0
# Organizations Management
1
2
Read-only access to organization information and search capabilities. Organizations represent the root-level container in the Google Cloud resource hierarchy, providing the foundation for managing all Google Cloud resources within an enterprise or domain.
3
4
## Capabilities
5
6
### Organization Retrieval
7
8
Retrieve detailed information about a specific organization using its resource name.
9
10
```python { .api }
11
def get_organization(
12
self,
13
request: GetOrganizationRequest = None,
14
*,
15
name: str = None,
16
retry: OptionalRetry = gapic_v1.method.DEFAULT,
17
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
18
metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()
19
) -> Organization:
20
"""
21
Retrieves an organization identified by the specified resource name.
22
23
Args:
24
name (str): The resource name of the organization to retrieve.
25
Format: organizations/{organization_id}
26
retry: Retry configuration for the request
27
timeout: Request timeout in seconds
28
metadata: Additional metadata to send with the request
29
30
Returns:
31
Organization: The requested organization resource
32
33
Raises:
34
google.api_core.exceptions.NotFound: If the organization doesn't exist
35
google.api_core.exceptions.PermissionDenied: If access is denied
36
"""
37
```
38
39
Usage example:
40
41
```python
42
from google.cloud.resourcemanager import OrganizationsClient
43
44
client = OrganizationsClient()
45
org = client.get_organization(name="organizations/123456789")
46
print(f"Organization: {org.display_name}")
47
print(f"Directory Customer ID: {org.directory_customer_id}")
48
```
49
50
### Organization Search
51
52
Search for organizations using flexible query expressions. This is typically used to find organizations associated with a domain or user.
53
54
```python { .api }
55
def search_organizations(
56
self,
57
request: SearchOrganizationsRequest = None,
58
*,
59
query: str = None,
60
retry: OptionalRetry = gapic_v1.method.DEFAULT,
61
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
62
metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()
63
) -> pagers.SearchOrganizationsPager:
64
"""
65
Search for organizations using a flexible query language.
66
67
Args:
68
query (str): Query expression for filtering organizations.
69
Examples: 'domain:example.com', 'displayName:ACME*',
70
'lifecycleState:ACTIVE'
71
retry: Retry configuration for the request
72
timeout: Request timeout in seconds
73
metadata: Additional metadata to send with the request
74
75
Returns:
76
SearchOrganizationsPager: An iterator over matching organizations
77
"""
78
```
79
80
Usage example:
81
82
```python
83
client = OrganizationsClient()
84
85
# Search for organizations by domain
86
for org in client.search_organizations(query="domain:example.com"):
87
print(f"Found organization: {org.display_name} ({org.name})")
88
89
# Search for active organizations with specific display name pattern
90
for org in client.search_organizations(query="displayName:ACME* AND lifecycleState:ACTIVE"):
91
print(f"Found: {org.display_name}")
92
```
93
94
### IAM Policy Management
95
96
Manage IAM (Identity and Access Management) policies for organizations, controlling who has access and what permissions they have at the organization level.
97
98
```python { .api }
99
def get_iam_policy(
100
self,
101
request: iam_policy_pb2.GetIamPolicyRequest = None,
102
*,
103
resource: str = None,
104
retry: OptionalRetry = gapic_v1.method.DEFAULT,
105
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
106
metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()
107
) -> policy_pb2.Policy:
108
"""
109
Gets the IAM access control policy for an organization.
110
111
Args:
112
resource (str): Resource name of the organization.
113
Format: organizations/{organization_id}
114
115
Returns:
116
Policy: The IAM policy for the organization
117
"""
118
119
def set_iam_policy(
120
self,
121
request: iam_policy_pb2.SetIamPolicyRequest = None,
122
*,
123
resource: str = None,
124
policy: policy_pb2.Policy = None,
125
retry: OptionalRetry = gapic_v1.method.DEFAULT,
126
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
127
metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()
128
) -> policy_pb2.Policy:
129
"""
130
Sets the IAM access control policy for an organization.
131
132
Args:
133
resource (str): Resource name of the organization
134
policy (Policy): The new IAM policy
135
136
Returns:
137
Policy: The updated IAM policy
138
"""
139
140
def test_iam_permissions(
141
self,
142
request: iam_policy_pb2.TestIamPermissionsRequest = None,
143
*,
144
resource: str = None,
145
permissions: MutableSequence[str] = None,
146
retry: OptionalRetry = gapic_v1.method.DEFAULT,
147
timeout: Union[float, object] = gapic_v1.method.DEFAULT,
148
metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()
149
) -> iam_policy_pb2.TestIamPermissionsResponse:
150
"""
151
Tests the specified permissions against the IAM policy for an organization.
152
153
Args:
154
resource (str): Resource name of the organization
155
permissions (Sequence[str]): List of permissions to test
156
157
Returns:
158
TestIamPermissionsResponse: Results of the permission test
159
"""
160
```
161
162
Usage example:
163
164
```python
165
from google.iam.v1 import iam_policy_pb2, policy_pb2
166
167
client = OrganizationsClient()
168
169
# Get current IAM policy
170
current_policy = client.get_iam_policy(
171
resource="organizations/123456789"
172
)
173
174
# Test specific permissions
175
test_result = client.test_iam_permissions(
176
resource="organizations/123456789",
177
permissions=[
178
"resourcemanager.organizations.get",
179
"resourcemanager.projects.create"
180
]
181
)
182
print(f"Allowed permissions: {test_result.permissions}")
183
```
184
185
## Types
186
187
```python { .api }
188
class Organization:
189
name: str # Resource name: organizations/{organization_id}
190
display_name: str # Human-readable organization name
191
directory_customer_id: str # Directory customer ID from Google Admin Console
192
state: Organization.State # Current lifecycle state
193
create_time: timestamp_pb2.Timestamp # Creation timestamp
194
update_time: timestamp_pb2.Timestamp # Last update timestamp
195
delete_time: timestamp_pb2.Timestamp # Deletion timestamp (if deleted)
196
etag: str # Entity tag for optimistic concurrency
197
198
class State(proto.Enum):
199
STATE_UNSPECIFIED = 0
200
ACTIVE = 1
201
DELETE_REQUESTED = 2
202
203
# Request/Response types
204
class GetOrganizationRequest:
205
name: str
206
207
class SearchOrganizationsRequest:
208
query: str
209
page_token: str
210
page_size: int
211
212
class SearchOrganizationsResponse:
213
organizations: MutableSequence[Organization]
214
next_page_token: str
215
216
# Metadata types for long-running operations (read-only, but included for completeness)
217
class DeleteOrganizationMetadata:
218
# Empty metadata message
219
220
class UndeleteOrganizationMetadata:
221
# Empty metadata message
222
```
223
224
## Notes
225
226
Organizations are read-only resources in the Resource Manager API. They cannot be created, updated, moved, or deleted through this API. Organization management is typically handled through Google Admin Console or Google Cloud Console with appropriate administrative privileges.
227
228
The primary use cases for the Organizations API are:
229
- Retrieving organization information for resource hierarchy navigation
230
- Searching for organizations accessible to the current user
231
- Managing IAM policies at the organization level
232
- Serving as the root parent for folders and projects