analyzeOrgPolicyGovernedAssets method

Future<AnalyzeOrgPolicyGovernedAssetsResponse> analyzeOrgPolicyGovernedAssets(String scope, { String? constraint, String? filter, int? pageSize, String? pageToken, String? $fields, })

Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope.

This RPC supports custom constraints and the following canned constraints:

• constraints/ainotebooks.accessMode * constraints/ainotebooks.disableFileDownloads * constraints/ainotebooks.disableRootAccess * constraints/ainotebooks.disableTerminal * constraints/ainotebooks.environmentOptions * constraints/ainotebooks.requireAutoUpgradeSchedule * constraints/ainotebooks.restrictVpcNetworks * constraints/compute.disableGuestAttributesAccess * constraints/compute.disableInstanceDataAccessApis * constraints/compute.disableNestedVirtualization * constraints/compute.disableSerialPortAccess * constraints/compute.disableSerialPortLogging * constraints/compute.disableVpcExternalIpv6 * constraints/compute.requireOsLogin * constraints/compute.requireShieldedVm
• constraints/compute.restrictLoadBalancerCreationForTypes * constraints/compute.restrictProtocolForwardingCreationForTypes * constraints/compute.restrictXpnProjectLienRemoval * constraints/compute.setNewProjectDefaultToZonalDNSOnly * constraints/compute.skipDefaultNetworkCreation * constraints/compute.trustedImageProjects * constraints/compute.vmCanIpForward * constraints/compute.vmExternalIpAccess * constraints/gcp.detailedAuditLoggingMode * constraints/gcp.resourceLocations * constraints/iam.allowedPolicyMemberDomains * constraints/iam.automaticIamGrantsForDefaultServiceAccounts * constraints/iam.disableServiceAccountCreation * constraints/iam.disableServiceAccountKeyCreation * constraints/iam.disableServiceAccountKeyUpload * constraints/iam.restrictCrossProjectServiceAccountLienRemoval * constraints/iam.serviceAccountKeyExpiryHours * constraints/resourcemanager.accessBoundaries * constraints/resourcemanager.allowedExportDestinations * constraints/sql.restrictAuthorizedNetworks * constraints/sql.restrictNoncompliantDiagnosticDataAccess * constraints/sql.restrictNoncompliantResourceCreation * constraints/sql.restrictPublicIp * constraints/storage.publicAccessPrevention * constraints/storage.restrictAuthTypes * constraints/storage.uniformBucketLevelAccess This RPC only returns either resources of types supported by search APIs or IAM policies.

Request parameters:

scope - Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output assets will also be limited to the ones governed by those in-scope organization policies. * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456") Value must have pattern ^\[^/\]+/\[^/\]+$.

constraint - Required. The name of the constraint to analyze governed assets for. The analysis only contains analyzed organization policies for the provided constraint.

filter - The expression to filter AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets. For governed resources, filtering is currently available for bare literal values and the following fields: * governed_resource.project * governed_resource.folders * consolidated_policy.rules.enforce When filtering by governed_resource.project or consolidated_policy.rules.enforce, the only supported operator is =. When filtering by governed_resource.folders, the supported operators are = and :. For example, filtering by governed_resource.project="projects/12345678" will return all the governed resources under "projects/12345678", including the project itself if applicable. For governed IAM policies, filtering is currently available for bare literal values and the following fields: * governed_iam_policy.project * governed_iam_policy.folders * consolidated_policy.rules.enforce When filtering by governed_iam_policy.project or consolidated_policy.rules.enforce, the only supported operator is =. When filtering by governed_iam_policy.folders, the supported operators are = and :. For example, filtering by governed_iam_policy.folders:"folders/12345678" will return all the governed IAM policies under "folders/001".

pageSize - The maximum number of items to return per page. If unspecified, AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets will contain 100 items with a maximum of 200.

pageToken - The pagination token to retrieve the next page.

$fields - Selector specifying which fields to include in a partial response.

Completes with a AnalyzeOrgPolicyGovernedAssetsResponse.

Completes with a commons.ApiRequestError if the API endpoint returned an error.

If the used http.Client completes with an error when making a REST call, this method will complete with the same error.

Implementation

async.Future<AnalyzeOrgPolicyGovernedAssetsResponse>
    analyzeOrgPolicyGovernedAssets(
  core.String scope, {
  core.String? constraint,
  core.String? filter,
  core.int? pageSize,
  core.String? pageToken,
  core.String? $fields,
}) async {
  final queryParams_ = <core.String, core.List<core.String>>{
    if (constraint != null) 'constraint': [constraint],
    if (filter != null) 'filter': [filter],
    if (pageSize != null) 'pageSize': ['${pageSize}'],
    if (pageToken != null) 'pageToken': [pageToken],
    if ($fields != null) 'fields': [$fields],
  };

  final url_ = 'v1/' +
      core.Uri.encodeFull('$scope') +
      ':analyzeOrgPolicyGovernedAssets';

  final response_ = await _requester.request(
    url_,
    'GET',
    queryParams: queryParams_,
  );
  return AnalyzeOrgPolicyGovernedAssetsResponse.fromJson(
      response_ as core.Map<core.String, core.dynamic>);
}