rules,
uid,
updateTime
FROM google.iamv2.policies
WHERE policiesId = '{{ policiesId }}'
AND policiesId1 = '{{ policiesId1 }}';

INSERT example

Use the following StackQL query and manifest file to create a new policies resource.

/*+ create */
INSERT INTO google.iamv2.policies (
policiesId,
policiesId1,
name,
uid,
displayName,
annotations,
etag,
rules
)
SELECT 
'{{ policiesId }}',
'{{ policiesId1 }}',
'{{ name }}',
'{{ uid }}',
'{{ displayName }}',
'{{ annotations }}',
'{{ etag }}',
'{{ rules }}'
;

REPLACE example

Replaces all fields in the specified policies resource.

/*+ update */
REPLACE google.iamv2.policies
SET 
name = '{{ name }}',
uid = '{{ uid }}',
displayName = '{{ displayName }}',
annotations = '{{ annotations }}',
etag = '{{ etag }}',
rules = '{{ rules }}'
WHERE 
policiesId = '{{ policiesId }}'
AND policiesId1 = '{{ policiesId1 }}'
AND policiesId2 = '{{ policiesId2 }}';

DELETE example

Deletes the specified policies resource.

/*+ delete */
DELETE FROM google.iamv2.policies
WHERE policiesId = '{{ policiesId }}'
AND policiesId1 = '{{ policiesId1 }}'
AND policiesId2 = '{{ policiesId2 }}';