Class PoliciesClient (2.13.0) 

PoliciesClient(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.iam_v2beta.services.policies.transports.base.PoliciesTransport]] = None, client_options: typing.Optional[typing.Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

An interface for managing Identity and Access Management (IAM) policies.

Properties

transport

Returns the transport used by the client instance.

Returns
Type Description
PoliciesTransport The transport used by the client instance.

Methods

PoliciesClient

PoliciesClient(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.iam_v2beta.services.policies.transports.base.PoliciesTransport]] = None, client_options: typing.Optional[typing.Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

Instantiates the policies client.

Parameters
Name Description
credentials Optional[google.auth.credentials.Credentials]

The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.
transport Union[str, PoliciesTransport]

The transport to use. If set to None, a transport is chosen automatically.
client_options Optional[Union[google.api_core.client_options.ClientOptions, dict]]

Custom options for the client. It won't take effect if a transport instance is provided. (1) The api_endpoint property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT environment variable can also be used to override the endpoint: "always" (always use the default mTLS endpoint), "never" (always use the default regular endpoint) and "auto" (auto switch to the default mTLS endpoint if client certificate is present, this is the default value). However, the api_endpoint property takes precedence if provided. (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "true", then the client_cert_source property can be used to provide client certificate for mutual TLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not set, no client certificate will be used.
client_info google.api_core.gapic_v1.client_info.ClientInfo

The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you're developing your own client library.
Exceptions
Type Description
google.auth.exceptions.MutualTLSChannelError If mutual TLS transport creation failed for any reason.

__exit__

__exit__(type, value, traceback)

Releases underlying transport's resources.

common_billing_account_path

common_billing_account_path(billing_account: str) -> str

Returns a fully-qualified billing_account string.

common_folder_path

common_folder_path(folder: str) -> str

Returns a fully-qualified folder string.

common_location_path

common_location_path(project: str, location: str) -> str

Returns a fully-qualified location string.

common_organization_path

common_organization_path(organization: str) -> str

Returns a fully-qualified organization string.

common_project_path

common_project_path(project: str) -> str

Returns a fully-qualified project string.

create_policy

create_policy(
 request: typing.Optional[
 typing.Union[google.cloud.iam_v2beta.types.policy.CreatePolicyRequest, dict]
 ] = None,
 *,
 parent: typing.Optional[str] = None,
 policy: typing.Optional[google.cloud.iam_v2beta.types.policy.Policy] = None,
 policy_id: typing.Optional[str] = None,
 retry: typing.Union[
 google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault
 ] = _MethodDefault._DEFAULT_VALUE,
 timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
 metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.api_core.operation.Operation

Creates a policy.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v2beta
def sample_create_policy():
 # Create a client
 client = iam_v2beta.PoliciesClient()
 # Initialize request argument(s)
 request = iam_v2beta.CreatePolicyRequest(
 parent="parent_value",
 )
 # Make the request
 operation = client.create_policy(request=request)
 print("Waiting for operation to complete...")
 response = operation.result()
 # Handle the response
 print(response)
Parameters
Name Description
request Union[google.cloud.iam_v2beta.types.CreatePolicyRequest, dict]

The request object. Request message for CreatePolicy.
parent str

Required. The resource that the policy is attached to, along with the kind of policy to create. Format: policies/{attachment_point}/denypolicies The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, /, must be written as %2F. For example, policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies. For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID. This corresponds to the parent field on the request instance; if request is provided, this should not be set.
policy google.cloud.iam_v2beta.types.Policy

Required. The policy to create. This corresponds to the policy field on the request instance; if request is provided, this should not be set.
policy_id str

The ID to use for this policy, which will become the final component of the policy's resource name. The ID must contain 3 to 63 characters. It can contain lowercase letters and numbers, as well as dashes (-) and periods (.). The first character must be a lowercase letter. This corresponds to the policy_id field on the request instance; if request is provided, this should not be set.
retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.
timeout float

The timeout for this request.
metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.
Returns
Type Description
google.api_core.operation.Operation An object representing a long-running operation. The result type for the operation will be Policy Data for an IAM policy.

delete_policy

delete_policy(
 request: typing.Optional[
 typing.Union[google.cloud.iam_v2beta.types.policy.DeletePolicyRequest, dict]
 ] = None,
 *,
 name: typing.Optional[str] = None,
 retry: typing.Union[
 google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault
 ] = _MethodDefault._DEFAULT_VALUE,
 timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
 metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.api_core.operation.Operation

Deletes a policy. This action is permanent.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v2beta
def sample_delete_policy():
 # Create a client
 client = iam_v2beta.PoliciesClient()
 # Initialize request argument(s)
 request = iam_v2beta.DeletePolicyRequest(
 name="name_value",
 )
 # Make the request
 operation = client.delete_policy(request=request)
 print("Waiting for operation to complete...")
 response = operation.result()
 # Handle the response
 print(response)
Parameters
Name Description
request Union[google.cloud.iam_v2beta.types.DeletePolicyRequest, dict]

The request object. Request message for DeletePolicy.
name str

Required. The resource name of the policy to delete. Format: policies/{attachment_point}/denypolicies/{policy_id} Use the URL-encoded full resource name, which means that the forward-slash character, /, must be written as %2F. For example, policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy. For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID. This corresponds to the name field on the request instance; if request is provided, this should not be set.
retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.
timeout float

The timeout for this request.
metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.
Returns
Type Description
google.api_core.operation.Operation An object representing a long-running operation. The result type for the operation will be Policy Data for an IAM policy.

from_service_account_file

from_service_account_file(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
Name Description
filename str

The path to the service account private key json file.
Returns
Type Description
PoliciesClient The constructed client.

from_service_account_info

from_service_account_info(info: dict, *args, **kwargs)

Creates an instance of this client using the provided credentials info.

Parameter
Name Description
info dict

The service account private key info.
Returns
Type Description
PoliciesClient The constructed client.

from_service_account_json

from_service_account_json(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
Name Description
filename str

The path to the service account private key json file.
Returns
Type Description
PoliciesClient The constructed client.

get_mtls_endpoint_and_cert_source

get_mtls_endpoint_and_cert_source(
 client_options: typing.Optional[
 google.api_core.client_options.ClientOptions
 ] = None,
)

Return the API endpoint and client cert source for mutual TLS.

The client cert source is determined in the following order: (1) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not "true", the client cert source is None. (2) if client_options.client_cert_source is provided, use the provided one; if the default client cert source exists, use the default one; otherwise the client cert source is None.

The API endpoint is determined in the following order: (1) if client_options.api_endpoint if provided, use the provided one. (2) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "always", use the default mTLS endpoint; if the environment variable is "never", use the default API endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise use the default API endpoint.

More details can be found at https://google.aip.dev/auth/4114.

Parameter
Name Description
client_options google.api_core.client_options.ClientOptions

Custom options for the client. Only the api_endpoint and client_cert_source properties may be used in this method.
Exceptions
Type Description
google.auth.exceptions.MutualTLSChannelError If any errors happen.
Returns
Type Description
Tuple[str, Callable[[], Tuple[bytes, bytes]]] returns the API endpoint and the client cert source to use.

get_operation

get_operation(
 request: typing.Optional[
 google.longrunning.operations_pb2.GetOperationRequest
 ] = None,
 *,
 retry: typing.Union[
 google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault
 ] = _MethodDefault._DEFAULT_VALUE,
 timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
 metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.longrunning.operations_pb2.Operation

Gets the latest state of a long-running operation.

Parameters
Name Description
request .operations_pb2.GetOperationRequest

The request object. Request message for GetOperation method.
retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.
timeout float

The timeout for this request.
metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.
Returns
Type Description
.operations_pb2.Operation An Operation object.

get_policy

get_policy(
 request: typing.Optional[
 typing.Union[google.cloud.iam_v2beta.types.policy.GetPolicyRequest, dict]
 ] = None,
 *,
 name: typing.Optional[str] = None,
 retry: typing.Union[
 google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault
 ] = _MethodDefault._DEFAULT_VALUE,
 timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
 metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.iam_v2beta.types.policy.Policy

Gets a policy.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v2beta
def sample_get_policy():
 # Create a client
 client = iam_v2beta.PoliciesClient()
 # Initialize request argument(s)
 request = iam_v2beta.GetPolicyRequest(
 name="name_value",
 )
 # Make the request
 response = client.get_policy(request=request)
 # Handle the response
 print(response)
Parameters
Name Description
request Union[google.cloud.iam_v2beta.types.GetPolicyRequest, dict]

The request object. Request message for GetPolicy.
name str

Required. The resource name of the policy to retrieve. Format: policies/{attachment_point}/denypolicies/{policy_id} Use the URL-encoded full resource name, which means that the forward-slash character, /, must be written as %2F. For example, policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy. For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID. This corresponds to the name field on the request instance; if request is provided, this should not be set.
retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.
timeout float

The timeout for this request.
metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.
Returns
Type Description
google.cloud.iam_v2beta.types.Policy Data for an IAM policy.

list_policies

list_policies(
 request: typing.Optional[
 typing.Union[google.cloud.iam_v2beta.types.policy.ListPoliciesRequest, dict]
 ] = None,
 *,
 parent: typing.Optional[str] = None,
 retry: typing.Union[
 google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault
 ] = _MethodDefault._DEFAULT_VALUE,
 timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
 metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.iam_v2beta.services.policies.pagers.ListPoliciesPager

Retrieves the policies of the specified kind that are attached to a resource.

The response lists only policy metadata. In particular, policy rules are omitted.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v2beta
def sample_list_policies():
 # Create a client
 client = iam_v2beta.PoliciesClient()
 # Initialize request argument(s)
 request = iam_v2beta.ListPoliciesRequest(
 parent="parent_value",
 )
 # Make the request
 page_result = client.list_policies(request=request)
 # Handle the response
 for response in page_result:
 print(response)
Parameters
Name Description
request Union[google.cloud.iam_v2beta.types.ListPoliciesRequest, dict]

The request object. Request message for ListPolicies.
parent str

Required. The resource that the policy is attached to, along with the kind of policy to list. Format: policies/{attachment_point}/denypolicies The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, /, must be written as %2F. For example, policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies. For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID. This corresponds to the parent field on the request instance; if request is provided, this should not be set.
retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.
timeout float

The timeout for this request.
metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.
Returns
Type Description
google.cloud.iam_v2beta.services.policies.pagers.ListPoliciesPager Response message for ListPolicies. Iterating over this object will yield results and resolve additional pages automatically.

parse_common_billing_account_path

parse_common_billing_account_path(path: str) -> typing.Dict[str, str]

Parse a billing_account path into its component segments.

parse_common_folder_path

parse_common_folder_path(path: str) -> typing.Dict[str, str]

Parse a folder path into its component segments.

parse_common_location_path

parse_common_location_path(path: str) -> typing.Dict[str, str]

Parse a location path into its component segments.

parse_common_organization_path

parse_common_organization_path(path: str) -> typing.Dict[str, str]

Parse a organization path into its component segments.

parse_common_project_path

parse_common_project_path(path: str) -> typing.Dict[str, str]

Parse a project path into its component segments.

update_policy

update_policy(
 request: typing.Optional[
 typing.Union[google.cloud.iam_v2beta.types.policy.UpdatePolicyRequest, dict]
 ] = None,
 *,
 retry: typing.Union[
 google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault
 ] = _MethodDefault._DEFAULT_VALUE,
 timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
 metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.api_core.operation.Operation

Updates the specified policy.

You can update only the rules and the display name for the policy.

To update a policy, you should use a read-modify-write loop:

  1. Use GetPolicy][google.iam.v2beta.Policies.GetPolicy] to read the current version of the policy.
  2. Modify the policy as needed.
  3. Use UpdatePolicy to write the updated policy.

This pattern helps prevent conflicts between concurrent updates.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v2beta
def sample_update_policy():
 # Create a client
 client = iam_v2beta.PoliciesClient()
 # Initialize request argument(s)
 request = iam_v2beta.UpdatePolicyRequest(
 )
 # Make the request
 operation = client.update_policy(request=request)
 print("Waiting for operation to complete...")
 response = operation.result()
 # Handle the response
 print(response)
Parameters
Name Description
request Union[google.cloud.iam_v2beta.types.UpdatePolicyRequest, dict]

The request object. Request message for UpdatePolicy.
retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.
timeout float

The timeout for this request.
metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.
Returns
Type Description
google.api_core.operation.Operation An object representing a long-running operation. The result type for the operation will be Policy Data for an IAM policy.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年10月30日 UTC.