1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. assuredworkloads
  5. Workload
Google Cloud Classic v8.5.0 published on Tuesday, Oct 8, 2024 by Pulumi

gcp.assuredworkloads.Workload

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.5.0 published on Tuesday, Oct 8, 2024 by Pulumi

    The AssuredWorkloads Workload resource

    Example Usage

    Basic_workload

    A basic test of a assuredworkloads api

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const primary = new gcp.assuredworkloads.Workload("primary", {
        complianceRegime: "FEDRAMP_MODERATE",
        displayName: "{{display}}",
        location: "us-west1",
        organization: "123456789",
        billingAccount: "billingAccounts/000000-0000000-0000000-000000",
        kmsSettings: {
            nextRotationTime: "9999-10-02T15:01:23Z",
            rotationPeriod: "10368000s",
        },
        provisionedResourcesParent: "folders/519620126891",
        resourceSettings: [
            {
                displayName: "{{name}}",
                resourceType: "CONSUMER_FOLDER",
            },
            {
                resourceType: "ENCRYPTION_KEYS_PROJECT",
            },
            {
                resourceId: "ring",
                resourceType: "KEYRING",
            },
        ],
        violationNotificationsEnabled: true,
        labels: {
            "label-one": "value-one",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    primary = gcp.assuredworkloads.Workload("primary",
        compliance_regime="FEDRAMP_MODERATE",
        display_name="{{display}}",
        location="us-west1",
        organization="123456789",
        billing_account="billingAccounts/000000-0000000-0000000-000000",
        kms_settings={
            "next_rotation_time": "9999-10-02T15:01:23Z",
            "rotation_period": "10368000s",
        },
        provisioned_resources_parent="folders/519620126891",
        resource_settings=[
            {
                "display_name": "{{name}}",
                "resource_type": "CONSUMER_FOLDER",
            },
            {
                "resource_type": "ENCRYPTION_KEYS_PROJECT",
            },
            {
                "resource_id": "ring",
                "resource_type": "KEYRING",
            },
        ],
        violation_notifications_enabled=True,
        labels={
            "label-one": "value-one",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
    			ComplianceRegime: pulumi.String("FEDRAMP_MODERATE"),
    			DisplayName:      pulumi.String("{{display}}"),
    			Location:         pulumi.String("us-west1"),
    			Organization:     pulumi.String("123456789"),
    			BillingAccount:   pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
    			KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
    				NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
    				RotationPeriod:   pulumi.String("10368000s"),
    			},
    			ProvisionedResourcesParent: pulumi.String("folders/519620126891"),
    			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					DisplayName:  pulumi.String("{{name}}"),
    					ResourceType: pulumi.String("CONSUMER_FOLDER"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceId:   pulumi.String("ring"),
    					ResourceType: pulumi.String("KEYRING"),
    				},
    			},
    			ViolationNotificationsEnabled: pulumi.Bool(true),
    			Labels: pulumi.StringMap{
    				"label-one": pulumi.String("value-one"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
        {
            ComplianceRegime = "FEDRAMP_MODERATE",
            DisplayName = "{{display}}",
            Location = "us-west1",
            Organization = "123456789",
            BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
            KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
            {
                NextRotationTime = "9999-10-02T15:01:23Z",
                RotationPeriod = "10368000s",
            },
            ProvisionedResourcesParent = "folders/519620126891",
            ResourceSettings = new[]
            {
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    DisplayName = "{{name}}",
                    ResourceType = "CONSUMER_FOLDER",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceType = "ENCRYPTION_KEYS_PROJECT",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceId = "ring",
                    ResourceType = "KEYRING",
                },
            },
            ViolationNotificationsEnabled = true,
            Labels = 
            {
                { "label-one", "value-one" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.assuredworkloads.Workload;
    import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var primary = new Workload("primary", WorkloadArgs.builder()
                .complianceRegime("FEDRAMP_MODERATE")
                .displayName("{{display}}")
                .location("us-west1")
                .organization("123456789")
                .billingAccount("billingAccounts/000000-0000000-0000000-000000")
                .kmsSettings(WorkloadKmsSettingsArgs.builder()
                    .nextRotationTime("9999-10-02T15:01:23Z")
                    .rotationPeriod("10368000s")
                    .build())
                .provisionedResourcesParent("folders/519620126891")
                .resourceSettings(            
                    WorkloadResourceSettingArgs.builder()
                        .displayName("{{name}}")
                        .resourceType("CONSUMER_FOLDER")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceType("ENCRYPTION_KEYS_PROJECT")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceId("ring")
                        .resourceType("KEYRING")
                        .build())
                .violationNotificationsEnabled(true)
                .labels(Map.of("label-one", "value-one"))
                .build());
    
        }
    }
    
    resources:
      primary:
        type: gcp:assuredworkloads:Workload
        properties:
          complianceRegime: FEDRAMP_MODERATE
          displayName: '{{display}}'
          location: us-west1
          organization: '123456789'
          billingAccount: billingAccounts/000000-0000000-0000000-000000
          kmsSettings:
            nextRotationTime: 9999-10-02T15:01:23Z
            rotationPeriod: 10368000s
          provisionedResourcesParent: folders/519620126891
          resourceSettings:
            - displayName: '{{name}}'
              resourceType: CONSUMER_FOLDER
            - resourceType: ENCRYPTION_KEYS_PROJECT
            - resourceId: ring
              resourceType: KEYRING
          violationNotificationsEnabled: true
          labels:
            label-one: value-one
    

    Sovereign_controls_workload

    A Sovereign Controls test of the assuredworkloads api

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const primary = new gcp.assuredworkloads.Workload("primary", {
        complianceRegime: "EU_REGIONS_AND_SUPPORT",
        displayName: "display",
        location: "europe-west9",
        organization: "123456789",
        billingAccount: "billingAccounts/000000-0000000-0000000-000000",
        enableSovereignControls: true,
        kmsSettings: {
            nextRotationTime: "9999-10-02T15:01:23Z",
            rotationPeriod: "10368000s",
        },
        resourceSettings: [
            {
                resourceType: "CONSUMER_FOLDER",
            },
            {
                resourceType: "ENCRYPTION_KEYS_PROJECT",
            },
            {
                resourceId: "ring",
                resourceType: "KEYRING",
            },
        ],
        labels: {
            "label-one": "value-one",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    primary = gcp.assuredworkloads.Workload("primary",
        compliance_regime="EU_REGIONS_AND_SUPPORT",
        display_name="display",
        location="europe-west9",
        organization="123456789",
        billing_account="billingAccounts/000000-0000000-0000000-000000",
        enable_sovereign_controls=True,
        kms_settings={
            "next_rotation_time": "9999-10-02T15:01:23Z",
            "rotation_period": "10368000s",
        },
        resource_settings=[
            {
                "resource_type": "CONSUMER_FOLDER",
            },
            {
                "resource_type": "ENCRYPTION_KEYS_PROJECT",
            },
            {
                "resource_id": "ring",
                "resource_type": "KEYRING",
            },
        ],
        labels={
            "label-one": "value-one",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
    			ComplianceRegime:        pulumi.String("EU_REGIONS_AND_SUPPORT"),
    			DisplayName:             pulumi.String("display"),
    			Location:                pulumi.String("europe-west9"),
    			Organization:            pulumi.String("123456789"),
    			BillingAccount:          pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
    			EnableSovereignControls: pulumi.Bool(true),
    			KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
    				NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
    				RotationPeriod:   pulumi.String("10368000s"),
    			},
    			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceType: pulumi.String("CONSUMER_FOLDER"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceId:   pulumi.String("ring"),
    					ResourceType: pulumi.String("KEYRING"),
    				},
    			},
    			Labels: pulumi.StringMap{
    				"label-one": pulumi.String("value-one"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
        {
            ComplianceRegime = "EU_REGIONS_AND_SUPPORT",
            DisplayName = "display",
            Location = "europe-west9",
            Organization = "123456789",
            BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
            EnableSovereignControls = true,
            KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
            {
                NextRotationTime = "9999-10-02T15:01:23Z",
                RotationPeriod = "10368000s",
            },
            ResourceSettings = new[]
            {
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceType = "CONSUMER_FOLDER",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceType = "ENCRYPTION_KEYS_PROJECT",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceId = "ring",
                    ResourceType = "KEYRING",
                },
            },
            Labels = 
            {
                { "label-one", "value-one" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.assuredworkloads.Workload;
    import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var primary = new Workload("primary", WorkloadArgs.builder()
                .complianceRegime("EU_REGIONS_AND_SUPPORT")
                .displayName("display")
                .location("europe-west9")
                .organization("123456789")
                .billingAccount("billingAccounts/000000-0000000-0000000-000000")
                .enableSovereignControls(true)
                .kmsSettings(WorkloadKmsSettingsArgs.builder()
                    .nextRotationTime("9999-10-02T15:01:23Z")
                    .rotationPeriod("10368000s")
                    .build())
                .resourceSettings(            
                    WorkloadResourceSettingArgs.builder()
                        .resourceType("CONSUMER_FOLDER")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceType("ENCRYPTION_KEYS_PROJECT")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceId("ring")
                        .resourceType("KEYRING")
                        .build())
                .labels(Map.of("label-one", "value-one"))
                .build());
    
        }
    }
    
    resources:
      primary:
        type: gcp:assuredworkloads:Workload
        properties:
          complianceRegime: EU_REGIONS_AND_SUPPORT
          displayName: display
          location: europe-west9
          organization: '123456789'
          billingAccount: billingAccounts/000000-0000000-0000000-000000
          enableSovereignControls: true
          kmsSettings:
            nextRotationTime: 9999-10-02T15:01:23Z
            rotationPeriod: 10368000s
          resourceSettings:
            - resourceType: CONSUMER_FOLDER
            - resourceType: ENCRYPTION_KEYS_PROJECT
            - resourceId: ring
              resourceType: KEYRING
          labels:
            label-one: value-one
    

    Split_billing_partner_workload

    A Split billing partner test of the assuredworkloads api

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const primary = new gcp.assuredworkloads.Workload("primary", {
        complianceRegime: "ASSURED_WORKLOADS_FOR_PARTNERS",
        displayName: "display",
        location: "europe-west8",
        organization: "123456789",
        billingAccount: "billingAccounts/000000-0000000-0000000-000000",
        partner: "SOVEREIGN_CONTROLS_BY_PSN",
        partnerPermissions: {
            assuredWorkloadsMonitoring: true,
            dataLogsViewer: true,
            serviceAccessApprover: true,
        },
        partnerServicesBillingAccount: "billingAccounts/01BF3F-2C6DE5-30C607",
        resourceSettings: [
            {
                resourceType: "CONSUMER_FOLDER",
            },
            {
                resourceType: "ENCRYPTION_KEYS_PROJECT",
            },
            {
                resourceId: "ring",
                resourceType: "KEYRING",
            },
        ],
        violationNotificationsEnabled: true,
        labels: {
            "label-one": "value-one",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    primary = gcp.assuredworkloads.Workload("primary",
        compliance_regime="ASSURED_WORKLOADS_FOR_PARTNERS",
        display_name="display",
        location="europe-west8",
        organization="123456789",
        billing_account="billingAccounts/000000-0000000-0000000-000000",
        partner="SOVEREIGN_CONTROLS_BY_PSN",
        partner_permissions={
            "assured_workloads_monitoring": True,
            "data_logs_viewer": True,
            "service_access_approver": True,
        },
        partner_services_billing_account="billingAccounts/01BF3F-2C6DE5-30C607",
        resource_settings=[
            {
                "resource_type": "CONSUMER_FOLDER",
            },
            {
                "resource_type": "ENCRYPTION_KEYS_PROJECT",
            },
            {
                "resource_id": "ring",
                "resource_type": "KEYRING",
            },
        ],
        violation_notifications_enabled=True,
        labels={
            "label-one": "value-one",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
    			ComplianceRegime: pulumi.String("ASSURED_WORKLOADS_FOR_PARTNERS"),
    			DisplayName:      pulumi.String("display"),
    			Location:         pulumi.String("europe-west8"),
    			Organization:     pulumi.String("123456789"),
    			BillingAccount:   pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
    			Partner:          pulumi.String("SOVEREIGN_CONTROLS_BY_PSN"),
    			PartnerPermissions: &assuredworkloads.WorkloadPartnerPermissionsArgs{
    				AssuredWorkloadsMonitoring: pulumi.Bool(true),
    				DataLogsViewer:             pulumi.Bool(true),
    				ServiceAccessApprover:      pulumi.Bool(true),
    			},
    			PartnerServicesBillingAccount: pulumi.String("billingAccounts/01BF3F-2C6DE5-30C607"),
    			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceType: pulumi.String("CONSUMER_FOLDER"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceId:   pulumi.String("ring"),
    					ResourceType: pulumi.String("KEYRING"),
    				},
    			},
    			ViolationNotificationsEnabled: pulumi.Bool(true),
    			Labels: pulumi.StringMap{
    				"label-one": pulumi.String("value-one"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
        {
            ComplianceRegime = "ASSURED_WORKLOADS_FOR_PARTNERS",
            DisplayName = "display",
            Location = "europe-west8",
            Organization = "123456789",
            BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
            Partner = "SOVEREIGN_CONTROLS_BY_PSN",
            PartnerPermissions = new Gcp.AssuredWorkloads.Inputs.WorkloadPartnerPermissionsArgs
            {
                AssuredWorkloadsMonitoring = true,
                DataLogsViewer = true,
                ServiceAccessApprover = true,
            },
            PartnerServicesBillingAccount = "billingAccounts/01BF3F-2C6DE5-30C607",
            ResourceSettings = new[]
            {
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceType = "CONSUMER_FOLDER",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceType = "ENCRYPTION_KEYS_PROJECT",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceId = "ring",
                    ResourceType = "KEYRING",
                },
            },
            ViolationNotificationsEnabled = true,
            Labels = 
            {
                { "label-one", "value-one" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.assuredworkloads.Workload;
    import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadPartnerPermissionsArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var primary = new Workload("primary", WorkloadArgs.builder()
                .complianceRegime("ASSURED_WORKLOADS_FOR_PARTNERS")
                .displayName("display")
                .location("europe-west8")
                .organization("123456789")
                .billingAccount("billingAccounts/000000-0000000-0000000-000000")
                .partner("SOVEREIGN_CONTROLS_BY_PSN")
                .partnerPermissions(WorkloadPartnerPermissionsArgs.builder()
                    .assuredWorkloadsMonitoring(true)
                    .dataLogsViewer(true)
                    .serviceAccessApprover(true)
                    .build())
                .partnerServicesBillingAccount("billingAccounts/01BF3F-2C6DE5-30C607")
                .resourceSettings(            
                    WorkloadResourceSettingArgs.builder()
                        .resourceType("CONSUMER_FOLDER")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceType("ENCRYPTION_KEYS_PROJECT")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceId("ring")
                        .resourceType("KEYRING")
                        .build())
                .violationNotificationsEnabled(true)
                .labels(Map.of("label-one", "value-one"))
                .build());
    
        }
    }
    
    resources:
      primary:
        type: gcp:assuredworkloads:Workload
        properties:
          complianceRegime: ASSURED_WORKLOADS_FOR_PARTNERS
          displayName: display
          location: europe-west8
          organization: '123456789'
          billingAccount: billingAccounts/000000-0000000-0000000-000000
          partner: SOVEREIGN_CONTROLS_BY_PSN
          partnerPermissions:
            assuredWorkloadsMonitoring: true
            dataLogsViewer: true
            serviceAccessApprover: true
          partnerServicesBillingAccount: billingAccounts/01BF3F-2C6DE5-30C607
          resourceSettings:
            - resourceType: CONSUMER_FOLDER
            - resourceType: ENCRYPTION_KEYS_PROJECT
            - resourceId: ring
              resourceType: KEYRING
          violationNotificationsEnabled: true
          labels:
            label-one: value-one
    

    Create Workload Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Workload(name: string, args: WorkloadArgs, opts?: CustomResourceOptions);
    @overload
    def Workload(resource_name: str,
                 args: WorkloadArgs,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Workload(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 location: Optional[str] = None,
                 compliance_regime: Optional[str] = None,
                 display_name: Optional[str] = None,
                 organization: Optional[str] = None,
                 enable_sovereign_controls: Optional[bool] = None,
                 labels: Optional[Mapping[str, str]] = None,
                 kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
                 billing_account: Optional[str] = None,
                 partner: Optional[str] = None,
                 partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
                 partner_services_billing_account: Optional[str] = None,
                 provisioned_resources_parent: Optional[str] = None,
                 resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
                 violation_notifications_enabled: Optional[bool] = None)
    func NewWorkload(ctx *Context, name string, args WorkloadArgs, opts ...ResourceOption) (*Workload, error)
    public Workload(string name, WorkloadArgs args, CustomResourceOptions? opts = null)
    public Workload(String name, WorkloadArgs args)
    public Workload(String name, WorkloadArgs args, CustomResourceOptions options)
    
    type: gcp:assuredworkloads:Workload
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var gcpWorkloadResource = new Gcp.AssuredWorkloads.Workload("gcpWorkloadResource", new()
    {
        Location = "string",
        ComplianceRegime = "string",
        DisplayName = "string",
        Organization = "string",
        EnableSovereignControls = false,
        Labels = 
        {
            { "string", "string" },
        },
        KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
        {
            NextRotationTime = "string",
            RotationPeriod = "string",
        },
        BillingAccount = "string",
        Partner = "string",
        PartnerPermissions = new Gcp.AssuredWorkloads.Inputs.WorkloadPartnerPermissionsArgs
        {
            AssuredWorkloadsMonitoring = false,
            DataLogsViewer = false,
            ServiceAccessApprover = false,
        },
        PartnerServicesBillingAccount = "string",
        ProvisionedResourcesParent = "string",
        ResourceSettings = new[]
        {
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                DisplayName = "string",
                ResourceId = "string",
                ResourceType = "string",
            },
        },
        ViolationNotificationsEnabled = false,
    });
    
    example, err := assuredworkloads.NewWorkload(ctx, "gcpWorkloadResource", &assuredworkloads.WorkloadArgs{
    	Location:                pulumi.String("string"),
    	ComplianceRegime:        pulumi.String("string"),
    	DisplayName:             pulumi.String("string"),
    	Organization:            pulumi.String("string"),
    	EnableSovereignControls: pulumi.Bool(false),
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
    		NextRotationTime: pulumi.String("string"),
    		RotationPeriod:   pulumi.String("string"),
    	},
    	BillingAccount: pulumi.String("string"),
    	Partner:        pulumi.String("string"),
    	PartnerPermissions: &assuredworkloads.WorkloadPartnerPermissionsArgs{
    		AssuredWorkloadsMonitoring: pulumi.Bool(false),
    		DataLogsViewer:             pulumi.Bool(false),
    		ServiceAccessApprover:      pulumi.Bool(false),
    	},
    	PartnerServicesBillingAccount: pulumi.String("string"),
    	ProvisionedResourcesParent:    pulumi.String("string"),
    	ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
    		&assuredworkloads.WorkloadResourceSettingArgs{
    			DisplayName:  pulumi.String("string"),
    			ResourceId:   pulumi.String("string"),
    			ResourceType: pulumi.String("string"),
    		},
    	},
    	ViolationNotificationsEnabled: pulumi.Bool(false),
    })
    
    var gcpWorkloadResource = new Workload("gcpWorkloadResource", WorkloadArgs.builder()
        .location("string")
        .complianceRegime("string")
        .displayName("string")
        .organization("string")
        .enableSovereignControls(false)
        .labels(Map.of("string", "string"))
        .kmsSettings(WorkloadKmsSettingsArgs.builder()
            .nextRotationTime("string")
            .rotationPeriod("string")
            .build())
        .billingAccount("string")
        .partner("string")
        .partnerPermissions(WorkloadPartnerPermissionsArgs.builder()
            .assuredWorkloadsMonitoring(false)
            .dataLogsViewer(false)
            .serviceAccessApprover(false)
            .build())
        .partnerServicesBillingAccount("string")
        .provisionedResourcesParent("string")
        .resourceSettings(WorkloadResourceSettingArgs.builder()
            .displayName("string")
            .resourceId("string")
            .resourceType("string")
            .build())
        .violationNotificationsEnabled(false)
        .build());
    
    gcp_workload_resource = gcp.assuredworkloads.Workload("gcpWorkloadResource",
        location="string",
        compliance_regime="string",
        display_name="string",
        organization="string",
        enable_sovereign_controls=False,
        labels={
            "string": "string",
        },
        kms_settings={
            "nextRotationTime": "string",
            "rotationPeriod": "string",
        },
        billing_account="string",
        partner="string",
        partner_permissions={
            "assuredWorkloadsMonitoring": False,
            "dataLogsViewer": False,
            "serviceAccessApprover": False,
        },
        partner_services_billing_account="string",
        provisioned_resources_parent="string",
        resource_settings=[{
            "displayName": "string",
            "resourceId": "string",
            "resourceType": "string",
        }],
        violation_notifications_enabled=False)
    
    const gcpWorkloadResource = new gcp.assuredworkloads.Workload("gcpWorkloadResource", {
        location: "string",
        complianceRegime: "string",
        displayName: "string",
        organization: "string",
        enableSovereignControls: false,
        labels: {
            string: "string",
        },
        kmsSettings: {
            nextRotationTime: "string",
            rotationPeriod: "string",
        },
        billingAccount: "string",
        partner: "string",
        partnerPermissions: {
            assuredWorkloadsMonitoring: false,
            dataLogsViewer: false,
            serviceAccessApprover: false,
        },
        partnerServicesBillingAccount: "string",
        provisionedResourcesParent: "string",
        resourceSettings: [{
            displayName: "string",
            resourceId: "string",
            resourceType: "string",
        }],
        violationNotificationsEnabled: false,
    });
    
    type: gcp:assuredworkloads:Workload
    properties:
        billingAccount: string
        complianceRegime: string
        displayName: string
        enableSovereignControls: false
        kmsSettings:
            nextRotationTime: string
            rotationPeriod: string
        labels:
            string: string
        location: string
        organization: string
        partner: string
        partnerPermissions:
            assuredWorkloadsMonitoring: false
            dataLogsViewer: false
            serviceAccessApprover: false
        partnerServicesBillingAccount: string
        provisionedResourcesParent: string
        resourceSettings:
            - displayName: string
              resourceId: string
              resourceType: string
        violationNotificationsEnabled: false
    

    Workload Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Workload resource accepts the following input properties:

    ComplianceRegime string
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    DisplayName string
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    Location string
    The location for the resource
    Organization string
    The organization for the resource


    BillingAccount string
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    EnableSovereignControls bool
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    KmsSettings WorkloadKmsSettings
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    Labels Dictionary<string, string>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    Partner string
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    PartnerPermissions WorkloadPartnerPermissions
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    PartnerServicesBillingAccount string
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    ProvisionedResourcesParent string
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    ResourceSettings List<WorkloadResourceSetting>
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    ViolationNotificationsEnabled bool
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    ComplianceRegime string
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    DisplayName string
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    Location string
    The location for the resource
    Organization string
    The organization for the resource


    BillingAccount string
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    EnableSovereignControls bool
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    KmsSettings WorkloadKmsSettingsArgs
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    Labels map[string]string

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    Partner string
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    PartnerPermissions WorkloadPartnerPermissionsArgs
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    PartnerServicesBillingAccount string
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    ProvisionedResourcesParent string
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    ResourceSettings []WorkloadResourceSettingArgs
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    ViolationNotificationsEnabled bool
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    complianceRegime String
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    displayName String
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    location String
    The location for the resource
    organization String
    The organization for the resource


    billingAccount String
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    enableSovereignControls Boolean
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    kmsSettings WorkloadKmsSettings
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    labels Map<String,String>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    partner String
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    partnerPermissions WorkloadPartnerPermissions
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    partnerServicesBillingAccount String
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    provisionedResourcesParent String
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    resourceSettings List<WorkloadResourceSetting>
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    violationNotificationsEnabled Boolean
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    complianceRegime string
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    displayName string
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    location string
    The location for the resource
    organization string
    The organization for the resource


    billingAccount string
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    enableSovereignControls boolean
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    kmsSettings WorkloadKmsSettings
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    labels {[key: string]: string}

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    partner string
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    partnerPermissions WorkloadPartnerPermissions
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    partnerServicesBillingAccount string
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    provisionedResourcesParent string
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    resourceSettings WorkloadResourceSetting[]
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    violationNotificationsEnabled boolean
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    compliance_regime str
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    display_name str
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    location str
    The location for the resource
    organization str
    The organization for the resource


    billing_account str
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    enable_sovereign_controls bool
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    kms_settings WorkloadKmsSettingsArgs
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    labels Mapping[str, str]

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    partner str
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    partner_permissions WorkloadPartnerPermissionsArgs
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    partner_services_billing_account str
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    provisioned_resources_parent str
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    resource_settings Sequence[WorkloadResourceSettingArgs]
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    violation_notifications_enabled bool
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    complianceRegime String
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    displayName String
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    location String
    The location for the resource
    organization String
    The organization for the resource


    billingAccount String
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    enableSovereignControls Boolean
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    kmsSettings Property Map
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    labels Map<String>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    partner String
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    partnerPermissions Property Map
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    partnerServicesBillingAccount String
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    provisionedResourcesParent String
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    resourceSettings List<Property Map>
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    violationNotificationsEnabled Boolean
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Workload resource produces the following output properties:

    ComplianceStatuses List<WorkloadComplianceStatus>
    Output only. Count of active Violations in the Workload.
    CompliantButDisallowedServices List<string>
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    CreateTime string
    Output only. Immutable. The Workload creation timestamp.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    EkmProvisioningResponses List<WorkloadEkmProvisioningResponse>
    Optional. Represents the Ekm Provisioning State of the given workload.
    Id string
    The provider-assigned unique ID for this managed resource.
    KajEnrollmentState string
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    Name string
    Output only. The resource name of the workload.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    Resources List<WorkloadResource>
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    SaaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    ComplianceStatuses []WorkloadComplianceStatus
    Output only. Count of active Violations in the Workload.
    CompliantButDisallowedServices []string
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    CreateTime string
    Output only. Immutable. The Workload creation timestamp.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    EkmProvisioningResponses []WorkloadEkmProvisioningResponse
    Optional. Represents the Ekm Provisioning State of the given workload.
    Id string
    The provider-assigned unique ID for this managed resource.
    KajEnrollmentState string
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    Name string
    Output only. The resource name of the workload.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    Resources []WorkloadResource
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    SaaEnrollmentResponses []WorkloadSaaEnrollmentResponse
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    complianceStatuses List<WorkloadComplianceStatus>
    Output only. Count of active Violations in the Workload.
    compliantButDisallowedServices List<String>
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    createTime String
    Output only. Immutable. The Workload creation timestamp.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ekmProvisioningResponses List<WorkloadEkmProvisioningResponse>
    Optional. Represents the Ekm Provisioning State of the given workload.
    id String
    The provider-assigned unique ID for this managed resource.
    kajEnrollmentState String
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    name String
    Output only. The resource name of the workload.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    resources List<WorkloadResource>
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    saaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    complianceStatuses WorkloadComplianceStatus[]
    Output only. Count of active Violations in the Workload.
    compliantButDisallowedServices string[]
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    createTime string
    Output only. Immutable. The Workload creation timestamp.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ekmProvisioningResponses WorkloadEkmProvisioningResponse[]
    Optional. Represents the Ekm Provisioning State of the given workload.
    id string
    The provider-assigned unique ID for this managed resource.
    kajEnrollmentState string
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    name string
    Output only. The resource name of the workload.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    resources WorkloadResource[]
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    saaEnrollmentResponses WorkloadSaaEnrollmentResponse[]
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    compliance_statuses Sequence[WorkloadComplianceStatus]
    Output only. Count of active Violations in the Workload.
    compliant_but_disallowed_services Sequence[str]
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    create_time str
    Output only. Immutable. The Workload creation timestamp.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ekm_provisioning_responses Sequence[WorkloadEkmProvisioningResponse]
    Optional. Represents the Ekm Provisioning State of the given workload.
    id str
    The provider-assigned unique ID for this managed resource.
    kaj_enrollment_state str
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    name str
    Output only. The resource name of the workload.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    resources Sequence[WorkloadResource]
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    saa_enrollment_responses Sequence[WorkloadSaaEnrollmentResponse]
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    complianceStatuses List<Property Map>
    Output only. Count of active Violations in the Workload.
    compliantButDisallowedServices List<String>
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    createTime String
    Output only. Immutable. The Workload creation timestamp.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ekmProvisioningResponses List<Property Map>
    Optional. Represents the Ekm Provisioning State of the given workload.
    id String
    The provider-assigned unique ID for this managed resource.
    kajEnrollmentState String
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    name String
    Output only. The resource name of the workload.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    resources List<Property Map>
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    saaEnrollmentResponses List<Property Map>
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    Look up Existing Workload Resource

    Get an existing Workload resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WorkloadState, opts?: CustomResourceOptions): Workload
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            billing_account: Optional[str] = None,
            compliance_regime: Optional[str] = None,
            compliance_statuses: Optional[Sequence[WorkloadComplianceStatusArgs]] = None,
            compliant_but_disallowed_services: Optional[Sequence[str]] = None,
            create_time: Optional[str] = None,
            display_name: Optional[str] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            ekm_provisioning_responses: Optional[Sequence[WorkloadEkmProvisioningResponseArgs]] = None,
            enable_sovereign_controls: Optional[bool] = None,
            kaj_enrollment_state: Optional[str] = None,
            kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            organization: Optional[str] = None,
            partner: Optional[str] = None,
            partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
            partner_services_billing_account: Optional[str] = None,
            provisioned_resources_parent: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
            resources: Optional[Sequence[WorkloadResourceArgs]] = None,
            saa_enrollment_responses: Optional[Sequence[WorkloadSaaEnrollmentResponseArgs]] = None,
            violation_notifications_enabled: Optional[bool] = None) -> Workload
    func GetWorkload(ctx *Context, name string, id IDInput, state *WorkloadState, opts ...ResourceOption) (*Workload, error)
    public static Workload Get(string name, Input<string> id, WorkloadState? state, CustomResourceOptions? opts = null)
    public static Workload get(String name, Output<String> id, WorkloadState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    BillingAccount string
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    ComplianceRegime string
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    ComplianceStatuses List<WorkloadComplianceStatus>
    Output only. Count of active Violations in the Workload.
    CompliantButDisallowedServices List<string>
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    CreateTime string
    Output only. Immutable. The Workload creation timestamp.
    DisplayName string
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    EkmProvisioningResponses List<WorkloadEkmProvisioningResponse>
    Optional. Represents the Ekm Provisioning State of the given workload.
    EnableSovereignControls bool
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    KajEnrollmentState string
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    KmsSettings WorkloadKmsSettings
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    Labels Dictionary<string, string>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    Location string
    The location for the resource
    Name string
    Output only. The resource name of the workload.
    Organization string
    The organization for the resource


    Partner string
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    PartnerPermissions WorkloadPartnerPermissions
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    PartnerServicesBillingAccount string
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    ProvisionedResourcesParent string
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    ResourceSettings List<WorkloadResourceSetting>
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    Resources List<WorkloadResource>
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    SaaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    ViolationNotificationsEnabled bool
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    BillingAccount string
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    ComplianceRegime string
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    ComplianceStatuses []WorkloadComplianceStatusArgs
    Output only. Count of active Violations in the Workload.
    CompliantButDisallowedServices []string
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    CreateTime string
    Output only. Immutable. The Workload creation timestamp.
    DisplayName string
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    EkmProvisioningResponses []WorkloadEkmProvisioningResponseArgs
    Optional. Represents the Ekm Provisioning State of the given workload.
    EnableSovereignControls bool
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    KajEnrollmentState string
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    KmsSettings WorkloadKmsSettingsArgs
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    Labels map[string]string

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    Location string
    The location for the resource
    Name string
    Output only. The resource name of the workload.
    Organization string
    The organization for the resource


    Partner string
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    PartnerPermissions WorkloadPartnerPermissionsArgs
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    PartnerServicesBillingAccount string
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    ProvisionedResourcesParent string
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    ResourceSettings []WorkloadResourceSettingArgs
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    Resources []WorkloadResourceArgs
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    SaaEnrollmentResponses []WorkloadSaaEnrollmentResponseArgs
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    ViolationNotificationsEnabled bool
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    billingAccount String
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    complianceRegime String
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    complianceStatuses List<WorkloadComplianceStatus>
    Output only. Count of active Violations in the Workload.
    compliantButDisallowedServices List<String>
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    createTime String
    Output only. Immutable. The Workload creation timestamp.
    displayName String
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ekmProvisioningResponses List<WorkloadEkmProvisioningResponse>
    Optional. Represents the Ekm Provisioning State of the given workload.
    enableSovereignControls Boolean
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    kajEnrollmentState String
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    kmsSettings WorkloadKmsSettings
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    labels Map<String,String>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    location String
    The location for the resource
    name String
    Output only. The resource name of the workload.
    organization String
    The organization for the resource


    partner String
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    partnerPermissions WorkloadPartnerPermissions
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    partnerServicesBillingAccount String
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    provisionedResourcesParent String
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    resourceSettings List<WorkloadResourceSetting>
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    resources List<WorkloadResource>
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    saaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    violationNotificationsEnabled Boolean
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    billingAccount string
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    complianceRegime string
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    complianceStatuses WorkloadComplianceStatus[]
    Output only. Count of active Violations in the Workload.
    compliantButDisallowedServices string[]
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    createTime string
    Output only. Immutable. The Workload creation timestamp.
    displayName string
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ekmProvisioningResponses WorkloadEkmProvisioningResponse[]
    Optional. Represents the Ekm Provisioning State of the given workload.
    enableSovereignControls boolean
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    kajEnrollmentState string
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    kmsSettings WorkloadKmsSettings
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    labels {[key: string]: string}

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    location string
    The location for the resource
    name string
    Output only. The resource name of the workload.
    organization string
    The organization for the resource


    partner string
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    partnerPermissions WorkloadPartnerPermissions
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    partnerServicesBillingAccount string
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    provisionedResourcesParent string
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    resourceSettings WorkloadResourceSetting[]
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    resources WorkloadResource[]
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    saaEnrollmentResponses WorkloadSaaEnrollmentResponse[]
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    violationNotificationsEnabled boolean
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    billing_account str
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    compliance_regime str
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    compliance_statuses Sequence[WorkloadComplianceStatusArgs]
    Output only. Count of active Violations in the Workload.
    compliant_but_disallowed_services Sequence[str]
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    create_time str
    Output only. Immutable. The Workload creation timestamp.
    display_name str
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ekm_provisioning_responses Sequence[WorkloadEkmProvisioningResponseArgs]
    Optional. Represents the Ekm Provisioning State of the given workload.
    enable_sovereign_controls bool
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    kaj_enrollment_state str
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    kms_settings WorkloadKmsSettingsArgs
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    labels Mapping[str, str]

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    location str
    The location for the resource
    name str
    Output only. The resource name of the workload.
    organization str
    The organization for the resource


    partner str
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    partner_permissions WorkloadPartnerPermissionsArgs
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    partner_services_billing_account str
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    provisioned_resources_parent str
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    resource_settings Sequence[WorkloadResourceSettingArgs]
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    resources Sequence[WorkloadResourceArgs]
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    saa_enrollment_responses Sequence[WorkloadSaaEnrollmentResponseArgs]
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    violation_notifications_enabled bool
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
    billingAccount String
    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
    complianceRegime String
    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
    complianceStatuses List<Property Map>
    Output only. Count of active Violations in the Workload.
    compliantButDisallowedServices List<String>
    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
    createTime String
    Output only. Immutable. The Workload creation timestamp.
    displayName String
    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ekmProvisioningResponses List<Property Map>
    Optional. Represents the Ekm Provisioning State of the given workload.
    enableSovereignControls Boolean
    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
    kajEnrollmentState String
    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
    kmsSettings Property Map
    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
    labels Map<String>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    location String
    The location for the resource
    name String
    Output only. The resource name of the workload.
    organization String
    The organization for the resource


    partner String
    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
    partnerPermissions Property Map
    Optional. Permissions granted to the AW Partner SA account for the customer workload
    partnerServicesBillingAccount String
    Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
    provisionedResourcesParent String
    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    resourceSettings List<Property Map>
    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
    resources List<Property Map>
    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
    saaEnrollmentResponses List<Property Map>
    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
    violationNotificationsEnabled Boolean
    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    Supporting Types

    WorkloadComplianceStatus, WorkloadComplianceStatusArgs

    AcknowledgedViolationCounts List<int>
    Number of current orgPolicy violations which are acknowledged.
    ActiveViolationCounts List<int>
    Number of current orgPolicy violations which are not acknowledged.
    AcknowledgedViolationCounts []int
    Number of current orgPolicy violations which are acknowledged.
    ActiveViolationCounts []int
    Number of current orgPolicy violations which are not acknowledged.
    acknowledgedViolationCounts List<Integer>
    Number of current orgPolicy violations which are acknowledged.
    activeViolationCounts List<Integer>
    Number of current orgPolicy violations which are not acknowledged.
    acknowledgedViolationCounts number[]
    Number of current orgPolicy violations which are acknowledged.
    activeViolationCounts number[]
    Number of current orgPolicy violations which are not acknowledged.
    acknowledged_violation_counts Sequence[int]
    Number of current orgPolicy violations which are acknowledged.
    active_violation_counts Sequence[int]
    Number of current orgPolicy violations which are not acknowledged.
    acknowledgedViolationCounts List<Number>
    Number of current orgPolicy violations which are acknowledged.
    activeViolationCounts List<Number>
    Number of current orgPolicy violations which are not acknowledged.

    WorkloadEkmProvisioningResponse, WorkloadEkmProvisioningResponseArgs

    EkmProvisioningErrorDomain string
    Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
    EkmProvisioningErrorMapping string
    Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
    EkmProvisioningState string
    Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
    EkmProvisioningErrorDomain string
    Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
    EkmProvisioningErrorMapping string
    Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
    EkmProvisioningState string
    Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
    ekmProvisioningErrorDomain String
    Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
    ekmProvisioningErrorMapping String
    Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
    ekmProvisioningState String
    Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
    ekmProvisioningErrorDomain string
    Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
    ekmProvisioningErrorMapping string
    Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
    ekmProvisioningState string
    Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
    ekm_provisioning_error_domain str
    Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
    ekm_provisioning_error_mapping str
    Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
    ekm_provisioning_state str
    Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
    ekmProvisioningErrorDomain String
    Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
    ekmProvisioningErrorMapping String
    Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
    ekmProvisioningState String
    Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED

    WorkloadKmsSettings, WorkloadKmsSettingsArgs

    NextRotationTime string
    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
    RotationPeriod string
    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
    NextRotationTime string
    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
    RotationPeriod string
    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
    nextRotationTime String
    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
    rotationPeriod String
    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
    nextRotationTime string
    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
    rotationPeriod string
    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
    next_rotation_time str
    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
    rotation_period str
    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
    nextRotationTime String
    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
    rotationPeriod String
    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    WorkloadPartnerPermissions, WorkloadPartnerPermissionsArgs

    AssuredWorkloadsMonitoring bool
    Optional. Allow partner to view violation alerts.
    DataLogsViewer bool
    Allow the partner to view inspectability logs and monitoring violations.
    ServiceAccessApprover bool
    Optional. Allow partner to view access approval logs.
    AssuredWorkloadsMonitoring bool
    Optional. Allow partner to view violation alerts.
    DataLogsViewer bool
    Allow the partner to view inspectability logs and monitoring violations.
    ServiceAccessApprover bool
    Optional. Allow partner to view access approval logs.
    assuredWorkloadsMonitoring Boolean
    Optional. Allow partner to view violation alerts.
    dataLogsViewer Boolean
    Allow the partner to view inspectability logs and monitoring violations.
    serviceAccessApprover Boolean
    Optional. Allow partner to view access approval logs.
    assuredWorkloadsMonitoring boolean
    Optional. Allow partner to view violation alerts.
    dataLogsViewer boolean
    Allow the partner to view inspectability logs and monitoring violations.
    serviceAccessApprover boolean
    Optional. Allow partner to view access approval logs.
    assured_workloads_monitoring bool
    Optional. Allow partner to view violation alerts.
    data_logs_viewer bool
    Allow the partner to view inspectability logs and monitoring violations.
    service_access_approver bool
    Optional. Allow partner to view access approval logs.
    assuredWorkloadsMonitoring Boolean
    Optional. Allow partner to view violation alerts.
    dataLogsViewer Boolean
    Allow the partner to view inspectability logs and monitoring violations.
    serviceAccessApprover Boolean
    Optional. Allow partner to view access approval logs.

    WorkloadResource, WorkloadResourceArgs

    ResourceId int
    Resource identifier. For a project this represents project_number.
    ResourceType string
    Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    ResourceId int
    Resource identifier. For a project this represents project_number.
    ResourceType string
    Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    resourceId Integer
    Resource identifier. For a project this represents project_number.
    resourceType String
    Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    resourceId number
    Resource identifier. For a project this represents project_number.
    resourceType string
    Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    resource_id int
    Resource identifier. For a project this represents project_number.
    resource_type str
    Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    resourceId Number
    Resource identifier. For a project this represents project_number.
    resourceType String
    Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    WorkloadResourceSetting, WorkloadResourceSettingArgs

    DisplayName string
    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
    ResourceId string
    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
    ResourceType string
    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    DisplayName string
    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
    ResourceId string
    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
    ResourceType string
    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    displayName String
    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
    resourceId String
    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
    resourceType String
    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    displayName string
    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
    resourceId string
    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
    resourceType string
    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    display_name str
    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
    resource_id str
    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
    resource_type str
    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
    displayName String
    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
    resourceId String
    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
    resourceType String
    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    WorkloadSaaEnrollmentResponse, WorkloadSaaEnrollmentResponseArgs

    SetupErrors List<string>
    Indicates SAA enrollment setup error if any.
    SetupStatus string
    Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
    SetupErrors []string
    Indicates SAA enrollment setup error if any.
    SetupStatus string
    Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
    setupErrors List<String>
    Indicates SAA enrollment setup error if any.
    setupStatus String
    Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
    setupErrors string[]
    Indicates SAA enrollment setup error if any.
    setupStatus string
    Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
    setup_errors Sequence[str]
    Indicates SAA enrollment setup error if any.
    setup_status str
    Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
    setupErrors List<String>
    Indicates SAA enrollment setup error if any.
    setupStatus String
    Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE

    Import

    Workload can be imported using any of these accepted formats:

    • organizations/{{organization}}/locations/{{location}}/workloads/{{name}}

    • {{organization}}/{{location}}/{{name}}

    When using the pulumi import command, Workload can be imported using one of the formats above. For example:

    $ pulumi import gcp:assuredworkloads/workload:Workload default organizations/{{organization}}/locations/{{location}}/workloads/{{name}}
    
    $ pulumi import gcp:assuredworkloads/workload:Workload default {{organization}}/{{location}}/{{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.5.0 published on Tuesday, Oct 8, 2024 by Pulumi