google-cloud-assured_workloads-v1 0.3.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6d11723ad6736cc5604664185abbdd38ec30d78074463fbcd53a26da48ef9e62
4
- data.tar.gz: c25b06fced4040dfd664d413c6558cb05e0a766560422f8ba61842cd24b9fbda
3
+ metadata.gz: 1b5d2d0b6b9d5d07d8a305a31f2582fd7cd547c4ebcb5053b39f3b5d761fc2fd
4
+ data.tar.gz: 7ee4ad5ca57e0ff5a5c66da09729ff55b9490e87480254f8723c48a625996406
5
5
  SHA512:
6
- metadata.gz: b9cc8e0f2a7344625ad4608fc46bce4d9d3eee8b8d559b658d9b81b6236c3c759a51454421e809b008cd9fef60241588e834ab7dc6e967f046c933c16cc73b79
7
- data.tar.gz: 41d850e8e5521f5bba3a5498ee7e83fa748ea94f8bc1dbab07c0813c6e408edec0195fcaa1ec72a9e062445431877d3cd716898b7b3932c3e2de169543af5b71
6
+ metadata.gz: f584117679dd3732440601c3934470058aa31d7ff6132c5148f902f4c5cd311a016b2124b1120508d87149f3c497afcf27ff181525c4712f2251ff04a9e1ba56
7
+ data.tar.gz: 354df5b0a205499aa3214a1219dff3b38284150e3bf5f99cf8b5839f16f9bdd424ff87372483ca1beac586c187cb82506269e98260c7cea602d71319fc2b3673
data/AUTHENTICATION.md CHANGED
@@ -114,7 +114,7 @@ credentials are discovered.
114
114
  To configure your system for this, simply:
115
115
 
116
116
  1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
117
- 2. Authenticate using OAuth 2.0 `$ gcloud auth login`
117
+ 2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
118
118
  3. Write code as if already authenticated.
119
119
 
120
120
  **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
@@ -183,8 +183,8 @@ module Google
183
183
  # @param workload [::Google::Cloud::AssuredWorkloads::V1::Workload, ::Hash]
184
184
  # Required. Assured Workload to create
185
185
  # @param external_id [::String]
186
- # Optional. A identifier associated with the workload and underlying projects
187
- # which allows for the break down of billing costs for a workload. The value
186
+ # Optional. A identifier associated with the workload and underlying projects which
187
+ # allows for the break down of billing costs for a workload. The value
188
188
  # provided for the identifier will add a label to the workload and contained
189
189
  # projects with the identifier as the value.
190
190
  #
@@ -283,7 +283,7 @@ module Google
283
283
  #
284
284
  # @param workload [::Google::Cloud::AssuredWorkloads::V1::Workload, ::Hash]
285
285
  # Required. The workload to update.
286
- # The workloads `name` field is used to identify the workload to be updated.
286
+ # The workload's `name` field is used to identify the workload to be updated.
287
287
  # Format:
288
288
  # organizations/\\{org_id}/locations/\\{location_id}/workloads/\\{workload_id}
289
289
  # @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
@@ -353,6 +353,102 @@ module Google
353
353
  raise ::Google::Cloud::Error.from_error(e)
354
354
  end
355
355
 
356
+ ##
357
+ # Restrict the list of resources allowed in the Workload environment.
358
+ # The current list of allowed products can be found at
359
+ # https://cloud.google.com/assured-workloads/docs/supported-products
360
+ # In addition to assuredworkloads.workload.update permission, the user should
361
+ # also have orgpolicy.policy.set permission on the folder resource
362
+ # to use this functionality.
363
+ #
364
+ # @overload restrict_allowed_resources(request, options = nil)
365
+ # Pass arguments to `restrict_allowed_resources` via a request object, either of type
366
+ # {::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest} or an equivalent Hash.
367
+ #
368
+ # @param request [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest, ::Hash]
369
+ # A request object representing the call parameters. Required. To specify no
370
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
371
+ # @param options [::Gapic::CallOptions, ::Hash]
372
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
373
+ #
374
+ # @overload restrict_allowed_resources(name: nil, restriction_type: nil)
375
+ # Pass arguments to `restrict_allowed_resources` via keyword arguments. Note that at
376
+ # least one keyword argument is required. To specify no parameters, or to keep all
377
+ # the default parameter values, pass an empty Hash as a request object (see above).
378
+ #
379
+ # @param name [::String]
380
+ # Required. The resource name of the Workload. This is the workloads's
381
+ # relative path in the API, formatted as
382
+ # "organizations/\\{organization_id}/locations/\\{location_id}/workloads/\\{workload_id}".
383
+ # For example,
384
+ # "organizations/123/locations/us-east1/workloads/assured-workload-1".
385
+ # @param restriction_type [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest::RestrictionType]
386
+ # Required. The type of restriction for using gcp products in the Workload environment.
387
+ #
388
+ # @yield [response, operation] Access the result along with the RPC operation
389
+ # @yieldparam response [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesResponse]
390
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
391
+ #
392
+ # @return [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesResponse]
393
+ #
394
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
395
+ #
396
+ # @example Basic example
397
+ # require "google/cloud/assured_workloads/v1"
398
+ #
399
+ # # Create a client object. The client can be reused for multiple calls.
400
+ # client = Google::Cloud::AssuredWorkloads::V1::AssuredWorkloadsService::Client.new
401
+ #
402
+ # # Create a request. To set request fields, pass in keyword arguments.
403
+ # request = Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest.new
404
+ #
405
+ # # Call the restrict_allowed_resources method.
406
+ # result = client.restrict_allowed_resources request
407
+ #
408
+ # # The returned object is of type Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesResponse.
409
+ # p result
410
+ #
411
+ def restrict_allowed_resources request, options = nil
412
+ raise ::ArgumentError, "request must be provided" if request.nil?
413
+
414
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest
415
+
416
+ # Converts hash and nil to an options object
417
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
418
+
419
+ # Customize the options with defaults
420
+ metadata = @config.rpcs.restrict_allowed_resources.metadata.to_h
421
+
422
+ # Set x-goog-api-client and x-goog-user-project headers
423
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
424
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
425
+ gapic_version: ::Google::Cloud::AssuredWorkloads::V1::VERSION
426
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
427
+
428
+ header_params = {}
429
+ if request.name
430
+ header_params["name"] = request.name
431
+ end
432
+
433
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
434
+ metadata[:"x-goog-request-params"] ||= request_params_header
435
+
436
+ options.apply_defaults timeout: @config.rpcs.restrict_allowed_resources.timeout,
437
+ metadata: metadata,
438
+ retry_policy: @config.rpcs.restrict_allowed_resources.retry_policy
439
+
440
+ options.apply_defaults timeout: @config.timeout,
441
+ metadata: @config.metadata,
442
+ retry_policy: @config.retry_policy
443
+
444
+ @assured_workloads_service_stub.call_rpc :restrict_allowed_resources, request, options: options do |response, operation|
445
+ yield response, operation if block_given?
446
+ return response
447
+ end
448
+ rescue ::GRPC::BadStatus => e
449
+ raise ::Google::Cloud::Error.from_error(e)
450
+ end
451
+
356
452
  ##
357
453
  # Deletes the workload. Make sure that workload's direct children are already
358
454
  # in a deleted state, otherwise the request will fail with a
@@ -464,8 +560,8 @@ module Google
464
560
  # the default parameter values, pass an empty Hash as a request object (see above).
465
561
  #
466
562
  # @param name [::String]
467
- # Required. The resource name of the Workload to fetch. This is the
468
- # workloads's relative path in the API, formatted as
563
+ # Required. The resource name of the Workload to fetch. This is the workload's
564
+ # relative path in the API, formatted as
469
565
  # "organizations/\\{organization_id}/locations/\\{location_id}/workloads/\\{workload_id}".
470
566
  # For example,
471
567
  # "organizations/123/locations/us-east1/workloads/assured-workload-1".
@@ -636,6 +732,276 @@ module Google
636
732
  raise ::Google::Cloud::Error.from_error(e)
637
733
  end
638
734
 
735
+ ##
736
+ # Lists the Violations in the AssuredWorkload Environment.
737
+ # Callers may also choose to read across multiple Workloads as per
738
+ # [AIP-159](https://google.aip.dev/159) by using '-' (the hyphen or dash
739
+ # character) as a wildcard character instead of workload-id in the parent.
740
+ # Format `organizations/{org_id}/locations/{location}/workloads/-`
741
+ #
742
+ # @overload list_violations(request, options = nil)
743
+ # Pass arguments to `list_violations` via a request object, either of type
744
+ # {::Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest} or an equivalent Hash.
745
+ #
746
+ # @param request [::Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest, ::Hash]
747
+ # A request object representing the call parameters. Required. To specify no
748
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
749
+ # @param options [::Gapic::CallOptions, ::Hash]
750
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
751
+ #
752
+ # @overload list_violations(parent: nil, interval: nil, page_size: nil, page_token: nil, filter: nil)
753
+ # Pass arguments to `list_violations` via keyword arguments. Note that at
754
+ # least one keyword argument is required. To specify no parameters, or to keep all
755
+ # the default parameter values, pass an empty Hash as a request object (see above).
756
+ #
757
+ # @param parent [::String]
758
+ # Required. The Workload name.
759
+ # Format `organizations/{org_id}/locations/{location}/workloads/{workload}`.
760
+ # @param interval [::Google::Cloud::AssuredWorkloads::V1::TimeWindow, ::Hash]
761
+ # Optional. Specifies the time window for retrieving active Violations.
762
+ # When specified, retrieves Violations that were active between start_time
763
+ # and end_time.
764
+ # @param page_size [::Integer]
765
+ # Optional. Page size.
766
+ # @param page_token [::String]
767
+ # Optional. Page token returned from previous request.
768
+ # @param filter [::String]
769
+ # Optional. A custom filter for filtering by the Violations properties.
770
+ #
771
+ # @yield [response, operation] Access the result along with the RPC operation
772
+ # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::AssuredWorkloads::V1::Violation>]
773
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
774
+ #
775
+ # @return [::Gapic::PagedEnumerable<::Google::Cloud::AssuredWorkloads::V1::Violation>]
776
+ #
777
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
778
+ #
779
+ # @example Basic example
780
+ # require "google/cloud/assured_workloads/v1"
781
+ #
782
+ # # Create a client object. The client can be reused for multiple calls.
783
+ # client = Google::Cloud::AssuredWorkloads::V1::AssuredWorkloadsService::Client.new
784
+ #
785
+ # # Create a request. To set request fields, pass in keyword arguments.
786
+ # request = Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest.new
787
+ #
788
+ # # Call the list_violations method.
789
+ # result = client.list_violations request
790
+ #
791
+ # # The returned object is of type Gapic::PagedEnumerable. You can
792
+ # # iterate over all elements by calling #each, and the enumerable
793
+ # # will lazily make API calls to fetch subsequent pages. Other
794
+ # # methods are also available for managing paging directly.
795
+ # result.each do |response|
796
+ # # Each element is of type ::Google::Cloud::AssuredWorkloads::V1::Violation.
797
+ # p response
798
+ # end
799
+ #
800
+ def list_violations request, options = nil
801
+ raise ::ArgumentError, "request must be provided" if request.nil?
802
+
803
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest
804
+
805
+ # Converts hash and nil to an options object
806
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
807
+
808
+ # Customize the options with defaults
809
+ metadata = @config.rpcs.list_violations.metadata.to_h
810
+
811
+ # Set x-goog-api-client and x-goog-user-project headers
812
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
813
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
814
+ gapic_version: ::Google::Cloud::AssuredWorkloads::V1::VERSION
815
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
816
+
817
+ options.apply_defaults timeout: @config.rpcs.list_violations.timeout,
818
+ metadata: metadata,
819
+ retry_policy: @config.rpcs.list_violations.retry_policy
820
+
821
+ options.apply_defaults timeout: @config.timeout,
822
+ metadata: @config.metadata,
823
+ retry_policy: @config.retry_policy
824
+
825
+ @assured_workloads_service_stub.call_rpc :list_violations, request, options: options do |response, operation|
826
+ response = ::Gapic::PagedEnumerable.new @assured_workloads_service_stub, :list_violations, request, response, operation, options
827
+ yield response, operation if block_given?
828
+ return response
829
+ end
830
+ rescue ::GRPC::BadStatus => e
831
+ raise ::Google::Cloud::Error.from_error(e)
832
+ end
833
+
834
+ ##
835
+ # Retrieves Assured Workload Violation based on ID.
836
+ #
837
+ # @overload get_violation(request, options = nil)
838
+ # Pass arguments to `get_violation` via a request object, either of type
839
+ # {::Google::Cloud::AssuredWorkloads::V1::GetViolationRequest} or an equivalent Hash.
840
+ #
841
+ # @param request [::Google::Cloud::AssuredWorkloads::V1::GetViolationRequest, ::Hash]
842
+ # A request object representing the call parameters. Required. To specify no
843
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
844
+ # @param options [::Gapic::CallOptions, ::Hash]
845
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
846
+ #
847
+ # @overload get_violation(name: nil)
848
+ # Pass arguments to `get_violation` via keyword arguments. Note that at
849
+ # least one keyword argument is required. To specify no parameters, or to keep all
850
+ # the default parameter values, pass an empty Hash as a request object (see above).
851
+ #
852
+ # @param name [::String]
853
+ # Required. The resource name of the Violation to fetch (ie. Violation.name).
854
+ # Format:
855
+ # organizations/\\{organization}/locations/\\{location}/workloads/\\{workload}/violations/\\{violation}
856
+ #
857
+ # @yield [response, operation] Access the result along with the RPC operation
858
+ # @yieldparam response [::Google::Cloud::AssuredWorkloads::V1::Violation]
859
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
860
+ #
861
+ # @return [::Google::Cloud::AssuredWorkloads::V1::Violation]
862
+ #
863
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
864
+ #
865
+ # @example Basic example
866
+ # require "google/cloud/assured_workloads/v1"
867
+ #
868
+ # # Create a client object. The client can be reused for multiple calls.
869
+ # client = Google::Cloud::AssuredWorkloads::V1::AssuredWorkloadsService::Client.new
870
+ #
871
+ # # Create a request. To set request fields, pass in keyword arguments.
872
+ # request = Google::Cloud::AssuredWorkloads::V1::GetViolationRequest.new
873
+ #
874
+ # # Call the get_violation method.
875
+ # result = client.get_violation request
876
+ #
877
+ # # The returned object is of type Google::Cloud::AssuredWorkloads::V1::Violation.
878
+ # p result
879
+ #
880
+ def get_violation request, options = nil
881
+ raise ::ArgumentError, "request must be provided" if request.nil?
882
+
883
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AssuredWorkloads::V1::GetViolationRequest
884
+
885
+ # Converts hash and nil to an options object
886
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
887
+
888
+ # Customize the options with defaults
889
+ metadata = @config.rpcs.get_violation.metadata.to_h
890
+
891
+ # Set x-goog-api-client and x-goog-user-project headers
892
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
893
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
894
+ gapic_version: ::Google::Cloud::AssuredWorkloads::V1::VERSION
895
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
896
+
897
+ options.apply_defaults timeout: @config.rpcs.get_violation.timeout,
898
+ metadata: metadata,
899
+ retry_policy: @config.rpcs.get_violation.retry_policy
900
+
901
+ options.apply_defaults timeout: @config.timeout,
902
+ metadata: @config.metadata,
903
+ retry_policy: @config.retry_policy
904
+
905
+ @assured_workloads_service_stub.call_rpc :get_violation, request, options: options do |response, operation|
906
+ yield response, operation if block_given?
907
+ return response
908
+ end
909
+ rescue ::GRPC::BadStatus => e
910
+ raise ::Google::Cloud::Error.from_error(e)
911
+ end
912
+
913
+ ##
914
+ # Acknowledges an existing violation. By acknowledging a violation, users
915
+ # acknowledge the existence of a compliance violation in their workload and
916
+ # decide to ignore it due to a valid business justification. Acknowledgement
917
+ # is a permanent operation and it cannot be reverted.
918
+ #
919
+ # @overload acknowledge_violation(request, options = nil)
920
+ # Pass arguments to `acknowledge_violation` via a request object, either of type
921
+ # {::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest} or an equivalent Hash.
922
+ #
923
+ # @param request [::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest, ::Hash]
924
+ # A request object representing the call parameters. Required. To specify no
925
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
926
+ # @param options [::Gapic::CallOptions, ::Hash]
927
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
928
+ #
929
+ # @overload acknowledge_violation(name: nil, comment: nil, non_compliant_org_policy: nil)
930
+ # Pass arguments to `acknowledge_violation` via keyword arguments. Note that at
931
+ # least one keyword argument is required. To specify no parameters, or to keep all
932
+ # the default parameter values, pass an empty Hash as a request object (see above).
933
+ #
934
+ # @param name [::String]
935
+ # Required. The resource name of the Violation to acknowledge.
936
+ # Format:
937
+ # organizations/\\{organization}/locations/\\{location}/workloads/\\{workload}/violations/\\{violation}
938
+ # @param comment [::String]
939
+ # Required. Business justification explaining the need for violation acknowledgement
940
+ # @param non_compliant_org_policy [::String]
941
+ # Optional. This field is deprecated and will be removed in future version of the API.
942
+ # Name of the OrgPolicy which was modified with non-compliant change and
943
+ # resulted in this violation.
944
+ # Format:
945
+ # projects/\\{project_number}/policies/\\{constraint_name}
946
+ # folders/\\{folder_id}/policies/\\{constraint_name}
947
+ # organizations/\\{organization_id}/policies/\\{constraint_name}
948
+ #
949
+ # @yield [response, operation] Access the result along with the RPC operation
950
+ # @yieldparam response [::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationResponse]
951
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
952
+ #
953
+ # @return [::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationResponse]
954
+ #
955
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
956
+ #
957
+ # @example Basic example
958
+ # require "google/cloud/assured_workloads/v1"
959
+ #
960
+ # # Create a client object. The client can be reused for multiple calls.
961
+ # client = Google::Cloud::AssuredWorkloads::V1::AssuredWorkloadsService::Client.new
962
+ #
963
+ # # Create a request. To set request fields, pass in keyword arguments.
964
+ # request = Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest.new
965
+ #
966
+ # # Call the acknowledge_violation method.
967
+ # result = client.acknowledge_violation request
968
+ #
969
+ # # The returned object is of type Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationResponse.
970
+ # p result
971
+ #
972
+ def acknowledge_violation request, options = nil
973
+ raise ::ArgumentError, "request must be provided" if request.nil?
974
+
975
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest
976
+
977
+ # Converts hash and nil to an options object
978
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
979
+
980
+ # Customize the options with defaults
981
+ metadata = @config.rpcs.acknowledge_violation.metadata.to_h
982
+
983
+ # Set x-goog-api-client and x-goog-user-project headers
984
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
985
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
986
+ gapic_version: ::Google::Cloud::AssuredWorkloads::V1::VERSION
987
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
988
+
989
+ options.apply_defaults timeout: @config.rpcs.acknowledge_violation.timeout,
990
+ metadata: metadata,
991
+ retry_policy: @config.rpcs.acknowledge_violation.retry_policy
992
+
993
+ options.apply_defaults timeout: @config.timeout,
994
+ metadata: @config.metadata,
995
+ retry_policy: @config.retry_policy
996
+
997
+ @assured_workloads_service_stub.call_rpc :acknowledge_violation, request, options: options do |response, operation|
998
+ yield response, operation if block_given?
999
+ return response
1000
+ end
1001
+ rescue ::GRPC::BadStatus => e
1002
+ raise ::Google::Cloud::Error.from_error(e)
1003
+ end
1004
+
639
1005
  ##
640
1006
  # Configuration class for the AssuredWorkloadsService API.
641
1007
  #
@@ -782,6 +1148,11 @@ module Google
782
1148
  #
783
1149
  attr_reader :update_workload
784
1150
  ##
1151
+ # RPC-specific configuration for `restrict_allowed_resources`
1152
+ # @return [::Gapic::Config::Method]
1153
+ #
1154
+ attr_reader :restrict_allowed_resources
1155
+ ##
785
1156
  # RPC-specific configuration for `delete_workload`
786
1157
  # @return [::Gapic::Config::Method]
787
1158
  #
@@ -796,6 +1167,21 @@ module Google
796
1167
  # @return [::Gapic::Config::Method]
797
1168
  #
798
1169
  attr_reader :list_workloads
1170
+ ##
1171
+ # RPC-specific configuration for `list_violations`
1172
+ # @return [::Gapic::Config::Method]
1173
+ #
1174
+ attr_reader :list_violations
1175
+ ##
1176
+ # RPC-specific configuration for `get_violation`
1177
+ # @return [::Gapic::Config::Method]
1178
+ #
1179
+ attr_reader :get_violation
1180
+ ##
1181
+ # RPC-specific configuration for `acknowledge_violation`
1182
+ # @return [::Gapic::Config::Method]
1183
+ #
1184
+ attr_reader :acknowledge_violation
799
1185
 
800
1186
  # @private
801
1187
  def initialize parent_rpcs = nil
@@ -803,12 +1189,20 @@ module Google
803
1189
  @create_workload = ::Gapic::Config::Method.new create_workload_config
804
1190
  update_workload_config = parent_rpcs.update_workload if parent_rpcs.respond_to? :update_workload
805
1191
  @update_workload = ::Gapic::Config::Method.new update_workload_config
1192
+ restrict_allowed_resources_config = parent_rpcs.restrict_allowed_resources if parent_rpcs.respond_to? :restrict_allowed_resources
1193
+ @restrict_allowed_resources = ::Gapic::Config::Method.new restrict_allowed_resources_config
806
1194
  delete_workload_config = parent_rpcs.delete_workload if parent_rpcs.respond_to? :delete_workload
807
1195
  @delete_workload = ::Gapic::Config::Method.new delete_workload_config
808
1196
  get_workload_config = parent_rpcs.get_workload if parent_rpcs.respond_to? :get_workload
809
1197
  @get_workload = ::Gapic::Config::Method.new get_workload_config
810
1198
  list_workloads_config = parent_rpcs.list_workloads if parent_rpcs.respond_to? :list_workloads
811
1199
  @list_workloads = ::Gapic::Config::Method.new list_workloads_config
1200
+ list_violations_config = parent_rpcs.list_violations if parent_rpcs.respond_to? :list_violations
1201
+ @list_violations = ::Gapic::Config::Method.new list_violations_config
1202
+ get_violation_config = parent_rpcs.get_violation if parent_rpcs.respond_to? :get_violation
1203
+ @get_violation = ::Gapic::Config::Method.new get_violation_config
1204
+ acknowledge_violation_config = parent_rpcs.acknowledge_violation if parent_rpcs.respond_to? :acknowledge_violation
1205
+ @acknowledge_violation = ::Gapic::Config::Method.new acknowledge_violation_config
812
1206
 
813
1207
  yield self if block_given?
814
1208
  end
@@ -41,6 +41,27 @@ module Google
41
41
  "organizations/#{organization}/locations/#{location}"
42
42
  end
43
43
 
44
+ ##
45
+ # Create a fully-qualified Violation resource string.
46
+ #
47
+ # The resource will be in the following format:
48
+ #
49
+ # `organizations/{organization}/locations/{location}/workloads/{workload}/violations/{violation}`
50
+ #
51
+ # @param organization [String]
52
+ # @param location [String]
53
+ # @param workload [String]
54
+ # @param violation [String]
55
+ #
56
+ # @return [::String]
57
+ def violation_path organization:, location:, workload:, violation:
58
+ raise ::ArgumentError, "organization cannot contain /" if organization.to_s.include? "/"
59
+ raise ::ArgumentError, "location cannot contain /" if location.to_s.include? "/"
60
+ raise ::ArgumentError, "workload cannot contain /" if workload.to_s.include? "/"
61
+
62
+ "organizations/#{organization}/locations/#{location}/workloads/#{workload}/violations/#{violation}"
63
+ end
64
+
44
65
  ##
45
66
  # Create a fully-qualified Workload resource string.
46
67
  #
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module AssuredWorkloads
23
23
  module V1
24
- VERSION = "0.3.0"
24
+ VERSION = "0.5.0"
25
25
  end
26
26
  end
27
27
  end
@@ -56,6 +56,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
56
56
  optional :kaj_enrollment_state, :enum, 17, "google.cloud.assuredworkloads.v1.Workload.KajEnrollmentState"
57
57
  optional :enable_sovereign_controls, :bool, 18
58
58
  optional :saa_enrollment_response, :message, 20, "google.cloud.assuredworkloads.v1.Workload.SaaEnrollmentResponse"
59
+ repeated :compliant_but_disallowed_services, :string, 24
60
+ optional :partner, :enum, 25, "google.cloud.assuredworkloads.v1.Workload.Partner"
59
61
  end
60
62
  add_message "google.cloud.assuredworkloads.v1.Workload.ResourceInfo" do
61
63
  optional :resource_id, :int64, 1
@@ -64,6 +66,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
64
66
  add_enum "google.cloud.assuredworkloads.v1.Workload.ResourceInfo.ResourceType" do
65
67
  value :RESOURCE_TYPE_UNSPECIFIED, 0
66
68
  value :CONSUMER_PROJECT, 1
69
+ value :CONSUMER_FOLDER, 4
67
70
  value :ENCRYPTION_KEYS_PROJECT, 2
68
71
  value :KEYRING, 3
69
72
  end
@@ -104,18 +107,108 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
104
107
  value :EU_REGIONS_AND_SUPPORT, 8
105
108
  value :CA_REGIONS_AND_SUPPORT, 9
106
109
  value :ITAR, 10
110
+ value :AU_REGIONS_AND_US_SUPPORT, 11
111
+ value :ASSURED_WORKLOADS_FOR_PARTNERS, 12
107
112
  end
108
113
  add_enum "google.cloud.assuredworkloads.v1.Workload.KajEnrollmentState" do
109
114
  value :KAJ_ENROLLMENT_STATE_UNSPECIFIED, 0
110
115
  value :KAJ_ENROLLMENT_STATE_PENDING, 1
111
116
  value :KAJ_ENROLLMENT_STATE_COMPLETE, 2
112
117
  end
118
+ add_enum "google.cloud.assuredworkloads.v1.Workload.Partner" do
119
+ value :PARTNER_UNSPECIFIED, 0
120
+ value :LOCAL_CONTROLS_BY_S3NS, 1
121
+ end
113
122
  add_message "google.cloud.assuredworkloads.v1.CreateWorkloadOperationMetadata" do
114
123
  optional :create_time, :message, 1, "google.protobuf.Timestamp"
115
124
  optional :display_name, :string, 2
116
125
  optional :parent, :string, 3
117
126
  optional :compliance_regime, :enum, 4, "google.cloud.assuredworkloads.v1.Workload.ComplianceRegime"
118
127
  end
128
+ add_message "google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest" do
129
+ optional :name, :string, 1
130
+ optional :restriction_type, :enum, 2, "google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest.RestrictionType"
131
+ end
132
+ add_enum "google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest.RestrictionType" do
133
+ value :RESTRICTION_TYPE_UNSPECIFIED, 0
134
+ value :ALLOW_ALL_GCP_RESOURCES, 1
135
+ value :ALLOW_COMPLIANT_RESOURCES, 2
136
+ end
137
+ add_message "google.cloud.assuredworkloads.v1.RestrictAllowedResourcesResponse" do
138
+ end
139
+ add_message "google.cloud.assuredworkloads.v1.AcknowledgeViolationRequest" do
140
+ optional :name, :string, 1
141
+ optional :comment, :string, 2
142
+ optional :non_compliant_org_policy, :string, 3
143
+ end
144
+ add_message "google.cloud.assuredworkloads.v1.AcknowledgeViolationResponse" do
145
+ end
146
+ add_message "google.cloud.assuredworkloads.v1.TimeWindow" do
147
+ optional :start_time, :message, 1, "google.protobuf.Timestamp"
148
+ optional :end_time, :message, 2, "google.protobuf.Timestamp"
149
+ end
150
+ add_message "google.cloud.assuredworkloads.v1.ListViolationsRequest" do
151
+ optional :parent, :string, 1
152
+ optional :interval, :message, 2, "google.cloud.assuredworkloads.v1.TimeWindow"
153
+ optional :page_size, :int32, 3
154
+ optional :page_token, :string, 4
155
+ optional :filter, :string, 5
156
+ end
157
+ add_message "google.cloud.assuredworkloads.v1.ListViolationsResponse" do
158
+ repeated :violations, :message, 1, "google.cloud.assuredworkloads.v1.Violation"
159
+ optional :next_page_token, :string, 2
160
+ end
161
+ add_message "google.cloud.assuredworkloads.v1.GetViolationRequest" do
162
+ optional :name, :string, 1
163
+ end
164
+ add_message "google.cloud.assuredworkloads.v1.Violation" do
165
+ optional :name, :string, 1
166
+ optional :description, :string, 2
167
+ optional :begin_time, :message, 3, "google.protobuf.Timestamp"
168
+ optional :update_time, :message, 4, "google.protobuf.Timestamp"
169
+ optional :resolve_time, :message, 5, "google.protobuf.Timestamp"
170
+ optional :category, :string, 6
171
+ optional :state, :enum, 7, "google.cloud.assuredworkloads.v1.Violation.State"
172
+ optional :org_policy_constraint, :string, 8
173
+ optional :audit_log_link, :string, 11
174
+ optional :non_compliant_org_policy, :string, 12
175
+ optional :remediation, :message, 13, "google.cloud.assuredworkloads.v1.Violation.Remediation"
176
+ optional :acknowledged, :bool, 14
177
+ proto3_optional :acknowledgement_time, :message, 15, "google.protobuf.Timestamp"
178
+ optional :exception_audit_log_link, :string, 16
179
+ end
180
+ add_message "google.cloud.assuredworkloads.v1.Violation.Remediation" do
181
+ optional :instructions, :message, 1, "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions"
182
+ repeated :compliant_values, :string, 2
183
+ optional :remediation_type, :enum, 3, "google.cloud.assuredworkloads.v1.Violation.Remediation.RemediationType"
184
+ end
185
+ add_message "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions" do
186
+ optional :gcloud_instructions, :message, 1, "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Gcloud"
187
+ optional :console_instructions, :message, 2, "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Console"
188
+ end
189
+ add_message "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Gcloud" do
190
+ repeated :gcloud_commands, :string, 1
191
+ repeated :steps, :string, 2
192
+ repeated :additional_links, :string, 3
193
+ end
194
+ add_message "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Console" do
195
+ repeated :console_uris, :string, 1
196
+ repeated :steps, :string, 2
197
+ repeated :additional_links, :string, 3
198
+ end
199
+ add_enum "google.cloud.assuredworkloads.v1.Violation.Remediation.RemediationType" do
200
+ value :REMEDIATION_TYPE_UNSPECIFIED, 0
201
+ value :REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION, 1
202
+ value :REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION, 2
203
+ value :REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION, 3
204
+ value :REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION, 4
205
+ end
206
+ add_enum "google.cloud.assuredworkloads.v1.Violation.State" do
207
+ value :STATE_UNSPECIFIED, 0
208
+ value :RESOLVED, 2
209
+ value :UNRESOLVED, 3
210
+ value :EXCEPTION, 4
211
+ end
119
212
  end
120
213
  end
121
214
 
@@ -139,7 +232,24 @@ module Google
139
232
  Workload::SaaEnrollmentResponse::SetupError = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Workload.SaaEnrollmentResponse.SetupError").enummodule
140
233
  Workload::ComplianceRegime = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Workload.ComplianceRegime").enummodule
141
234
  Workload::KajEnrollmentState = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Workload.KajEnrollmentState").enummodule
235
+ Workload::Partner = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Workload.Partner").enummodule
142
236
  CreateWorkloadOperationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.CreateWorkloadOperationMetadata").msgclass
237
+ RestrictAllowedResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest").msgclass
238
+ RestrictAllowedResourcesRequest::RestrictionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest.RestrictionType").enummodule
239
+ RestrictAllowedResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.RestrictAllowedResourcesResponse").msgclass
240
+ AcknowledgeViolationRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.AcknowledgeViolationRequest").msgclass
241
+ AcknowledgeViolationResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.AcknowledgeViolationResponse").msgclass
242
+ TimeWindow = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.TimeWindow").msgclass
243
+ ListViolationsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.ListViolationsRequest").msgclass
244
+ ListViolationsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.ListViolationsResponse").msgclass
245
+ GetViolationRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.GetViolationRequest").msgclass
246
+ Violation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation").msgclass
247
+ Violation::Remediation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation").msgclass
248
+ Violation::Remediation::Instructions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions").msgclass
249
+ Violation::Remediation::Instructions::Gcloud = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Gcloud").msgclass
250
+ Violation::Remediation::Instructions::Console = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Console").msgclass
251
+ Violation::Remediation::RemediationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation.RemediationType").enummodule
252
+ Violation::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.State").enummodule
143
253
  end
144
254
  end
145
255
  end
@@ -40,6 +40,13 @@ module Google
40
40
  # For force updates don't set etag field in the Workload.
41
41
  # Only one update operation per workload can be in progress.
42
42
  rpc :UpdateWorkload, ::Google::Cloud::AssuredWorkloads::V1::UpdateWorkloadRequest, ::Google::Cloud::AssuredWorkloads::V1::Workload
43
+ # Restrict the list of resources allowed in the Workload environment.
44
+ # The current list of allowed products can be found at
45
+ # https://cloud.google.com/assured-workloads/docs/supported-products
46
+ # In addition to assuredworkloads.workload.update permission, the user should
47
+ # also have orgpolicy.policy.set permission on the folder resource
48
+ # to use this functionality.
49
+ rpc :RestrictAllowedResources, ::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest, ::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesResponse
43
50
  # Deletes the workload. Make sure that workload's direct children are already
44
51
  # in a deleted state, otherwise the request will fail with a
45
52
  # FAILED_PRECONDITION error.
@@ -48,6 +55,19 @@ module Google
48
55
  rpc :GetWorkload, ::Google::Cloud::AssuredWorkloads::V1::GetWorkloadRequest, ::Google::Cloud::AssuredWorkloads::V1::Workload
49
56
  # Lists Assured Workloads under a CRM Node.
50
57
  rpc :ListWorkloads, ::Google::Cloud::AssuredWorkloads::V1::ListWorkloadsRequest, ::Google::Cloud::AssuredWorkloads::V1::ListWorkloadsResponse
58
+ # Lists the Violations in the AssuredWorkload Environment.
59
+ # Callers may also choose to read across multiple Workloads as per
60
+ # [AIP-159](https://google.aip.dev/159) by using '-' (the hyphen or dash
61
+ # character) as a wildcard character instead of workload-id in the parent.
62
+ # Format `organizations/{org_id}/locations/{location}/workloads/-`
63
+ rpc :ListViolations, ::Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest, ::Google::Cloud::AssuredWorkloads::V1::ListViolationsResponse
64
+ # Retrieves Assured Workload Violation based on ID.
65
+ rpc :GetViolation, ::Google::Cloud::AssuredWorkloads::V1::GetViolationRequest, ::Google::Cloud::AssuredWorkloads::V1::Violation
66
+ # Acknowledges an existing violation. By acknowledging a violation, users
67
+ # acknowledge the existence of a compliance violation in their workload and
68
+ # decide to ignore it due to a valid business justification. Acknowledgement
69
+ # is a permanent operation and it cannot be reverted.
70
+ rpc :AcknowledgeViolation, ::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest, ::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationResponse
51
71
  end
52
72
 
53
73
  Stub = Service.rpc_stub_class
@@ -31,8 +31,8 @@ module Google
31
31
  # Required. Assured Workload to create
32
32
  # @!attribute [rw] external_id
33
33
  # @return [::String]
34
- # Optional. A identifier associated with the workload and underlying projects
35
- # which allows for the break down of billing costs for a workload. The value
34
+ # Optional. A identifier associated with the workload and underlying projects which
35
+ # allows for the break down of billing costs for a workload. The value
36
36
  # provided for the identifier will add a label to the workload and contained
37
37
  # projects with the identifier as the value.
38
38
  class CreateWorkloadRequest
@@ -44,7 +44,7 @@ module Google
44
44
  # @!attribute [rw] workload
45
45
  # @return [::Google::Cloud::AssuredWorkloads::V1::Workload]
46
46
  # Required. The workload to update.
47
- # The workloads `name` field is used to identify the workload to be updated.
47
+ # The workload's `name` field is used to identify the workload to be updated.
48
48
  # Format:
49
49
  # organizations/\\{org_id}/locations/\\{location_id}/workloads/\\{workload_id}
50
50
  # @!attribute [rw] update_mask
@@ -73,8 +73,8 @@ module Google
73
73
  # Request for fetching a workload.
74
74
  # @!attribute [rw] name
75
75
  # @return [::String]
76
- # Required. The resource name of the Workload to fetch. This is the
77
- # workloads's relative path in the API, formatted as
76
+ # Required. The resource name of the Workload to fetch. This is the workload's
77
+ # relative path in the API, formatted as
78
78
  # "organizations/\\{organization_id}/locations/\\{location_id}/workloads/\\{workload_id}".
79
79
  # For example,
80
80
  # "organizations/123/locations/us-east1/workloads/assured-workload-1".
@@ -117,7 +117,7 @@ module Google
117
117
  extend ::Google::Protobuf::MessageExts::ClassMethods
118
118
  end
119
119
 
120
- # An Workload object for managing highly regulated workloads of cloud
120
+ # A Workload object for managing highly regulated workloads of cloud
121
121
  # customers.
122
122
  # @!attribute [rw] name
123
123
  # @return [::String]
@@ -148,7 +148,7 @@ module Google
148
148
  # Output only. Immutable. The Workload creation timestamp.
149
149
  # @!attribute [rw] billing_account
150
150
  # @return [::String]
151
- # Required. Input only. The billing account used for the resources which are
151
+ # Optional. The billing account used for the resources which are
152
152
  # direct children of workload. This billing account is initially associated
153
153
  # with the resources created as part of Workload creation.
154
154
  # After the initial creation of these resources, the customer can change
@@ -165,22 +165,24 @@ module Google
165
165
  # Optional. Labels applied to the workload.
166
166
  # @!attribute [rw] provisioned_resources_parent
167
167
  # @return [::String]
168
- # Input only. The parent resource for the resources managed by this Assured
169
- # Workload. May be either empty or a folder resource which is a child of the
168
+ # Input only. The parent resource for the resources managed by this Assured Workload. May
169
+ # be either empty or a folder resource which is a child of the
170
170
  # Workload parent. If not specified all resources are created under the
171
171
  # parent organization.
172
172
  # Format:
173
173
  # folders/\\{folder_id}
174
174
  # @!attribute [rw] kms_settings
175
175
  # @return [::Google::Cloud::AssuredWorkloads::V1::Workload::KMSSettings]
176
- # Input only. Settings used to create a CMEK crypto key. When set a project
177
- # with a KMS CMEK key is provisioned. This field is mandatory for a subset of
178
- # Compliance Regimes.
176
+ # Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS
177
+ # CMEK key is provisioned.
178
+ # This field is deprecated as of Feb 28, 2022.
179
+ # In order to create a Keyring, callers should specify,
180
+ # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
179
181
  # @!attribute [rw] resource_settings
180
182
  # @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceSettings>]
181
- # Input only. Resource properties that are used to customize workload
182
- # resources. These properties (such as custom project id) will be used to
183
- # create workload resources if possible. This field is optional.
183
+ # Input only. Resource properties that are used to customize workload resources.
184
+ # These properties (such as custom project id) will be used to create
185
+ # workload resources if possible. This field is optional.
184
186
  # @!attribute [r] kaj_enrollment_state
185
187
  # @return [::Google::Cloud::AssuredWorkloads::V1::Workload::KajEnrollmentState]
186
188
  # Output only. Represents the KAJ enrollment state of the given workload.
@@ -193,6 +195,15 @@ module Google
193
195
  # Output only. Represents the SAA enrollment response of the given workload.
194
196
  # SAA enrollment response is queried during GetWorkload call.
195
197
  # In failure cases, user friendly error message is shown in SAA details page.
198
+ # @!attribute [r] compliant_but_disallowed_services
199
+ # @return [::Array<::String>]
200
+ # Output only. Urls for services which are compliant for this Assured Workload, but which
201
+ # are currently disallowed by the ResourceUsageRestriction org policy.
202
+ # Invoke RestrictAllowedResources endpoint to allow your project developers
203
+ # to use these services in their environment."
204
+ # @!attribute [rw] partner
205
+ # @return [::Google::Cloud::AssuredWorkloads::V1::Workload::Partner]
206
+ # Optional. Compliance Regime associated with this workload.
196
207
  class Workload
197
208
  include ::Google::Protobuf::MessageExts
198
209
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -215,8 +226,15 @@ module Google
215
226
  RESOURCE_TYPE_UNSPECIFIED = 0
216
227
 
217
228
  # Consumer project.
229
+ # AssuredWorkloads Projects are no longer supported. This field will be
230
+ # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
231
+ # will continue to provide projects information.
232
+ # Use CONSUMER_FOLDER instead.
218
233
  CONSUMER_PROJECT = 1
219
234
 
235
+ # Consumer Folder.
236
+ CONSUMER_FOLDER = 4
237
+
220
238
  # Consumer project containing encryption keys.
221
239
  ENCRYPTION_KEYS_PROJECT = 2
222
240
 
@@ -226,16 +244,18 @@ module Google
226
244
  end
227
245
 
228
246
  # Settings specific to the Key Management Service.
247
+ # This message is deprecated.
248
+ # In order to create a Keyring, callers should specify,
249
+ # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
229
250
  # @!attribute [rw] next_rotation_time
230
251
  # @return [::Google::Protobuf::Timestamp]
231
- # Required. Input only. Immutable. The time at which the Key Management
232
- # Service will automatically create a new version of the crypto key and
233
- # mark it as the primary.
252
+ # Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
253
+ # new version of the crypto key and mark it as the primary.
234
254
  # @!attribute [rw] rotation_period
235
255
  # @return [::Google::Protobuf::Duration]
236
- # Required. Input only. Immutable. [next_rotation_time] will be advanced by
237
- # this period when the Key Management Service automatically rotates a key.
238
- # Must be at least 24 hours and at most 876,000 hours.
256
+ # Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
257
+ # Management Service automatically rotates a key. Must be at least 24 hours
258
+ # and at most 876,000 hours.
239
259
  class KMSSettings
240
260
  include ::Google::Protobuf::MessageExts
241
261
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -247,10 +267,12 @@ module Google
247
267
  # Resource identifier.
248
268
  # For a project this represents project_id. If the project is already
249
269
  # taken, the workload creation will fail.
270
+ # For KeyRing, this represents the keyring_id.
271
+ # For a folder, don't set this value as folder_id is assigned by Google.
250
272
  # @!attribute [rw] resource_type
251
273
  # @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
252
274
  # Indicates the type of resource. This field should be specified to
253
- # correspond the id to the right project type (CONSUMER_PROJECT or
275
+ # correspond the id to the right resource type (CONSUMER_FOLDER or
254
276
  # ENCRYPTION_KEYS_PROJECT)
255
277
  # @!attribute [rw] display_name
256
278
  # @return [::String]
@@ -350,6 +372,14 @@ module Google
350
372
 
351
373
  # International Traffic in Arms Regulations
352
374
  ITAR = 10
375
+
376
+ # Assured Workloads for Australia Regions and Support controls
377
+ # Available for public preview consumption.
378
+ # Don't create production workloads.
379
+ AU_REGIONS_AND_US_SUPPORT = 11
380
+
381
+ # Assured Workloads for Partners
382
+ ASSURED_WORKLOADS_FOR_PARTNERS = 12
353
383
  end
354
384
 
355
385
  # Key Access Justifications(KAJ) Enrollment State.
@@ -363,6 +393,15 @@ module Google
363
393
  # Complete State for KAJ Enrollment.
364
394
  KAJ_ENROLLMENT_STATE_COMPLETE = 2
365
395
  end
396
+
397
+ # Supported Assured Workloads Partners.
398
+ module Partner
399
+ # Unknown partner regime/controls.
400
+ PARTNER_UNSPECIFIED = 0
401
+
402
+ # S3NS regime/controls.
403
+ LOCAL_CONTROLS_BY_S3NS = 1
404
+ end
366
405
  end
367
406
 
368
407
  # Operation metadata to give request details of CreateWorkload.
@@ -377,12 +416,301 @@ module Google
377
416
  # Optional. The parent of the workload.
378
417
  # @!attribute [rw] compliance_regime
379
418
  # @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ComplianceRegime]
380
- # Optional. Compliance controls that should be applied to the resources
381
- # managed by the workload.
419
+ # Optional. Compliance controls that should be applied to the resources managed by
420
+ # the workload.
382
421
  class CreateWorkloadOperationMetadata
383
422
  include ::Google::Protobuf::MessageExts
384
423
  extend ::Google::Protobuf::MessageExts::ClassMethods
385
424
  end
425
+
426
+ # Request for restricting list of available resources in Workload environment.
427
+ # @!attribute [rw] name
428
+ # @return [::String]
429
+ # Required. The resource name of the Workload. This is the workloads's
430
+ # relative path in the API, formatted as
431
+ # "organizations/\\{organization_id}/locations/\\{location_id}/workloads/\\{workload_id}".
432
+ # For example,
433
+ # "organizations/123/locations/us-east1/workloads/assured-workload-1".
434
+ # @!attribute [rw] restriction_type
435
+ # @return [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest::RestrictionType]
436
+ # Required. The type of restriction for using gcp products in the Workload environment.
437
+ class RestrictAllowedResourcesRequest
438
+ include ::Google::Protobuf::MessageExts
439
+ extend ::Google::Protobuf::MessageExts::ClassMethods
440
+
441
+ # The type of restriction.
442
+ module RestrictionType
443
+ # Unknown restriction type.
444
+ RESTRICTION_TYPE_UNSPECIFIED = 0
445
+
446
+ # Allow the use all of all gcp products, irrespective of the compliance
447
+ # posture. This effectively removes gcp.restrictServiceUsage OrgPolicy
448
+ # on the AssuredWorkloads Folder.
449
+ ALLOW_ALL_GCP_RESOURCES = 1
450
+
451
+ # Based on Workload's compliance regime, allowed list changes.
452
+ # See - https://cloud.google.com/assured-workloads/docs/supported-products
453
+ # for the list of supported resources.
454
+ ALLOW_COMPLIANT_RESOURCES = 2
455
+ end
456
+ end
457
+
458
+ # Response for restricting the list of allowed resources.
459
+ class RestrictAllowedResourcesResponse
460
+ include ::Google::Protobuf::MessageExts
461
+ extend ::Google::Protobuf::MessageExts::ClassMethods
462
+ end
463
+
464
+ # Request for acknowledging the violation
465
+ # Next Id: 4
466
+ # @!attribute [rw] name
467
+ # @return [::String]
468
+ # Required. The resource name of the Violation to acknowledge.
469
+ # Format:
470
+ # organizations/\\{organization}/locations/\\{location}/workloads/\\{workload}/violations/\\{violation}
471
+ # @!attribute [rw] comment
472
+ # @return [::String]
473
+ # Required. Business justification explaining the need for violation acknowledgement
474
+ # @!attribute [rw] non_compliant_org_policy
475
+ # @return [::String]
476
+ # Optional. This field is deprecated and will be removed in future version of the API.
477
+ # Name of the OrgPolicy which was modified with non-compliant change and
478
+ # resulted in this violation.
479
+ # Format:
480
+ # projects/\\{project_number}/policies/\\{constraint_name}
481
+ # folders/\\{folder_id}/policies/\\{constraint_name}
482
+ # organizations/\\{organization_id}/policies/\\{constraint_name}
483
+ class AcknowledgeViolationRequest
484
+ include ::Google::Protobuf::MessageExts
485
+ extend ::Google::Protobuf::MessageExts::ClassMethods
486
+ end
487
+
488
+ # Response for violation acknowledgement
489
+ class AcknowledgeViolationResponse
490
+ include ::Google::Protobuf::MessageExts
491
+ extend ::Google::Protobuf::MessageExts::ClassMethods
492
+ end
493
+
494
+ # Interval defining a time window.
495
+ # @!attribute [rw] start_time
496
+ # @return [::Google::Protobuf::Timestamp]
497
+ # The start of the time window.
498
+ # @!attribute [rw] end_time
499
+ # @return [::Google::Protobuf::Timestamp]
500
+ # The end of the time window.
501
+ class TimeWindow
502
+ include ::Google::Protobuf::MessageExts
503
+ extend ::Google::Protobuf::MessageExts::ClassMethods
504
+ end
505
+
506
+ # Request for fetching violations in an organization.
507
+ # @!attribute [rw] parent
508
+ # @return [::String]
509
+ # Required. The Workload name.
510
+ # Format `organizations/{org_id}/locations/{location}/workloads/{workload}`.
511
+ # @!attribute [rw] interval
512
+ # @return [::Google::Cloud::AssuredWorkloads::V1::TimeWindow]
513
+ # Optional. Specifies the time window for retrieving active Violations.
514
+ # When specified, retrieves Violations that were active between start_time
515
+ # and end_time.
516
+ # @!attribute [rw] page_size
517
+ # @return [::Integer]
518
+ # Optional. Page size.
519
+ # @!attribute [rw] page_token
520
+ # @return [::String]
521
+ # Optional. Page token returned from previous request.
522
+ # @!attribute [rw] filter
523
+ # @return [::String]
524
+ # Optional. A custom filter for filtering by the Violations properties.
525
+ class ListViolationsRequest
526
+ include ::Google::Protobuf::MessageExts
527
+ extend ::Google::Protobuf::MessageExts::ClassMethods
528
+ end
529
+
530
+ # Response of ListViolations endpoint.
531
+ # @!attribute [rw] violations
532
+ # @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Violation>]
533
+ # List of Violations under a Workload.
534
+ # @!attribute [rw] next_page_token
535
+ # @return [::String]
536
+ # The next page token. Returns empty if reached the last page.
537
+ class ListViolationsResponse
538
+ include ::Google::Protobuf::MessageExts
539
+ extend ::Google::Protobuf::MessageExts::ClassMethods
540
+ end
541
+
542
+ # Request for fetching a Workload Violation.
543
+ # @!attribute [rw] name
544
+ # @return [::String]
545
+ # Required. The resource name of the Violation to fetch (ie. Violation.name).
546
+ # Format:
547
+ # organizations/\\{organization}/locations/\\{location}/workloads/\\{workload}/violations/\\{violation}
548
+ class GetViolationRequest
549
+ include ::Google::Protobuf::MessageExts
550
+ extend ::Google::Protobuf::MessageExts::ClassMethods
551
+ end
552
+
553
+ # Workload monitoring Violation.
554
+ # @!attribute [r] name
555
+ # @return [::String]
556
+ # Output only. Immutable. Name of the Violation.
557
+ # Format:
558
+ # organizations/\\{organization}/locations/\\{location}/workloads/\\{workload_id}/violations/\\{violations_id}
559
+ # @!attribute [r] description
560
+ # @return [::String]
561
+ # Output only. Description for the Violation.
562
+ # e.g. OrgPolicy gcp.resourceLocations has non compliant value.
563
+ # @!attribute [r] begin_time
564
+ # @return [::Google::Protobuf::Timestamp]
565
+ # Output only. Time of the event which triggered the Violation.
566
+ # @!attribute [r] update_time
567
+ # @return [::Google::Protobuf::Timestamp]
568
+ # Output only. The last time when the Violation record was updated.
569
+ # @!attribute [r] resolve_time
570
+ # @return [::Google::Protobuf::Timestamp]
571
+ # Output only. Time of the event which fixed the Violation.
572
+ # If the violation is ACTIVE this will be empty.
573
+ # @!attribute [r] category
574
+ # @return [::String]
575
+ # Output only. Category under which this violation is mapped.
576
+ # e.g. Location, Service Usage, Access, Encryption, etc.
577
+ # @!attribute [r] state
578
+ # @return [::Google::Cloud::AssuredWorkloads::V1::Violation::State]
579
+ # Output only. State of the violation
580
+ # @!attribute [r] org_policy_constraint
581
+ # @return [::String]
582
+ # Output only. Immutable. The org-policy-constraint that was incorrectly changed, which resulted in
583
+ # this violation.
584
+ # @!attribute [r] audit_log_link
585
+ # @return [::String]
586
+ # Output only. Immutable. Audit Log Link for violated resource
587
+ # Format:
588
+ # https://console.cloud.google.com/logs/query;query=\\{logName}\\{protoPayload.resourceName}\\{timeRange}\\{folder}
589
+ # @!attribute [r] non_compliant_org_policy
590
+ # @return [::String]
591
+ # Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and
592
+ # resulted this violation.
593
+ # Format:
594
+ # projects/\\{project_number}/policies/\\{constraint_name}
595
+ # folders/\\{folder_id}/policies/\\{constraint_name}
596
+ # organizations/\\{organization_id}/policies/\\{constraint_name}
597
+ # @!attribute [r] remediation
598
+ # @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation]
599
+ # Output only. Compliance violation remediation
600
+ # @!attribute [r] acknowledged
601
+ # @return [::Boolean]
602
+ # Output only. A boolean that indicates if the violation is acknowledged
603
+ # @!attribute [rw] acknowledgement_time
604
+ # @return [::Google::Protobuf::Timestamp]
605
+ # Optional. Timestamp when this violation was acknowledged last.
606
+ # This will be absent when acknowledged field is marked as false.
607
+ # @!attribute [r] exception_audit_log_link
608
+ # @return [::String]
609
+ # Output only. Immutable. Audit Log link to find business justification provided for violation
610
+ # exception. Format:
611
+ # https://console.cloud.google.com/logs/query;query=\\{logName}\\{protoPayload.resourceName}\\{protoPayload.methodName}\\{timeRange}\\{organization}
612
+ class Violation
613
+ include ::Google::Protobuf::MessageExts
614
+ extend ::Google::Protobuf::MessageExts::ClassMethods
615
+
616
+ # Represents remediation guidance to resolve compliance violation for
617
+ # AssuredWorkload
618
+ # @!attribute [rw] instructions
619
+ # @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation::Instructions]
620
+ # Required. Remediation instructions to resolve violations
621
+ # @!attribute [rw] compliant_values
622
+ # @return [::Array<::String>]
623
+ # Values that can resolve the violation
624
+ # For example: for list org policy violations, this will either be the list
625
+ # of allowed or denied values
626
+ # @!attribute [r] remediation_type
627
+ # @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation::RemediationType]
628
+ # Output only. Reemediation type based on the type of org policy values violated
629
+ class Remediation
630
+ include ::Google::Protobuf::MessageExts
631
+ extend ::Google::Protobuf::MessageExts::ClassMethods
632
+
633
+ # Instructions to remediate violation
634
+ # @!attribute [rw] gcloud_instructions
635
+ # @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation::Instructions::Gcloud]
636
+ # Remediation instructions to resolve violation via gcloud cli
637
+ # @!attribute [rw] console_instructions
638
+ # @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation::Instructions::Console]
639
+ # Remediation instructions to resolve violation via cloud console
640
+ class Instructions
641
+ include ::Google::Protobuf::MessageExts
642
+ extend ::Google::Protobuf::MessageExts::ClassMethods
643
+
644
+ # Remediation instructions to resolve violation via gcloud cli
645
+ # @!attribute [rw] gcloud_commands
646
+ # @return [::Array<::String>]
647
+ # Gcloud command to resolve violation
648
+ # @!attribute [rw] steps
649
+ # @return [::Array<::String>]
650
+ # Steps to resolve violation via gcloud cli
651
+ # @!attribute [rw] additional_links
652
+ # @return [::Array<::String>]
653
+ # Additional urls for more information about steps
654
+ class Gcloud
655
+ include ::Google::Protobuf::MessageExts
656
+ extend ::Google::Protobuf::MessageExts::ClassMethods
657
+ end
658
+
659
+ # Remediation instructions to resolve violation via cloud console
660
+ # @!attribute [rw] console_uris
661
+ # @return [::Array<::String>]
662
+ # Link to console page where violations can be resolved
663
+ # @!attribute [rw] steps
664
+ # @return [::Array<::String>]
665
+ # Steps to resolve violation via cloud console
666
+ # @!attribute [rw] additional_links
667
+ # @return [::Array<::String>]
668
+ # Additional urls for more information about steps
669
+ class Console
670
+ include ::Google::Protobuf::MessageExts
671
+ extend ::Google::Protobuf::MessageExts::ClassMethods
672
+ end
673
+ end
674
+
675
+ # Classifying remediation into various types based on the kind of
676
+ # violation. For example, violations caused due to changes in boolean org
677
+ # policy requires different remediation instructions compared to violation
678
+ # caused due to changes in allowed values of list org policy.
679
+ module RemediationType
680
+ # Unspecified remediation type
681
+ REMEDIATION_TYPE_UNSPECIFIED = 0
682
+
683
+ # Remediation type for boolean org policy
684
+ REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION = 1
685
+
686
+ # Remediation type for list org policy which have allowed values in the
687
+ # monitoring rule
688
+ REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION = 2
689
+
690
+ # Remediation type for list org policy which have denied values in the
691
+ # monitoring rule
692
+ REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION = 3
693
+
694
+ # Remediation type for gcp.restrictCmekCryptoKeyProjects
695
+ REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION = 4
696
+ end
697
+ end
698
+
699
+ # Violation State Values
700
+ module State
701
+ # Unspecified state.
702
+ STATE_UNSPECIFIED = 0
703
+
704
+ # Violation is resolved.
705
+ RESOLVED = 2
706
+
707
+ # Violation is Unresolved
708
+ UNRESOLVED = 3
709
+
710
+ # Violation is Exception
711
+ EXCEPTION = 4
712
+ end
713
+ end
386
714
  end
387
715
  end
388
716
  end
@@ -26,8 +26,6 @@ module Google
26
26
  # service Foo {
27
27
  # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
28
28
  # }
29
- #
30
- # The JSON representation for `Empty` is empty JSON object `{}`.
31
29
  class Empty
32
30
  include ::Google::Protobuf::MessageExts
33
31
  extend ::Google::Protobuf::MessageExts::ClassMethods
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-assured_workloads-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-01 00:00:00.000000000 Z
11
+ date: 2022-10-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0.10'
19
+ version: '0.12'
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
22
  version: 2.a
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - ">="
28
28
  - !ruby/object:Gem::Version
29
- version: '0.10'
29
+ version: '0.12'
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: 2.a