google-cloud-org_policy-v2 0.7.0 → 0.9.0

data/lib/google/cloud/org_policy/v2/org_policy/client.rb

@@ -29,26 +29,29 @@ module Google
           #
           # An interface for managing organization policies.
           #
-          # The Cloud Org Policy service provides a simple mechanism for organizations to
-          # restrict the allowed configurations across their entire Cloud Resource
-          # hierarchy.
+          # The Organization Policy Service provides a simple mechanism for
+          # organizations to restrict the allowed configurations across their entire
+          # resource hierarchy.
           #
-          # You can use a `policy` to configure restrictions in Cloud resources. For
-          # example, you can enforce a `policy` that restricts which Google
-          # Cloud Platform APIs can be activated in a certain part of your resource
-          # hierarchy, or prevents serial port access to VM instances in a particular
-          # folder.
+          # You can use a policy to configure restrictions on resources. For
+          # example, you can enforce a policy that restricts which Google
+          # Cloud APIs can be activated in a certain part of your resource
+          # hierarchy, or prevents serial port access to VM instances in a
+          # particular folder.
           #
-          # `Policies` are inherited down through the resource hierarchy. A `policy`
+          # Policies are inherited down through the resource hierarchy. A policy
           # applied to a parent resource automatically applies to all its child resources
-          # unless overridden with a `policy` lower in the hierarchy.
+          # unless overridden with a policy lower in the hierarchy.
           #
-          # A `constraint` defines an aspect of a resource's configuration that can be
-          # controlled by an organization's policy administrator. `Policies` are a
-          # collection of `constraints` that defines their allowable configuration on a
+          # A constraint defines an aspect of a resource's configuration that can be
+          # controlled by an organization's policy administrator. Policies are a
+          # collection of constraints that defines their allowable configuration on a
           # particular resource and its child resources.
           #
           class Client
+            # @private
+            DEFAULT_ENDPOINT_TEMPLATE = "orgpolicy.$UNIVERSE_DOMAIN$"
+
             include Paths
 
             # @private
@@ -118,6 +121,31 @@ module Google
                   initial_delay: 1.0, max_delay: 10.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
+                default_config.rpcs.create_custom_constraint.timeout = 60.0
+                default_config.rpcs.create_custom_constraint.retry_policy = {
+                  initial_delay: 1.0, max_delay: 10.0, multiplier: 1.3, retry_codes: [14, 4]
+                }
+
+                default_config.rpcs.update_custom_constraint.timeout = 60.0
+                default_config.rpcs.update_custom_constraint.retry_policy = {
+                  initial_delay: 1.0, max_delay: 10.0, multiplier: 1.3, retry_codes: [14, 4]
+                }
+
+                default_config.rpcs.get_custom_constraint.timeout = 60.0
+                default_config.rpcs.get_custom_constraint.retry_policy = {
+                  initial_delay: 1.0, max_delay: 10.0, multiplier: 1.3, retry_codes: [14, 4]
+                }
+
+                default_config.rpcs.list_custom_constraints.timeout = 60.0
+                default_config.rpcs.list_custom_constraints.retry_policy = {
+                  initial_delay: 1.0, max_delay: 10.0, multiplier: 1.3, retry_codes: [14, 4]
+                }
+
+                default_config.rpcs.delete_custom_constraint.timeout = 60.0
+                default_config.rpcs.delete_custom_constraint.retry_policy = {
+                  initial_delay: 1.0, max_delay: 10.0, multiplier: 1.3, retry_codes: [14, 4]
+                }
+
                 default_config
               end
               yield @configure if block_given?
@@ -144,6 +172,15 @@ module Google
               @config
             end
 
+            ##
+            # The effective universe domain
+            #
+            # @return [String]
+            #
+            def universe_domain
+              @org_policy_stub.universe_domain
+            end
+
             ##
             # Create a new OrgPolicy client object.
             #
@@ -177,8 +214,9 @@ module Google
               credentials = @config.credentials
               # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                       !@config.endpoint.split(".").first.include?("-")
+              enable_self_signed_jwt = @config.endpoint.nil? ||
+                                       (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                       !@config.endpoint.split(".").first.include?("-"))
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -189,8 +227,10 @@ module Google
 
               @org_policy_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::OrgPolicy::V2::OrgPolicy::Stub,
-                credentials:  credentials,
-                endpoint:     @config.endpoint,
+                credentials: credentials,
+                endpoint: @config.endpoint,
+                endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
                 channel_pool_config: @config.channel_pool
@@ -200,7 +240,7 @@ module Google
             # Service calls
 
             ##
-            # Lists `Constraints` that could be applied on the specified resource.
+            # Lists constraints that could be applied on the specified resource.
             #
             # @overload list_constraints(request, options = nil)
             #   Pass arguments to `list_constraints` via a request object, either of type
@@ -218,8 +258,9 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param parent [::String]
-            #     Required. The Cloud resource that parents the constraint. Must be in one of
-            #     the following forms:
+            #     Required. The Google Cloud resource that parents the constraint. Must be in
+            #     one of the following forms:
+            #
             #     * `projects/{project_number}`
             #     * `projects/{project_id}`
             #     * `folders/{folder_id}`
@@ -302,7 +343,7 @@ module Google
             end
 
             ##
-            # Retrieves all of the `Policies` that exist on a particular resource.
+            # Retrieves all of the policies that exist on a particular resource.
             #
             # @overload list_policies(request, options = nil)
             #   Pass arguments to `list_policies` via a request object, either of type
@@ -320,9 +361,10 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param parent [::String]
-            #     Required. The target Cloud resource that parents the set of constraints and
-            #     policies that will be returned from this call. Must be in one of the
-            #     following forms:
+            #     Required. The target Google Cloud resource that parents the set of
+            #     constraints and policies that will be returned from this call. Must be in
+            #     one of the following forms:
+            #
             #     * `projects/{project_number}`
             #     * `projects/{project_id}`
             #     * `folders/{folder_id}`
@@ -405,11 +447,11 @@ module Google
             end
 
             ##
-            # Gets a `Policy` on a resource.
+            # Gets a policy on a resource.
             #
-            # If no `Policy` is set on the resource, NOT_FOUND is returned. The
+            # If no policy is set on the resource, `NOT_FOUND` is returned. The
             # `etag` value can be used with `UpdatePolicy()` to update a
-            # `Policy` during read-modify-write.
+            # policy during read-modify-write.
             #
             # @overload get_policy(request, options = nil)
             #   Pass arguments to `get_policy` via a request object, either of type
@@ -427,8 +469,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Required. Resource name of the policy. See `Policy` for naming
-            #     requirements.
+            #     Required. Resource name of the policy. See
+            #     {::Google::Cloud::OrgPolicy::V2::Policy Policy} for naming requirements.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::OrgPolicy::V2::Policy]
@@ -495,10 +537,10 @@ module Google
             end
 
             ##
-            # Gets the effective `Policy` on a resource. This is the result of merging
-            # `Policies` in the resource hierarchy and evaluating conditions. The
-            # returned `Policy` will not have an `etag` or `condition` set because it is
-            # a computed `Policy` across multiple resources.
+            # Gets the effective policy on a resource. This is the result of merging
+            # policies in the resource hierarchy and evaluating conditions. The
+            # returned policy will not have an `etag` or `condition` set because it is
+            # an evaluated policy across multiple resources.
             # Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
             # not be expanded.
             #
@@ -518,7 +560,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Required. The effective policy to compute. See `Policy` for naming rules.
+            #     Required. The effective policy to compute. See
+            #     {::Google::Cloud::OrgPolicy::V2::Policy Policy} for naming requirements.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::OrgPolicy::V2::Policy]
@@ -585,12 +628,12 @@ module Google
             end
 
             ##
-            # Creates a Policy.
+            # Creates a policy.
             #
             # Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
             # constraint does not exist.
             # Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
-            # policy already exists on the given Cloud resource.
+            # policy already exists on the given Google Cloud resource.
             #
             # @overload create_policy(request, options = nil)
             #   Pass arguments to `create_policy` via a request object, either of type
@@ -608,14 +651,15 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param parent [::String]
-            #     Required. The Cloud resource that will parent the new Policy. Must be in
-            #     one of the following forms:
+            #     Required. The Google Cloud resource that will parent the new policy. Must
+            #     be in one of the following forms:
+            #
             #     * `projects/{project_number}`
             #     * `projects/{project_id}`
             #     * `folders/{folder_id}`
             #     * `organizations/{organization_id}`
             #   @param policy [::Google::Cloud::OrgPolicy::V2::Policy, ::Hash]
-            #     Required. `Policy` to create.
+            #     Required. Policy to create.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::OrgPolicy::V2::Policy]
@@ -682,7 +726,7 @@ module Google
             end
 
             ##
-            # Updates a Policy.
+            # Updates a policy.
             #
             # Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
             # constraint or the policy do not exist.
@@ -708,7 +752,7 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param policy [::Google::Cloud::OrgPolicy::V2::Policy, ::Hash]
-            #     Required. `Policy` to update.
+            #     Required. Policy to update.
             #   @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
             #     Field mask used to specify the fields to be overwritten in the policy
             #     by the set. The fields specified in the update_mask are relative to the
@@ -779,10 +823,10 @@ module Google
             end
 
             ##
-            # Deletes a Policy.
+            # Deletes a policy.
             #
             # Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
-            # constraint or Org Policy does not exist.
+            # constraint or organization policy does not exist.
             #
             # @overload delete_policy(request, options = nil)
             #   Pass arguments to `delete_policy` via a request object, either of type
@@ -794,14 +838,18 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload delete_policy(name: nil)
+            # @overload delete_policy(name: nil, etag: nil)
             #   Pass arguments to `delete_policy` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
             #     Required. Name of the policy to delete.
-            #     See `Policy` for naming rules.
+            #     See the policy entry for naming rules.
+            #   @param etag [::String]
+            #     Optional. The current etag of policy. If an etag is provided and does not
+            #     match the current etag of the policy, deletion will be blocked and an
+            #     ABORTED error will be returned.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Protobuf::Empty]
@@ -867,6 +915,471 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Creates a custom constraint.
+            #
+            # Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
+            # organization does not exist.
+            # Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
+            # constraint already exists on the given organization.
+            #
+            # @overload create_custom_constraint(request, options = nil)
+            #   Pass arguments to `create_custom_constraint` via a request object, either of type
+            #   {::Google::Cloud::OrgPolicy::V2::CreateCustomConstraintRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::OrgPolicy::V2::CreateCustomConstraintRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload create_custom_constraint(parent: nil, custom_constraint: nil)
+            #   Pass arguments to `create_custom_constraint` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param parent [::String]
+            #     Required. Must be in the following form:
+            #
+            #     * `organizations/{organization_id}`
+            #   @param custom_constraint [::Google::Cloud::OrgPolicy::V2::CustomConstraint, ::Hash]
+            #     Required. Custom constraint to create.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::OrgPolicy::V2::CustomConstraint]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::OrgPolicy::V2::CustomConstraint]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/org_policy/v2"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::OrgPolicy::V2::CreateCustomConstraintRequest.new
+            #
+            #   # Call the create_custom_constraint method.
+            #   result = client.create_custom_constraint request
+            #
+            #   # The returned object is of type Google::Cloud::OrgPolicy::V2::CustomConstraint.
+            #   p result
+            #
+            def create_custom_constraint request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::OrgPolicy::V2::CreateCustomConstraintRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.create_custom_constraint.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::OrgPolicy::V2::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.parent
+                header_params["parent"] = request.parent
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.create_custom_constraint.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.create_custom_constraint.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @org_policy_stub.call_rpc :create_custom_constraint, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Updates a custom constraint.
+            #
+            # Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
+            # constraint does not exist.
+            #
+            # Note: the supplied policy will perform a full overwrite of all
+            # fields.
+            #
+            # @overload update_custom_constraint(request, options = nil)
+            #   Pass arguments to `update_custom_constraint` via a request object, either of type
+            #   {::Google::Cloud::OrgPolicy::V2::UpdateCustomConstraintRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::OrgPolicy::V2::UpdateCustomConstraintRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload update_custom_constraint(custom_constraint: nil)
+            #   Pass arguments to `update_custom_constraint` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param custom_constraint [::Google::Cloud::OrgPolicy::V2::CustomConstraint, ::Hash]
+            #     Required. `CustomConstraint` to update.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::OrgPolicy::V2::CustomConstraint]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::OrgPolicy::V2::CustomConstraint]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/org_policy/v2"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::OrgPolicy::V2::UpdateCustomConstraintRequest.new
+            #
+            #   # Call the update_custom_constraint method.
+            #   result = client.update_custom_constraint request
+            #
+            #   # The returned object is of type Google::Cloud::OrgPolicy::V2::CustomConstraint.
+            #   p result
+            #
+            def update_custom_constraint request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::OrgPolicy::V2::UpdateCustomConstraintRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.update_custom_constraint.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::OrgPolicy::V2::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.custom_constraint&.name
+                header_params["custom_constraint.name"] = request.custom_constraint.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.update_custom_constraint.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.update_custom_constraint.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @org_policy_stub.call_rpc :update_custom_constraint, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Gets a custom constraint.
+            #
+            # Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
+            # custom constraint does not exist.
+            #
+            # @overload get_custom_constraint(request, options = nil)
+            #   Pass arguments to `get_custom_constraint` via a request object, either of type
+            #   {::Google::Cloud::OrgPolicy::V2::GetCustomConstraintRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::OrgPolicy::V2::GetCustomConstraintRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload get_custom_constraint(name: nil)
+            #   Pass arguments to `get_custom_constraint` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. Resource name of the custom constraint. See the custom constraint
+            #     entry for naming requirements.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::OrgPolicy::V2::CustomConstraint]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::OrgPolicy::V2::CustomConstraint]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/org_policy/v2"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::OrgPolicy::V2::GetCustomConstraintRequest.new
+            #
+            #   # Call the get_custom_constraint method.
+            #   result = client.get_custom_constraint request
+            #
+            #   # The returned object is of type Google::Cloud::OrgPolicy::V2::CustomConstraint.
+            #   p result
+            #
+            def get_custom_constraint request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::OrgPolicy::V2::GetCustomConstraintRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.get_custom_constraint.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::OrgPolicy::V2::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.get_custom_constraint.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.get_custom_constraint.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @org_policy_stub.call_rpc :get_custom_constraint, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Retrieves all of the custom constraints that exist on a particular
+            # organization resource.
+            #
+            # @overload list_custom_constraints(request, options = nil)
+            #   Pass arguments to `list_custom_constraints` via a request object, either of type
+            #   {::Google::Cloud::OrgPolicy::V2::ListCustomConstraintsRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::OrgPolicy::V2::ListCustomConstraintsRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload list_custom_constraints(parent: nil, page_size: nil, page_token: nil)
+            #   Pass arguments to `list_custom_constraints` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param parent [::String]
+            #     Required. The target Google Cloud resource that parents the set of custom
+            #     constraints that will be returned from this call. Must be in one of the
+            #     following forms:
+            #
+            #     * `organizations/{organization_id}`
+            #   @param page_size [::Integer]
+            #     Size of the pages to be returned. This is currently unsupported and will
+            #     be ignored. The server may at any point start using this field to limit
+            #     page size.
+            #   @param page_token [::String]
+            #     Page token used to retrieve the next page. This is currently unsupported
+            #     and will be ignored. The server may at any point start using this field.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::CustomConstraint>]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::PagedEnumerable<::Google::Cloud::OrgPolicy::V2::CustomConstraint>]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/org_policy/v2"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::OrgPolicy::V2::ListCustomConstraintsRequest.new
+            #
+            #   # Call the list_custom_constraints method.
+            #   result = client.list_custom_constraints request
+            #
+            #   # The returned object is of type Gapic::PagedEnumerable. You can iterate
+            #   # over elements, and API calls will be issued to fetch pages as needed.
+            #   result.each do |item|
+            #     # Each element is of type ::Google::Cloud::OrgPolicy::V2::CustomConstraint.
+            #     p item
+            #   end
+            #
+            def list_custom_constraints request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::OrgPolicy::V2::ListCustomConstraintsRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.list_custom_constraints.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::OrgPolicy::V2::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.parent
+                header_params["parent"] = request.parent
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.list_custom_constraints.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.list_custom_constraints.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @org_policy_stub.call_rpc :list_custom_constraints, request, options: options do |response, operation|
+                response = ::Gapic::PagedEnumerable.new @org_policy_stub, :list_custom_constraints, request, response, operation, options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Deletes a custom constraint.
+            #
+            # Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
+            # constraint does not exist.
+            #
+            # @overload delete_custom_constraint(request, options = nil)
+            #   Pass arguments to `delete_custom_constraint` via a request object, either of type
+            #   {::Google::Cloud::OrgPolicy::V2::DeleteCustomConstraintRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::OrgPolicy::V2::DeleteCustomConstraintRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload delete_custom_constraint(name: nil)
+            #   Pass arguments to `delete_custom_constraint` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. Name of the custom constraint to delete.
+            #     See the custom constraint entry for naming rules.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Protobuf::Empty]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Protobuf::Empty]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/org_policy/v2"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::OrgPolicy::V2::OrgPolicy::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::OrgPolicy::V2::DeleteCustomConstraintRequest.new
+            #
+            #   # Call the delete_custom_constraint method.
+            #   result = client.delete_custom_constraint request
+            #
+            #   # The returned object is of type Google::Protobuf::Empty.
+            #   p result
+            #
+            def delete_custom_constraint request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::OrgPolicy::V2::DeleteCustomConstraintRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.delete_custom_constraint.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::OrgPolicy::V2::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.delete_custom_constraint.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.delete_custom_constraint.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @org_policy_stub.call_rpc :delete_custom_constraint, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the OrgPolicy API.
             #
@@ -897,9 +1410,9 @@ module Google
             #   end
             #
             # @!attribute [rw] endpoint
-            #   The hostname or hostname:port of the service endpoint.
-            #   Defaults to `"orgpolicy.googleapis.com"`.
-            #   @return [::String]
+            #   A custom service endpoint, as a hostname or hostname:port. The default is
+            #   nil, indicating to use the default endpoint in the current universe domain.
+            #   @return [::String,nil]
             # @!attribute [rw] credentials
             #   Credentials to send with calls. You may provide any of the following types:
             #    *  (`String`) The path to a service account key file in JSON format
@@ -945,13 +1458,20 @@ module Google
             # @!attribute [rw] quota_project
             #   A separate project against which to charge quota.
             #   @return [::String]
+            # @!attribute [rw] universe_domain
+            #   The universe domain within which to make requests. This determines the
+            #   default endpoint URL. The default value of nil uses the environment
+            #   universe (usually the default "googleapis.com" universe).
+            #   @return [::String,nil]
             #
             class Configuration
               extend ::Gapic::Config
 
+              # @private
+              # The endpoint specific to the default "googleapis.com" universe. Deprecated.
               DEFAULT_ENDPOINT = "orgpolicy.googleapis.com"
 
-              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+              config_attr :endpoint,      nil, ::String, nil
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -966,6 +1486,7 @@ module Google
               config_attr :metadata,      nil, ::Hash, nil
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
+              config_attr :universe_domain, nil, ::String, nil
 
               # @private
               def initialize parent_config = nil
@@ -1047,6 +1568,31 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :delete_policy
+                ##
+                # RPC-specific configuration for `create_custom_constraint`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :create_custom_constraint
+                ##
+                # RPC-specific configuration for `update_custom_constraint`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :update_custom_constraint
+                ##
+                # RPC-specific configuration for `get_custom_constraint`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :get_custom_constraint
+                ##
+                # RPC-specific configuration for `list_custom_constraints`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :list_custom_constraints
+                ##
+                # RPC-specific configuration for `delete_custom_constraint`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :delete_custom_constraint
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -1064,6 +1610,16 @@ module Google
                   @update_policy = ::Gapic::Config::Method.new update_policy_config
                   delete_policy_config = parent_rpcs.delete_policy if parent_rpcs.respond_to? :delete_policy
                   @delete_policy = ::Gapic::Config::Method.new delete_policy_config
+                  create_custom_constraint_config = parent_rpcs.create_custom_constraint if parent_rpcs.respond_to? :create_custom_constraint
+                  @create_custom_constraint = ::Gapic::Config::Method.new create_custom_constraint_config
+                  update_custom_constraint_config = parent_rpcs.update_custom_constraint if parent_rpcs.respond_to? :update_custom_constraint
+                  @update_custom_constraint = ::Gapic::Config::Method.new update_custom_constraint_config
+                  get_custom_constraint_config = parent_rpcs.get_custom_constraint if parent_rpcs.respond_to? :get_custom_constraint
+                  @get_custom_constraint = ::Gapic::Config::Method.new get_custom_constraint_config
+                  list_custom_constraints_config = parent_rpcs.list_custom_constraints if parent_rpcs.respond_to? :list_custom_constraints
+                  @list_custom_constraints = ::Gapic::Config::Method.new list_custom_constraints_config
+                  delete_custom_constraint_config = parent_rpcs.delete_custom_constraint if parent_rpcs.respond_to? :delete_custom_constraint
+                  @delete_custom_constraint = ::Gapic::Config::Method.new delete_custom_constraint_config
 
                   yield self if block_given?
                 end