analyzeOrgPolicyGovernedAssets method
Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope.
This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either resources of types supported by searchable asset types, or IAM policies.
Request parameters:
scope - Required. The organization to scope the request. Only
organization policies within the scope will be analyzed. The output assets
will also be limited to the ones governed by those in-scope organization
policies. * organizations/{ORGANIZATION_NUMBER} (e.g.,
"organizations/123456")
Value must have pattern ^\[^/\]+/\[^/\]+$.
constraint - Required. The name of the constraint to analyze governed
assets for. The analysis only contains analyzed organization policies for
the provided constraint.
filter - The expression to filter
AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets. For governed
resources, filtering is currently available for bare literal values and
the following fields: * governed_resource.project *
governed_resource.folders * consolidated_policy.rules.enforce When
filtering by governed_resource.project or
consolidated_policy.rules.enforce, the only supported operator is =.
When filtering by governed_resource.folders, the supported operators are
= and :. For example, filtering by
governed_resource.project="projects/12345678" will return all the
governed resources under "projects/12345678", including the project itself
if applicable. For governed IAM policies, filtering is currently available
for bare literal values and the following fields: *
governed_iam_policy.project * governed_iam_policy.folders *
consolidated_policy.rules.enforce When filtering by
governed_iam_policy.project or consolidated_policy.rules.enforce, the
only supported operator is =. When filtering by
governed_iam_policy.folders, the supported operators are = and :.
For example, filtering by governed_iam_policy.folders:"folders/12345678"
will return all the governed IAM policies under "folders/001".
pageSize - The maximum number of items to return per page. If
unspecified, AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets will
contain 100 items with a maximum of 200.
pageToken - The pagination token to retrieve the next page.
$fields - Selector specifying which fields to include in a partial
response.
Completes with a AnalyzeOrgPolicyGovernedAssetsResponse.
Completes with a commons.ApiRequestError if the API endpoint returned an error.
If the used http.Client completes with an error when making a REST call,
this method will complete with the same error.
Implementation
async.Future<AnalyzeOrgPolicyGovernedAssetsResponse>
analyzeOrgPolicyGovernedAssets(
core.String scope, {
core.String? constraint,
core.String? filter,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (constraint != null) 'constraint': [constraint],
if (filter != null) 'filter': [filter],
if (pageSize != null) 'pageSize': ['${pageSize}'],
if (pageToken != null) 'pageToken': [pageToken],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' +
core.Uri.encodeFull('$scope') +
':analyzeOrgPolicyGovernedAssets';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return AnalyzeOrgPolicyGovernedAssetsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}