OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-25 12:44:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a20241b2412723b0062d1c19a8ec792837b145a4
google-apis-rs/google_cloudresourcemanager1_cli/projects_set-org-policy/index.html
Sebastian Thiel a20241b241 Update documentation
2022-03-08 15:36:16 +08:00

536 lines
27 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Set Org Policy - Cloud Resource Manager v3.0.0+20220306</title>
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
<link rel="stylesheet" href="../css/highlight.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js"></script>
<script type="text/javascript" src="../js/highlight.pack.js"></script>
<script src="../js/theme.js"></script>
<style>
body {font-size: 90%;}
pre, code {font-size: 100%;}
h3, h4, h5, h6 {color: #2980b9; font-weight: 300}
</style>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-nav-search">
<a href=".." class="icon icon-home"> Cloud Resource Manager v3.0.0+20220306</a>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<span>Folders</span>
<li class="toctree-l1 ">
<a class="" href="../folders_clear-org-policy">Clear Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../folders_get-effective-org-policy">Get Effective Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../folders_get-org-policy">Get Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../folders_list-available-org-policy-constraints">List Available Org Policy Constraints</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../folders_list-org-policies">List Org Policies</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../folders_set-org-policy">Set Org Policy</a>
</li>
<span>Liens</span>
<li class="toctree-l1 ">
<a class="" href="../liens_create">Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../liens_delete">Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../liens_get">Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../liens_list">List</a>
</li>
<span>Operations</span>
<li class="toctree-l1 ">
<a class="" href="../operations_get">Get</a>
</li>
<span>Organizations</span>
<li class="toctree-l1 ">
<a class="" href="../organizations_clear-org-policy">Clear Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_get">Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_get-effective-org-policy">Get Effective Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_get-iam-policy">Get Iam Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_get-org-policy">Get Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_list-available-org-policy-constraints">List Available Org Policy Constraints</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_list-org-policies">List Org Policies</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_search">Search</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_set-iam-policy">Set Iam Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_set-org-policy">Set Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_test-iam-permissions">Test Iam Permissions</a>
</li>
<span>Projects</span>
<li class="toctree-l1 ">
<a class="" href="../projects_clear-org-policy">Clear Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_create">Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_delete">Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_get">Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_get-ancestry">Get Ancestry</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_get-effective-org-policy">Get Effective Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_get-iam-policy">Get Iam Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_get-org-policy">Get Org Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_list">List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_list-available-org-policy-constraints">List Available Org Policy Constraints</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_list-org-policies">List Org Policies</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_set-iam-policy">Set Iam Policy</a>
</li>
<li class="toctree-l1 current">
<a class="current" href=".">Set Org Policy</a>
<ul>
<li class="toctree-l2"><a href="#scopes">Scopes</a></li>
<li class="toctree-l2"><a href="#required-scalar-argument">Required Scalar Argument</a></li>
<li class="toctree-l2"><a href="#required-request-value">Required Request Value</a></li>
<li><a class="toctree-l3" href="#about-cursors">About Cursors</a></li>
<li class="toctree-l2"><a href="#optional-output-flags">Optional Output Flags</a></li>
<li class="toctree-l2"><a href="#optional-general-properties">Optional General Properties</a></li>
</ul>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_test-iam-permissions">Test Iam Permissions</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_undelete">Undelete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_update">Update</a>
</li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="icon icon-reorder"></i>
<a href=".."></a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="..">Docs</a> &raquo;</li>
<li>Set Org Policy</li>
<li class="wy-breadcrumbs-aside">
<a href="https://github.com/Byron/google-apis-rs/tree/main/gen/cloudresourcemanager1-cli" class="icon icon-github"> Edit on GitHub</a>
</li>
</ul>
<hr/>
</div>
<div role="main">
<div class="section">
<p>Updates the specified <code>Policy</code> on the resource. Creates a new <code>Policy</code> for that <code>Constraint</code> on the resource if one does not exist. Not supplying an <code>etag</code> on the request <code>Policy</code> results in an unconditional write of the <code>Policy</code>.</p>
<h1 id="scopes">Scopes</h1>
<p>You will need authorization for the <em>https://www.googleapis.com/auth/cloud-platform</em> scope to make a valid call.</p>
<p>If unset, the scope for this method defaults to <em>https://www.googleapis.com/auth/cloud-platform</em>.
You can set the scope for this method like this: <code>cloudresourcemanager1 --scope &lt;scope&gt; projects set-org-policy ...</code></p>
<h1 id="required-scalar-argument">Required Scalar Argument</h1>
<ul>
<li><strong>&lt;resource&gt;</strong> <em>(string)</em><ul>
<li>Resource name of the resource to attach the <code>Policy</code>.</li>
</ul>
</li>
</ul>
<h1 id="required-request-value">Required Request Value</h1>
<p>The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure.
In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely.</p>
<p>For example, a structure like this:</p>
<pre><code>SetOrgPolicyRequest:
policy:
boolean-policy:
enforced: boolean
constraint: string
etag: string
list-policy:
all-values: string
allowed-values: [string]
denied-values: [string]
inherit-from-parent: boolean
suggested-value: string
update-time: string
version: integer
</code></pre>
<p>can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.</p>
<ul>
<li>
<p><code>-r .policy.boolean-policy enforced=true</code></p>
<ul>
<li>If <code>true</code>, then the <code>Policy</code> is enforced. If <code>false</code>, then any configuration is acceptable. Suppose you have a <code>Constraint</code> <code>constraints/compute.disableSerialPortAccess</code> with <code>constraint_default</code> set to <code>ALLOW</code>. A <code>Policy</code> for that <code>Constraint</code> exhibits the following behavior: - If the <code>Policy</code> at this resource has enforced set to <code>false</code>, serial port connection attempts will be allowed. - If the <code>Policy</code> at this resource has enforced set to <code>true</code>, serial port connection attempts will be refused. - If the <code>Policy</code> at this resource is <code>RestoreDefault</code>, serial port connection attempts will be allowed. - If no <code>Policy</code> is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no <code>Policy</code> is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the<code>Policy</code> were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest <code>Constraint</code> wins): <code>organizations/foo</code> has a <code>Policy</code> with: {enforced: false} <code>projects/bar</code> has no <code>Policy</code> set. The constraint at <code>projects/bar</code> and <code>organizations/foo</code> will not be enforced. Example 2 (enforcement gets replaced): <code>organizations/foo</code> has a <code>Policy</code> with: {enforced: false} <code>projects/bar</code> has a <code>Policy</code> with: {enforced: true} The constraint at <code>organizations/foo</code> is not enforced. The constraint at <code>projects/bar</code> is enforced. Example 3 (RestoreDefault): <code>organizations/foo</code> has a <code>Policy</code> with: {enforced: true} <code>projects/bar</code> has a <code>Policy</code> with: {RestoreDefault: {}} The constraint at <code>organizations/foo</code> is enforced. The constraint at <code>projects/bar</code> is not enforced, because <code>constraint_default</code> for the <code>Constraint</code> is <code>ALLOW</code>.</li>
</ul>
</li>
<li>
<p><code>.. constraint=ipsum</code></p>
<ul>
<li>The name of the <code>Constraint</code> the <code>Policy</code> is configuring, for example, <code>constraints/serviceuser.services</code>. A <a href="..//resource-manager/docs/organization-policy/org-policy-constraints">list of available constraints</a> is available. Immutable after creation.</li>
</ul>
</li>
<li><code>etag=accusam</code><ul>
<li>An opaque tag indicating the current version of the <code>Policy</code>, used for concurrency control. When the <code>Policy</code> is returned from either a <code>GetPolicy</code> or a <code>ListOrgPolicy</code> request, this <code>etag</code> indicates the version of the current <code>Policy</code> to use when executing a read-modify-write loop. When the <code>Policy</code> is returned from a <code>GetEffectivePolicy</code> request, the <code>etag</code> will be unset. When the <code>Policy</code> is used in a <code>SetOrgPolicy</code> method, use the <code>etag</code> value that was returned from a <code>GetOrgPolicy</code> request as part of a read-modify-write loop for concurrency control. Not setting the <code>etag</code>in a <code>SetOrgPolicy</code> request will result in an unconditional write of the <code>Policy</code>.</li>
</ul>
</li>
<li><code>list-policy all-values=takimata</code><ul>
<li>The policy all_values state.</li>
</ul>
</li>
<li><code>allowed-values=consetetur</code><ul>
<li>List of values allowed at this resource. Can only be set if <code>all_values</code> is set to <code>ALL_VALUES_UNSPECIFIED</code>.</li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li><code>denied-values=voluptua.</code><ul>
<li>List of values denied at this resource. Can only be set if <code>all_values</code> is set to <code>ALL_VALUES_UNSPECIFIED</code>.</li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li><code>inherit-from-parent=false</code><ul>
<li>Determines the inheritance behavior for this <code>Policy</code>. By default, a <code>ListPolicy</code> set at a resource supersedes any <code>Policy</code> set anywhere up the resource hierarchy. However, if <code>inherit_from_parent</code> is set to <code>true</code>, then the values from the effective <code>Policy</code> of the parent resource are inherited, meaning the values set in this <code>Policy</code> are added to the values inherited up the hierarchy. Setting <code>Policy</code> hierarchies that inherit both allowed values and denied values isn&#39;t recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a <code>Policy</code> with <code>allowed_values</code> set that inherits a <code>Policy</code> with <code>denied_values</code> set. In this case, the values that are allowed must be in <code>allowed_values</code> and not present in <code>denied_values</code>. For example, suppose you have a <code>Constraint</code> <code>constraints/serviceuser.services</code>, which has a <code>constraint_type</code> of <code>list_constraint</code>, and with <code>constraint_default</code> set to <code>ALLOW</code>. Suppose that at the Organization level, a <code>Policy</code> is applied that restricts the allowed API activations to {<code>E1</code>, <code>E2</code>}. Then, if a <code>Policy</code> is applied to a project below the Organization that has <code>inherit_from_parent</code> set to <code>false</code> and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for <code>projects/bar</code> parented by <code>organizations/foo</code>: Example 1 (no inherited values): <code>organizations/foo</code> has a <code>Policy</code> with values: {allowed_values: &#34;E1&#34; allowed_values:&#34;E2&#34;} <code>projects/bar</code> has <code>inherit_from_parent</code> <code>false</code> and values: {allowed_values: &#34;E3&#34; allowed_values: &#34;E4&#34;} The accepted values at <code>organizations/foo</code> are <code>E1</code>, <code>E2</code>. The accepted values at <code>projects/bar</code> are <code>E3</code>, and <code>E4</code>. Example 2 (inherited values): <code>organizations/foo</code> has a <code>Policy</code> with values: {allowed_values: &#34;E1&#34; allowed_values:&#34;E2&#34;} <code>projects/bar</code> has a <code>Policy</code> with values: {value: &#34;E3&#34; value: &#34;E4&#34; inherit_from_parent: true} The accepted values at <code>organizations/foo</code> are <code>E1</code>, <code>E2</code>. The accepted values at <code>projects/bar</code> are <code>E1</code>, <code>E2</code>, <code>E3</code>, and <code>E4</code>. Example 3 (inheriting both allowed and denied values): <code>organizations/foo</code> has a <code>Policy</code> with values: {allowed_values: &#34;E1&#34; allowed_values: &#34;E2&#34;} <code>projects/bar</code> has a <code>Policy</code> with: {denied_values: &#34;E1&#34;} The accepted values at <code>organizations/foo</code> are <code>E1</code>, <code>E2</code>. The value accepted at <code>projects/bar</code> is <code>E2</code>. Example 4 (RestoreDefault): <code>organizations/foo</code> has a <code>Policy</code> with values: {allowed_values: &#34;E1&#34; allowed_values:&#34;E2&#34;} <code>projects/bar</code> has a <code>Policy</code> with values: {RestoreDefault: {}} The accepted values at <code>organizations/foo</code> are <code>E1</code>, <code>E2</code>. The accepted values at <code>projects/bar</code> are either all or none depending on the value of <code>constraint_default</code> (if <code>ALLOW</code>, all; if <code>DENY</code>, none). Example 5 (no policy inherits parent policy): <code>organizations/foo</code> has no <code>Policy</code> set. <code>projects/bar</code> has no <code>Policy</code> set. The accepted values at both levels are either all or none depending on the value of <code>constraint_default</code> (if <code>ALLOW</code>, all; if <code>DENY</code>, none). Example 6 (ListConstraint allowing all): <code>organizations/foo</code> has a <code>Policy</code> with values: {allowed_values: &#34;E1&#34; allowed_values: &#34;E2&#34;} <code>projects/bar</code> has a <code>Policy</code> with: {all: ALLOW} The accepted values at <code>organizations/foo</code> are <code>E1</code>, E2<code>. Any value is accepted at</code>projects/bar<code>. Example 7 (ListConstraint allowing none):</code>organizations/foo<code>has a</code>Policy<code>with values: {allowed_values: &amp;#34;E1&amp;#34; allowed_values: &amp;#34;E2&amp;#34;}</code>projects/bar<code>has a</code>Policy<code>with: {all: DENY} The accepted values at</code>organizations/foo<code>are</code>E1<code>, E2</code>. No value is accepted at <code>projects/bar</code>. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1-&gt;{F1, F2}; F1-&gt;{P1}; F2-&gt;{P2, P3}, <code>organizations/foo</code> has a <code>Policy</code> with values: {allowed_values: &#34;under:organizations/O1&#34;} <code>projects/bar</code> has a <code>Policy</code> with: {allowed_values: &#34;under:projects/P3&#34;} {denied_values: &#34;under:folders/F2&#34;} The accepted values at <code>organizations/foo</code> are <code>organizations/O1</code>, <code>folders/F1</code>, <code>folders/F2</code>, <code>projects/P1</code>, <code>projects/P2</code>, <code>projects/P3</code>. The accepted values at <code>projects/bar</code> are <code>organizations/O1</code>, <code>folders/F1</code>, <code>projects/P1</code>.</li>
</ul>
</li>
<li>
<p><code>suggested-value=erat</code></p>
<ul>
<li>Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this <code>Policy</code>. If <code>suggested_value</code> is not set, it will inherit the value specified higher in the hierarchy, unless <code>inherit_from_parent</code> is <code>false</code>.</li>
</ul>
</li>
<li>
<p><code>.. update-time=consetetur</code></p>
<ul>
<li>The time stamp the <code>Policy</code> was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to <code>SetOrgPolicy</code> was made for that <code>Policy</code>. Any value set by the client will be ignored.</li>
</ul>
</li>
<li><code>version=99</code><ul>
<li>Version of the <code>Policy</code>. Default version is 0;</li>
</ul>
</li>
</ul>
<h3 id="about-cursors">About Cursors</h3>
<p>The cursor position is key to comfortably set complex nested structures. The following rules apply:</p>
<ul>
<li>The cursor position is always set relative to the current one, unless the field name starts with the <code>.</code> character. Fields can be nested such as in <code>-r f.s.o</code> .</li>
<li>The cursor position is set relative to the top-level structure if it starts with <code>.</code>, e.g. <code>-r .s.s</code></li>
<li>You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify <code>-r struct.sub_struct=bar</code>.</li>
<li>You can move the cursor one level up by using <code>..</code>. Each additional <code>.</code> moves it up one additional level. E.g. <code>...</code> would go three levels up.</li>
</ul>
<h1 id="optional-output-flags">Optional Output Flags</h1>
<p>The method's return value a JSON encoded structure, which will be written to standard output by default.</p>
<ul>
<li><strong>-o out</strong><ul>
<li><em>out</em> specifies the <em>destination</em> to which to write the server's result to.
It will be a JSON-encoded structure.
The <em>destination</em> may be <code>-</code> to indicate standard output, or a filepath that is to contain the received bytes.
If unset, it defaults to standard output.</li>
</ul>
</li>
</ul>
<h1 id="optional-general-properties">Optional General Properties</h1>
<p>The following properties can configure any call, and are not specific to this method.</p>
<ul>
<li>
<p><strong>-p $-xgafv=string</strong></p>
<ul>
<li>V1 error format.</li>
</ul>
</li>
<li>
<p><strong>-p access-token=string</strong></p>
<ul>
<li>OAuth access token.</li>
</ul>
</li>
<li>
<p><strong>-p alt=string</strong></p>
<ul>
<li>Data format for response.</li>
</ul>
</li>
<li>
<p><strong>-p callback=string</strong></p>
<ul>
<li>JSONP</li>
</ul>
</li>
<li>
<p><strong>-p fields=string</strong></p>
<ul>
<li>Selector specifying which fields to include in a partial response.</li>
</ul>
</li>
<li>
<p><strong>-p key=string</strong></p>
<ul>
<li>API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.</li>
</ul>
</li>
<li>
<p><strong>-p oauth-token=string</strong></p>
<ul>
<li>OAuth 2.0 token for the current user.</li>
</ul>
</li>
<li>
<p><strong>-p pretty-print=boolean</strong></p>
<ul>
<li>Returns response with indentations and line breaks.</li>
</ul>
</li>
<li>
<p><strong>-p quota-user=string</strong></p>
<ul>
<li>Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.</li>
</ul>
</li>
<li>
<p><strong>-p upload-type=string</strong></p>
<ul>
<li>Legacy upload protocol for media (e.g. &#34;media&#34;, &#34;multipart&#34;).</li>
</ul>
</li>
<li>
<p><strong>-p upload-protocol=string</strong></p>
<ul>
<li>Upload protocol for media (e.g. &#34;raw&#34;, &#34;multipart&#34;).</li>
</ul>
</li>
</ul>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../projects_test-iam-permissions" class="btn btn-neutral float-right" title="Test Iam Permissions"/>Next <span class="icon icon-circle-arrow-right"></span></a>
<a href="../projects_set-iam-policy" class="btn btn-neutral" title="Set Iam Policy"><span class="icon icon-circle-arrow-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
<!-- Copyright etc -->
</p>
</div>
Built with <a href="http://www.mkdocs.org">MkDocs</a>, using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" style="cursor: pointer">
<span class="rst-current-version" data-toggle="rst-current-version">
<a class="icon icon-github" style="float: left; color: #fcfcfc"> GitHub</a>
<span><a href="../projects_set-iam-policy" style="color: #fcfcfc;">&laquo; Previous</a></span>
<span style="margin-left: 15px"><a href="../projects_test-iam-permissions" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink