google-cloud-workload_manager-v1 0.a → 0.1.0

data/proto_docs/google/cloud/workloadmanager/v1/service.rb

@@ -0,0 +1,991 @@
+# frozen_string_literal: true
+
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module WorkloadManager
+      module V1
+        # Represents a Workload Manager Evaluation configuration.
+        # An Evaluation defines a set of rules to be validated against a scope
+        # of Cloud resources.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Name of resource that has the form
+        #     `projects/{project_id}/locations/{location_id}/evaluations/{evaluation_id}`.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Description of the Evaluation.
+        # @!attribute [rw] resource_filter
+        #   @return [::Google::Cloud::WorkloadManager::V1::ResourceFilter]
+        #     Resource filter for an evaluation defining the scope of resources to be
+        #     evaluated.
+        # @!attribute [rw] rule_names
+        #   @return [::Array<::String>]
+        #     The names of the rules used for this evaluation.
+        # @!attribute [r] resource_status
+        #   @return [::Google::Cloud::WorkloadManager::V1::ResourceStatus]
+        #     Output only. [Output only] The current lifecycle state of the evaluation
+        #     resource.
+        # @!attribute [r] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. [Output only] Create time stamp.
+        # @!attribute [r] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. [Output only] Update time stamp.
+        # @!attribute [rw] labels
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     Labels as key value pairs.
+        # @!attribute [rw] schedule
+        #   @return [::String]
+        #     Crontab format schedule for scheduled evaluation, currently only supports
+        #     the following fixed schedules:
+        #     * `0 */1 * * *` # Hourly
+        #     * `0 */6 * * *` # Every 6 hours
+        #     * `0 */12 * * *` # Every 12 hours
+        #     * `0 0 */1 * *` # Daily
+        #     * `0 0 */7 * *` # Weekly
+        #     * `0 0 */14 * *` # Every 14 days
+        #     * `0 0 1 */1 *` # Monthly
+        # @!attribute [rw] custom_rules_bucket
+        #   @return [::String]
+        #     The Cloud Storage bucket name for custom rules.
+        # @!attribute [rw] evaluation_type
+        #   @return [::Google::Cloud::WorkloadManager::V1::Evaluation::EvaluationType]
+        #     Evaluation type.
+        # @!attribute [rw] big_query_destination
+        #   @return [::Google::Cloud::WorkloadManager::V1::BigQueryDestination]
+        #     Optional. The BigQuery destination for detailed evaluation results.
+        #     If this field is specified, the results of each evaluation execution are
+        #     exported to BigQuery.
+        # @!attribute [rw] kms_key
+        #   @return [::String]
+        #     Optional. Immutable. Customer-managed encryption key name, in the format
+        #     projects/*/locations/*/keyRings/*/cryptoKeys/*.
+        #     The key will be used for CMEK encryption of the evaluation resource.
+        class Evaluation
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class LabelsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Possible types of workload evaluations like SAP, SQL Server, etc.
+          module EvaluationType
+            # Not specified.
+            EVALUATION_TYPE_UNSPECIFIED = 0
+
+            # SAP best practices.
+            SAP = 1
+
+            # SQL best practices.
+            SQL_SERVER = 2
+
+            # Customized best practices.
+            OTHER = 3
+          end
+        end
+
+        # Resource filter for an evaluation defining the scope of resources to be
+        # evaluated.
+        # @!attribute [rw] scopes
+        #   @return [::Array<::String>]
+        #     The scopes of evaluation resource.
+        #     Format:
+        #     * `projects/{project_id}`
+        #     * `folders/{folder_id}`
+        #     * `organizations/{organization_id}`
+        # @!attribute [rw] resource_id_patterns
+        #   @return [::Array<::String>]
+        #     The pattern to filter resources by their id
+        #     For example, a pattern of ".*prod-cluster.*" will match all resources that
+        #     contain "prod-cluster" in their ID.
+        # @!attribute [rw] inclusion_labels
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     Labels to filter resources by. Each key-value pair in the map must exist
+        #     on the resource for it to be included (e.g. VM instance labels).
+        #     For example, specifying `{ "env": "prod", "database": "nosql" }` will only
+        #     include resources that have labels `env=prod` and `database=nosql`.
+        # @!attribute [rw] gce_instance_filter
+        #   @return [::Google::Cloud::WorkloadManager::V1::GceInstanceFilter]
+        #     Filter compute engine resources.
+        class ResourceFilter
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class InclusionLabelsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # A filter for matching Compute Engine instances.
+        # @!attribute [rw] service_accounts
+        #   @return [::Array<::String>]
+        #     If non-empty, only Compute Engine instances associated with at least one of
+        #     the provided service accounts will be included in the evaluation.
+        class GceInstanceFilter
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The lifecycle status of an Evaluation resource.
+        # @!attribute [rw] state
+        #   @return [::Google::Cloud::WorkloadManager::V1::ResourceStatus::State]
+        #     State of the Evaluation resource.
+        class ResourceStatus
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Possible states of an evaluation, such as CREATING, ACTIVE, and DELETING.
+          module State
+            # The state has not been populated in this message.
+            STATE_UNSPECIFIED = 0
+
+            # Resource has an active Create operation.
+            CREATING = 1
+
+            # Resource has no outstanding operations on it or has active Update
+            # operations.
+            ACTIVE = 2
+
+            # Resource has an active Delete operation.
+            DELETING = 3
+          end
+        end
+
+        # BigQuery destination for evaluation results.
+        # @!attribute [rw] destination_dataset
+        #   @return [::String]
+        #     Optional. Destination dataset to save evaluation results.
+        # @!attribute [rw] create_new_results_table
+        #   @return [::Boolean]
+        #     Optional. Determines if a new results table will be created when an
+        #     Execution is created.
+        class BigQueryDestination
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the ListEvaluations RPC.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. Parent value for ListEvaluationsRequest.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Requested page size. Server may return fewer items than requested.
+        #     If unspecified, server will pick an appropriate default.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A token identifying a page of results the server should return.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     Filter to be applied when listing the evaluation results.
+        # @!attribute [rw] order_by
+        #   @return [::String]
+        #     Hint for how to order the results.
+        class ListEvaluationsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for the ListEvaluations RPC.
+        # @!attribute [rw] evaluations
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::Evaluation>]
+        #     The list of evaluations.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     A token identifying a page of results the server should return.
+        # @!attribute [rw] unreachable
+        #   @return [::Array<::String>]
+        #     Locations that could not be reached.
+        class ListEvaluationsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the GetEvaluation RPC.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the resource.
+        class GetEvaluationRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the CreateEvaluation RPC.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The resource prefix of the evaluation location using the form:
+        #     `projects/{project_id}/locations/{location_id}`.
+        # @!attribute [rw] evaluation_id
+        #   @return [::String]
+        #     Required. Id of the requesting object.
+        # @!attribute [rw] evaluation
+        #   @return [::Google::Cloud::WorkloadManager::V1::Evaluation]
+        #     Required. The resource being created.
+        # @!attribute [rw] request_id
+        #   @return [::String]
+        #     Optional. An optional request ID to identify requests. Specify a unique
+        #     request ID so that if you must retry your request, the server will know to
+        #     ignore the request if it has already been completed. The server will
+        #     guarantee that for at least 60 minutes since the first request.
+        #
+        #     For example, consider a situation where you make an initial request and
+        #     the request times out. If you make the request again with the same request
+        #     ID, the server can check if original operation with the same request ID
+        #     was received, and if so, will ignore the second request. This prevents
+        #     clients from accidentally creating duplicate commitments.
+        #
+        #     The request ID must be a valid UUID with the exception that zero UUID is
+        #     not supported (00000000-0000-0000-0000-000000000000).
+        class CreateEvaluationRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the UpdateEvaluation RPC.
+        # @!attribute [rw] update_mask
+        #   @return [::Google::Protobuf::FieldMask]
+        #     Required. Field mask is used to specify the fields to be overwritten in the
+        #     Evaluation resource by the update.
+        #     The fields specified in the update_mask are relative to the resource, not
+        #     the full request. A field will be overwritten if it is in the mask.
+        # @!attribute [rw] evaluation
+        #   @return [::Google::Cloud::WorkloadManager::V1::Evaluation]
+        #     Required. The resource being updated.
+        # @!attribute [rw] request_id
+        #   @return [::String]
+        #     Optional. An optional request ID to identify requests. Specify a unique
+        #     request ID so that if you must retry your request, the server will know to
+        #     ignore the request if it has already been completed. The server will
+        #     guarantee that for at least 60 minutes since the first request.
+        #
+        #     For example, consider a situation where you make an initial request and
+        #     the request times out. If you make the request again with the same request
+        #     ID, the server can check if original operation with the same request ID
+        #     was received, and if so, will ignore the second request. This prevents
+        #     clients from accidentally creating duplicate commitments.
+        #
+        #     The request ID must be a valid UUID with the exception that zero UUID is
+        #     not supported (00000000-0000-0000-0000-000000000000).
+        class UpdateEvaluationRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the DeleteEvaluation RPC.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the resource.
+        # @!attribute [rw] request_id
+        #   @return [::String]
+        #     Optional. An optional request ID to identify requests. Specify a unique
+        #     request ID so that if you must retry your request, the server will know to
+        #     ignore the request if it has already been completed. The server will
+        #     guarantee that for at least 60 minutes after the first request.
+        #
+        #     For example, consider a situation where you make an initial request and
+        #     the request times out. If you make the request again with the same request
+        #     ID, the server can check if original operation with the same request ID
+        #     was received, and if so, will ignore the second request. This prevents
+        #     clients from accidentally creating duplicate commitments.
+        #
+        #     The request ID must be a valid UUID with the exception that zero UUID is
+        #     not supported (00000000-0000-0000-0000-000000000000).
+        # @!attribute [rw] force
+        #   @return [::Boolean]
+        #     Optional. Followed the best practice from
+        #     https://aip.dev/135#cascading-delete.
+        class DeleteEvaluationRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Execution that represents a single run of an Evaluation.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The name of execution resource. The format is
+        #     projects/\\{project}/locations/\\{location}/evaluations/\\{evaluation}/executions/\\{execution}.
+        # @!attribute [r] start_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. [Output only] Start time stamp.
+        # @!attribute [r] end_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. [Output only] End time stamp.
+        # @!attribute [r] inventory_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. [Output only] Inventory time stamp.
+        # @!attribute [r] state
+        #   @return [::Google::Cloud::WorkloadManager::V1::Execution::State]
+        #     Output only. [Output only] State.
+        # @!attribute [r] evaluation_id
+        #   @return [::String]
+        #     Output only. [Output only] Evaluation ID.
+        # @!attribute [rw] labels
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     Labels as key value pairs.
+        # @!attribute [rw] run_type
+        #   @return [::Google::Cloud::WorkloadManager::V1::Execution::Type]
+        #     Type which represents whether the execution executed directly by user or
+        #     scheduled according to the `Evaluation.schedule` field.
+        # @!attribute [r] rule_results
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::RuleExecutionResult>]
+        #     Output only. Execution result summary per rule.
+        # @!attribute [rw] external_data_sources
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::Execution::ExternalDataSources>]
+        #     Optional. External data sources.
+        # @!attribute [r] notices
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::Execution::Notice>]
+        #     Output only. Additional information generated by the execution.
+        # @!attribute [rw] engine
+        #   @return [::Google::Cloud::WorkloadManager::V1::Execution::Engine]
+        #     Optional. Engine.
+        # @!attribute [r] result_summary
+        #   @return [::Google::Cloud::WorkloadManager::V1::Execution::Summary]
+        #     Output only. [Output only] Result summary for the execution.
+        class Execution
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # External data sources for an execution.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Optional. Name of external data source. The name will be used inside the
+          #     rego/sql to refer the external data.
+          # @!attribute [rw] uri
+          #   @return [::String]
+          #     Required. URI of external data source. example of bq table
+          #     \\{project_ID}.\\{dataset_ID}.\\{table_ID}.
+          # @!attribute [rw] type
+          #   @return [::Google::Cloud::WorkloadManager::V1::Execution::ExternalDataSources::Type]
+          #     Required. Type of external data source.
+          # @!attribute [rw] asset_type
+          #   @return [::String]
+          #     Required. The asset type of the external data source.
+          #     This can be a supported Cloud Asset Inventory asset type
+          #     (see https://cloud.google.com/asset-inventory/docs/supported-asset-types)
+          #     to override the default asset type, or it can be a custom type defined by
+          #     the user.
+          class ExternalDataSources
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Possible types of external data sources like BigQuery table, etc.
+            module Type
+              # Unknown type.
+              TYPE_UNSPECIFIED = 0
+
+              # BigQuery table.
+              BIG_QUERY_TABLE = 1
+            end
+          end
+
+          # Additional information generated by an execution.
+          # @!attribute [r] message
+          #   @return [::String]
+          #     Output only. Message of the notice.
+          class Notice
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Execution summary.
+          # @!attribute [r] failures
+          #   @return [::Integer]
+          #     Output only. Number of failures.
+          # @!attribute [r] new_failures
+          #   @return [::Integer]
+          #     Output only. Number of new failures compared to the previous execution.
+          # @!attribute [r] new_fixes
+          #   @return [::Integer]
+          #     Output only. Number of new fixes compared to the previous execution.
+          class Summary
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class LabelsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # The possible states of an execution like RUNNING, SUCCEEDED, FAILED, etc.
+          module State
+            # State of execution is unspecified.
+            STATE_UNSPECIFIED = 0
+
+            # The execution is running in backend service.
+            RUNNING = 1
+
+            # The execution run succeeded.
+            SUCCEEDED = 2
+
+            # The execution run failed.
+            FAILED = 3
+          end
+
+          # The type of execution, could be on demand execute or scheduled execute.
+          module Type
+            # Type of execution is unspecified.
+            TYPE_UNSPECIFIED = 0
+
+            # Type of execution is one time.
+            ONE_TIME = 1
+
+            # Type of execution is scheduled.
+            SCHEDULED = 2
+          end
+
+          # The engine used for the execution.
+          module Engine
+            # The original CG.
+            ENGINE_UNSPECIFIED = 0
+
+            # SlimCG / Scanner.
+            ENGINE_SCANNER = 1
+
+            # Evaluation Engine V2.
+            V2 = 2
+          end
+        end
+
+        # Execution result summary per rule.
+        # @!attribute [rw] rule
+        #   @return [::String]
+        #     Rule name as plain text like `sap-hana-configured`.
+        # @!attribute [r] state
+        #   @return [::Google::Cloud::WorkloadManager::V1::RuleExecutionResult::State]
+        #     Output only. The execution status.
+        # @!attribute [rw] message
+        #   @return [::String]
+        #     Execution message, if any.
+        # @!attribute [rw] result_count
+        #   @return [::Integer]
+        #     Number of violations.
+        # @!attribute [rw] scanned_resource_count
+        #   @return [::Integer]
+        #     Number of total scanned resources.
+        class RuleExecutionResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Possible states of a rule execution like SUCCESS, FAILURE, etc.
+          module State
+            # Unknown state
+            STATE_UNSPECIFIED = 0
+
+            # Execution completed successfully
+            STATE_SUCCESS = 1
+
+            # Execution completed with failures
+            STATE_FAILURE = 2
+
+            # Execution was not executed
+            STATE_SKIPPED = 3
+          end
+        end
+
+        # Request message for the ListExecutions RPC.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The resource prefix of the Execution using the form:
+        #     `projects/{project}/locations/{location}/evaluations/{evaluation}`.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Requested page size. Server may return fewer items than requested.
+        #     If unspecified, server will pick an appropriate default.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A token identifying a page of results the server should return.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     Filtering results.
+        # @!attribute [rw] order_by
+        #   @return [::String]
+        #     Field to sort by. See https://google.aip.dev/132#ordering for more details.
+        class ListExecutionsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for the ListExecutions RPC.
+        # @!attribute [rw] executions
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::Execution>]
+        #     The list of Execution.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     A token identifying a page of results the server should return.
+        # @!attribute [rw] unreachable
+        #   @return [::Array<::String>]
+        #     Locations that could not be reached.
+        class ListExecutionsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the GetExecution RPC.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the resource.
+        class GetExecutionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the RunEvaluation RPC.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The resource name of the Evaluation using the form:
+        #     `projects/{project}/locations/{location}/evaluations/{evaluation}`.
+        # @!attribute [rw] execution_id
+        #   @return [::String]
+        #     Required. ID of the execution which will be created.
+        # @!attribute [rw] execution
+        #   @return [::Google::Cloud::WorkloadManager::V1::Execution]
+        #     Required. The resource being created.
+        # @!attribute [rw] request_id
+        #   @return [::String]
+        #     Optional. An optional request ID to identify requests. Specify a unique
+        #     request ID so that if you must retry your request, the server will know to
+        #     ignore the request if it has already been completed. The server will
+        #     guarantee that for at least 60 minutes since the first request.
+        #
+        #     For example, consider a situation where you make an initial request and
+        #     the request times out. If you make the request again with the same request
+        #     ID, the server can check if original operation with the same request ID
+        #     was received, and if so, will ignore the second request. This prevents
+        #     clients from accidentally creating duplicate commitments.
+        #
+        #     The request ID must be a valid UUID with the exception that zero UUID is
+        #     not supported (00000000-0000-0000-0000-000000000000).
+        class RunEvaluationRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the DeleteExecution RPC.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the resource.
+        # @!attribute [rw] request_id
+        #   @return [::String]
+        #     Optional. An optional request ID to identify requests. Specify a unique
+        #     request ID so that if you must retry your request, the server will know to
+        #     ignore the request if it has already been completed. The server will
+        #     guarantee that for at least 60 minutes after the first request.
+        #
+        #     For example, consider a situation where you make an initial request and
+        #     the request times out. If you make the request again with the same request
+        #     ID, the server can check if original operation with the same request ID
+        #     was received, and if so, will ignore the second request. This prevents
+        #     clients from accidentally creating duplicate commitments.
+        #
+        #     The request ID must be a valid UUID with the exception that zero UUID is
+        #     not supported (00000000-0000-0000-0000-000000000000).
+        class DeleteExecutionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the ListExecutionResults RPC.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The execution results.
+        #     Format: \\{parent}/evaluations/*/executions/*/results.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Requested page size. Server may return fewer items than requested.
+        #     If unspecified, server will pick an appropriate default.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A token identifying a page of results the server should return.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     Filtering results.
+        class ListExecutionResultsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for the ListExecutionResults RPC.
+        # @!attribute [rw] execution_results
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::ExecutionResult>]
+        #     The versions from the specified publisher.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     A token, which can be sent as `page_token` to retrieve the next page.
+        #     If this field is omitted, there are no subsequent pages.
+        class ListExecutionResultsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The result of an execution.
+        # @!attribute [rw] violation_message
+        #   @return [::String]
+        #     The violation message of an execution.
+        # @!attribute [rw] severity
+        #   @return [::String]
+        #     The severity of violation.
+        # @!attribute [rw] rule
+        #   @return [::String]
+        #     The rule that is violated in an evaluation.
+        # @!attribute [rw] documentation_url
+        #   @return [::String]
+        #     The URL for the documentation of the rule.
+        # @!attribute [rw] resource
+        #   @return [::Google::Cloud::WorkloadManager::V1::Resource]
+        #     The resource that violates the rule.
+        # @!attribute [rw] violation_details
+        #   @return [::Google::Cloud::WorkloadManager::V1::ViolationDetails]
+        #     The details of violation in an evaluation result.
+        # @!attribute [rw] commands
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::Command>]
+        #     The commands to remediate the violation.
+        # @!attribute [rw] type
+        #   @return [::Google::Cloud::WorkloadManager::V1::ExecutionResult::Type]
+        #     Execution result type of the scanned resource.
+        class ExecutionResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Enum of execution result type.
+          module Type
+            # Unknown state.
+            TYPE_UNSPECIFIED = 0
+
+            # Resource successfully passed the rule.
+            TYPE_PASSED = 1
+
+            # Resource violated the rule.
+            TYPE_VIOLATED = 2
+          end
+        end
+
+        # Command specifies the type of command to execute.
+        # @!attribute [rw] agent_command
+        #   @return [::Google::Cloud::WorkloadManager::V1::AgentCommand]
+        #     AgentCommand specifies a one-time executable program for the agent to
+        #     run.
+        #
+        #     Note: The following fields are mutually exclusive: `agent_command`, `shell_command`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        # @!attribute [rw] shell_command
+        #   @return [::Google::Cloud::WorkloadManager::V1::ShellCommand]
+        #     ShellCommand is invoked via the agent's command line executor.
+        #
+        #     Note: The following fields are mutually exclusive: `shell_command`, `agent_command`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+        class Command
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # An AgentCommand specifies a one-time executable program for the agent to run.
+        # @!attribute [rw] command
+        #   @return [::String]
+        #     The name of the agent one-time executable that will be invoked.
+        # @!attribute [rw] parameters
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     A map of key/value pairs that can be used to specify
+        #     additional one-time executable settings.
+        class AgentCommand
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class ParametersEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # A ShellCommand is invoked via the agent's command line executor.
+        # @!attribute [rw] command
+        #   @return [::String]
+        #     The name of the command to be executed.
+        # @!attribute [rw] args
+        #   @return [::String]
+        #     Arguments to be passed to the command.
+        # @!attribute [rw] timeout_seconds
+        #   @return [::Integer]
+        #     Optional. If not specified, the default timeout is 60 seconds.
+        class ShellCommand
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The rule output of the violation.
+        # @!attribute [r] details
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     Output only. Violation details generated by rule.
+        # @!attribute [r] message
+        #   @return [::String]
+        #     Output only. The message generated by rule.
+        class RuleOutput
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class DetailsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # The violation in an evaluation result.
+        # @!attribute [rw] asset
+        #   @return [::String]
+        #     The name of the asset.
+        # @!attribute [rw] service_account
+        #   @return [::String]
+        #     The service account associated with the resource.
+        # @!attribute [rw] observed
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     Details of the violation.
+        # @!attribute [r] rule_output
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::RuleOutput>]
+        #     Output only. The rule output of the violation.
+        class ViolationDetails
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class ObservedEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # Resource in execution result.
+        # @!attribute [rw] type
+        #   @return [::String]
+        #     The type of resource.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The name of the resource.
+        # @!attribute [rw] service_account
+        #   @return [::String]
+        #     The service account associated with the resource.
+        class Resource
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Represents the metadata of the long-running operation.
+        # @!attribute [r] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time the operation was created.
+        # @!attribute [r] end_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time the operation finished running.
+        # @!attribute [r] target
+        #   @return [::String]
+        #     Output only. Server-defined resource path for the target of the operation.
+        # @!attribute [r] verb
+        #   @return [::String]
+        #     Output only. Name of the verb executed by the operation.
+        # @!attribute [r] status_message
+        #   @return [::String]
+        #     Output only. Human-readable status of the operation, if any.
+        # @!attribute [r] requested_cancellation
+        #   @return [::Boolean]
+        #     Output only. Identifies whether the user has requested cancellation
+        #     of the operation. Operations that have been cancelled successfully
+        #     have [Operation.error][] value with a
+        #     {::Google::Rpc::Status#code google.rpc.Status.code} of 1, corresponding to
+        #     `Code.CANCELLED`.
+        # @!attribute [r] api_version
+        #   @return [::String]
+        #     Output only. API version used to start the operation.
+        class OperationMetadata
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A rule to be evaluated.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Rule name.
+        # @!attribute [r] revision_id
+        #   @return [::String]
+        #     Output only. The version of the rule.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     The name display in UI.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Describe rule in plain language.
+        # @!attribute [rw] severity
+        #   @return [::String]
+        #     The severity of the rule.
+        # @!attribute [rw] primary_category
+        #   @return [::String]
+        #     The primary category.
+        # @!attribute [rw] secondary_category
+        #   @return [::String]
+        #     The secondary category.
+        # @!attribute [rw] error_message
+        #   @return [::String]
+        #     The message template for rule.
+        # @!attribute [rw] uri
+        #   @return [::String]
+        #     The document url for the rule.
+        # @!attribute [rw] remediation
+        #   @return [::String]
+        #     The remediation for the rule.
+        # @!attribute [rw] tags
+        #   @return [::Array<::String>]
+        #     List of user-defined tags.
+        # @!attribute [rw] rule_type
+        #   @return [::Google::Cloud::WorkloadManager::V1::Rule::RuleType]
+        #     The type of the rule.
+        # @!attribute [rw] asset_type
+        #   @return [::String]
+        #     The CAI asset type of the rule is evaluating, for joined asset types, it
+        #     will be the corresponding primary asset types.
+        class Rule
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The type of the rule.
+          module RuleType
+            # Not specified.
+            RULE_TYPE_UNSPECIFIED = 0
+
+            # Baseline rules.
+            BASELINE = 1
+
+            # Custom rules.
+            CUSTOM = 2
+          end
+        end
+
+        # Request message for the ListRules RPC.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The [project] on which to execute the request. The format is:
+        #         projects/\\{project_id}/locations/\\{location}
+        #     Currently, the pre-defined rules are global available to all projects and
+        #     all regions.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Requested page size. Server may return fewer items than requested.
+        #     If unspecified, server will pick an appropriate default.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A token identifying a page of results the server should return.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     Filter based on primary_category, secondary_category.
+        # @!attribute [rw] custom_rules_bucket
+        #   @return [::String]
+        #     The Cloud Storage bucket name for custom rules.
+        # @!attribute [rw] evaluation_type
+        #   @return [::Google::Cloud::WorkloadManager::V1::Evaluation::EvaluationType]
+        #     Optional. The evaluation type of the rules will be applied to.
+        #     The Cloud Storage bucket name for custom rules.
+        class ListRulesRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for the ListRules RPC.
+        # @!attribute [rw] rules
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::Rule>]
+        #     All rules in response.
+        class ListRulesResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for the ListScannedResources RPC.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. Parent for ListScannedResourcesRequest.
+        # @!attribute [rw] rule
+        #   @return [::String]
+        #     Rule name.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Requested page size. Server may return fewer items than requested.
+        #     If unspecified, server will pick an appropriate default.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A token identifying a page of results the server should return.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     Filtering results.
+        # @!attribute [rw] order_by
+        #   @return [::String]
+        #     Field to sort by. See https://google.aip.dev/132#ordering for more details.
+        class ListScannedResourcesRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for the ListScannedResources RPC.
+        # @!attribute [rw] scanned_resources
+        #   @return [::Array<::Google::Cloud::WorkloadManager::V1::ScannedResource>]
+        #     All scanned resources in response.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     A token, which can be sent as `page_token` to retrieve the next page.
+        #     If this field is omitted, there are no subsequent pages.
+        class ListScannedResourcesResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A scanned resource.
+        # @!attribute [rw] resource
+        #   @return [::String]
+        #     Resource name.
+        # @!attribute [rw] type
+        #   @return [::String]
+        #     Resource type.
+        class ScannedResource
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end