feat: support for OrgPolicy dry runs

PiperOrigin-RevId: 502948090
googleapis · Jan 18, 2023 · 8f29315 · 8f29315
1 parent 9557816
commit 8f29315
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 45 deletions.
diff --git a/google/cloud/orgpolicy/v2/BUILD.bazel b/google/cloud/orgpolicy/v2/BUILD.bazel
@@ -1,5 +1,5 @@
 # This file was automatically generated by BuildFileGenerator
-# https://github.com/googleapis/gapic-generator/tree/master/rules_gapic/bazel
+# https://github.com/googleapis/rules_gapic/tree/master/bazel
 
 # Most of the manual changes to this file will be overwritten.
 # It's **only** allowed to change the following rule attribute values:
@@ -31,6 +31,7 @@ proto_library(
         "//google/api:resource_proto",
         "//google/type:expr_proto",
         "@com_google_protobuf//:empty_proto",
+        "@com_google_protobuf//:field_mask_proto",
         "@com_google_protobuf//:timestamp_proto",
     ],
 )
@@ -69,14 +70,17 @@ java_grpc_library(
 java_gapic_library(
     name = "orgpolicy_java_gapic",
     srcs = [":orgpolicy_proto_with_info"],
+    gapic_yaml = None,
     grpc_service_config = "orgpolicy_grpc_service_config.json",
     rest_numeric_enums = True,
+    service_yaml = "orgpolicy_v2.yaml",
     test_deps = [
         ":orgpolicy_java_grpc",
     ],
     transport = "grpc+rest",
     deps = [
         ":orgpolicy_java_proto",
+        "//google/api:api_java_proto",
     ],
 )
 
@@ -129,6 +133,8 @@ go_gapic_library(
     srcs = [":orgpolicy_proto_with_info"],
     grpc_service_config = "orgpolicy_grpc_service_config.json",
     importpath = "cloud.google.com/go/orgpolicy/apiv2;orgpolicy",
+    metadata = True,
+    release_level = "beta",
     rest_numeric_enums = True,
     service_yaml = "orgpolicy_v2.yaml",
     transport = "grpc+rest",
@@ -149,6 +155,7 @@ go_gapic_assembly_pkg(
     name = "gapi-cloud-orgpolicy-v2-go",
     deps = [
         ":orgpolicy_go_gapic",
+        ":orgpolicy_go_gapic_srcjar-metadata.srcjar",
         ":orgpolicy_go_gapic_srcjar-test.srcjar",
         ":orgpolicy_go_proto",
     ],
@@ -168,11 +175,12 @@ py_gapic_library(
     name = "orgpolicy_py_gapic",
     srcs = [":orgpolicy_proto"],
     grpc_service_config = "orgpolicy_grpc_service_config.json",
-    opt_args = [
-        "warehouse-package-name=google-cloud-org-policy",
-    ],
+    opt_args = ["warehouse-package-name=google-cloud-org-policy"],
     rest_numeric_enums = True,
+    service_yaml = "orgpolicy_v2.yaml",
     transport = "grpc",
+    deps = [
+    ],
 )
 
 py_test(
@@ -220,6 +228,7 @@ php_gapic_library(
     srcs = [":orgpolicy_proto_with_info"],
     grpc_service_config = "orgpolicy_grpc_service_config.json",
     rest_numeric_enums = True,
+    service_yaml = "orgpolicy_v2.yaml",
     transport = "grpc+rest",
     deps = [
         ":orgpolicy_php_grpc",
@@ -293,16 +302,17 @@ ruby_cloud_gapic_library(
     name = "orgpolicy_ruby_gapic",
     srcs = [":orgpolicy_proto_with_info"],
     extra_protoc_parameters = [
-        "ruby-cloud-gem-name=google-cloud-org_policy-v2",
-        "ruby-cloud-env-prefix=ORG_POLICY",
-        "ruby-cloud-product-url=https://cloud.google.com/resource-manager/docs/organization-policy/overview",
         "ruby-cloud-api-id=orgpolicy.googleapis.com",
         "ruby-cloud-api-shortname=orgpolicy",
+        "ruby-cloud-env-prefix=ORG_POLICY",
+        "ruby-cloud-gem-name=google-cloud-org_policy-v2",
+        "ruby-cloud-product-url=https://cloud.google.com/resource-manager/docs/organization-policy/overview",
     ],
     grpc_service_config = "orgpolicy_grpc_service_config.json",
     rest_numeric_enums = True,
     ruby_cloud_description = "The Cloud Org Policy service provides a simple mechanism for organizations to restrict the allowed configurations across their entire Cloud Resource hierarchy.",
     ruby_cloud_title = "Organization Policy V2",
+    service_yaml = "orgpolicy_v2.yaml",
     deps = [
         ":orgpolicy_ruby_grpc",
         ":orgpolicy_ruby_proto",

diff --git a/google/cloud/orgpolicy/v2/constraint.proto b/google/cloud/orgpolicy/v2/constraint.proto
@@ -18,6 +18,7 @@ package google.cloud.orgpolicy.v2;
 
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/protobuf/timestamp.proto";
 
 option csharp_namespace = "Google.Cloud.OrgPolicy.V2";
 option go_package = "google.golang.org/genproto/googleapis/cloud/orgpolicy/v2;orgpolicy";
@@ -87,9 +88,7 @@ message Constraint {
   // For example a constraint `constraints/compute.disableSerialPortAccess`.
   // If it is enforced on a VM instance, serial port connections will not be
   // opened to that instance.
-  message BooleanConstraint {
-
-  }
+  message BooleanConstraint {}
 
   // Immutable. The resource name of the Constraint. Must be in one of
   // the following forms:

diff --git a/google/cloud/orgpolicy/v2/orgpolicy.proto b/google/cloud/orgpolicy/v2/orgpolicy.proto
@@ -22,6 +22,7 @@ import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/orgpolicy/v2/constraint.proto";
 import "google/protobuf/empty.proto";
+import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
 import "google/type/expr.proto";
 
@@ -55,18 +56,16 @@ option ruby_package = "Google::Cloud::OrgPolicy::V2";
 // particular resource and its child resources.
 service OrgPolicy {
   option (google.api.default_host) = "orgpolicy.googleapis.com";
-  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+  option (google.api.oauth_scopes) =
+      "https://www.googleapis.com/auth/cloud-platform";
 
   // Lists `Constraints` that could be applied on the specified resource.
-  rpc ListConstraints(ListConstraintsRequest) returns (ListConstraintsResponse) {
+  rpc ListConstraints(ListConstraintsRequest)
+      returns (ListConstraintsResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=projects/*}/constraints"
-      additional_bindings {
-        get: "/v2/{parent=folders/*}/constraints"
-      }
-      additional_bindings {
-        get: "/v2/{parent=organizations/*}/constraints"
-      }
+      additional_bindings { get: "/v2/{parent=folders/*}/constraints" }
+      additional_bindings { get: "/v2/{parent=organizations/*}/constraints" }
     };
     option (google.api.method_signature) = "parent";
   }
@@ -75,12 +74,8 @@ service OrgPolicy {
   rpc ListPolicies(ListPoliciesRequest) returns (ListPoliciesResponse) {
     option (google.api.http) = {
       get: "/v2/{parent=projects/*}/policies"
-      additional_bindings {
-        get: "/v2/{parent=folders/*}/policies"
-      }
-      additional_bindings {
-        get: "/v2/{parent=organizations/*}/policies"
-      }
+      additional_bindings { get: "/v2/{parent=folders/*}/policies" }
+      additional_bindings { get: "/v2/{parent=organizations/*}/policies" }
     };
     option (google.api.method_signature) = "parent";
   }
@@ -93,12 +88,8 @@ service OrgPolicy {
   rpc GetPolicy(GetPolicyRequest) returns (Policy) {
     option (google.api.http) = {
       get: "/v2/{name=projects/*/policies/*}"
-      additional_bindings {
-        get: "/v2/{name=folders/*/policies/*}"
-      }
-      additional_bindings {
-        get: "/v2/{name=organizations/*/policies/*}"
-      }
+      additional_bindings { get: "/v2/{name=folders/*/policies/*}" }
+      additional_bindings { get: "/v2/{name=organizations/*/policies/*}" }
     };
     option (google.api.method_signature) = "name";
   }
@@ -176,12 +167,8 @@ service OrgPolicy {
   rpc DeletePolicy(DeletePolicyRequest) returns (google.protobuf.Empty) {
     option (google.api.http) = {
       delete: "/v2/{name=projects/*/policies/*}"
-      additional_bindings {
-        delete: "/v2/{name=folders/*/policies/*}"
-      }
-      additional_bindings {
-        delete: "/v2/{name=organizations/*/policies/*}"
-      }
+      additional_bindings { delete: "/v2/{name=folders/*/policies/*}" }
+      additional_bindings { delete: "/v2/{name=organizations/*/policies/*}" }
     };
     option (google.api.method_signature) = "name";
   }
@@ -216,6 +203,11 @@ message Policy {
 
   // Deprecated.
   AlternatePolicySpec alternate = 3 [deprecated = true];
+
+  // dry-run policy.
+  // Audit-only policy, can be used to monitor how the policy would have
+  // impacted the existing and future resources if it's enforced.
+  PolicySpec dry_run_spec = 4;
 }
 
 // Similar to PolicySpec but with an extra 'launch' field for launch reference.
@@ -308,7 +300,8 @@ message PolicySpec {
   // Output only. The time stamp this was previously updated. This
   // represents the last time a call to `CreatePolicy` or `UpdatePolicy` was
   // made for that `Policy`.
-  google.protobuf.Timestamp update_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp update_time = 2
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Up to 10 PolicyRules are allowed.
   //
@@ -341,8 +334,8 @@ message PolicySpec {
 // The request sent to the [ListConstraints]
 // [google.cloud.orgpolicy.v2.OrgPolicy.ListConstraints] method.
 message ListConstraintsRequest {
-  // Required. The Cloud resource that parents the constraint. Must be in one of the
-  // following forms:
+  // Required. The Cloud resource that parents the constraint. Must be in one of
+  // the following forms:
   // * `projects/{project_number}`
   // * `projects/{project_id}`
   // * `folders/{folder_id}`
@@ -377,9 +370,9 @@ message ListConstraintsResponse {
 // The request sent to the [ListPolicies]
 // [google.cloud.orgpolicy.v2.OrgPolicy.ListPolicies] method.
 message ListPoliciesRequest {
-  // Required. The target Cloud resource that parents the set of constraints and policies
-  // that will be returned from this call. Must be in one of the following
-  // forms:
+  // Required. The target Cloud resource that parents the set of constraints and
+  // policies that will be returned from this call. Must be in one of the
+  // following forms:
   // * `projects/{project_number}`
   // * `projects/{project_id}`
   // * `folders/{folder_id}`
@@ -417,7 +410,8 @@ message ListPoliciesResponse {
 // The request sent to the [GetPolicy]
 // [google.cloud.orgpolicy.v2.OrgPolicy.GetPolicy] method.
 message GetPolicyRequest {
-  // Required. Resource name of the policy. See `Policy` for naming requirements.
+  // Required. Resource name of the policy. See `Policy` for naming
+  // requirements.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -441,8 +435,8 @@ message GetEffectivePolicyRequest {
 // The request sent to the [CreatePolicyRequest]
 // [google.cloud.orgpolicy.v2.OrgPolicy.CreatePolicy] method.
 message CreatePolicyRequest {
-  // Required. The Cloud resource that will parent the new Policy. Must be in one of the
-  // following forms:
+  // Required. The Cloud resource that will parent the new Policy. Must be in
+  // one of the following forms:
   // * `projects/{project_number}`
   // * `projects/{project_id}`
   // * `folders/{folder_id}`
@@ -463,6 +457,11 @@ message CreatePolicyRequest {
 message UpdatePolicyRequest {
   // Required. `Policy` to update.
   Policy policy = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Field mask used to specify the fields to be overwritten in the policy
+  // by the set. The fields specified in the update_mask are relative to the
+  // policy, not the full request.
+  google.protobuf.FieldMask update_mask = 3;
 }
 
 // The request sent to the [DeletePolicy]

diff --git a/google/cloud/orgpolicy/v2/orgpolicy_v2.yaml b/google/cloud/orgpolicy/v2/orgpolicy_v2.yaml
@@ -17,3 +17,13 @@ authentication:
     oauth:
       canonical_scopes: |-
         https://www.googleapis.com/auth/cloud-platform
+
+publishing:
+  organization: CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED
+  new_issue_uri: ''
+  documentation_uri: ''
+  api_short_name: ''
+  github_label: ''
+  doc_tag_prefix: ''
+  codeowner_github_teams:
+  library_settings: