Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
google-native.assuredworkloads/v1beta1.getWorkload
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
Gets Assured Workload associated with a CRM Node
Using getWorkload
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getWorkload(args: GetWorkloadArgs, opts?: InvokeOptions): Promise<GetWorkloadResult>
function getWorkloadOutput(args: GetWorkloadOutputArgs, opts?: InvokeOptions): Output<GetWorkloadResult>def get_workload(location: Optional[str] = None,
                 organization_id: Optional[str] = None,
                 workload_id: Optional[str] = None,
                 opts: Optional[InvokeOptions] = None) -> GetWorkloadResult
def get_workload_output(location: Optional[pulumi.Input[str]] = None,
                 organization_id: Optional[pulumi.Input[str]] = None,
                 workload_id: Optional[pulumi.Input[str]] = None,
                 opts: Optional[InvokeOptions] = None) -> Output[GetWorkloadResult]func LookupWorkload(ctx *Context, args *LookupWorkloadArgs, opts ...InvokeOption) (*LookupWorkloadResult, error)
func LookupWorkloadOutput(ctx *Context, args *LookupWorkloadOutputArgs, opts ...InvokeOption) LookupWorkloadResultOutput> Note: This function is named LookupWorkload in the Go SDK.
public static class GetWorkload 
{
    public static Task<GetWorkloadResult> InvokeAsync(GetWorkloadArgs args, InvokeOptions? opts = null)
    public static Output<GetWorkloadResult> Invoke(GetWorkloadInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetWorkloadResult> getWorkload(GetWorkloadArgs args, InvokeOptions options)
public static Output<GetWorkloadResult> getWorkload(GetWorkloadArgs args, InvokeOptions options)
fn::invoke:
  function: google-native:assuredworkloads/v1beta1:getWorkload
  arguments:
    # arguments dictionaryThe following arguments are supported:
- Location string
- OrganizationId string
- WorkloadId string
- Location string
- OrganizationId string
- WorkloadId string
- location String
- organizationId String
- workloadId String
- location string
- organizationId string
- workloadId string
- location str
- organization_id str
- workload_id str
- location String
- organizationId String
- workloadId String
getWorkload Result
The following output properties are available:
- BillingAccount string
- Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example,billingAccounts/012345-567890-ABCDEF.
- CjisSettings Pulumi.Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload CJISSettings Response 
- Input only. Immutable. Settings specific to resources needed for CJIS.
- ComplianceRegime string
- Immutable. Compliance Regime associated with this workload.
- ComplianceStatus Pulumi.Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload Compliance Status Response 
- Count of active Violations in the Workload.
- CompliantBut List<string>Disallowed Services 
- Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- CreateTime string
- Immutable. The Workload creation timestamp.
- DisplayName string
- The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- EkmProvisioning Pulumi.Response Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload Ekm Provisioning Response Response 
- Represents the Ekm Provisioning State of the given workload.
- EnableSovereign boolControls 
- Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Etag string
- Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
- FedrampHigh Pulumi.Settings Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload Fedramp High Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP High.
- FedrampModerate Pulumi.Settings Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload Fedramp Moderate Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP Moderate.
- Il4Settings
Pulumi.Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload IL4Settings Response 
- Input only. Immutable. Settings specific to resources needed for IL4.
- KajEnrollment stringState 
- Represents the KAJ enrollment state of the given workload.
- KmsSettings Pulumi.Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels Dictionary<string, string>
- Optional. Labels applied to the workload.
- Name string
- Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
- Partner string
- Optional. Partner regime associated with this workload.
- PartnerPermissions Pulumi.Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload Partner Permissions Response 
- Optional. Permissions granted to the AW Partner SA account for the customer workload
- ProvisionedResources stringParent 
- Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- ResourceMonitoring boolEnabled 
- Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
- ResourceSettings List<Pulumi.Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload Resource Settings Response> 
- Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Resources
List<Pulumi.Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload Resource Info Response> 
- The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- SaaEnrollment Pulumi.Response Google Native. Assured Workloads. V1Beta1. Outputs. Google Cloud Assuredworkloads V1beta1Workload Saa Enrollment Response Response 
- Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
- ViolationNotifications boolEnabled 
- Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- BillingAccount string
- Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example,billingAccounts/012345-567890-ABCDEF.
- CjisSettings GoogleCloud Assuredworkloads V1beta1Workload CJISSettings Response 
- Input only. Immutable. Settings specific to resources needed for CJIS.
- ComplianceRegime string
- Immutable. Compliance Regime associated with this workload.
- ComplianceStatus GoogleCloud Assuredworkloads V1beta1Workload Compliance Status Response 
- Count of active Violations in the Workload.
- CompliantBut []stringDisallowed Services 
- Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- CreateTime string
- Immutable. The Workload creation timestamp.
- DisplayName string
- The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- EkmProvisioning GoogleResponse Cloud Assuredworkloads V1beta1Workload Ekm Provisioning Response Response 
- Represents the Ekm Provisioning State of the given workload.
- EnableSovereign boolControls 
- Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Etag string
- Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
- FedrampHigh GoogleSettings Cloud Assuredworkloads V1beta1Workload Fedramp High Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP High.
- FedrampModerate GoogleSettings Cloud Assuredworkloads V1beta1Workload Fedramp Moderate Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP Moderate.
- Il4Settings
GoogleCloud Assuredworkloads V1beta1Workload IL4Settings Response 
- Input only. Immutable. Settings specific to resources needed for IL4.
- KajEnrollment stringState 
- Represents the KAJ enrollment state of the given workload.
- KmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels map[string]string
- Optional. Labels applied to the workload.
- Name string
- Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
- Partner string
- Optional. Partner regime associated with this workload.
- PartnerPermissions GoogleCloud Assuredworkloads V1beta1Workload Partner Permissions Response 
- Optional. Permissions granted to the AW Partner SA account for the customer workload
- ProvisionedResources stringParent 
- Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- ResourceMonitoring boolEnabled 
- Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
- ResourceSettings []GoogleCloud Assuredworkloads V1beta1Workload Resource Settings Response 
- Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Resources
[]GoogleCloud Assuredworkloads V1beta1Workload Resource Info Response 
- The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- SaaEnrollment GoogleResponse Cloud Assuredworkloads V1beta1Workload Saa Enrollment Response Response 
- Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
- ViolationNotifications boolEnabled 
- Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- billingAccount String
- Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example,billingAccounts/012345-567890-ABCDEF.
- cjisSettings GoogleCloud Assuredworkloads V1beta1Workload CJISSettings Response 
- Input only. Immutable. Settings specific to resources needed for CJIS.
- complianceRegime String
- Immutable. Compliance Regime associated with this workload.
- complianceStatus GoogleCloud Assuredworkloads V1beta1Workload Compliance Status Response 
- Count of active Violations in the Workload.
- compliantBut List<String>Disallowed Services 
- Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- createTime String
- Immutable. The Workload creation timestamp.
- displayName String
- The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- ekmProvisioning GoogleResponse Cloud Assuredworkloads V1beta1Workload Ekm Provisioning Response Response 
- Represents the Ekm Provisioning State of the given workload.
- enableSovereign BooleanControls 
- Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- etag String
- Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
- fedrampHigh GoogleSettings Cloud Assuredworkloads V1beta1Workload Fedramp High Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP High.
- fedrampModerate GoogleSettings Cloud Assuredworkloads V1beta1Workload Fedramp Moderate Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP Moderate.
- il4Settings
GoogleCloud Assuredworkloads V1beta1Workload IL4Settings Response 
- Input only. Immutable. Settings specific to resources needed for IL4.
- kajEnrollment StringState 
- Represents the KAJ enrollment state of the given workload.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String,String>
- Optional. Labels applied to the workload.
- name String
- Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
- partner String
- Optional. Partner regime associated with this workload.
- partnerPermissions GoogleCloud Assuredworkloads V1beta1Workload Partner Permissions Response 
- Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisionedResources StringParent 
- Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resourceMonitoring BooleanEnabled 
- Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
- resourceSettings List<GoogleCloud Assuredworkloads V1beta1Workload Resource Settings Response> 
- Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
List<GoogleCloud Assuredworkloads V1beta1Workload Resource Info Response> 
- The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saaEnrollment GoogleResponse Cloud Assuredworkloads V1beta1Workload Saa Enrollment Response Response 
- Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
- violationNotifications BooleanEnabled 
- Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- billingAccount string
- Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example,billingAccounts/012345-567890-ABCDEF.
- cjisSettings GoogleCloud Assuredworkloads V1beta1Workload CJISSettings Response 
- Input only. Immutable. Settings specific to resources needed for CJIS.
- complianceRegime string
- Immutable. Compliance Regime associated with this workload.
- complianceStatus GoogleCloud Assuredworkloads V1beta1Workload Compliance Status Response 
- Count of active Violations in the Workload.
- compliantBut string[]Disallowed Services 
- Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- createTime string
- Immutable. The Workload creation timestamp.
- displayName string
- The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- ekmProvisioning GoogleResponse Cloud Assuredworkloads V1beta1Workload Ekm Provisioning Response Response 
- Represents the Ekm Provisioning State of the given workload.
- enableSovereign booleanControls 
- Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- etag string
- Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
- fedrampHigh GoogleSettings Cloud Assuredworkloads V1beta1Workload Fedramp High Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP High.
- fedrampModerate GoogleSettings Cloud Assuredworkloads V1beta1Workload Fedramp Moderate Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP Moderate.
- il4Settings
GoogleCloud Assuredworkloads V1beta1Workload IL4Settings Response 
- Input only. Immutable. Settings specific to resources needed for IL4.
- kajEnrollment stringState 
- Represents the KAJ enrollment state of the given workload.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels {[key: string]: string}
- Optional. Labels applied to the workload.
- name string
- Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
- partner string
- Optional. Partner regime associated with this workload.
- partnerPermissions GoogleCloud Assuredworkloads V1beta1Workload Partner Permissions Response 
- Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisionedResources stringParent 
- Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resourceMonitoring booleanEnabled 
- Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
- resourceSettings GoogleCloud Assuredworkloads V1beta1Workload Resource Settings Response[] 
- Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
GoogleCloud Assuredworkloads V1beta1Workload Resource Info Response[] 
- The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saaEnrollment GoogleResponse Cloud Assuredworkloads V1beta1Workload Saa Enrollment Response Response 
- Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
- violationNotifications booleanEnabled 
- Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- billing_account str
- Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example,billingAccounts/012345-567890-ABCDEF.
- cjis_settings GoogleCloud Assuredworkloads V1beta1Workload CJISSettings Response 
- Input only. Immutable. Settings specific to resources needed for CJIS.
- compliance_regime str
- Immutable. Compliance Regime associated with this workload.
- compliance_status GoogleCloud Assuredworkloads V1beta1Workload Compliance Status Response 
- Count of active Violations in the Workload.
- compliant_but_ Sequence[str]disallowed_ services 
- Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create_time str
- Immutable. The Workload creation timestamp.
- display_name str
- The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- ekm_provisioning_ Googleresponse Cloud Assuredworkloads V1beta1Workload Ekm Provisioning Response Response 
- Represents the Ekm Provisioning State of the given workload.
- enable_sovereign_ boolcontrols 
- Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- etag str
- Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
- fedramp_high_ Googlesettings Cloud Assuredworkloads V1beta1Workload Fedramp High Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP High.
- fedramp_moderate_ Googlesettings Cloud Assuredworkloads V1beta1Workload Fedramp Moderate Settings Response 
- Input only. Immutable. Settings specific to resources needed for FedRAMP Moderate.
- il4_settings GoogleCloud Assuredworkloads V1beta1Workload IL4Settings Response 
- Input only. Immutable. Settings specific to resources needed for IL4.
- kaj_enrollment_ strstate 
- Represents the KAJ enrollment state of the given workload.
- kms_settings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Mapping[str, str]
- Optional. Labels applied to the workload.
- name str
- Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
- partner str
- Optional. Partner regime associated with this workload.
- partner_permissions GoogleCloud Assuredworkloads V1beta1Workload Partner Permissions Response 
- Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned_resources_ strparent 
- Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource_monitoring_ boolenabled 
- Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
- resource_settings Sequence[GoogleCloud Assuredworkloads V1beta1Workload Resource Settings Response] 
- Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
Sequence[GoogleCloud Assuredworkloads V1beta1Workload Resource Info Response] 
- The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa_enrollment_ Googleresponse Cloud Assuredworkloads V1beta1Workload Saa Enrollment Response Response 
- Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
- violation_notifications_ boolenabled 
- Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- billingAccount String
- Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example,billingAccounts/012345-567890-ABCDEF.
- cjisSettings Property Map
- Input only. Immutable. Settings specific to resources needed for CJIS.
- complianceRegime String
- Immutable. Compliance Regime associated with this workload.
- complianceStatus Property Map
- Count of active Violations in the Workload.
- compliantBut List<String>Disallowed Services 
- Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- createTime String
- Immutable. The Workload creation timestamp.
- displayName String
- The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- ekmProvisioning Property MapResponse 
- Represents the Ekm Provisioning State of the given workload.
- enableSovereign BooleanControls 
- Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- etag String
- Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
- fedrampHigh Property MapSettings 
- Input only. Immutable. Settings specific to resources needed for FedRAMP High.
- fedrampModerate Property MapSettings 
- Input only. Immutable. Settings specific to resources needed for FedRAMP Moderate.
- il4Settings Property Map
- Input only. Immutable. Settings specific to resources needed for IL4.
- kajEnrollment StringState 
- Represents the KAJ enrollment state of the given workload.
- kmsSettings Property Map
- Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String>
- Optional. Labels applied to the workload.
- name String
- Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
- partner String
- Optional. Partner regime associated with this workload.
- partnerPermissions Property Map
- Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisionedResources StringParent 
- Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resourceMonitoring BooleanEnabled 
- Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
- resourceSettings List<Property Map>
- Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources List<Property Map>
- The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saaEnrollment Property MapResponse 
- Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
- violationNotifications BooleanEnabled 
- Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
Supporting Types
GoogleCloudAssuredworkloadsV1beta1WorkloadCJISSettingsResponse     
- KmsSettings Pulumi.Google Native. Assured Workloads. V1Beta1. Inputs. Google Cloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- KmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kms_settings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings Property Map
- Input only. Immutable. Settings used to create a CMEK crypto key.
GoogleCloudAssuredworkloadsV1beta1WorkloadComplianceStatusResponse      
- AcknowledgedResource intViolation Count 
- Number of current resource violations which are not acknowledged.
- AcknowledgedViolation intCount 
- Number of current orgPolicy violations which are acknowledged.
- ActiveResource intViolation Count 
- Number of current resource violations which are acknowledged.
- ActiveViolation intCount 
- Number of current orgPolicy violations which are not acknowledged.
- AcknowledgedResource intViolation Count 
- Number of current resource violations which are not acknowledged.
- AcknowledgedViolation intCount 
- Number of current orgPolicy violations which are acknowledged.
- ActiveResource intViolation Count 
- Number of current resource violations which are acknowledged.
- ActiveViolation intCount 
- Number of current orgPolicy violations which are not acknowledged.
- acknowledgedResource IntegerViolation Count 
- Number of current resource violations which are not acknowledged.
- acknowledgedViolation IntegerCount 
- Number of current orgPolicy violations which are acknowledged.
- activeResource IntegerViolation Count 
- Number of current resource violations which are acknowledged.
- activeViolation IntegerCount 
- Number of current orgPolicy violations which are not acknowledged.
- acknowledgedResource numberViolation Count 
- Number of current resource violations which are not acknowledged.
- acknowledgedViolation numberCount 
- Number of current orgPolicy violations which are acknowledged.
- activeResource numberViolation Count 
- Number of current resource violations which are acknowledged.
- activeViolation numberCount 
- Number of current orgPolicy violations which are not acknowledged.
- acknowledged_resource_ intviolation_ count 
- Number of current resource violations which are not acknowledged.
- acknowledged_violation_ intcount 
- Number of current orgPolicy violations which are acknowledged.
- active_resource_ intviolation_ count 
- Number of current resource violations which are acknowledged.
- active_violation_ intcount 
- Number of current orgPolicy violations which are not acknowledged.
- acknowledgedResource NumberViolation Count 
- Number of current resource violations which are not acknowledged.
- acknowledgedViolation NumberCount 
- Number of current orgPolicy violations which are acknowledged.
- activeResource NumberViolation Count 
- Number of current resource violations which are acknowledged.
- activeViolation NumberCount 
- Number of current orgPolicy violations which are not acknowledged.
GoogleCloudAssuredworkloadsV1beta1WorkloadEkmProvisioningResponseResponse       
- EkmProvisioning stringError Domain 
- Indicates Ekm provisioning error if any.
- EkmProvisioning stringError Mapping 
- Detailed error message if Ekm provisioning fails
- EkmProvisioning stringState 
- Indicates Ekm enrollment Provisioning of a given workload.
- EkmProvisioning stringError Domain 
- Indicates Ekm provisioning error if any.
- EkmProvisioning stringError Mapping 
- Detailed error message if Ekm provisioning fails
- EkmProvisioning stringState 
- Indicates Ekm enrollment Provisioning of a given workload.
- ekmProvisioning StringError Domain 
- Indicates Ekm provisioning error if any.
- ekmProvisioning StringError Mapping 
- Detailed error message if Ekm provisioning fails
- ekmProvisioning StringState 
- Indicates Ekm enrollment Provisioning of a given workload.
- ekmProvisioning stringError Domain 
- Indicates Ekm provisioning error if any.
- ekmProvisioning stringError Mapping 
- Detailed error message if Ekm provisioning fails
- ekmProvisioning stringState 
- Indicates Ekm enrollment Provisioning of a given workload.
- ekm_provisioning_ strerror_ domain 
- Indicates Ekm provisioning error if any.
- ekm_provisioning_ strerror_ mapping 
- Detailed error message if Ekm provisioning fails
- ekm_provisioning_ strstate 
- Indicates Ekm enrollment Provisioning of a given workload.
- ekmProvisioning StringError Domain 
- Indicates Ekm provisioning error if any.
- ekmProvisioning StringError Mapping 
- Detailed error message if Ekm provisioning fails
- ekmProvisioning StringState 
- Indicates Ekm enrollment Provisioning of a given workload.
GoogleCloudAssuredworkloadsV1beta1WorkloadFedrampHighSettingsResponse       
- KmsSettings Pulumi.Google Native. Assured Workloads. V1Beta1. Inputs. Google Cloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- KmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kms_settings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings Property Map
- Input only. Immutable. Settings used to create a CMEK crypto key.
GoogleCloudAssuredworkloadsV1beta1WorkloadFedrampModerateSettingsResponse       
- KmsSettings Pulumi.Google Native. Assured Workloads. V1Beta1. Inputs. Google Cloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- KmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kms_settings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings Property Map
- Input only. Immutable. Settings used to create a CMEK crypto key.
GoogleCloudAssuredworkloadsV1beta1WorkloadIL4SettingsResponse     
- KmsSettings Pulumi.Google Native. Assured Workloads. V1Beta1. Inputs. Google Cloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- KmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kms_settings GoogleCloud Assuredworkloads V1beta1Workload KMSSettings Response 
- Input only. Immutable. Settings used to create a CMEK crypto key.
- kmsSettings Property Map
- Input only. Immutable. Settings used to create a CMEK crypto key.
GoogleCloudAssuredworkloadsV1beta1WorkloadKMSSettingsResponse     
- NextRotation stringTime 
- Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- RotationPeriod string
- Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- NextRotation stringTime 
- Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- RotationPeriod string
- Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- nextRotation StringTime 
- Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotationPeriod String
- Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- nextRotation stringTime 
- Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotationPeriod string
- Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next_rotation_ strtime 
- Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation_period str
- Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- nextRotation StringTime 
- Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotationPeriod String
- Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
GoogleCloudAssuredworkloadsV1beta1WorkloadPartnerPermissionsResponse      
- AssuredWorkloads boolMonitoring 
- Optional. Allow partner to view violation alerts.
- DataLogs boolViewer 
- Allow the partner to view inspectability logs and monitoring violations.
- ServiceAccess boolApprover 
- Optional. Allow partner to view access approval logs.
- AssuredWorkloads boolMonitoring 
- Optional. Allow partner to view violation alerts.
- DataLogs boolViewer 
- Allow the partner to view inspectability logs and monitoring violations.
- ServiceAccess boolApprover 
- Optional. Allow partner to view access approval logs.
- assuredWorkloads BooleanMonitoring 
- Optional. Allow partner to view violation alerts.
- dataLogs BooleanViewer 
- Allow the partner to view inspectability logs and monitoring violations.
- serviceAccess BooleanApprover 
- Optional. Allow partner to view access approval logs.
- assuredWorkloads booleanMonitoring 
- Optional. Allow partner to view violation alerts.
- dataLogs booleanViewer 
- Allow the partner to view inspectability logs and monitoring violations.
- serviceAccess booleanApprover 
- Optional. Allow partner to view access approval logs.
- assured_workloads_ boolmonitoring 
- Optional. Allow partner to view violation alerts.
- data_logs_ boolviewer 
- Allow the partner to view inspectability logs and monitoring violations.
- service_access_ boolapprover 
- Optional. Allow partner to view access approval logs.
- assuredWorkloads BooleanMonitoring 
- Optional. Allow partner to view violation alerts.
- dataLogs BooleanViewer 
- Allow the partner to view inspectability logs and monitoring violations.
- serviceAccess BooleanApprover 
- Optional. Allow partner to view access approval logs.
GoogleCloudAssuredworkloadsV1beta1WorkloadResourceInfoResponse      
- ResourceId string
- Resource identifier. For a project this represents project_number.
- ResourceType string
- Indicates the type of resource.
- ResourceId string
- Resource identifier. For a project this represents project_number.
- ResourceType string
- Indicates the type of resource.
- resourceId String
- Resource identifier. For a project this represents project_number.
- resourceType String
- Indicates the type of resource.
- resourceId string
- Resource identifier. For a project this represents project_number.
- resourceType string
- Indicates the type of resource.
- resource_id str
- Resource identifier. For a project this represents project_number.
- resource_type str
- Indicates the type of resource.
- resourceId String
- Resource identifier. For a project this represents project_number.
- resourceType String
- Indicates the type of resource.
GoogleCloudAssuredworkloadsV1beta1WorkloadResourceSettingsResponse      
- DisplayName string
- User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- ResourceId string
- Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- ResourceType string
- Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)
- DisplayName string
- User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- ResourceId string
- Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- ResourceType string
- Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)
- displayName String
- User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resourceId String
- Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resourceType String
- Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)
- displayName string
- User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resourceId string
- Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resourceType string
- Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)
- display_name str
- User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource_id str
- Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource_type str
- Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)
- displayName String
- User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resourceId String
- Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resourceType String
- Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)
GoogleCloudAssuredworkloadsV1beta1WorkloadSaaEnrollmentResponseResponse       
- SetupErrors List<string>
- Indicates SAA enrollment setup error if any.
- SetupStatus string
- Indicates SAA enrollment status of a given workload.
- SetupErrors []string
- Indicates SAA enrollment setup error if any.
- SetupStatus string
- Indicates SAA enrollment status of a given workload.
- setupErrors List<String>
- Indicates SAA enrollment setup error if any.
- setupStatus String
- Indicates SAA enrollment status of a given workload.
- setupErrors string[]
- Indicates SAA enrollment setup error if any.
- setupStatus string
- Indicates SAA enrollment status of a given workload.
- setup_errors Sequence[str]
- Indicates SAA enrollment setup error if any.
- setup_status str
- Indicates SAA enrollment status of a given workload.
- setupErrors List<String>
- Indicates SAA enrollment setup error if any.
- setupStatus String
- Indicates SAA enrollment status of a given workload.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi