以下请求以应用政策为例,说明如何使用 Policy API 进行政策管理。在开始之前,请务必查看 Chrome Policy API 概览和政策架构指南。
下面显示的所有请求都使用以下变量:
$TOKEN
- OAuth 2 令牌$CUSTOMER
- 客户 ID 或文字my_customer
强制安装应用
以下示例适用于组织部门。群组请求是一样的,但 targetResource 除外,其 ID 前带有“groups/”而不是“orgunits/”。
我们在此处将 Google 绘图应用设置为强制安装:
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
requests: [{
policyTargetKey: {
targetResource: "orgunits/04fatzly4jbjho9",
additionalTargetKeys: {"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"}
},
policyValue: {
policySchema: "chrome.users.apps.InstallType",
value: {appInstallType: "FORCED"}
},
updateMask: {paths: "appInstallType"}
}]
}' \
"https://chromepolicy.googleapis.com/v1/customers/$CUSTOMER/policies/orgunits:batchModify"
成功的响应应该为空:
{}
此示例针对用户应用。除了政策架构为 chrome.devices.managedguest.apps.InstallType
之外,受管理访客会话请求是相同的。等效的自助服务终端应用政策请求如下所示:
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
requests: [{
policyTargetKey: {
targetResource: "orgunits/04fatzly4jbjho9",
additionalTargetKeys: {"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"}
},
policyValue: {
policySchema: "chrome.devices.kiosk.apps.ForceInstall",
value: {forceInstall: false}
},
updateMask: {paths: "forceInstall"}
}]
}' \
"https://chromepolicy.googleapis.com/v1/customers/$CUSTOMER/policies/orgunits:batchModify"
成功的响应应该为空:
{}
删除应用
删除应用的操作必须在明确添加该应用用于管理的组织部门中执行。调用 resolve 时,字段 addedSourceKey
包含添加它以进行管理的组织部门。也就是说,只有 addedSourceKey
中的组织部门与 policyTargetKey
中的组织部门相同时,才能调用 delete
。
如需删除应用(即将其从管理中明确移除),您应发送 batchInherit
请求,其中 policySchema
是给定应用类型的架构,并用星号 (*) 代替特定政策。在此示例中,我们将删除安装在“04fatzly4jbjho9”组织部门中的 Google 绘图应用:
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
requests: [{
policyTargetKey: {
targetResource: "orgunits/04fatzly4jbjho9",
additionalTargetKeys: {"app_id": "chrome:gbchcmhmhahfdphkhkmpfmihenigjmpp"}
},
policySchema: "chrome.users.apps.*",
}]
}' \
"https://chromepolicy.googleapis.com/v1/customers/$CUSTOMER/policies/orgunits:batchInherit"
成功的响应应该为空:
{}
删除自助服务终端应用和受管理的访客会话应用的请求将分别使用 chrome.devices.kiosk.apps.\*
和 chrome.devices.managedguest.apps.\*
架构。
获取组织部门中应用的应用安装政策
如需获取适用于特定应用的政策,您必须在请求中同时指定政策和应用 ID。在此示例中,我们将读取 Google 绘图应用的 InstallType 政策的值:
请求
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
policyTargetKey: {
targetResource: "orgunits/04fatzly4jbjho9",
additionalTargetKeys: {"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"}
},
policySchemaFilter: "chrome.users.apps.InstallType"
}' \
"https://chromepolicy.googleapis.com/v1/$CUSTOMER/C02l1chq7/policies:resolve"
响应
{
"resolvedPolicies": [
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"
}
},
"value": {
"policySchema": "chrome.users.apps.InstallType",
"value": {
"appInstallType": "FORCED"
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
}
]
}
获取组织部门中所有应用的应用安装政策
如果上一个示例中的请求省略了应用 ID,该 ID 会成为相应组织部门下所有应用的 InstallType 政策值的请求。
请求
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
policyTargetKey: {
targetResource: "orgunits/04fatzly4jbjho9",
},
policySchemaFilter: "chrome.users.apps.InstallType"
}' \
"https://chromepolicy.googleapis.com/v1/$CUSTOMER/C02l1chq7/policies:resolve"
响应
{
"resolvedPolicies": [
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"
}
},
"value": {
"policySchema": "chrome.users.apps.InstallType",
"value": {
"appInstallType": "FORCED"
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
},
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:fhcfdhnmhdkemdfdncjmgnanbekfmbab"
}
},
"value": {
"policySchema": "chrome.users.apps.InstallType",
"value": {
"appInstallType": "ALLOWED"
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
},
...
]
}
列出组织部门中应用的所有政策
就像您可以在请求中省略应用 ID 以检索所有应用的政策一样,您也可以在政策中使用通配符来获取单个应用的所有政策。在此示例中,我们将获取 Google 绘图应用的所有政策的值。
请求
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
policyTargetKey: {
targetResource: "orgunits/04fatzly4jbjho9",
additionalTargetKeys: {"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"}
},
policySchemaFilter: "chrome.users.apps.*"
}' \
"https://chromepolicy.googleapis.com/v1/$CUSTOMER/C02l1chq7/policies:resolve"
响应
{
"resolvedPolicies": [
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"
}
},
"value": {
"policySchema": "chrome.users.apps.InstallType",
"value": {
"appInstallType": "FORCED"
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
},
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"
}
},
"value": {
"policySchema": "chrome.users.apps.IncludeInChromeWebStoreCollection",
"value": {
"includeInCollection": true
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
},
...
]
}
列出组织部门中所有应用的所有政策
应用 ID 可以省略,并且可在政策中使用通配符,以便请求组织部门下所有应用的所有应用设置。
请求
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
policyTargetKey: {
targetResource: "orgunits/04fatzly4jbjho9"
},
policySchemaFilter: "chrome.users.apps.*"
}' \
"https://chromepolicy.googleapis.com/v1/$CUSTOMER/C02l1chq7/policies:resolve"
响应
{
"resolvedPolicies": [
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"
}
},
"value": {
"policySchema": "chrome.users.apps.InstallType",
"value": {
"appInstallType": "FORCED"
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
},
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:mkaakpdehdafacodkgkpghoibnmamcme"
}
},
"value": {
"policySchema": "chrome.users.apps.IncludeInChromeWebStoreCollection",
"value": {
"includeInCollection": true
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
},
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:fhcfdhnmhdkemdfdncjmgnanbekfmbab"
}
},
"value": {
"policySchema": "chrome.users.apps.InstallType",
"value": {
"appInstallType": "ALLOWED"
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
},
{
"targetKey": {
"targetResource": "orgunits/04fatzly4jbjho9",
"additionalTargetKeys": {
"app_id": "chrome:fhcfdhnmhdkemdfdncjmgnanbekfmbab"
}
},
"value": {
"policySchema": "chrome.users.apps.CertificateManagement",
"value": {
"allowAccessToKeys": true
}
},
"sourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
},
"addedSourceKey": {
"targetResource": "orgunits/04fatzly4jbjho9"
}
},
...
]
}
清除 Kiosk Appsconfig AutoLaunchApp
为了清除 AutoLaunchApp,可将 appId 设置为“None”。
请注意,将 appId 设置为“None”时,所有其他 AutoLaunchApp 设置都将设为其默认值。在这种情况下,除了 appId 之外,请求中发送的任何 AutoLaunchApp 设置都将被忽略。
请求
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{
requests: [{
policyTargetKey: {
targetResource: "orgunits/04fatzly4jbjho9"
},
policyValue: {
policySchema: "chrome.devices.kiosk.appsconfig.AutoLaunchApp",
value: {appId: "None"}
},
updateMask: {paths: "appId"}
}]
}' \
"https://chromepolicy.googleapis.com/v1/customers/$CUSTOMER/policies/orgunits:batchModify"
响应
成功的响应为空。
{}