policies

Creates, updates, deletes, gets or lists a policies resource.

Overview

Name	`policies`
Type	Resource
Id	`google.orgpolicy.policies`

Fields

Name	Datatype	Description
`name`	`string`	Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: `projects/{project_number}/policies/{constraint_name}` `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
`alternate`	`object`	Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
`dryRunSpec`	`object`	Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.
`etag`	`string`	Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
`spec`	`object`	Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources.

Methods

Name	Accessible by	Required Params	Description
`folders_policies_get`	`SELECT`	`foldersId, policiesId`	Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The `etag` value can be used with `UpdatePolicy()` to update a policy during read-modify-write.
`folders_policies_list`	`SELECT`	`foldersId`	Retrieves all of the policies that exist on a particular resource.
`organizations_policies_get`	`SELECT`	`organizationsId, policiesId`	Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The `etag` value can be used with `UpdatePolicy()` to update a policy during read-modify-write.
`organizations_policies_list`	`SELECT`	`organizationsId`	Retrieves all of the policies that exist on a particular resource.
`projects_policies_get`	`SELECT`	`policiesId, projectsId`	Gets a policy on a resource. If no policy is set on the resource, `NOT_FOUND` is returned. The `etag` value can be used with `UpdatePolicy()` to update a policy during read-modify-write.
`projects_policies_list`	`SELECT`	`projectsId`	Retrieves all of the policies that exist on a particular resource.
`folders_policies_create`	`INSERT`	`foldersId`	Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Google Cloud resource.
`organizations_policies_create`	`INSERT`	`organizationsId`	Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Google Cloud resource.
`projects_policies_create`	`INSERT`	`projectsId`	Creates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint does not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the policy already exists on the given Google Cloud resource.
`folders_policies_delete`	`DELETE`	`foldersId, policiesId`	Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist.
`organizations_policies_delete`	`DELETE`	`organizationsId, policiesId`	Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist.
`projects_policies_delete`	`DELETE`	`policiesId, projectsId`	Deletes a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or organization policy does not exist.
`folders_policies_patch`	`UPDATE`	`foldersId, policiesId`	Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.
`organizations_policies_patch`	`UPDATE`	`organizationsId, policiesId`	Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.
`projects_policies_patch`	`UPDATE`	`policiesId, projectsId`	Updates a policy. Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the constraint or the policy do not exist. Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag supplied in the request does not match the persisted etag of the policy Note: the supplied policy will perform a full overwrite of all fields.

`SELECT` examples

Retrieves all of the policies that exist on a particular resource.

SELECT
name,
alternate,
dryRunSpec,
etag,
spec
FROM google.orgpolicy.policies
WHERE foldersId = '{{ foldersId }}';

`INSERT` example

Use the following StackQL query and manifest file to create a new policies resource.

All Properties
Manifest

/*+ create */
INSERT INTO google.orgpolicy.policies (
foldersId,
dryRunSpec,
name,
etag,
spec,
alternate
)
SELECT 
'{{ foldersId }}',
'{{ dryRunSpec }}',
'{{ name }}',
'{{ etag }}',
'{{ spec }}',
'{{ alternate }}'
;

- name: your_resource_model_name
  props:
    - name: dryRunSpec
      value:
        - name: reset
          value: boolean
        - name: inheritFromParent
          value: boolean
        - name: updateTime
          value: string
        - name: etag
          value: string
        - name: rules
          value:
            - - name: values
                value:
                  - name: allowedValues
                    value:
                      - string
                  - name: deniedValues
                    value:
                      - string
              - name: condition
                value:
                  - name: description
                    value: string
                  - name: location
                    value: string
                  - name: expression
                    value: string
                  - name: title
                    value: string
              - name: allowAll
                value: boolean
              - name: enforce
                value: boolean
              - name: denyAll
                value: boolean
    - name: name
      value: string
    - name: etag
      value: string
    - name: alternate
      value:
        - name: launch
          value: string

`UPDATE` example

Updates a policies resource.

/*+ update */
UPDATE google.orgpolicy.policies
SET 
dryRunSpec = '{{ dryRunSpec }}',
name = '{{ name }}',
etag = '{{ etag }}',
spec = '{{ spec }}',
alternate = '{{ alternate }}'
WHERE 
foldersId = '{{ foldersId }}'
AND policiesId = '{{ policiesId }}';

`DELETE` example

Deletes the specified policies resource.

/*+ delete */
DELETE FROM google.orgpolicy.policies
WHERE foldersId = '{{ foldersId }}'
AND policiesId = '{{ policiesId }}';

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

UPDATE example​

DELETE example​