我正在做一个小项目,通过使用python更新组织策略约束。我想使用python,因为我已经设置了Secret Manager和Impersonation。现在我正处于修改组织策略约束的最后阶段
我找到回购了https://github.com/googleapis/python-org-policy/tree/40faa07298b3baa9a4d0ca26927b28fdd80aa03b/samples/generated_samples
带有用于创建约束的代码示例。
我想修改一下:;来自gcp/policys/computer.skipDefaultNetworkCreation的projects/project-id";强制执行。
到目前为止,我的代码是:
from google.cloud import orgpolicy_v2
def sample_update_policy():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
# Initialize request argument(s)
request = orgpolicy_v2.UpdatePolicyRequest(
policy="""
name: "projects/project-id-from-gcp/policies/compute.skipDefaultNetworkCreation"
spec {
rules {
enforce: true
}
}
"""
)
# Make the request
response = client.update_policy(request=request)
#
# Handle the response
print(response)
sample_update_policy()
但我在google.api_core.exceptions.InvalidArgument:400请求包含无效参数。我不明白用";CreatePolicyRequest";。我也发现了这一点,https://googleapis.dev/python/orgpolicy/1.0.2/orgpolicy_v2/types.html#google.cloud.orgpolicy_v2.types.Policy但我并不完全清楚。
我在看这个https://cloud.google.com/python/docs/reference/orgpolicy/latest/google.cloud.orgpolicy_v2.services.org_policy.OrgPolicyClient#google_cloud_orgpolicy_v2_services_org_policy_OrgPolicyClient_update_policy但我真的不知道该怎么做。
(我认为我修改的内容甚至都不正确。(
你能告诉我正确的方向吗?
谢谢
您的问题是将YAML字符串作为参数传递给UpdatePolicyRequest((。您使用链接的路径是正确的。
from google.cloud import orgpolicy_v2
from google.cloud.orgpolicy_v2 import types
def build_policy():
rule = types.PolicySpec.PolicyRule()
rule.enforce = True
spec = types.PolicySpec()
spec.rules.append(rule)
policy = types.Policy(
name="projects/project-id-from-gcp/policies/compute.skipDefaultNetworkCreation",
spec = spec
)
return policy
def sample_update_policy():
# Create a client
client = orgpolicy_v2.OrgPolicyClient()
policy = build_policy()
# Debug - view created policy
print(policy)
# Initialize request argument(s)
request = orgpolicy_v2.UpdatePolicyRequest(
policy=policy
)
# Make the request
response = client.update_policy(request=request)
#
# Handle the response
print(response)
sample_update_policy()