From ef876a9ed177904388904852af225cdd37fe1b8c Mon Sep 17 00:00:00 2001 From: Yoshi Automation Date: Wed, 24 May 2023 18:26:57 +0000 Subject: [PATCH] feat(assuredworkloads): update the api #### assuredworkloads:v1 The following keys were deleted: - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.serviceAccessApprover.type (Total Keys: 1) The following keys were added: - schemas.GoogleCloudAssuredworkloadsV1Workload.properties.partnerPermissions.$ref (Total Keys: 1) - schemas.GoogleCloudAssuredworkloadsV1Workload.properties.violationNotificationsEnabled.type (Total Keys: 1) #### assuredworkloads:v1beta1 The following keys were added: - schemas.GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata (Total Keys: 9) - schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.controls (Total Keys: 2) - schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.partnerPermissions.$ref (Total Keys: 1) - schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.violationNotificationsEnabled.type (Total Keys: 1) - schemas.GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceControls (Total Keys: 12) - schemas.GoogleCloudAssuredworkloadsV1beta1WorkloadPartnerPermissions (Total Keys: 4) --- ..._v1.organizations.locations.workloads.html | 63 ++++++--- ...ations.locations.workloads.violations.html | 4 +- ...ta1.organizations.locations.workloads.html | 65 +++++++++ ...ations.locations.workloads.violations.html | 4 +- .../documents/assuredworkloads.v1.json | 40 +++--- .../documents/assuredworkloads.v1beta1.json | 132 +++++++++++++++++- 6 files changed, 267 insertions(+), 41 deletions(-) diff --git a/docs/dyn/assuredworkloads_v1.organizations.locations.workloads.html b/docs/dyn/assuredworkloads_v1.organizations.locations.workloads.html index 6e30c969e8b..29dad431a43 100644 --- a/docs/dyn/assuredworkloads_v1.organizations.locations.workloads.html +++ b/docs/dyn/assuredworkloads_v1.organizations.locations.workloads.html @@ -87,7 +87,7 @@

Instance Methods

Creates Assured Workload.

delete(name, etag=None, x__xgafv=None)

-

Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error.

+

Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error. In addition to assuredworkloads.workload.delete permission, the user should also have orgpolicy.policy.set permission on the deleted folder to remove Assured Workloads OrgPolicies.

get(name, x__xgafv=None)

Gets Assured Workload associated with a CRM Node

@@ -141,7 +141,7 @@

Method Details

"enableSovereignControls": True or False, # Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers. "etag": "A String", # Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations. "kajEnrollmentState": "A String", # Output only. Represents the KAJ enrollment state of the given workload. - "kmsSettings": { # Settings specific to the Key Management Service. This message is deprecated. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. + "kmsSettings": { # Settings specific to the Key Management Service. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. "nextRotationTime": "A String", # Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary. "rotationPeriod": "A String", # Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. }, @@ -150,12 +150,16 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. "displayName": "A String", # User-assigned resource display name. If not empty it will be used to create a resource with the specified name. "resourceId": "A String", # Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google. - "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right resource type (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT) + "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) }, ], "resources": [ # Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only. @@ -170,6 +174,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. } externalId: string, Optional. A identifier associated with the workload and underlying projects which allows for the break down of billing costs for a workload. The value provided for the identifier will add a label to the workload and contained projects with the identifier as the value. @@ -204,7 +209,7 @@

Method Details

delete(name, etag=None, x__xgafv=None) - 
Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error.
+  
Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error. In addition to assuredworkloads.workload.delete permission, the user should also have orgpolicy.policy.set permission on the deleted folder to remove Assured Workloads OrgPolicies.
 
 Args:
   name: string, Required. The `name` field is used to identify the workload. Format: organizations/{org_id}/locations/{location_id}/workloads/{workload_id} (required)
@@ -226,7 +231,7 @@ 
Method Details

   
Gets Assured Workload associated with a CRM Node
 
 Args:
-  name: string, Required. The resource name of the Workload to fetch. This is the workload's relative path in the API, formatted as "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}". For example, "organizations/123/locations/us-east1/workloads/assured-workload-1". (required)
+  name: string, Required. The resource name of the Workload to fetch. This is the workloads's relative path in the API, formatted as "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}". For example, "organizations/123/locations/us-east1/workloads/assured-workload-1". (required)
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -255,7 +260,7 @@ 
Method Details

   "enableSovereignControls": True or False, # Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
   "etag": "A String", # Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
   "kajEnrollmentState": "A String", # Output only. Represents the KAJ enrollment state of the given workload.
-  "kmsSettings": { # Settings specific to the Key Management Service. This message is deprecated. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
+  "kmsSettings": { # Settings specific to the Key Management Service. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
     "nextRotationTime": "A String", # Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
     "rotationPeriod": "A String", # Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
   },
@@ -264,12 +269,16 @@ 
Method Details

   },
   "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
   "partner": "A String", # Optional. Partner regime associated with this workload.
+  "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload
+    "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations.
+    "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations
+  },
   "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
   "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
     { # Represent the custom settings for the resources to be created.
       "displayName": "A String", # User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
       "resourceId": "A String", # Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
-      "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right resource type (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT)
+      "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)
     },
   ],
   "resources": [ # Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
@@ -284,6 +293,7 @@ 
Method Details

     ],
     "setupStatus": "A String", # Indicates SAA enrollment status of a given workload.
   },
+  "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
 }
@@ -327,7 +337,7 @@

Method Details

"enableSovereignControls": True or False, # Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers. "etag": "A String", # Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations. "kajEnrollmentState": "A String", # Output only. Represents the KAJ enrollment state of the given workload. - "kmsSettings": { # Settings specific to the Key Management Service. This message is deprecated. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. + "kmsSettings": { # Settings specific to the Key Management Service. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. "nextRotationTime": "A String", # Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary. "rotationPeriod": "A String", # Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. }, @@ -336,12 +346,16 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. "displayName": "A String", # User-assigned resource display name. If not empty it will be used to create a resource with the specified name. "resourceId": "A String", # Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google. - "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right resource type (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT) + "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) }, ], "resources": [ # Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only. @@ -356,6 +370,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. }, ], } @@ -384,12 +399,11 @@

Method Details

body: object, The request body. The object takes the form of: -{ # Request of updating permission settings for a partner workload. +{ # Request for updating permission settings for a partner workload. "etag": "A String", # Optional. The etag of the workload. If this is provided, it must match the server's etag. "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Required. The partner permissions to be updated. "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations - "serviceAccessApprover": True or False, # Allow partner to approve or reject Service Access requests }, "updateMask": "A String", # Required. The list of fields to be updated. E.g. update_mask { paths: "partner_permissions.data_logs_viewer"} } @@ -422,7 +436,7 @@

Method Details

"enableSovereignControls": True or False, # Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers. "etag": "A String", # Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations. "kajEnrollmentState": "A String", # Output only. Represents the KAJ enrollment state of the given workload. - "kmsSettings": { # Settings specific to the Key Management Service. This message is deprecated. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. + "kmsSettings": { # Settings specific to the Key Management Service. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. "nextRotationTime": "A String", # Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary. "rotationPeriod": "A String", # Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. }, @@ -431,12 +445,16 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. "displayName": "A String", # User-assigned resource display name. If not empty it will be used to create a resource with the specified name. "resourceId": "A String", # Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google. - "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right resource type (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT) + "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) }, ], "resources": [ # Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only. @@ -451,6 +469,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. } @@ -483,7 +502,7 @@

Method Details

"enableSovereignControls": True or False, # Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers. "etag": "A String", # Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations. "kajEnrollmentState": "A String", # Output only. Represents the KAJ enrollment state of the given workload. - "kmsSettings": { # Settings specific to the Key Management Service. This message is deprecated. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. + "kmsSettings": { # Settings specific to the Key Management Service. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. "nextRotationTime": "A String", # Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary. "rotationPeriod": "A String", # Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. }, @@ -492,12 +511,16 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. "displayName": "A String", # User-assigned resource display name. If not empty it will be used to create a resource with the specified name. "resourceId": "A String", # Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google. - "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right resource type (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT) + "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) }, ], "resources": [ # Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only. @@ -512,6 +535,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. } updateMask: string, Required. The list of fields to be updated. @@ -543,7 +567,7 @@

Method Details

"enableSovereignControls": True or False, # Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers. "etag": "A String", # Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations. "kajEnrollmentState": "A String", # Output only. Represents the KAJ enrollment state of the given workload. - "kmsSettings": { # Settings specific to the Key Management Service. This message is deprecated. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. + "kmsSettings": { # Settings specific to the Key Management Service. # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. "nextRotationTime": "A String", # Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary. "rotationPeriod": "A String", # Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. }, @@ -552,12 +576,16 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. "displayName": "A String", # User-assigned resource display name. If not empty it will be used to create a resource with the specified name. "resourceId": "A String", # Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google. - "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right resource type (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT) + "resourceType": "A String", # Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) }, ], "resources": [ # Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only. @@ -572,6 +600,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. } diff --git a/docs/dyn/assuredworkloads_v1.organizations.locations.workloads.violations.html b/docs/dyn/assuredworkloads_v1.organizations.locations.workloads.violations.html index e90951906d6..be8aac71c98 100644 --- a/docs/dyn/assuredworkloads_v1.organizations.locations.workloads.violations.html +++ b/docs/dyn/assuredworkloads_v1.organizations.locations.workloads.violations.html @@ -135,7 +135,7 @@

Method Details

Returns: An object of the form: - { # Workload monitoring Violation. Next Id: 22 + { # Workload monitoring Violation. Next Id: 27 "acknowledged": True or False, # A boolean that indicates if the violation is acknowledged "acknowledgementTime": "A String", # Optional. Timestamp when this violation was acknowledged first. Check exception_contexts to find the last time the violation was acknowledged when there are more than one violations. This field will be absent when acknowledged field is marked as false. "auditLogLink": "A String", # Output only. Immutable. Audit Log Link for violated resource Format: https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{timeRange}{folder} @@ -204,7 +204,7 @@

Method Details

{ # Response of ListViolations endpoint. "nextPageToken": "A String", # The next page token. Returns empty if reached the last page. "violations": [ # List of Violations under a Workload. - { # Workload monitoring Violation. Next Id: 22 + { # Workload monitoring Violation. Next Id: 27 "acknowledged": True or False, # A boolean that indicates if the violation is acknowledged "acknowledgementTime": "A String", # Optional. Timestamp when this violation was acknowledged first. Check exception_contexts to find the last time the violation was acknowledged when there are more than one violations. This field will be absent when acknowledged field is marked as false. "auditLogLink": "A String", # Output only. Immutable. Audit Log Link for violated resource Format: https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{timeRange}{folder} diff --git a/docs/dyn/assuredworkloads_v1beta1.organizations.locations.workloads.html b/docs/dyn/assuredworkloads_v1beta1.organizations.locations.workloads.html index c8b1bd378a1..615257de63b 100644 --- a/docs/dyn/assuredworkloads_v1beta1.organizations.locations.workloads.html +++ b/docs/dyn/assuredworkloads_v1beta1.organizations.locations.workloads.html @@ -139,6 +139,14 @@

Method Details

"compliantButDisallowedServices": [ # Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment." "A String", ], + "controls": { # Controls enabled to the user associated with this workload # Output only. Controls associated with the customer workload + "appliedOrgPolicies": [ # Output only. Org policies currently applied by this Assured Workload + { # An org policy control applied by Assured Workloads + "constraint": "A String", # Output only. Constraint name of the org policy control Example: constraints/gcp.resourcelocations + "version": 42, # Output only. Org policy version + }, + ], + }, "createTime": "A String", # Output only. Immutable. The Workload creation timestamp. "displayName": "A String", # Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload "ekmProvisioningResponse": { # External key management systems(EKM) Provisioning response # Optional. Represents the Ekm Provisioning State of the given workload. @@ -176,6 +184,10 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. @@ -196,6 +208,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. } externalId: string, Optional. A identifier associated with the workload and underlying projects which allows for the break down of billing costs for a workload. The value provided for the identifier will add a label to the workload and contained projects with the identifier as the value. @@ -277,6 +290,14 @@

Method Details

"compliantButDisallowedServices": [ # Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment." "A String", ], + "controls": { # Controls enabled to the user associated with this workload # Output only. Controls associated with the customer workload + "appliedOrgPolicies": [ # Output only. Org policies currently applied by this Assured Workload + { # An org policy control applied by Assured Workloads + "constraint": "A String", # Output only. Constraint name of the org policy control Example: constraints/gcp.resourcelocations + "version": 42, # Output only. Org policy version + }, + ], + }, "createTime": "A String", # Output only. Immutable. The Workload creation timestamp. "displayName": "A String", # Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload "ekmProvisioningResponse": { # External key management systems(EKM) Provisioning response # Optional. Represents the Ekm Provisioning State of the given workload. @@ -314,6 +335,10 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. @@ -334,6 +359,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. } @@ -373,6 +399,14 @@

Method Details

"compliantButDisallowedServices": [ # Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment." "A String", ], + "controls": { # Controls enabled to the user associated with this workload # Output only. Controls associated with the customer workload + "appliedOrgPolicies": [ # Output only. Org policies currently applied by this Assured Workload + { # An org policy control applied by Assured Workloads + "constraint": "A String", # Output only. Constraint name of the org policy control Example: constraints/gcp.resourcelocations + "version": 42, # Output only. Org policy version + }, + ], + }, "createTime": "A String", # Output only. Immutable. The Workload creation timestamp. "displayName": "A String", # Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload "ekmProvisioningResponse": { # External key management systems(EKM) Provisioning response # Optional. Represents the Ekm Provisioning State of the given workload. @@ -410,6 +444,10 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. @@ -430,6 +468,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. }, ], } @@ -474,6 +513,14 @@

Method Details

"compliantButDisallowedServices": [ # Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment." "A String", ], + "controls": { # Controls enabled to the user associated with this workload # Output only. Controls associated with the customer workload + "appliedOrgPolicies": [ # Output only. Org policies currently applied by this Assured Workload + { # An org policy control applied by Assured Workloads + "constraint": "A String", # Output only. Constraint name of the org policy control Example: constraints/gcp.resourcelocations + "version": 42, # Output only. Org policy version + }, + ], + }, "createTime": "A String", # Output only. Immutable. The Workload creation timestamp. "displayName": "A String", # Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload "ekmProvisioningResponse": { # External key management systems(EKM) Provisioning response # Optional. Represents the Ekm Provisioning State of the given workload. @@ -511,6 +558,10 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. @@ -531,6 +582,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. } updateMask: string, Required. The list of fields to be updated. @@ -558,6 +610,14 @@

Method Details

"compliantButDisallowedServices": [ # Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment." "A String", ], + "controls": { # Controls enabled to the user associated with this workload # Output only. Controls associated with the customer workload + "appliedOrgPolicies": [ # Output only. Org policies currently applied by this Assured Workload + { # An org policy control applied by Assured Workloads + "constraint": "A String", # Output only. Constraint name of the org policy control Example: constraints/gcp.resourcelocations + "version": 42, # Output only. Org policy version + }, + ], + }, "createTime": "A String", # Output only. Immutable. The Workload creation timestamp. "displayName": "A String", # Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload "ekmProvisioningResponse": { # External key management systems(EKM) Provisioning response # Optional. Represents the Ekm Provisioning State of the given workload. @@ -595,6 +655,10 @@

Method Details

}, "name": "A String", # Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only. "partner": "A String", # Optional. Partner regime associated with this workload. + "partnerPermissions": { # Permissions granted to the AW Partner SA account for the customer workload # Optional. Permissions granted to the AW Partner SA account for the customer workload + "dataLogsViewer": True or False, # Allow the partner to view inspectability logs and monitoring violations. + "remediateFolderViolations": True or False, # Allow partner to monitor folder and remediate violations + }, "provisionedResourcesParent": "A String", # Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} "resourceSettings": [ # Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. { # Represent the custom settings for the resources to be created. @@ -615,6 +679,7 @@

Method Details

], "setupStatus": "A String", # Indicates SAA enrollment status of a given workload. }, + "violationNotificationsEnabled": True or False, # Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. } diff --git a/docs/dyn/assuredworkloads_v1beta1.organizations.locations.workloads.violations.html b/docs/dyn/assuredworkloads_v1beta1.organizations.locations.workloads.violations.html index aeae5297af2..0f138332504 100644 --- a/docs/dyn/assuredworkloads_v1beta1.organizations.locations.workloads.violations.html +++ b/docs/dyn/assuredworkloads_v1beta1.organizations.locations.workloads.violations.html @@ -135,7 +135,7 @@

Method Details

Returns: An object of the form: - { # Workload monitoring Violation. Next Id: 22 + { # Workload monitoring Violation. Next Id: 27 "acknowledged": True or False, # A boolean that indicates if the violation is acknowledged "acknowledgementTime": "A String", # Optional. Timestamp when this violation was acknowledged first. Check exception_contexts to find the last time the violation was acknowledged when there are more than one violations. This field will be absent when acknowledged field is marked as false. "auditLogLink": "A String", # Output only. Immutable. Audit Log Link for violated resource Format: https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{timeRange}{folder} @@ -204,7 +204,7 @@

Method Details

{ # Response of ListViolations endpoint. "nextPageToken": "A String", # The next page token. Returns empty if reached the last page. "violations": [ # List of Violations under a Workload. - { # Workload monitoring Violation. Next Id: 22 + { # Workload monitoring Violation. Next Id: 27 "acknowledged": True or False, # A boolean that indicates if the violation is acknowledged "acknowledgementTime": "A String", # Optional. Timestamp when this violation was acknowledged first. Check exception_contexts to find the last time the violation was acknowledged when there are more than one violations. This field will be absent when acknowledged field is marked as false. "auditLogLink": "A String", # Output only. Immutable. Audit Log Link for violated resource Format: https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{timeRange}{folder} diff --git a/googleapiclient/discovery_cache/documents/assuredworkloads.v1.json b/googleapiclient/discovery_cache/documents/assuredworkloads.v1.json index 859774ab688..c9fe7d1cf97 100644 --- a/googleapiclient/discovery_cache/documents/assuredworkloads.v1.json +++ b/googleapiclient/discovery_cache/documents/assuredworkloads.v1.json @@ -215,7 +215,7 @@ ] }, "delete": { - "description": "Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error.", + "description": "Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error. In addition to assuredworkloads.workload.delete permission, the user should also have orgpolicy.policy.set permission on the deleted folder to remove Assured Workloads OrgPolicies.", "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/workloads/{workloadsId}", "httpMethod": "DELETE", "id": "assuredworkloads.organizations.locations.workloads.delete", @@ -254,7 +254,7 @@ ], "parameters": { "name": { - "description": "Required. The resource name of the Workload to fetch. This is the workload's relative path in the API, formatted as \"organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}\". For example, \"organizations/123/locations/us-east1/workloads/assured-workload-1\".", + "description": "Required. The resource name of the Workload to fetch. This is the workloads's relative path in the API, formatted as \"organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}\". For example, \"organizations/123/locations/us-east1/workloads/assured-workload-1\".", "location": "path", "pattern": "^organizations/[^/]+/locations/[^/]+/workloads/[^/]+$", "required": true, @@ -519,7 +519,7 @@ } } }, - "revision": "20230406", + "revision": "20230519", "rootUrl": "https://assuredworkloads.googleapis.com/", "schemas": { "GoogleCloudAssuredworkloadsV1AcknowledgeViolationRequest": { @@ -580,8 +580,8 @@ "Assured Workloads For Canada Regions and Support controls", "International Traffic in Arms Regulations", "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", - "Assured Workloads for Partners", - "Assured Workloads for Israel Regions", + "Assured Workloads for Partners;", + "Assured Workloads for Israel", "Assured Workloads for Israel Regions", "Assured Workloads for Canada Protected B regime" ], @@ -640,7 +640,7 @@ "type": "object" }, "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest": { - "description": "Request of updating permission settings for a partner workload.", + "description": "Request for updating permission settings for a partner workload.", "id": "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest", "properties": { "etag": { @@ -675,7 +675,7 @@ "Unknown restriction type.", "Allow the use all of all gcp products, irrespective of the compliance posture. This effectively removes gcp.restrictServiceUsage OrgPolicy on the AssuredWorkloads Folder.", "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources.", - "Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows." + "Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of compliant resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows." ], "type": "string" } @@ -689,7 +689,7 @@ "type": "object" }, "GoogleCloudAssuredworkloadsV1Violation": { - "description": "Workload monitoring Violation. Next Id: 22", + "description": "Workload monitoring Violation. Next Id: 27", "id": "GoogleCloudAssuredworkloadsV1Violation", "properties": { "acknowledged": { @@ -928,8 +928,8 @@ "Assured Workloads For Canada Regions and Support controls", "International Traffic in Arms Regulations", "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", - "Assured Workloads for Partners", - "Assured Workloads for Israel Regions", + "Assured Workloads for Partners;", + "Assured Workloads for Israel", "Assured Workloads for Israel Regions", "Assured Workloads for Canada Protected B regime" ], @@ -1018,6 +1018,10 @@ ], "type": "string" }, + "partnerPermissions": { + "$ref": "GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions", + "description": "Optional. Permissions granted to the AW Partner SA account for the customer workload" + }, "provisionedResourcesParent": { "description": "Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}", "type": "string" @@ -1041,6 +1045,10 @@ "$ref": "GoogleCloudAssuredworkloadsV1WorkloadSaaEnrollmentResponse", "description": "Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.", "readOnly": true + }, + "violationNotificationsEnabled": { + "description": "Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.", + "type": "boolean" } }, "type": "object" @@ -1122,7 +1130,7 @@ "type": "object" }, "GoogleCloudAssuredworkloadsV1WorkloadKMSSettings": { - "description": "Settings specific to the Key Management Service. This message is deprecated. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.", + "description": "Settings specific to the Key Management Service.", "id": "GoogleCloudAssuredworkloadsV1WorkloadKMSSettings", "properties": { "nextRotationTime": { @@ -1149,10 +1157,6 @@ "remediateFolderViolations": { "description": "Allow partner to monitor folder and remediate violations", "type": "boolean" - }, - "serviceAccessApprover": { - "description": "Allow partner to approve or reject Service Access requests", - "type": "boolean" } }, "type": "object" @@ -1177,7 +1181,7 @@ ], "enumDescriptions": [ "Unknown resource type.", - "Consumer project. AssuredWorkloads Projects are no longer supported. This field will be ignored only in CreateWorkload requests. ListWorkloads and GetWorkload will continue to provide projects information. Use CONSUMER_FOLDER instead.", + "Deprecated. Existing workloads will continue to support this, but new CreateWorkloadRequests should not specify this as an input value.", "Consumer Folder.", "Consumer project containing encryption keys.", "Keyring resource that hosts encryption keys." @@ -1200,7 +1204,7 @@ "type": "string" }, "resourceType": { - "description": "Indicates the type of resource. This field should be specified to correspond the id to the right resource type (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT)", + "description": "Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)", "enum": [ "RESOURCE_TYPE_UNSPECIFIED", "CONSUMER_PROJECT", @@ -1210,7 +1214,7 @@ ], "enumDescriptions": [ "Unknown resource type.", - "Consumer project. AssuredWorkloads Projects are no longer supported. This field will be ignored only in CreateWorkload requests. ListWorkloads and GetWorkload will continue to provide projects information. Use CONSUMER_FOLDER instead.", + "Deprecated. Existing workloads will continue to support this, but new CreateWorkloadRequests should not specify this as an input value.", "Consumer Folder.", "Consumer project containing encryption keys.", "Keyring resource that hosts encryption keys." diff --git a/googleapiclient/discovery_cache/documents/assuredworkloads.v1beta1.json b/googleapiclient/discovery_cache/documents/assuredworkloads.v1beta1.json index eb9ccdd2129..eae178b7043 100644 --- a/googleapiclient/discovery_cache/documents/assuredworkloads.v1beta1.json +++ b/googleapiclient/discovery_cache/documents/assuredworkloads.v1beta1.json @@ -595,7 +595,7 @@ } } }, - "revision": "20230406", + "revision": "20230519", "rootUrl": "https://assuredworkloads.googleapis.com/", "schemas": { "GoogleCloudAssuredworkloadsV1beta1AcknowledgeViolationRequest": { @@ -633,6 +633,73 @@ }, "type": "object" }, + "GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata": { + "description": "Operation metadata to give request details of CreateWorkload.", + "id": "GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata", + "properties": { + "complianceRegime": { + "description": "Optional. Compliance controls that should be applied to the resources managed by the workload.", + "enum": [ + "COMPLIANCE_REGIME_UNSPECIFIED", + "IL4", + "CJIS", + "FEDRAMP_HIGH", + "FEDRAMP_MODERATE", + "US_REGIONAL_ACCESS", + "HIPAA", + "HITRUST", + "EU_REGIONS_AND_SUPPORT", + "CA_REGIONS_AND_SUPPORT", + "ITAR", + "AU_REGIONS_AND_US_SUPPORT", + "ASSURED_WORKLOADS_FOR_PARTNERS", + "ISR_REGIONS", + "ISR_REGIONS_AND_SUPPORT", + "CA_PROTECTED_B" + ], + "enumDescriptions": [ + "Unknown compliance regime.", + "Information protection as per DoD IL4 requirements.", + "Criminal Justice Information Services (CJIS) Security policies.", + "FedRAMP High data protection controls", + "FedRAMP Moderate data protection controls", + "Assured Workloads For US Regions data protection controls", + "Health Insurance Portability and Accountability Act controls", + "Health Information Trust Alliance controls", + "Assured Workloads For EU Regions and Support controls", + "Assured Workloads For Canada Regions and Support controls", + "International Traffic in Arms Regulations", + "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", + "Assured Workloads for Partners;", + "Assured Workloads for Israel", + "Assured Workloads for Israel Regions", + "Assured Workloads for Canada Protected B regime" + ], + "type": "string" + }, + "createTime": { + "description": "Optional. Time when the operation was created.", + "format": "google-datetime", + "type": "string" + }, + "displayName": { + "description": "Optional. The display name of the workload.", + "type": "string" + }, + "parent": { + "description": "Optional. The parent of the workload.", + "type": "string" + }, + "resourceSettings": { + "description": "Optional. Resource properties in the input that are used for creating/customizing workload resources.", + "items": { + "$ref": "GoogleCloudAssuredworkloadsV1beta1WorkloadResourceSettings" + }, + "type": "array" + } + }, + "type": "object" + }, "GoogleCloudAssuredworkloadsV1beta1ListViolationsResponse": { "description": "Response of ListViolations endpoint.", "id": "GoogleCloudAssuredworkloadsV1beta1ListViolationsResponse", @@ -699,7 +766,7 @@ "type": "object" }, "GoogleCloudAssuredworkloadsV1beta1Violation": { - "description": "Workload monitoring Violation. Next Id: 22", + "description": "Workload monitoring Violation. Next Id: 27", "id": "GoogleCloudAssuredworkloadsV1beta1Violation", "properties": { "acknowledged": { @@ -962,6 +1029,11 @@ "readOnly": true, "type": "array" }, + "controls": { + "$ref": "GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceControls", + "description": "Output only. Controls associated with the customer workload", + "readOnly": true + }, "createTime": { "description": "Output only. Immutable. The Workload creation timestamp.", "format": "google-datetime", @@ -1044,6 +1116,10 @@ ], "type": "string" }, + "partnerPermissions": { + "$ref": "GoogleCloudAssuredworkloadsV1beta1WorkloadPartnerPermissions", + "description": "Optional. Permissions granted to the AW Partner SA account for the customer workload" + }, "provisionedResourcesParent": { "description": "Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}", "type": "string" @@ -1067,6 +1143,10 @@ "$ref": "GoogleCloudAssuredworkloadsV1beta1WorkloadSaaEnrollmentResponse", "description": "Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.", "readOnly": true + }, + "violationNotificationsEnabled": { + "description": "Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.", + "type": "boolean" } }, "type": "object" @@ -1082,6 +1162,39 @@ }, "type": "object" }, + "GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceControls": { + "description": "Controls enabled to the user associated with this workload", + "id": "GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceControls", + "properties": { + "appliedOrgPolicies": { + "description": "Output only. Org policies currently applied by this Assured Workload", + "items": { + "$ref": "GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceControlsOrgPolicyControl" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceControlsOrgPolicyControl": { + "description": "An org policy control applied by Assured Workloads", + "id": "GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceControlsOrgPolicyControl", + "properties": { + "constraint": { + "description": "Output only. Constraint name of the org policy control Example: constraints/gcp.resourcelocations", + "readOnly": true, + "type": "string" + }, + "version": { + "description": "Output only. Org policy version", + "format": "int32", + "readOnly": true, + "type": "integer" + } + }, + "type": "object" + }, "GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceStatus": { "description": "Represents the Compliance Status of this workload", "id": "GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceStatus", @@ -1208,6 +1321,21 @@ }, "type": "object" }, + "GoogleCloudAssuredworkloadsV1beta1WorkloadPartnerPermissions": { + "description": "Permissions granted to the AW Partner SA account for the customer workload", + "id": "GoogleCloudAssuredworkloadsV1beta1WorkloadPartnerPermissions", + "properties": { + "dataLogsViewer": { + "description": "Allow the partner to view inspectability logs and monitoring violations.", + "type": "boolean" + }, + "remediateFolderViolations": { + "description": "Allow partner to monitor folder and remediate violations", + "type": "boolean" + } + }, + "type": "object" + }, "GoogleCloudAssuredworkloadsV1beta1WorkloadResourceInfo": { "description": "Represent the resources that are children of this Workload.", "id": "GoogleCloudAssuredworkloadsV1beta1WorkloadResourceInfo",