1

我正在做一个小项目,通过使用 python 更新组织策略约束。我想使用 python,因为我已经设置了 Secret Manager 和 Impersonation。现在我正处于修改组织政策约束的最后阶段

我找到了回购https://github.com/googleapis/python-org-policy/tree/40faa07298b3baa9a4d0ca26927b28fdd80aa03b/samples/generated_samples

带有用于创建约束的代码示例。

我想修改这个:“projects/project-id-from-gcp/policies/compute.skipDefaultNetworkCreation”为强制。

我到目前为止的代码是这样的:

from google.cloud import orgpolicy_v2


def sample_update_policy():
    # Create a client
    client = orgpolicy_v2.OrgPolicyClient()

    # Initialize request argument(s)
    request = orgpolicy_v2.UpdatePolicyRequest(
        policy="""
        name: "projects/project-id-from-gcp/policies/compute.skipDefaultNetworkCreation"
        spec {
          rules {
            enforce: true
            }
          }
        """
        
    )

    # Make the request
    response = client.update_policy(request=request)
    #
    # Handle the response
    print(response)
    
sample_update_policy()

但我收到错误 google.api_core.exceptions.InvalidArgument: 400 Request contains an invalid argument。我不明白在“CreatePolicyRequest”中究竟要写什么。我也发现了这个,https://googleapis.dev/python/orgpolicy/1.0.2/orgpolicy_v2/types.html#google.cloud.orgpolicy_v2.types.Policy但我并不完全清楚。

我正在查看此https://cloud.google.com/python/docs/reference/orgpolicy/latest/google.cloud.orgpolicy_v2.services.org_policy.OrgPolicyClient#google_cloud_orgpolicy_v2_services_org_policy_OrgPolicyClient_update_policy 但老实说,我不明白该怎么做。

(我不认为我修改它是正确的。)

请你给我指出正确的方向吗?

谢谢

4

1 回答 1

2

您的问题是您将YAML字符串作为参数传递给UpdatePolicyRequest()。您的链接位于正确的路径上。

from google.cloud import orgpolicy_v2
from google.cloud.orgpolicy_v2 import types

def build_policy():
    rule = types.PolicySpec.PolicyRule()
    rule.enforce = True

    spec = types.PolicySpec()
    spec.rules.append(rule)

    policy = types.Policy(
        name="projects/project-id-from-gcp/policies/compute.skipDefaultNetworkCreation",
        spec = spec
    )

    return policy

def sample_update_policy():
    # Create a client
    client = orgpolicy_v2.OrgPolicyClient()

    policy = build_policy()

    # Debug - view created policy
    print(policy)

    # Initialize request argument(s)
    request = orgpolicy_v2.UpdatePolicyRequest(
        policy=policy
    )

    # Make the request
    response = client.update_policy(request=request)
    #
    # Handle the response
    print(response)

sample_update_policy()
于 2022-02-26T23:56:24.113 回答