def testGetResourceFromPolicyName_InvalidPolicyName_ThrowsError(
self, policy_name):
with self.AssertRaisesExceptionMatches(
exceptions.InvalidInputError,
"Invalid policy name '{}': Name must be in the form [projects|folders|organizations]/{{resource_id}}/policies/{{constraint_name}}."
.format(policy_name)):
utils.GetResourceFromPolicyName(policy_name)
def CreateCustomConstraint(self, custom_constraint):
parent = utils.GetResourceFromPolicyName(custom_constraint.name)
request = self.messages.OrgpolicyOrganizationsCustomConstraintsCreateRequest(
parent=parent,
googleCloudOrgpolicyV2CustomConstraint=custom_constraint)
return self.client.organizations_customConstraints.Create(
request=request)
def Run(self, args):
"""Creates or updates a policy from a JSON or YAML file.
This first converts the contents of the specified file into a policy object.
It then fetches the current policy using GetPolicy. If it does not exist,
the policy is created using CreatePolicy. If it does, the retrieved policy
is checked to see if it needs to be updated. If so, the policy is updated
using UpdatePolicy.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
The created or updated policy.
"""
policy_service = org_policy_service.PolicyService()
org_policy_messages = org_policy_service.OrgPolicyMessages()
input_policy = utils.GetMessageFromFile(
args.policy_file,
org_policy_messages.GoogleCloudOrgpolicyV2alpha1Policy)
if not input_policy.name:
raise exceptions.InvalidInputError(
'Name field not present in the organization policy.')
get_request = org_policy_messages.OrgpolicyPoliciesGetRequest(
name=input_policy.name)
try:
policy = policy_service.Get(get_request)
except api_exceptions.HttpNotFoundError:
constraint = org_policy_utils.GetConstraintFromPolicyName(
input_policy.name)
parent = org_policy_utils.GetResourceFromPolicyName(
input_policy.name)
create_request = org_policy_messages.OrgpolicyPoliciesCreateRequest(
constraint=constraint,
parent=parent,
googleCloudOrgpolicyV2alpha1Policy=input_policy)
create_response = policy_service.Create(create_request)
log.CreatedResource(input_policy.name, 'policy')
return create_response
if policy == input_policy:
return policy
update_request = org_policy_messages.OrgpolicyPoliciesPatchRequest(
name=input_policy.name,
forceUnconditionalWrite=False,
googleCloudOrgpolicyV2alpha1Policy=input_policy)
update_response = policy_service.Patch(update_request)
log.UpdatedResource(input_policy.name, 'policy')
return update_response
def CreatePolicy(self, policy):
parent = utils.GetResourceFromPolicyName(policy.name)
if parent.startswith('organizations/'):
request = self.messages.OrgpolicyOrganizationsPoliciesCreateRequest(
parent=parent, googleCloudOrgpolicyV2Policy=policy)
return self.client.organizations_policies.Create(request=request)
elif parent.startswith('folders/'):
request = self.messages.OrgpolicyFoldersPoliciesCreateRequest(
parent=parent, googleCloudOrgpolicyV2Policy=policy)
return self.client.folders_policies.Create(request=request)
else:
request = self.messages.OrgpolicyProjectsPoliciesCreateRequest(
parent=parent, googleCloudOrgpolicyV2Policy=policy)
return self.client.projects_policies.Create(request=request)
def testGetResourceFromPolicyName_ValidPolicyName_ReturnsResource(self):
resource = utils.GetResourceFromPolicyName(self.POLICY_NAME_A)
self.assertEqual(resource, self.RESOURCE)
def CreatePolicy(self, policy):
request = self.messages.OrgpolicyPoliciesCreateRequest(
parent=utils.GetResourceFromPolicyName(policy.name),
googleCloudOrgpolicyV2alpha1Policy=policy,
constraint=utils.GetConstraintFromPolicyName(policy.name))
return self.client.policies.Create(request)