google-cloud-assured_workloads-v1 0.3.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +1 -1
- data/lib/google/cloud/assured_workloads/v1/assured_workloads_service/client.rb +399 -5
- data/lib/google/cloud/assured_workloads/v1/assured_workloads_service/paths.rb +21 -0
- data/lib/google/cloud/assured_workloads/v1/version.rb +1 -1
- data/lib/google/cloud/assuredworkloads/v1/assuredworkloads_pb.rb +110 -0
- data/lib/google/cloud/assuredworkloads/v1/assuredworkloads_services_pb.rb +20 -0
- data/proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb +352 -24
- data/proto_docs/google/protobuf/empty.rb +0 -2
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1b5d2d0b6b9d5d07d8a305a31f2582fd7cd547c4ebcb5053b39f3b5d761fc2fd
|
4
|
+
data.tar.gz: 7ee4ad5ca57e0ff5a5c66da09729ff55b9490e87480254f8723c48a625996406
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f584117679dd3732440601c3934470058aa31d7ff6132c5148f902f4c5cd311a016b2124b1120508d87149f3c497afcf27ff181525c4712f2251ff04a9e1ba56
|
7
|
+
data.tar.gz: 354df5b0a205499aa3214a1219dff3b38284150e3bf5f99cf8b5839f16f9bdd424ff87372483ca1beac586c187cb82506269e98260c7cea602d71319fc2b3673
|
data/AUTHENTICATION.md
CHANGED
@@ -114,7 +114,7 @@ credentials are discovered.
|
|
114
114
|
To configure your system for this, simply:
|
115
115
|
|
116
116
|
1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
|
117
|
-
2. Authenticate using OAuth 2.0 `$ gcloud auth login`
|
117
|
+
2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
|
118
118
|
3. Write code as if already authenticated.
|
119
119
|
|
120
120
|
**NOTE:** This is _not_ recommended for running in production. The Cloud SDK
|
@@ -183,8 +183,8 @@ module Google
|
|
183
183
|
# @param workload [::Google::Cloud::AssuredWorkloads::V1::Workload, ::Hash]
|
184
184
|
# Required. Assured Workload to create
|
185
185
|
# @param external_id [::String]
|
186
|
-
# Optional. A identifier associated with the workload and underlying projects
|
187
|
-
#
|
186
|
+
# Optional. A identifier associated with the workload and underlying projects which
|
187
|
+
# allows for the break down of billing costs for a workload. The value
|
188
188
|
# provided for the identifier will add a label to the workload and contained
|
189
189
|
# projects with the identifier as the value.
|
190
190
|
#
|
@@ -283,7 +283,7 @@ module Google
|
|
283
283
|
#
|
284
284
|
# @param workload [::Google::Cloud::AssuredWorkloads::V1::Workload, ::Hash]
|
285
285
|
# Required. The workload to update.
|
286
|
-
# The workload
|
286
|
+
# The workload's `name` field is used to identify the workload to be updated.
|
287
287
|
# Format:
|
288
288
|
# organizations/\\{org_id}/locations/\\{location_id}/workloads/\\{workload_id}
|
289
289
|
# @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
|
@@ -353,6 +353,102 @@ module Google
|
|
353
353
|
raise ::Google::Cloud::Error.from_error(e)
|
354
354
|
end
|
355
355
|
|
356
|
+
##
|
357
|
+
# Restrict the list of resources allowed in the Workload environment.
|
358
|
+
# The current list of allowed products can be found at
|
359
|
+
# https://cloud.google.com/assured-workloads/docs/supported-products
|
360
|
+
# In addition to assuredworkloads.workload.update permission, the user should
|
361
|
+
# also have orgpolicy.policy.set permission on the folder resource
|
362
|
+
# to use this functionality.
|
363
|
+
#
|
364
|
+
# @overload restrict_allowed_resources(request, options = nil)
|
365
|
+
# Pass arguments to `restrict_allowed_resources` via a request object, either of type
|
366
|
+
# {::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest} or an equivalent Hash.
|
367
|
+
#
|
368
|
+
# @param request [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest, ::Hash]
|
369
|
+
# A request object representing the call parameters. Required. To specify no
|
370
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
371
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
372
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
373
|
+
#
|
374
|
+
# @overload restrict_allowed_resources(name: nil, restriction_type: nil)
|
375
|
+
# Pass arguments to `restrict_allowed_resources` via keyword arguments. Note that at
|
376
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
377
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
378
|
+
#
|
379
|
+
# @param name [::String]
|
380
|
+
# Required. The resource name of the Workload. This is the workloads's
|
381
|
+
# relative path in the API, formatted as
|
382
|
+
# "organizations/\\{organization_id}/locations/\\{location_id}/workloads/\\{workload_id}".
|
383
|
+
# For example,
|
384
|
+
# "organizations/123/locations/us-east1/workloads/assured-workload-1".
|
385
|
+
# @param restriction_type [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest::RestrictionType]
|
386
|
+
# Required. The type of restriction for using gcp products in the Workload environment.
|
387
|
+
#
|
388
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
389
|
+
# @yieldparam response [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesResponse]
|
390
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
391
|
+
#
|
392
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesResponse]
|
393
|
+
#
|
394
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
395
|
+
#
|
396
|
+
# @example Basic example
|
397
|
+
# require "google/cloud/assured_workloads/v1"
|
398
|
+
#
|
399
|
+
# # Create a client object. The client can be reused for multiple calls.
|
400
|
+
# client = Google::Cloud::AssuredWorkloads::V1::AssuredWorkloadsService::Client.new
|
401
|
+
#
|
402
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
403
|
+
# request = Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest.new
|
404
|
+
#
|
405
|
+
# # Call the restrict_allowed_resources method.
|
406
|
+
# result = client.restrict_allowed_resources request
|
407
|
+
#
|
408
|
+
# # The returned object is of type Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesResponse.
|
409
|
+
# p result
|
410
|
+
#
|
411
|
+
def restrict_allowed_resources request, options = nil
|
412
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
413
|
+
|
414
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest
|
415
|
+
|
416
|
+
# Converts hash and nil to an options object
|
417
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
418
|
+
|
419
|
+
# Customize the options with defaults
|
420
|
+
metadata = @config.rpcs.restrict_allowed_resources.metadata.to_h
|
421
|
+
|
422
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
423
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
424
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
425
|
+
gapic_version: ::Google::Cloud::AssuredWorkloads::V1::VERSION
|
426
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
427
|
+
|
428
|
+
header_params = {}
|
429
|
+
if request.name
|
430
|
+
header_params["name"] = request.name
|
431
|
+
end
|
432
|
+
|
433
|
+
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
434
|
+
metadata[:"x-goog-request-params"] ||= request_params_header
|
435
|
+
|
436
|
+
options.apply_defaults timeout: @config.rpcs.restrict_allowed_resources.timeout,
|
437
|
+
metadata: metadata,
|
438
|
+
retry_policy: @config.rpcs.restrict_allowed_resources.retry_policy
|
439
|
+
|
440
|
+
options.apply_defaults timeout: @config.timeout,
|
441
|
+
metadata: @config.metadata,
|
442
|
+
retry_policy: @config.retry_policy
|
443
|
+
|
444
|
+
@assured_workloads_service_stub.call_rpc :restrict_allowed_resources, request, options: options do |response, operation|
|
445
|
+
yield response, operation if block_given?
|
446
|
+
return response
|
447
|
+
end
|
448
|
+
rescue ::GRPC::BadStatus => e
|
449
|
+
raise ::Google::Cloud::Error.from_error(e)
|
450
|
+
end
|
451
|
+
|
356
452
|
##
|
357
453
|
# Deletes the workload. Make sure that workload's direct children are already
|
358
454
|
# in a deleted state, otherwise the request will fail with a
|
@@ -464,8 +560,8 @@ module Google
|
|
464
560
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
465
561
|
#
|
466
562
|
# @param name [::String]
|
467
|
-
# Required. The resource name of the Workload to fetch. This is the
|
468
|
-
#
|
563
|
+
# Required. The resource name of the Workload to fetch. This is the workload's
|
564
|
+
# relative path in the API, formatted as
|
469
565
|
# "organizations/\\{organization_id}/locations/\\{location_id}/workloads/\\{workload_id}".
|
470
566
|
# For example,
|
471
567
|
# "organizations/123/locations/us-east1/workloads/assured-workload-1".
|
@@ -636,6 +732,276 @@ module Google
|
|
636
732
|
raise ::Google::Cloud::Error.from_error(e)
|
637
733
|
end
|
638
734
|
|
735
|
+
##
|
736
|
+
# Lists the Violations in the AssuredWorkload Environment.
|
737
|
+
# Callers may also choose to read across multiple Workloads as per
|
738
|
+
# [AIP-159](https://google.aip.dev/159) by using '-' (the hyphen or dash
|
739
|
+
# character) as a wildcard character instead of workload-id in the parent.
|
740
|
+
# Format `organizations/{org_id}/locations/{location}/workloads/-`
|
741
|
+
#
|
742
|
+
# @overload list_violations(request, options = nil)
|
743
|
+
# Pass arguments to `list_violations` via a request object, either of type
|
744
|
+
# {::Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest} or an equivalent Hash.
|
745
|
+
#
|
746
|
+
# @param request [::Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest, ::Hash]
|
747
|
+
# A request object representing the call parameters. Required. To specify no
|
748
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
749
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
750
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
751
|
+
#
|
752
|
+
# @overload list_violations(parent: nil, interval: nil, page_size: nil, page_token: nil, filter: nil)
|
753
|
+
# Pass arguments to `list_violations` via keyword arguments. Note that at
|
754
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
755
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
756
|
+
#
|
757
|
+
# @param parent [::String]
|
758
|
+
# Required. The Workload name.
|
759
|
+
# Format `organizations/{org_id}/locations/{location}/workloads/{workload}`.
|
760
|
+
# @param interval [::Google::Cloud::AssuredWorkloads::V1::TimeWindow, ::Hash]
|
761
|
+
# Optional. Specifies the time window for retrieving active Violations.
|
762
|
+
# When specified, retrieves Violations that were active between start_time
|
763
|
+
# and end_time.
|
764
|
+
# @param page_size [::Integer]
|
765
|
+
# Optional. Page size.
|
766
|
+
# @param page_token [::String]
|
767
|
+
# Optional. Page token returned from previous request.
|
768
|
+
# @param filter [::String]
|
769
|
+
# Optional. A custom filter for filtering by the Violations properties.
|
770
|
+
#
|
771
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
772
|
+
# @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::AssuredWorkloads::V1::Violation>]
|
773
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
774
|
+
#
|
775
|
+
# @return [::Gapic::PagedEnumerable<::Google::Cloud::AssuredWorkloads::V1::Violation>]
|
776
|
+
#
|
777
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
778
|
+
#
|
779
|
+
# @example Basic example
|
780
|
+
# require "google/cloud/assured_workloads/v1"
|
781
|
+
#
|
782
|
+
# # Create a client object. The client can be reused for multiple calls.
|
783
|
+
# client = Google::Cloud::AssuredWorkloads::V1::AssuredWorkloadsService::Client.new
|
784
|
+
#
|
785
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
786
|
+
# request = Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest.new
|
787
|
+
#
|
788
|
+
# # Call the list_violations method.
|
789
|
+
# result = client.list_violations request
|
790
|
+
#
|
791
|
+
# # The returned object is of type Gapic::PagedEnumerable. You can
|
792
|
+
# # iterate over all elements by calling #each, and the enumerable
|
793
|
+
# # will lazily make API calls to fetch subsequent pages. Other
|
794
|
+
# # methods are also available for managing paging directly.
|
795
|
+
# result.each do |response|
|
796
|
+
# # Each element is of type ::Google::Cloud::AssuredWorkloads::V1::Violation.
|
797
|
+
# p response
|
798
|
+
# end
|
799
|
+
#
|
800
|
+
def list_violations request, options = nil
|
801
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
802
|
+
|
803
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest
|
804
|
+
|
805
|
+
# Converts hash and nil to an options object
|
806
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
807
|
+
|
808
|
+
# Customize the options with defaults
|
809
|
+
metadata = @config.rpcs.list_violations.metadata.to_h
|
810
|
+
|
811
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
812
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
813
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
814
|
+
gapic_version: ::Google::Cloud::AssuredWorkloads::V1::VERSION
|
815
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
816
|
+
|
817
|
+
options.apply_defaults timeout: @config.rpcs.list_violations.timeout,
|
818
|
+
metadata: metadata,
|
819
|
+
retry_policy: @config.rpcs.list_violations.retry_policy
|
820
|
+
|
821
|
+
options.apply_defaults timeout: @config.timeout,
|
822
|
+
metadata: @config.metadata,
|
823
|
+
retry_policy: @config.retry_policy
|
824
|
+
|
825
|
+
@assured_workloads_service_stub.call_rpc :list_violations, request, options: options do |response, operation|
|
826
|
+
response = ::Gapic::PagedEnumerable.new @assured_workloads_service_stub, :list_violations, request, response, operation, options
|
827
|
+
yield response, operation if block_given?
|
828
|
+
return response
|
829
|
+
end
|
830
|
+
rescue ::GRPC::BadStatus => e
|
831
|
+
raise ::Google::Cloud::Error.from_error(e)
|
832
|
+
end
|
833
|
+
|
834
|
+
##
|
835
|
+
# Retrieves Assured Workload Violation based on ID.
|
836
|
+
#
|
837
|
+
# @overload get_violation(request, options = nil)
|
838
|
+
# Pass arguments to `get_violation` via a request object, either of type
|
839
|
+
# {::Google::Cloud::AssuredWorkloads::V1::GetViolationRequest} or an equivalent Hash.
|
840
|
+
#
|
841
|
+
# @param request [::Google::Cloud::AssuredWorkloads::V1::GetViolationRequest, ::Hash]
|
842
|
+
# A request object representing the call parameters. Required. To specify no
|
843
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
844
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
845
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
846
|
+
#
|
847
|
+
# @overload get_violation(name: nil)
|
848
|
+
# Pass arguments to `get_violation` via keyword arguments. Note that at
|
849
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
850
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
851
|
+
#
|
852
|
+
# @param name [::String]
|
853
|
+
# Required. The resource name of the Violation to fetch (ie. Violation.name).
|
854
|
+
# Format:
|
855
|
+
# organizations/\\{organization}/locations/\\{location}/workloads/\\{workload}/violations/\\{violation}
|
856
|
+
#
|
857
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
858
|
+
# @yieldparam response [::Google::Cloud::AssuredWorkloads::V1::Violation]
|
859
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
860
|
+
#
|
861
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::Violation]
|
862
|
+
#
|
863
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
864
|
+
#
|
865
|
+
# @example Basic example
|
866
|
+
# require "google/cloud/assured_workloads/v1"
|
867
|
+
#
|
868
|
+
# # Create a client object. The client can be reused for multiple calls.
|
869
|
+
# client = Google::Cloud::AssuredWorkloads::V1::AssuredWorkloadsService::Client.new
|
870
|
+
#
|
871
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
872
|
+
# request = Google::Cloud::AssuredWorkloads::V1::GetViolationRequest.new
|
873
|
+
#
|
874
|
+
# # Call the get_violation method.
|
875
|
+
# result = client.get_violation request
|
876
|
+
#
|
877
|
+
# # The returned object is of type Google::Cloud::AssuredWorkloads::V1::Violation.
|
878
|
+
# p result
|
879
|
+
#
|
880
|
+
def get_violation request, options = nil
|
881
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
882
|
+
|
883
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AssuredWorkloads::V1::GetViolationRequest
|
884
|
+
|
885
|
+
# Converts hash and nil to an options object
|
886
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
887
|
+
|
888
|
+
# Customize the options with defaults
|
889
|
+
metadata = @config.rpcs.get_violation.metadata.to_h
|
890
|
+
|
891
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
892
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
893
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
894
|
+
gapic_version: ::Google::Cloud::AssuredWorkloads::V1::VERSION
|
895
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
896
|
+
|
897
|
+
options.apply_defaults timeout: @config.rpcs.get_violation.timeout,
|
898
|
+
metadata: metadata,
|
899
|
+
retry_policy: @config.rpcs.get_violation.retry_policy
|
900
|
+
|
901
|
+
options.apply_defaults timeout: @config.timeout,
|
902
|
+
metadata: @config.metadata,
|
903
|
+
retry_policy: @config.retry_policy
|
904
|
+
|
905
|
+
@assured_workloads_service_stub.call_rpc :get_violation, request, options: options do |response, operation|
|
906
|
+
yield response, operation if block_given?
|
907
|
+
return response
|
908
|
+
end
|
909
|
+
rescue ::GRPC::BadStatus => e
|
910
|
+
raise ::Google::Cloud::Error.from_error(e)
|
911
|
+
end
|
912
|
+
|
913
|
+
##
|
914
|
+
# Acknowledges an existing violation. By acknowledging a violation, users
|
915
|
+
# acknowledge the existence of a compliance violation in their workload and
|
916
|
+
# decide to ignore it due to a valid business justification. Acknowledgement
|
917
|
+
# is a permanent operation and it cannot be reverted.
|
918
|
+
#
|
919
|
+
# @overload acknowledge_violation(request, options = nil)
|
920
|
+
# Pass arguments to `acknowledge_violation` via a request object, either of type
|
921
|
+
# {::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest} or an equivalent Hash.
|
922
|
+
#
|
923
|
+
# @param request [::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest, ::Hash]
|
924
|
+
# A request object representing the call parameters. Required. To specify no
|
925
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
926
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
927
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
928
|
+
#
|
929
|
+
# @overload acknowledge_violation(name: nil, comment: nil, non_compliant_org_policy: nil)
|
930
|
+
# Pass arguments to `acknowledge_violation` via keyword arguments. Note that at
|
931
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
932
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
933
|
+
#
|
934
|
+
# @param name [::String]
|
935
|
+
# Required. The resource name of the Violation to acknowledge.
|
936
|
+
# Format:
|
937
|
+
# organizations/\\{organization}/locations/\\{location}/workloads/\\{workload}/violations/\\{violation}
|
938
|
+
# @param comment [::String]
|
939
|
+
# Required. Business justification explaining the need for violation acknowledgement
|
940
|
+
# @param non_compliant_org_policy [::String]
|
941
|
+
# Optional. This field is deprecated and will be removed in future version of the API.
|
942
|
+
# Name of the OrgPolicy which was modified with non-compliant change and
|
943
|
+
# resulted in this violation.
|
944
|
+
# Format:
|
945
|
+
# projects/\\{project_number}/policies/\\{constraint_name}
|
946
|
+
# folders/\\{folder_id}/policies/\\{constraint_name}
|
947
|
+
# organizations/\\{organization_id}/policies/\\{constraint_name}
|
948
|
+
#
|
949
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
950
|
+
# @yieldparam response [::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationResponse]
|
951
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
952
|
+
#
|
953
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationResponse]
|
954
|
+
#
|
955
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
956
|
+
#
|
957
|
+
# @example Basic example
|
958
|
+
# require "google/cloud/assured_workloads/v1"
|
959
|
+
#
|
960
|
+
# # Create a client object. The client can be reused for multiple calls.
|
961
|
+
# client = Google::Cloud::AssuredWorkloads::V1::AssuredWorkloadsService::Client.new
|
962
|
+
#
|
963
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
964
|
+
# request = Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest.new
|
965
|
+
#
|
966
|
+
# # Call the acknowledge_violation method.
|
967
|
+
# result = client.acknowledge_violation request
|
968
|
+
#
|
969
|
+
# # The returned object is of type Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationResponse.
|
970
|
+
# p result
|
971
|
+
#
|
972
|
+
def acknowledge_violation request, options = nil
|
973
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
974
|
+
|
975
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest
|
976
|
+
|
977
|
+
# Converts hash and nil to an options object
|
978
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
979
|
+
|
980
|
+
# Customize the options with defaults
|
981
|
+
metadata = @config.rpcs.acknowledge_violation.metadata.to_h
|
982
|
+
|
983
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
984
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
985
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
986
|
+
gapic_version: ::Google::Cloud::AssuredWorkloads::V1::VERSION
|
987
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
988
|
+
|
989
|
+
options.apply_defaults timeout: @config.rpcs.acknowledge_violation.timeout,
|
990
|
+
metadata: metadata,
|
991
|
+
retry_policy: @config.rpcs.acknowledge_violation.retry_policy
|
992
|
+
|
993
|
+
options.apply_defaults timeout: @config.timeout,
|
994
|
+
metadata: @config.metadata,
|
995
|
+
retry_policy: @config.retry_policy
|
996
|
+
|
997
|
+
@assured_workloads_service_stub.call_rpc :acknowledge_violation, request, options: options do |response, operation|
|
998
|
+
yield response, operation if block_given?
|
999
|
+
return response
|
1000
|
+
end
|
1001
|
+
rescue ::GRPC::BadStatus => e
|
1002
|
+
raise ::Google::Cloud::Error.from_error(e)
|
1003
|
+
end
|
1004
|
+
|
639
1005
|
##
|
640
1006
|
# Configuration class for the AssuredWorkloadsService API.
|
641
1007
|
#
|
@@ -782,6 +1148,11 @@ module Google
|
|
782
1148
|
#
|
783
1149
|
attr_reader :update_workload
|
784
1150
|
##
|
1151
|
+
# RPC-specific configuration for `restrict_allowed_resources`
|
1152
|
+
# @return [::Gapic::Config::Method]
|
1153
|
+
#
|
1154
|
+
attr_reader :restrict_allowed_resources
|
1155
|
+
##
|
785
1156
|
# RPC-specific configuration for `delete_workload`
|
786
1157
|
# @return [::Gapic::Config::Method]
|
787
1158
|
#
|
@@ -796,6 +1167,21 @@ module Google
|
|
796
1167
|
# @return [::Gapic::Config::Method]
|
797
1168
|
#
|
798
1169
|
attr_reader :list_workloads
|
1170
|
+
##
|
1171
|
+
# RPC-specific configuration for `list_violations`
|
1172
|
+
# @return [::Gapic::Config::Method]
|
1173
|
+
#
|
1174
|
+
attr_reader :list_violations
|
1175
|
+
##
|
1176
|
+
# RPC-specific configuration for `get_violation`
|
1177
|
+
# @return [::Gapic::Config::Method]
|
1178
|
+
#
|
1179
|
+
attr_reader :get_violation
|
1180
|
+
##
|
1181
|
+
# RPC-specific configuration for `acknowledge_violation`
|
1182
|
+
# @return [::Gapic::Config::Method]
|
1183
|
+
#
|
1184
|
+
attr_reader :acknowledge_violation
|
799
1185
|
|
800
1186
|
# @private
|
801
1187
|
def initialize parent_rpcs = nil
|
@@ -803,12 +1189,20 @@ module Google
|
|
803
1189
|
@create_workload = ::Gapic::Config::Method.new create_workload_config
|
804
1190
|
update_workload_config = parent_rpcs.update_workload if parent_rpcs.respond_to? :update_workload
|
805
1191
|
@update_workload = ::Gapic::Config::Method.new update_workload_config
|
1192
|
+
restrict_allowed_resources_config = parent_rpcs.restrict_allowed_resources if parent_rpcs.respond_to? :restrict_allowed_resources
|
1193
|
+
@restrict_allowed_resources = ::Gapic::Config::Method.new restrict_allowed_resources_config
|
806
1194
|
delete_workload_config = parent_rpcs.delete_workload if parent_rpcs.respond_to? :delete_workload
|
807
1195
|
@delete_workload = ::Gapic::Config::Method.new delete_workload_config
|
808
1196
|
get_workload_config = parent_rpcs.get_workload if parent_rpcs.respond_to? :get_workload
|
809
1197
|
@get_workload = ::Gapic::Config::Method.new get_workload_config
|
810
1198
|
list_workloads_config = parent_rpcs.list_workloads if parent_rpcs.respond_to? :list_workloads
|
811
1199
|
@list_workloads = ::Gapic::Config::Method.new list_workloads_config
|
1200
|
+
list_violations_config = parent_rpcs.list_violations if parent_rpcs.respond_to? :list_violations
|
1201
|
+
@list_violations = ::Gapic::Config::Method.new list_violations_config
|
1202
|
+
get_violation_config = parent_rpcs.get_violation if parent_rpcs.respond_to? :get_violation
|
1203
|
+
@get_violation = ::Gapic::Config::Method.new get_violation_config
|
1204
|
+
acknowledge_violation_config = parent_rpcs.acknowledge_violation if parent_rpcs.respond_to? :acknowledge_violation
|
1205
|
+
@acknowledge_violation = ::Gapic::Config::Method.new acknowledge_violation_config
|
812
1206
|
|
813
1207
|
yield self if block_given?
|
814
1208
|
end
|
@@ -41,6 +41,27 @@ module Google
|
|
41
41
|
"organizations/#{organization}/locations/#{location}"
|
42
42
|
end
|
43
43
|
|
44
|
+
##
|
45
|
+
# Create a fully-qualified Violation resource string.
|
46
|
+
#
|
47
|
+
# The resource will be in the following format:
|
48
|
+
#
|
49
|
+
# `organizations/{organization}/locations/{location}/workloads/{workload}/violations/{violation}`
|
50
|
+
#
|
51
|
+
# @param organization [String]
|
52
|
+
# @param location [String]
|
53
|
+
# @param workload [String]
|
54
|
+
# @param violation [String]
|
55
|
+
#
|
56
|
+
# @return [::String]
|
57
|
+
def violation_path organization:, location:, workload:, violation:
|
58
|
+
raise ::ArgumentError, "organization cannot contain /" if organization.to_s.include? "/"
|
59
|
+
raise ::ArgumentError, "location cannot contain /" if location.to_s.include? "/"
|
60
|
+
raise ::ArgumentError, "workload cannot contain /" if workload.to_s.include? "/"
|
61
|
+
|
62
|
+
"organizations/#{organization}/locations/#{location}/workloads/#{workload}/violations/#{violation}"
|
63
|
+
end
|
64
|
+
|
44
65
|
##
|
45
66
|
# Create a fully-qualified Workload resource string.
|
46
67
|
#
|
@@ -56,6 +56,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
56
56
|
optional :kaj_enrollment_state, :enum, 17, "google.cloud.assuredworkloads.v1.Workload.KajEnrollmentState"
|
57
57
|
optional :enable_sovereign_controls, :bool, 18
|
58
58
|
optional :saa_enrollment_response, :message, 20, "google.cloud.assuredworkloads.v1.Workload.SaaEnrollmentResponse"
|
59
|
+
repeated :compliant_but_disallowed_services, :string, 24
|
60
|
+
optional :partner, :enum, 25, "google.cloud.assuredworkloads.v1.Workload.Partner"
|
59
61
|
end
|
60
62
|
add_message "google.cloud.assuredworkloads.v1.Workload.ResourceInfo" do
|
61
63
|
optional :resource_id, :int64, 1
|
@@ -64,6 +66,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
64
66
|
add_enum "google.cloud.assuredworkloads.v1.Workload.ResourceInfo.ResourceType" do
|
65
67
|
value :RESOURCE_TYPE_UNSPECIFIED, 0
|
66
68
|
value :CONSUMER_PROJECT, 1
|
69
|
+
value :CONSUMER_FOLDER, 4
|
67
70
|
value :ENCRYPTION_KEYS_PROJECT, 2
|
68
71
|
value :KEYRING, 3
|
69
72
|
end
|
@@ -104,18 +107,108 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
104
107
|
value :EU_REGIONS_AND_SUPPORT, 8
|
105
108
|
value :CA_REGIONS_AND_SUPPORT, 9
|
106
109
|
value :ITAR, 10
|
110
|
+
value :AU_REGIONS_AND_US_SUPPORT, 11
|
111
|
+
value :ASSURED_WORKLOADS_FOR_PARTNERS, 12
|
107
112
|
end
|
108
113
|
add_enum "google.cloud.assuredworkloads.v1.Workload.KajEnrollmentState" do
|
109
114
|
value :KAJ_ENROLLMENT_STATE_UNSPECIFIED, 0
|
110
115
|
value :KAJ_ENROLLMENT_STATE_PENDING, 1
|
111
116
|
value :KAJ_ENROLLMENT_STATE_COMPLETE, 2
|
112
117
|
end
|
118
|
+
add_enum "google.cloud.assuredworkloads.v1.Workload.Partner" do
|
119
|
+
value :PARTNER_UNSPECIFIED, 0
|
120
|
+
value :LOCAL_CONTROLS_BY_S3NS, 1
|
121
|
+
end
|
113
122
|
add_message "google.cloud.assuredworkloads.v1.CreateWorkloadOperationMetadata" do
|
114
123
|
optional :create_time, :message, 1, "google.protobuf.Timestamp"
|
115
124
|
optional :display_name, :string, 2
|
116
125
|
optional :parent, :string, 3
|
117
126
|
optional :compliance_regime, :enum, 4, "google.cloud.assuredworkloads.v1.Workload.ComplianceRegime"
|
118
127
|
end
|
128
|
+
add_message "google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest" do
|
129
|
+
optional :name, :string, 1
|
130
|
+
optional :restriction_type, :enum, 2, "google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest.RestrictionType"
|
131
|
+
end
|
132
|
+
add_enum "google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest.RestrictionType" do
|
133
|
+
value :RESTRICTION_TYPE_UNSPECIFIED, 0
|
134
|
+
value :ALLOW_ALL_GCP_RESOURCES, 1
|
135
|
+
value :ALLOW_COMPLIANT_RESOURCES, 2
|
136
|
+
end
|
137
|
+
add_message "google.cloud.assuredworkloads.v1.RestrictAllowedResourcesResponse" do
|
138
|
+
end
|
139
|
+
add_message "google.cloud.assuredworkloads.v1.AcknowledgeViolationRequest" do
|
140
|
+
optional :name, :string, 1
|
141
|
+
optional :comment, :string, 2
|
142
|
+
optional :non_compliant_org_policy, :string, 3
|
143
|
+
end
|
144
|
+
add_message "google.cloud.assuredworkloads.v1.AcknowledgeViolationResponse" do
|
145
|
+
end
|
146
|
+
add_message "google.cloud.assuredworkloads.v1.TimeWindow" do
|
147
|
+
optional :start_time, :message, 1, "google.protobuf.Timestamp"
|
148
|
+
optional :end_time, :message, 2, "google.protobuf.Timestamp"
|
149
|
+
end
|
150
|
+
add_message "google.cloud.assuredworkloads.v1.ListViolationsRequest" do
|
151
|
+
optional :parent, :string, 1
|
152
|
+
optional :interval, :message, 2, "google.cloud.assuredworkloads.v1.TimeWindow"
|
153
|
+
optional :page_size, :int32, 3
|
154
|
+
optional :page_token, :string, 4
|
155
|
+
optional :filter, :string, 5
|
156
|
+
end
|
157
|
+
add_message "google.cloud.assuredworkloads.v1.ListViolationsResponse" do
|
158
|
+
repeated :violations, :message, 1, "google.cloud.assuredworkloads.v1.Violation"
|
159
|
+
optional :next_page_token, :string, 2
|
160
|
+
end
|
161
|
+
add_message "google.cloud.assuredworkloads.v1.GetViolationRequest" do
|
162
|
+
optional :name, :string, 1
|
163
|
+
end
|
164
|
+
add_message "google.cloud.assuredworkloads.v1.Violation" do
|
165
|
+
optional :name, :string, 1
|
166
|
+
optional :description, :string, 2
|
167
|
+
optional :begin_time, :message, 3, "google.protobuf.Timestamp"
|
168
|
+
optional :update_time, :message, 4, "google.protobuf.Timestamp"
|
169
|
+
optional :resolve_time, :message, 5, "google.protobuf.Timestamp"
|
170
|
+
optional :category, :string, 6
|
171
|
+
optional :state, :enum, 7, "google.cloud.assuredworkloads.v1.Violation.State"
|
172
|
+
optional :org_policy_constraint, :string, 8
|
173
|
+
optional :audit_log_link, :string, 11
|
174
|
+
optional :non_compliant_org_policy, :string, 12
|
175
|
+
optional :remediation, :message, 13, "google.cloud.assuredworkloads.v1.Violation.Remediation"
|
176
|
+
optional :acknowledged, :bool, 14
|
177
|
+
proto3_optional :acknowledgement_time, :message, 15, "google.protobuf.Timestamp"
|
178
|
+
optional :exception_audit_log_link, :string, 16
|
179
|
+
end
|
180
|
+
add_message "google.cloud.assuredworkloads.v1.Violation.Remediation" do
|
181
|
+
optional :instructions, :message, 1, "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions"
|
182
|
+
repeated :compliant_values, :string, 2
|
183
|
+
optional :remediation_type, :enum, 3, "google.cloud.assuredworkloads.v1.Violation.Remediation.RemediationType"
|
184
|
+
end
|
185
|
+
add_message "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions" do
|
186
|
+
optional :gcloud_instructions, :message, 1, "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Gcloud"
|
187
|
+
optional :console_instructions, :message, 2, "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Console"
|
188
|
+
end
|
189
|
+
add_message "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Gcloud" do
|
190
|
+
repeated :gcloud_commands, :string, 1
|
191
|
+
repeated :steps, :string, 2
|
192
|
+
repeated :additional_links, :string, 3
|
193
|
+
end
|
194
|
+
add_message "google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Console" do
|
195
|
+
repeated :console_uris, :string, 1
|
196
|
+
repeated :steps, :string, 2
|
197
|
+
repeated :additional_links, :string, 3
|
198
|
+
end
|
199
|
+
add_enum "google.cloud.assuredworkloads.v1.Violation.Remediation.RemediationType" do
|
200
|
+
value :REMEDIATION_TYPE_UNSPECIFIED, 0
|
201
|
+
value :REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION, 1
|
202
|
+
value :REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION, 2
|
203
|
+
value :REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION, 3
|
204
|
+
value :REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION, 4
|
205
|
+
end
|
206
|
+
add_enum "google.cloud.assuredworkloads.v1.Violation.State" do
|
207
|
+
value :STATE_UNSPECIFIED, 0
|
208
|
+
value :RESOLVED, 2
|
209
|
+
value :UNRESOLVED, 3
|
210
|
+
value :EXCEPTION, 4
|
211
|
+
end
|
119
212
|
end
|
120
213
|
end
|
121
214
|
|
@@ -139,7 +232,24 @@ module Google
|
|
139
232
|
Workload::SaaEnrollmentResponse::SetupError = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Workload.SaaEnrollmentResponse.SetupError").enummodule
|
140
233
|
Workload::ComplianceRegime = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Workload.ComplianceRegime").enummodule
|
141
234
|
Workload::KajEnrollmentState = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Workload.KajEnrollmentState").enummodule
|
235
|
+
Workload::Partner = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Workload.Partner").enummodule
|
142
236
|
CreateWorkloadOperationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.CreateWorkloadOperationMetadata").msgclass
|
237
|
+
RestrictAllowedResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest").msgclass
|
238
|
+
RestrictAllowedResourcesRequest::RestrictionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.RestrictAllowedResourcesRequest.RestrictionType").enummodule
|
239
|
+
RestrictAllowedResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.RestrictAllowedResourcesResponse").msgclass
|
240
|
+
AcknowledgeViolationRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.AcknowledgeViolationRequest").msgclass
|
241
|
+
AcknowledgeViolationResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.AcknowledgeViolationResponse").msgclass
|
242
|
+
TimeWindow = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.TimeWindow").msgclass
|
243
|
+
ListViolationsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.ListViolationsRequest").msgclass
|
244
|
+
ListViolationsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.ListViolationsResponse").msgclass
|
245
|
+
GetViolationRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.GetViolationRequest").msgclass
|
246
|
+
Violation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation").msgclass
|
247
|
+
Violation::Remediation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation").msgclass
|
248
|
+
Violation::Remediation::Instructions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions").msgclass
|
249
|
+
Violation::Remediation::Instructions::Gcloud = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Gcloud").msgclass
|
250
|
+
Violation::Remediation::Instructions::Console = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation.Instructions.Console").msgclass
|
251
|
+
Violation::Remediation::RemediationType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.Remediation.RemediationType").enummodule
|
252
|
+
Violation::State = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.assuredworkloads.v1.Violation.State").enummodule
|
143
253
|
end
|
144
254
|
end
|
145
255
|
end
|
@@ -40,6 +40,13 @@ module Google
|
|
40
40
|
# For force updates don't set etag field in the Workload.
|
41
41
|
# Only one update operation per workload can be in progress.
|
42
42
|
rpc :UpdateWorkload, ::Google::Cloud::AssuredWorkloads::V1::UpdateWorkloadRequest, ::Google::Cloud::AssuredWorkloads::V1::Workload
|
43
|
+
# Restrict the list of resources allowed in the Workload environment.
|
44
|
+
# The current list of allowed products can be found at
|
45
|
+
# https://cloud.google.com/assured-workloads/docs/supported-products
|
46
|
+
# In addition to assuredworkloads.workload.update permission, the user should
|
47
|
+
# also have orgpolicy.policy.set permission on the folder resource
|
48
|
+
# to use this functionality.
|
49
|
+
rpc :RestrictAllowedResources, ::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest, ::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesResponse
|
43
50
|
# Deletes the workload. Make sure that workload's direct children are already
|
44
51
|
# in a deleted state, otherwise the request will fail with a
|
45
52
|
# FAILED_PRECONDITION error.
|
@@ -48,6 +55,19 @@ module Google
|
|
48
55
|
rpc :GetWorkload, ::Google::Cloud::AssuredWorkloads::V1::GetWorkloadRequest, ::Google::Cloud::AssuredWorkloads::V1::Workload
|
49
56
|
# Lists Assured Workloads under a CRM Node.
|
50
57
|
rpc :ListWorkloads, ::Google::Cloud::AssuredWorkloads::V1::ListWorkloadsRequest, ::Google::Cloud::AssuredWorkloads::V1::ListWorkloadsResponse
|
58
|
+
# Lists the Violations in the AssuredWorkload Environment.
|
59
|
+
# Callers may also choose to read across multiple Workloads as per
|
60
|
+
# [AIP-159](https://google.aip.dev/159) by using '-' (the hyphen or dash
|
61
|
+
# character) as a wildcard character instead of workload-id in the parent.
|
62
|
+
# Format `organizations/{org_id}/locations/{location}/workloads/-`
|
63
|
+
rpc :ListViolations, ::Google::Cloud::AssuredWorkloads::V1::ListViolationsRequest, ::Google::Cloud::AssuredWorkloads::V1::ListViolationsResponse
|
64
|
+
# Retrieves Assured Workload Violation based on ID.
|
65
|
+
rpc :GetViolation, ::Google::Cloud::AssuredWorkloads::V1::GetViolationRequest, ::Google::Cloud::AssuredWorkloads::V1::Violation
|
66
|
+
# Acknowledges an existing violation. By acknowledging a violation, users
|
67
|
+
# acknowledge the existence of a compliance violation in their workload and
|
68
|
+
# decide to ignore it due to a valid business justification. Acknowledgement
|
69
|
+
# is a permanent operation and it cannot be reverted.
|
70
|
+
rpc :AcknowledgeViolation, ::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationRequest, ::Google::Cloud::AssuredWorkloads::V1::AcknowledgeViolationResponse
|
51
71
|
end
|
52
72
|
|
53
73
|
Stub = Service.rpc_stub_class
|
@@ -31,8 +31,8 @@ module Google
|
|
31
31
|
# Required. Assured Workload to create
|
32
32
|
# @!attribute [rw] external_id
|
33
33
|
# @return [::String]
|
34
|
-
# Optional. A identifier associated with the workload and underlying projects
|
35
|
-
#
|
34
|
+
# Optional. A identifier associated with the workload and underlying projects which
|
35
|
+
# allows for the break down of billing costs for a workload. The value
|
36
36
|
# provided for the identifier will add a label to the workload and contained
|
37
37
|
# projects with the identifier as the value.
|
38
38
|
class CreateWorkloadRequest
|
@@ -44,7 +44,7 @@ module Google
|
|
44
44
|
# @!attribute [rw] workload
|
45
45
|
# @return [::Google::Cloud::AssuredWorkloads::V1::Workload]
|
46
46
|
# Required. The workload to update.
|
47
|
-
# The workload
|
47
|
+
# The workload's `name` field is used to identify the workload to be updated.
|
48
48
|
# Format:
|
49
49
|
# organizations/\\{org_id}/locations/\\{location_id}/workloads/\\{workload_id}
|
50
50
|
# @!attribute [rw] update_mask
|
@@ -73,8 +73,8 @@ module Google
|
|
73
73
|
# Request for fetching a workload.
|
74
74
|
# @!attribute [rw] name
|
75
75
|
# @return [::String]
|
76
|
-
# Required. The resource name of the Workload to fetch. This is the
|
77
|
-
#
|
76
|
+
# Required. The resource name of the Workload to fetch. This is the workload's
|
77
|
+
# relative path in the API, formatted as
|
78
78
|
# "organizations/\\{organization_id}/locations/\\{location_id}/workloads/\\{workload_id}".
|
79
79
|
# For example,
|
80
80
|
# "organizations/123/locations/us-east1/workloads/assured-workload-1".
|
@@ -117,7 +117,7 @@ module Google
|
|
117
117
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
118
118
|
end
|
119
119
|
|
120
|
-
#
|
120
|
+
# A Workload object for managing highly regulated workloads of cloud
|
121
121
|
# customers.
|
122
122
|
# @!attribute [rw] name
|
123
123
|
# @return [::String]
|
@@ -148,7 +148,7 @@ module Google
|
|
148
148
|
# Output only. Immutable. The Workload creation timestamp.
|
149
149
|
# @!attribute [rw] billing_account
|
150
150
|
# @return [::String]
|
151
|
-
#
|
151
|
+
# Optional. The billing account used for the resources which are
|
152
152
|
# direct children of workload. This billing account is initially associated
|
153
153
|
# with the resources created as part of Workload creation.
|
154
154
|
# After the initial creation of these resources, the customer can change
|
@@ -165,22 +165,24 @@ module Google
|
|
165
165
|
# Optional. Labels applied to the workload.
|
166
166
|
# @!attribute [rw] provisioned_resources_parent
|
167
167
|
# @return [::String]
|
168
|
-
# Input only. The parent resource for the resources managed by this Assured
|
169
|
-
#
|
168
|
+
# Input only. The parent resource for the resources managed by this Assured Workload. May
|
169
|
+
# be either empty or a folder resource which is a child of the
|
170
170
|
# Workload parent. If not specified all resources are created under the
|
171
171
|
# parent organization.
|
172
172
|
# Format:
|
173
173
|
# folders/\\{folder_id}
|
174
174
|
# @!attribute [rw] kms_settings
|
175
175
|
# @return [::Google::Cloud::AssuredWorkloads::V1::Workload::KMSSettings]
|
176
|
-
# Input only. Settings used to create a CMEK crypto key. When set a project
|
177
|
-
#
|
178
|
-
#
|
176
|
+
# Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS
|
177
|
+
# CMEK key is provisioned.
|
178
|
+
# This field is deprecated as of Feb 28, 2022.
|
179
|
+
# In order to create a Keyring, callers should specify,
|
180
|
+
# ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
|
179
181
|
# @!attribute [rw] resource_settings
|
180
182
|
# @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceSettings>]
|
181
|
-
# Input only. Resource properties that are used to customize workload
|
182
|
-
#
|
183
|
-
#
|
183
|
+
# Input only. Resource properties that are used to customize workload resources.
|
184
|
+
# These properties (such as custom project id) will be used to create
|
185
|
+
# workload resources if possible. This field is optional.
|
184
186
|
# @!attribute [r] kaj_enrollment_state
|
185
187
|
# @return [::Google::Cloud::AssuredWorkloads::V1::Workload::KajEnrollmentState]
|
186
188
|
# Output only. Represents the KAJ enrollment state of the given workload.
|
@@ -193,6 +195,15 @@ module Google
|
|
193
195
|
# Output only. Represents the SAA enrollment response of the given workload.
|
194
196
|
# SAA enrollment response is queried during GetWorkload call.
|
195
197
|
# In failure cases, user friendly error message is shown in SAA details page.
|
198
|
+
# @!attribute [r] compliant_but_disallowed_services
|
199
|
+
# @return [::Array<::String>]
|
200
|
+
# Output only. Urls for services which are compliant for this Assured Workload, but which
|
201
|
+
# are currently disallowed by the ResourceUsageRestriction org policy.
|
202
|
+
# Invoke RestrictAllowedResources endpoint to allow your project developers
|
203
|
+
# to use these services in their environment."
|
204
|
+
# @!attribute [rw] partner
|
205
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::Workload::Partner]
|
206
|
+
# Optional. Compliance Regime associated with this workload.
|
196
207
|
class Workload
|
197
208
|
include ::Google::Protobuf::MessageExts
|
198
209
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -215,8 +226,15 @@ module Google
|
|
215
226
|
RESOURCE_TYPE_UNSPECIFIED = 0
|
216
227
|
|
217
228
|
# Consumer project.
|
229
|
+
# AssuredWorkloads Projects are no longer supported. This field will be
|
230
|
+
# ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
|
231
|
+
# will continue to provide projects information.
|
232
|
+
# Use CONSUMER_FOLDER instead.
|
218
233
|
CONSUMER_PROJECT = 1
|
219
234
|
|
235
|
+
# Consumer Folder.
|
236
|
+
CONSUMER_FOLDER = 4
|
237
|
+
|
220
238
|
# Consumer project containing encryption keys.
|
221
239
|
ENCRYPTION_KEYS_PROJECT = 2
|
222
240
|
|
@@ -226,16 +244,18 @@ module Google
|
|
226
244
|
end
|
227
245
|
|
228
246
|
# Settings specific to the Key Management Service.
|
247
|
+
# This message is deprecated.
|
248
|
+
# In order to create a Keyring, callers should specify,
|
249
|
+
# ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
|
229
250
|
# @!attribute [rw] next_rotation_time
|
230
251
|
# @return [::Google::Protobuf::Timestamp]
|
231
|
-
# Required. Input only. Immutable. The time at which the Key Management
|
232
|
-
#
|
233
|
-
# mark it as the primary.
|
252
|
+
# Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
|
253
|
+
# new version of the crypto key and mark it as the primary.
|
234
254
|
# @!attribute [rw] rotation_period
|
235
255
|
# @return [::Google::Protobuf::Duration]
|
236
|
-
# Required. Input only. Immutable. [next_rotation_time] will be advanced by
|
237
|
-
#
|
238
|
-
#
|
256
|
+
# Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
|
257
|
+
# Management Service automatically rotates a key. Must be at least 24 hours
|
258
|
+
# and at most 876,000 hours.
|
239
259
|
class KMSSettings
|
240
260
|
include ::Google::Protobuf::MessageExts
|
241
261
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -247,10 +267,12 @@ module Google
|
|
247
267
|
# Resource identifier.
|
248
268
|
# For a project this represents project_id. If the project is already
|
249
269
|
# taken, the workload creation will fail.
|
270
|
+
# For KeyRing, this represents the keyring_id.
|
271
|
+
# For a folder, don't set this value as folder_id is assigned by Google.
|
250
272
|
# @!attribute [rw] resource_type
|
251
273
|
# @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
|
252
274
|
# Indicates the type of resource. This field should be specified to
|
253
|
-
# correspond the id to the right
|
275
|
+
# correspond the id to the right resource type (CONSUMER_FOLDER or
|
254
276
|
# ENCRYPTION_KEYS_PROJECT)
|
255
277
|
# @!attribute [rw] display_name
|
256
278
|
# @return [::String]
|
@@ -350,6 +372,14 @@ module Google
|
|
350
372
|
|
351
373
|
# International Traffic in Arms Regulations
|
352
374
|
ITAR = 10
|
375
|
+
|
376
|
+
# Assured Workloads for Australia Regions and Support controls
|
377
|
+
# Available for public preview consumption.
|
378
|
+
# Don't create production workloads.
|
379
|
+
AU_REGIONS_AND_US_SUPPORT = 11
|
380
|
+
|
381
|
+
# Assured Workloads for Partners
|
382
|
+
ASSURED_WORKLOADS_FOR_PARTNERS = 12
|
353
383
|
end
|
354
384
|
|
355
385
|
# Key Access Justifications(KAJ) Enrollment State.
|
@@ -363,6 +393,15 @@ module Google
|
|
363
393
|
# Complete State for KAJ Enrollment.
|
364
394
|
KAJ_ENROLLMENT_STATE_COMPLETE = 2
|
365
395
|
end
|
396
|
+
|
397
|
+
# Supported Assured Workloads Partners.
|
398
|
+
module Partner
|
399
|
+
# Unknown partner regime/controls.
|
400
|
+
PARTNER_UNSPECIFIED = 0
|
401
|
+
|
402
|
+
# S3NS regime/controls.
|
403
|
+
LOCAL_CONTROLS_BY_S3NS = 1
|
404
|
+
end
|
366
405
|
end
|
367
406
|
|
368
407
|
# Operation metadata to give request details of CreateWorkload.
|
@@ -377,12 +416,301 @@ module Google
|
|
377
416
|
# Optional. The parent of the workload.
|
378
417
|
# @!attribute [rw] compliance_regime
|
379
418
|
# @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ComplianceRegime]
|
380
|
-
# Optional. Compliance controls that should be applied to the resources
|
381
|
-
#
|
419
|
+
# Optional. Compliance controls that should be applied to the resources managed by
|
420
|
+
# the workload.
|
382
421
|
class CreateWorkloadOperationMetadata
|
383
422
|
include ::Google::Protobuf::MessageExts
|
384
423
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
385
424
|
end
|
425
|
+
|
426
|
+
# Request for restricting list of available resources in Workload environment.
|
427
|
+
# @!attribute [rw] name
|
428
|
+
# @return [::String]
|
429
|
+
# Required. The resource name of the Workload. This is the workloads's
|
430
|
+
# relative path in the API, formatted as
|
431
|
+
# "organizations/\\{organization_id}/locations/\\{location_id}/workloads/\\{workload_id}".
|
432
|
+
# For example,
|
433
|
+
# "organizations/123/locations/us-east1/workloads/assured-workload-1".
|
434
|
+
# @!attribute [rw] restriction_type
|
435
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::RestrictAllowedResourcesRequest::RestrictionType]
|
436
|
+
# Required. The type of restriction for using gcp products in the Workload environment.
|
437
|
+
class RestrictAllowedResourcesRequest
|
438
|
+
include ::Google::Protobuf::MessageExts
|
439
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
440
|
+
|
441
|
+
# The type of restriction.
|
442
|
+
module RestrictionType
|
443
|
+
# Unknown restriction type.
|
444
|
+
RESTRICTION_TYPE_UNSPECIFIED = 0
|
445
|
+
|
446
|
+
# Allow the use all of all gcp products, irrespective of the compliance
|
447
|
+
# posture. This effectively removes gcp.restrictServiceUsage OrgPolicy
|
448
|
+
# on the AssuredWorkloads Folder.
|
449
|
+
ALLOW_ALL_GCP_RESOURCES = 1
|
450
|
+
|
451
|
+
# Based on Workload's compliance regime, allowed list changes.
|
452
|
+
# See - https://cloud.google.com/assured-workloads/docs/supported-products
|
453
|
+
# for the list of supported resources.
|
454
|
+
ALLOW_COMPLIANT_RESOURCES = 2
|
455
|
+
end
|
456
|
+
end
|
457
|
+
|
458
|
+
# Response for restricting the list of allowed resources.
|
459
|
+
class RestrictAllowedResourcesResponse
|
460
|
+
include ::Google::Protobuf::MessageExts
|
461
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
462
|
+
end
|
463
|
+
|
464
|
+
# Request for acknowledging the violation
|
465
|
+
# Next Id: 4
|
466
|
+
# @!attribute [rw] name
|
467
|
+
# @return [::String]
|
468
|
+
# Required. The resource name of the Violation to acknowledge.
|
469
|
+
# Format:
|
470
|
+
# organizations/\\{organization}/locations/\\{location}/workloads/\\{workload}/violations/\\{violation}
|
471
|
+
# @!attribute [rw] comment
|
472
|
+
# @return [::String]
|
473
|
+
# Required. Business justification explaining the need for violation acknowledgement
|
474
|
+
# @!attribute [rw] non_compliant_org_policy
|
475
|
+
# @return [::String]
|
476
|
+
# Optional. This field is deprecated and will be removed in future version of the API.
|
477
|
+
# Name of the OrgPolicy which was modified with non-compliant change and
|
478
|
+
# resulted in this violation.
|
479
|
+
# Format:
|
480
|
+
# projects/\\{project_number}/policies/\\{constraint_name}
|
481
|
+
# folders/\\{folder_id}/policies/\\{constraint_name}
|
482
|
+
# organizations/\\{organization_id}/policies/\\{constraint_name}
|
483
|
+
class AcknowledgeViolationRequest
|
484
|
+
include ::Google::Protobuf::MessageExts
|
485
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
486
|
+
end
|
487
|
+
|
488
|
+
# Response for violation acknowledgement
|
489
|
+
class AcknowledgeViolationResponse
|
490
|
+
include ::Google::Protobuf::MessageExts
|
491
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
492
|
+
end
|
493
|
+
|
494
|
+
# Interval defining a time window.
|
495
|
+
# @!attribute [rw] start_time
|
496
|
+
# @return [::Google::Protobuf::Timestamp]
|
497
|
+
# The start of the time window.
|
498
|
+
# @!attribute [rw] end_time
|
499
|
+
# @return [::Google::Protobuf::Timestamp]
|
500
|
+
# The end of the time window.
|
501
|
+
class TimeWindow
|
502
|
+
include ::Google::Protobuf::MessageExts
|
503
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
504
|
+
end
|
505
|
+
|
506
|
+
# Request for fetching violations in an organization.
|
507
|
+
# @!attribute [rw] parent
|
508
|
+
# @return [::String]
|
509
|
+
# Required. The Workload name.
|
510
|
+
# Format `organizations/{org_id}/locations/{location}/workloads/{workload}`.
|
511
|
+
# @!attribute [rw] interval
|
512
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::TimeWindow]
|
513
|
+
# Optional. Specifies the time window for retrieving active Violations.
|
514
|
+
# When specified, retrieves Violations that were active between start_time
|
515
|
+
# and end_time.
|
516
|
+
# @!attribute [rw] page_size
|
517
|
+
# @return [::Integer]
|
518
|
+
# Optional. Page size.
|
519
|
+
# @!attribute [rw] page_token
|
520
|
+
# @return [::String]
|
521
|
+
# Optional. Page token returned from previous request.
|
522
|
+
# @!attribute [rw] filter
|
523
|
+
# @return [::String]
|
524
|
+
# Optional. A custom filter for filtering by the Violations properties.
|
525
|
+
class ListViolationsRequest
|
526
|
+
include ::Google::Protobuf::MessageExts
|
527
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
528
|
+
end
|
529
|
+
|
530
|
+
# Response of ListViolations endpoint.
|
531
|
+
# @!attribute [rw] violations
|
532
|
+
# @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Violation>]
|
533
|
+
# List of Violations under a Workload.
|
534
|
+
# @!attribute [rw] next_page_token
|
535
|
+
# @return [::String]
|
536
|
+
# The next page token. Returns empty if reached the last page.
|
537
|
+
class ListViolationsResponse
|
538
|
+
include ::Google::Protobuf::MessageExts
|
539
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
540
|
+
end
|
541
|
+
|
542
|
+
# Request for fetching a Workload Violation.
|
543
|
+
# @!attribute [rw] name
|
544
|
+
# @return [::String]
|
545
|
+
# Required. The resource name of the Violation to fetch (ie. Violation.name).
|
546
|
+
# Format:
|
547
|
+
# organizations/\\{organization}/locations/\\{location}/workloads/\\{workload}/violations/\\{violation}
|
548
|
+
class GetViolationRequest
|
549
|
+
include ::Google::Protobuf::MessageExts
|
550
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
551
|
+
end
|
552
|
+
|
553
|
+
# Workload monitoring Violation.
|
554
|
+
# @!attribute [r] name
|
555
|
+
# @return [::String]
|
556
|
+
# Output only. Immutable. Name of the Violation.
|
557
|
+
# Format:
|
558
|
+
# organizations/\\{organization}/locations/\\{location}/workloads/\\{workload_id}/violations/\\{violations_id}
|
559
|
+
# @!attribute [r] description
|
560
|
+
# @return [::String]
|
561
|
+
# Output only. Description for the Violation.
|
562
|
+
# e.g. OrgPolicy gcp.resourceLocations has non compliant value.
|
563
|
+
# @!attribute [r] begin_time
|
564
|
+
# @return [::Google::Protobuf::Timestamp]
|
565
|
+
# Output only. Time of the event which triggered the Violation.
|
566
|
+
# @!attribute [r] update_time
|
567
|
+
# @return [::Google::Protobuf::Timestamp]
|
568
|
+
# Output only. The last time when the Violation record was updated.
|
569
|
+
# @!attribute [r] resolve_time
|
570
|
+
# @return [::Google::Protobuf::Timestamp]
|
571
|
+
# Output only. Time of the event which fixed the Violation.
|
572
|
+
# If the violation is ACTIVE this will be empty.
|
573
|
+
# @!attribute [r] category
|
574
|
+
# @return [::String]
|
575
|
+
# Output only. Category under which this violation is mapped.
|
576
|
+
# e.g. Location, Service Usage, Access, Encryption, etc.
|
577
|
+
# @!attribute [r] state
|
578
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::Violation::State]
|
579
|
+
# Output only. State of the violation
|
580
|
+
# @!attribute [r] org_policy_constraint
|
581
|
+
# @return [::String]
|
582
|
+
# Output only. Immutable. The org-policy-constraint that was incorrectly changed, which resulted in
|
583
|
+
# this violation.
|
584
|
+
# @!attribute [r] audit_log_link
|
585
|
+
# @return [::String]
|
586
|
+
# Output only. Immutable. Audit Log Link for violated resource
|
587
|
+
# Format:
|
588
|
+
# https://console.cloud.google.com/logs/query;query=\\{logName}\\{protoPayload.resourceName}\\{timeRange}\\{folder}
|
589
|
+
# @!attribute [r] non_compliant_org_policy
|
590
|
+
# @return [::String]
|
591
|
+
# Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and
|
592
|
+
# resulted this violation.
|
593
|
+
# Format:
|
594
|
+
# projects/\\{project_number}/policies/\\{constraint_name}
|
595
|
+
# folders/\\{folder_id}/policies/\\{constraint_name}
|
596
|
+
# organizations/\\{organization_id}/policies/\\{constraint_name}
|
597
|
+
# @!attribute [r] remediation
|
598
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation]
|
599
|
+
# Output only. Compliance violation remediation
|
600
|
+
# @!attribute [r] acknowledged
|
601
|
+
# @return [::Boolean]
|
602
|
+
# Output only. A boolean that indicates if the violation is acknowledged
|
603
|
+
# @!attribute [rw] acknowledgement_time
|
604
|
+
# @return [::Google::Protobuf::Timestamp]
|
605
|
+
# Optional. Timestamp when this violation was acknowledged last.
|
606
|
+
# This will be absent when acknowledged field is marked as false.
|
607
|
+
# @!attribute [r] exception_audit_log_link
|
608
|
+
# @return [::String]
|
609
|
+
# Output only. Immutable. Audit Log link to find business justification provided for violation
|
610
|
+
# exception. Format:
|
611
|
+
# https://console.cloud.google.com/logs/query;query=\\{logName}\\{protoPayload.resourceName}\\{protoPayload.methodName}\\{timeRange}\\{organization}
|
612
|
+
class Violation
|
613
|
+
include ::Google::Protobuf::MessageExts
|
614
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
615
|
+
|
616
|
+
# Represents remediation guidance to resolve compliance violation for
|
617
|
+
# AssuredWorkload
|
618
|
+
# @!attribute [rw] instructions
|
619
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation::Instructions]
|
620
|
+
# Required. Remediation instructions to resolve violations
|
621
|
+
# @!attribute [rw] compliant_values
|
622
|
+
# @return [::Array<::String>]
|
623
|
+
# Values that can resolve the violation
|
624
|
+
# For example: for list org policy violations, this will either be the list
|
625
|
+
# of allowed or denied values
|
626
|
+
# @!attribute [r] remediation_type
|
627
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation::RemediationType]
|
628
|
+
# Output only. Reemediation type based on the type of org policy values violated
|
629
|
+
class Remediation
|
630
|
+
include ::Google::Protobuf::MessageExts
|
631
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
632
|
+
|
633
|
+
# Instructions to remediate violation
|
634
|
+
# @!attribute [rw] gcloud_instructions
|
635
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation::Instructions::Gcloud]
|
636
|
+
# Remediation instructions to resolve violation via gcloud cli
|
637
|
+
# @!attribute [rw] console_instructions
|
638
|
+
# @return [::Google::Cloud::AssuredWorkloads::V1::Violation::Remediation::Instructions::Console]
|
639
|
+
# Remediation instructions to resolve violation via cloud console
|
640
|
+
class Instructions
|
641
|
+
include ::Google::Protobuf::MessageExts
|
642
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
643
|
+
|
644
|
+
# Remediation instructions to resolve violation via gcloud cli
|
645
|
+
# @!attribute [rw] gcloud_commands
|
646
|
+
# @return [::Array<::String>]
|
647
|
+
# Gcloud command to resolve violation
|
648
|
+
# @!attribute [rw] steps
|
649
|
+
# @return [::Array<::String>]
|
650
|
+
# Steps to resolve violation via gcloud cli
|
651
|
+
# @!attribute [rw] additional_links
|
652
|
+
# @return [::Array<::String>]
|
653
|
+
# Additional urls for more information about steps
|
654
|
+
class Gcloud
|
655
|
+
include ::Google::Protobuf::MessageExts
|
656
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
657
|
+
end
|
658
|
+
|
659
|
+
# Remediation instructions to resolve violation via cloud console
|
660
|
+
# @!attribute [rw] console_uris
|
661
|
+
# @return [::Array<::String>]
|
662
|
+
# Link to console page where violations can be resolved
|
663
|
+
# @!attribute [rw] steps
|
664
|
+
# @return [::Array<::String>]
|
665
|
+
# Steps to resolve violation via cloud console
|
666
|
+
# @!attribute [rw] additional_links
|
667
|
+
# @return [::Array<::String>]
|
668
|
+
# Additional urls for more information about steps
|
669
|
+
class Console
|
670
|
+
include ::Google::Protobuf::MessageExts
|
671
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
672
|
+
end
|
673
|
+
end
|
674
|
+
|
675
|
+
# Classifying remediation into various types based on the kind of
|
676
|
+
# violation. For example, violations caused due to changes in boolean org
|
677
|
+
# policy requires different remediation instructions compared to violation
|
678
|
+
# caused due to changes in allowed values of list org policy.
|
679
|
+
module RemediationType
|
680
|
+
# Unspecified remediation type
|
681
|
+
REMEDIATION_TYPE_UNSPECIFIED = 0
|
682
|
+
|
683
|
+
# Remediation type for boolean org policy
|
684
|
+
REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION = 1
|
685
|
+
|
686
|
+
# Remediation type for list org policy which have allowed values in the
|
687
|
+
# monitoring rule
|
688
|
+
REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION = 2
|
689
|
+
|
690
|
+
# Remediation type for list org policy which have denied values in the
|
691
|
+
# monitoring rule
|
692
|
+
REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION = 3
|
693
|
+
|
694
|
+
# Remediation type for gcp.restrictCmekCryptoKeyProjects
|
695
|
+
REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION = 4
|
696
|
+
end
|
697
|
+
end
|
698
|
+
|
699
|
+
# Violation State Values
|
700
|
+
module State
|
701
|
+
# Unspecified state.
|
702
|
+
STATE_UNSPECIFIED = 0
|
703
|
+
|
704
|
+
# Violation is resolved.
|
705
|
+
RESOLVED = 2
|
706
|
+
|
707
|
+
# Violation is Unresolved
|
708
|
+
UNRESOLVED = 3
|
709
|
+
|
710
|
+
# Violation is Exception
|
711
|
+
EXCEPTION = 4
|
712
|
+
end
|
713
|
+
end
|
386
714
|
end
|
387
715
|
end
|
388
716
|
end
|
@@ -26,8 +26,6 @@ module Google
|
|
26
26
|
# service Foo {
|
27
27
|
# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
|
28
28
|
# }
|
29
|
-
#
|
30
|
-
# The JSON representation for `Empty` is empty JSON object `{}`.
|
31
29
|
class Empty
|
32
30
|
include ::Google::Protobuf::MessageExts
|
33
31
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-assured_workloads-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|
@@ -16,7 +16,7 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '0.
|
19
|
+
version: '0.12'
|
20
20
|
- - "<"
|
21
21
|
- !ruby/object:Gem::Version
|
22
22
|
version: 2.a
|
@@ -26,7 +26,7 @@ dependencies:
|
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version: '0.
|
29
|
+
version: '0.12'
|
30
30
|
- - "<"
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: 2.a
|