gcpdiag.queries.orgpolicy
Queries related to organization policy constraints.
RESOURCE_TYPE_PROJECT =
'projects'
RESOURCE_TYPE_ORGANIZATION =
'organizations'
class
PolicyConstraint:
29class PolicyConstraint: 30 31 def __init__(self, name, resource_data): 32 self.name = name 33 self._resource_data = resource_data 34 35 def __str__(self): 36 return self.name + ': ' + self._resource_data.__str__() 37 38 pass
41class BooleanPolicyConstraint(PolicyConstraint): 42 43 def is_enforced(self) -> bool: 44 return self._resource_data.get('enforced', False)
Inherited Members
47class ListPolicyConstraint(PolicyConstraint): 48 49 def allowed_values(self) -> List[str]: 50 return self._resource_data.get('allowedValues', []) 51 52 def denied_values(self) -> List[str]: 53 return self._resource_data.get('deniedValues', [])
Inherited Members
56class RestoreDefaultPolicyConstraint(PolicyConstraint): 57 58 def is_default_restored(self) -> bool: 59 """Indicates that the constraintDefault enforcement behavior is restored.""" 60 return True
def
is_default_restored(self) -> bool:
58 def is_default_restored(self) -> bool: 59 """Indicates that the constraintDefault enforcement behavior is restored.""" 60 return True
Indicates that the constraintDefault enforcement behavior is restored.
Inherited Members
def
get_effective_org_policy(project_id: str, constraint: str):
150def get_effective_org_policy(project_id: str, constraint: str): 151 all_constraints = _get_effective_org_policy_all_constraints(project_id) 152 if constraint not in all_constraints: 153 raise ValueError( 154 f'constraint {constraint} not supported {list(all_constraints)}') 155 return all_constraints[constraint]
@caching.cached_api_call
def
get_all_project_org_policies(project_id: str):
158@caching.cached_api_call 159def get_all_project_org_policies(project_id: str): 160 """list all the org policies set for a particular resource. 161 162 Args: 163 project_id: The project ID. 164 165 Returns: 166 A dictionary of PolicyConstraint objects, keyed by constraint name. 167 168 Raises: 169 utils.GcpApiError: on API errors. 170 """ 171 crm_api = apis.get_api('cloudresourcemanager', 'v1', project_id) 172 resource = f'projects/{project_id}' 173 all_constraints: Dict[str, PolicyConstraint] = {} 174 logging.debug('listing org policies of %s', project_id) 175 176 request = crm_api.projects().listOrgPolicies(resource=resource) 177 178 while request: 179 try: 180 response = request.execute(num_retries=config.API_RETRIES) 181 except googleapiclient.errors.HttpError as err: 182 raise utils.GcpApiError(err) from err 183 184 policies_list = response.get('policies', []) 185 186 for policy in policies_list: 187 constraint_name = policy.get('constraint') 188 189 if 'booleanPolicy' in policy: 190 all_constraints[constraint_name] = BooleanPolicyConstraint( 191 constraint_name, policy['booleanPolicy']) 192 elif 'listPolicy' in policy: 193 all_constraints[constraint_name] = ListPolicyConstraint( 194 constraint_name, policy['listPolicy']) 195 elif 'restoreDefault' in policy: 196 all_constraints[constraint_name] = RestoreDefaultPolicyConstraint( 197 constraint_name, policy['restoreDefault']) 198 else: 199 logging.warning('unknown constraint type: %s', policy) 200 201 request = crm_api.projects().listOrgPolicies_next(request, response) 202 203 return all_constraints
list all the org policies set for a particular resource.
Arguments:
- project_id: The project ID.
Returns:
A dictionary of PolicyConstraint objects, keyed by constraint name.
Raises:
- utils.GcpApiError: on API errors.