gcpdiag.queries.orgpolicy

Queries related to organization policy constraints.
PREFETCH_ORG_CONSTRAINTS = ('constraints/compute.disableSerialPortAccess', 'constraints/compute.requireOsLogin', 'constraints/compute.requireShieldedVm', 'constraints/iam.automaticIamGrantsForDefaultServiceAccounts', 'constraints/compute.disableSerialPortLogging', 'constraints/compute.disableSshInBrowser', 'constraints/iam.disableCrossProjectServiceAccountUsage')
class PolicyConstraint:
40class PolicyConstraint:
41
42  def __init__(self, name, resource_data):
43    self.name = name
44    self._resource_data = resource_data
45
46  def __str__(self):
47    return self.name + ': ' + self._resource_data.__str__()
48
49  pass
PolicyConstraint(name, resource_data)
42  def __init__(self, name, resource_data):
43    self.name = name
44    self._resource_data = resource_data
name
class BooleanPolicyConstraint(PolicyConstraint):
52class BooleanPolicyConstraint(PolicyConstraint):
53
54  def is_enforced(self) -> bool:
55    return self._resource_data.get('enforced', False)
def is_enforced(self) -> bool:
54  def is_enforced(self) -> bool:
55    return self._resource_data.get('enforced', False)
def get_effective_org_policy(project_id: str, constraint: str):
 95def get_effective_org_policy(project_id: str, constraint: str):
 96  all_constraints = _get_effective_org_policy_all_constraints(project_id)
 97  if constraint not in all_constraints:
 98    raise ValueError(
 99        f'constraint {constraint} not supported {list(all_constraints)}')
100  return all_constraints[constraint]