gcp.assuredworkloads.Workload
Explore with Pulumi AI
The AssuredWorkloads Workload resource
Example Usage
Basic_workload
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
{
BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
ComplianceRegime = "FEDRAMP_MODERATE",
DisplayName = "{{display}}",
KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
{
NextRotationTime = "9999-10-02T15:01:23Z",
RotationPeriod = "10368000s",
},
Labels =
{
{ "label-one", "value-one" },
},
Location = "us-west1",
Organization = "123456789",
ProvisionedResourcesParent = "folders/519620126891",
ResourceSettings = new[]
{
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
DisplayName = "folder-display-name",
ResourceType = "CONSUMER_FOLDER",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceType = "ENCRYPTION_KEYS_PROJECT",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceId = "ring",
ResourceType = "KEYRING",
},
},
ViolationNotificationsEnabled = true,
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/assuredworkloads"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
BillingAccount: pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
ComplianceRegime: pulumi.String("FEDRAMP_MODERATE"),
DisplayName: pulumi.String("{{display}}"),
KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
RotationPeriod: pulumi.String("10368000s"),
},
Labels: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
Location: pulumi.String("us-west1"),
Organization: pulumi.String("123456789"),
ProvisionedResourcesParent: pulumi.String("folders/519620126891"),
ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
&assuredworkloads.WorkloadResourceSettingArgs{
DisplayName: pulumi.String("folder-display-name"),
ResourceType: pulumi.String("CONSUMER_FOLDER"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceId: pulumi.String("ring"),
ResourceType: pulumi.String("KEYRING"),
},
},
ViolationNotificationsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primary = new Workload("primary", WorkloadArgs.builder()
.billingAccount("billingAccounts/000000-0000000-0000000-000000")
.complianceRegime("FEDRAMP_MODERATE")
.displayName("{{display}}")
.kmsSettings(WorkloadKmsSettingsArgs.builder()
.nextRotationTime("9999-10-02T15:01:23Z")
.rotationPeriod("10368000s")
.build())
.labels(Map.of("label-one", "value-one"))
.location("us-west1")
.organization("123456789")
.provisionedResourcesParent("folders/519620126891")
.resourceSettings(
WorkloadResourceSettingArgs.builder()
.displayName("folder-display-name")
.resourceType("CONSUMER_FOLDER")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceType("ENCRYPTION_KEYS_PROJECT")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceId("ring")
.resourceType("KEYRING")
.build())
.violationNotificationsEnabled(true)
.build());
}
}
import pulumi
import pulumi_gcp as gcp
primary = gcp.assuredworkloads.Workload("primary",
billing_account="billingAccounts/000000-0000000-0000000-000000",
compliance_regime="FEDRAMP_MODERATE",
display_name="{{display}}",
kms_settings=gcp.assuredworkloads.WorkloadKmsSettingsArgs(
next_rotation_time="9999-10-02T15:01:23Z",
rotation_period="10368000s",
),
labels={
"label-one": "value-one",
},
location="us-west1",
organization="123456789",
provisioned_resources_parent="folders/519620126891",
resource_settings=[
gcp.assuredworkloads.WorkloadResourceSettingArgs(
display_name="folder-display-name",
resource_type="CONSUMER_FOLDER",
),
gcp.assuredworkloads.WorkloadResourceSettingArgs(
resource_type="ENCRYPTION_KEYS_PROJECT",
),
gcp.assuredworkloads.WorkloadResourceSettingArgs(
resource_id="ring",
resource_type="KEYRING",
),
],
violation_notifications_enabled=True)
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const primary = new gcp.assuredworkloads.Workload("primary", {
billingAccount: "billingAccounts/000000-0000000-0000000-000000",
complianceRegime: "FEDRAMP_MODERATE",
displayName: "{{display}}",
kmsSettings: {
nextRotationTime: "9999-10-02T15:01:23Z",
rotationPeriod: "10368000s",
},
labels: {
"label-one": "value-one",
},
location: "us-west1",
organization: "123456789",
provisionedResourcesParent: "folders/519620126891",
resourceSettings: [
{
displayName: "folder-display-name",
resourceType: "CONSUMER_FOLDER",
},
{
resourceType: "ENCRYPTION_KEYS_PROJECT",
},
{
resourceId: "ring",
resourceType: "KEYRING",
},
],
violationNotificationsEnabled: true,
});
resources:
primary:
type: gcp:assuredworkloads:Workload
properties:
billingAccount: billingAccounts/000000-0000000-0000000-000000
complianceRegime: FEDRAMP_MODERATE
displayName: '{{display}}'
kmsSettings:
nextRotationTime: 9999-10-02T15:01:23Z
rotationPeriod: 10368000s
labels:
label-one: value-one
location: us-west1
organization: '123456789'
provisionedResourcesParent: folders/519620126891
resourceSettings:
- displayName: folder-display-name
resourceType: CONSUMER_FOLDER
- resourceType: ENCRYPTION_KEYS_PROJECT
- resourceId: ring
resourceType: KEYRING
violationNotificationsEnabled: true
Sovereign_controls_workload
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
{
ComplianceRegime = "EU_REGIONS_AND_SUPPORT",
DisplayName = "display",
Location = "europe-west9",
Organization = "123456789",
BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
EnableSovereignControls = true,
KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
{
NextRotationTime = "9999-10-02T15:01:23Z",
RotationPeriod = "10368000s",
},
ResourceSettings = new[]
{
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceType = "CONSUMER_FOLDER",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceType = "ENCRYPTION_KEYS_PROJECT",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceId = "ring",
ResourceType = "KEYRING",
},
},
Labels =
{
{ "label-one", "value-one" },
},
}, new CustomResourceOptions
{
Provider = google_beta,
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/assuredworkloads"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
ComplianceRegime: pulumi.String("EU_REGIONS_AND_SUPPORT"),
DisplayName: pulumi.String("display"),
Location: pulumi.String("europe-west9"),
Organization: pulumi.String("123456789"),
BillingAccount: pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
EnableSovereignControls: pulumi.Bool(true),
KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
RotationPeriod: pulumi.String("10368000s"),
},
ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceType: pulumi.String("CONSUMER_FOLDER"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceId: pulumi.String("ring"),
ResourceType: pulumi.String("KEYRING"),
},
},
Labels: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primary = new Workload("primary", WorkloadArgs.builder()
.complianceRegime("EU_REGIONS_AND_SUPPORT")
.displayName("display")
.location("europe-west9")
.organization("123456789")
.billingAccount("billingAccounts/000000-0000000-0000000-000000")
.enableSovereignControls(true)
.kmsSettings(WorkloadKmsSettingsArgs.builder()
.nextRotationTime("9999-10-02T15:01:23Z")
.rotationPeriod("10368000s")
.build())
.resourceSettings(
WorkloadResourceSettingArgs.builder()
.resourceType("CONSUMER_FOLDER")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceType("ENCRYPTION_KEYS_PROJECT")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceId("ring")
.resourceType("KEYRING")
.build())
.labels(Map.of("label-one", "value-one"))
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
import pulumi
import pulumi_gcp as gcp
primary = gcp.assuredworkloads.Workload("primary",
compliance_regime="EU_REGIONS_AND_SUPPORT",
display_name="display",
location="europe-west9",
organization="123456789",
billing_account="billingAccounts/000000-0000000-0000000-000000",
enable_sovereign_controls=True,
kms_settings=gcp.assuredworkloads.WorkloadKmsSettingsArgs(
next_rotation_time="9999-10-02T15:01:23Z",
rotation_period="10368000s",
),
resource_settings=[
gcp.assuredworkloads.WorkloadResourceSettingArgs(
resource_type="CONSUMER_FOLDER",
),
gcp.assuredworkloads.WorkloadResourceSettingArgs(
resource_type="ENCRYPTION_KEYS_PROJECT",
),
gcp.assuredworkloads.WorkloadResourceSettingArgs(
resource_id="ring",
resource_type="KEYRING",
),
],
labels={
"label-one": "value-one",
},
opts=pulumi.ResourceOptions(provider=google_beta))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const primary = new gcp.assuredworkloads.Workload("primary", {
complianceRegime: "EU_REGIONS_AND_SUPPORT",
displayName: "display",
location: "europe-west9",
organization: "123456789",
billingAccount: "billingAccounts/000000-0000000-0000000-000000",
enableSovereignControls: true,
kmsSettings: {
nextRotationTime: "9999-10-02T15:01:23Z",
rotationPeriod: "10368000s",
},
resourceSettings: [
{
resourceType: "CONSUMER_FOLDER",
},
{
resourceType: "ENCRYPTION_KEYS_PROJECT",
},
{
resourceId: "ring",
resourceType: "KEYRING",
},
],
labels: {
"label-one": "value-one",
},
}, {
provider: google_beta,
});
resources:
primary:
type: gcp:assuredworkloads:Workload
properties:
complianceRegime: EU_REGIONS_AND_SUPPORT
displayName: display
location: europe-west9
organization: '123456789'
billingAccount: billingAccounts/000000-0000000-0000000-000000
enableSovereignControls: true
kmsSettings:
nextRotationTime: 9999-10-02T15:01:23Z
rotationPeriod: 10368000s
resourceSettings:
- resourceType: CONSUMER_FOLDER
- resourceType: ENCRYPTION_KEYS_PROJECT
- resourceId: ring
resourceType: KEYRING
labels:
label-one: value-one
options:
provider: ${["google-beta"]}
Create Workload Resource
new Workload(name: string, args: WorkloadArgs, opts?: CustomResourceOptions);
@overload
def Workload(resource_name: str,
opts: Optional[ResourceOptions] = None,
billing_account: Optional[str] = None,
compliance_regime: Optional[str] = None,
display_name: Optional[str] = None,
enable_sovereign_controls: Optional[bool] = None,
kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
organization: Optional[str] = None,
partner: Optional[str] = None,
partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
provisioned_resources_parent: Optional[str] = None,
resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
violation_notifications_enabled: Optional[bool] = None)
@overload
def Workload(resource_name: str,
args: WorkloadArgs,
opts: Optional[ResourceOptions] = None)
func NewWorkload(ctx *Context, name string, args WorkloadArgs, opts ...ResourceOption) (*Workload, error)
public Workload(string name, WorkloadArgs args, CustomResourceOptions? opts = null)
public Workload(String name, WorkloadArgs args)
public Workload(String name, WorkloadArgs args, CustomResourceOptions options)
type: gcp:assuredworkloads:Workload
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Workload Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Workload resource accepts the following input properties:
- Compliance
Regime string Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- Display
Name string Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- Location string
The location for the resource
- Organization string
The organization for the resource
- Billing
Account string Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- Enable
Sovereign boolControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Kms
Settings WorkloadKms Settings DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels Dictionary<string, string>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Partner string
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- Partner
Permissions WorkloadPartner Permissions Optional. Permissions granted to the AW Partner SA account for the customer workload
- Provisioned
Resources stringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- Resource
Settings List<WorkloadResource Setting> Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Violation
Notifications boolEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- Compliance
Regime string Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- Display
Name string Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- Location string
The location for the resource
- Organization string
The organization for the resource
- Billing
Account string Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- Enable
Sovereign boolControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Kms
Settings WorkloadKms Settings Args DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels map[string]string
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Partner string
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- Partner
Permissions WorkloadPartner Permissions Args Optional. Permissions granted to the AW Partner SA account for the customer workload
- Provisioned
Resources stringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- Resource
Settings []WorkloadResource Setting Args Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Violation
Notifications boolEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- compliance
Regime String Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- display
Name String Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- location String
The location for the resource
- organization String
The organization for the resource
- billing
Account String Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- enable
Sovereign BooleanControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kms
Settings WorkloadKms Settings DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String,String>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- partner String
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- partner
Permissions WorkloadPartner Permissions Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned
Resources StringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource
Settings List<WorkloadResource Setting> Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- violation
Notifications BooleanEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- compliance
Regime string Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- display
Name string Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- location string
The location for the resource
- organization string
The organization for the resource
- billing
Account string Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- enable
Sovereign booleanControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kms
Settings WorkloadKms Settings DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels {[key: string]: string}
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- partner string
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- partner
Permissions WorkloadPartner Permissions Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned
Resources stringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource
Settings WorkloadResource Setting[] Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- violation
Notifications booleanEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- compliance_
regime str Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- display_
name str Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- location str
The location for the resource
- organization str
The organization for the resource
- billing_
account str Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- enable_
sovereign_ boolcontrols Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kms_
settings WorkloadKms Settings Args DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Mapping[str, str]
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- partner str
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- partner_
permissions WorkloadPartner Permissions Args Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned_
resources_ strparent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource_
settings Sequence[WorkloadResource Setting Args] Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- violation_
notifications_ boolenabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- compliance
Regime String Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- display
Name String Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- location String
The location for the resource
- organization String
The organization for the resource
- billing
Account String Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- enable
Sovereign BooleanControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kms
Settings Property Map DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- partner String
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- partner
Permissions Property Map Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned
Resources StringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource
Settings List<Property Map> Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- violation
Notifications BooleanEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
Outputs
All input properties are implicitly available as output properties. Additionally, the Workload resource produces the following output properties:
- Compliance
Statuses List<WorkloadCompliance Status> Output only. Count of active Violations in the Workload.
- Compliant
But List<string>Disallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- Create
Time string Output only. Immutable. The Workload creation timestamp.
- Effective
Labels Dictionary<string, object> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ekm
Provisioning List<WorkloadResponses Ekm Provisioning Response> Optional. Represents the Ekm Provisioning State of the given workload.
- Id string
The provider-assigned unique ID for this managed resource.
- Kaj
Enrollment stringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- Name string
Output only. The resource name of the workload.
- Pulumi
Labels Dictionary<string, object> The combination of labels configured directly on the resource and default labels configured on the provider.
- Resources
List<Workload
Resource> Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- Saa
Enrollment List<WorkloadResponses Saa Enrollment Response> Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- Compliance
Statuses []WorkloadCompliance Status Output only. Count of active Violations in the Workload.
- Compliant
But []stringDisallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- Create
Time string Output only. Immutable. The Workload creation timestamp.
- Effective
Labels map[string]interface{} All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ekm
Provisioning []WorkloadResponses Ekm Provisioning Response Optional. Represents the Ekm Provisioning State of the given workload.
- Id string
The provider-assigned unique ID for this managed resource.
- Kaj
Enrollment stringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- Name string
Output only. The resource name of the workload.
- Pulumi
Labels map[string]interface{} The combination of labels configured directly on the resource and default labels configured on the provider.
- Resources
[]Workload
Resource Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- Saa
Enrollment []WorkloadResponses Saa Enrollment Response Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- compliance
Statuses List<WorkloadCompliance Status> Output only. Count of active Violations in the Workload.
- compliant
But List<String>Disallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time String Output only. Immutable. The Workload creation timestamp.
- effective
Labels Map<String,Object> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning List<WorkloadResponses Ekm Provisioning Response> Optional. Represents the Ekm Provisioning State of the given workload.
- id String
The provider-assigned unique ID for this managed resource.
- kaj
Enrollment StringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- name String
Output only. The resource name of the workload.
- pulumi
Labels Map<String,Object> The combination of labels configured directly on the resource and default labels configured on the provider.
- resources
List<Workload
Resource> Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment List<WorkloadResponses Saa Enrollment Response> Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- compliance
Statuses WorkloadCompliance Status[] Output only. Count of active Violations in the Workload.
- compliant
But string[]Disallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time string Output only. Immutable. The Workload creation timestamp.
- effective
Labels {[key: string]: any} All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning WorkloadResponses Ekm Provisioning Response[] Optional. Represents the Ekm Provisioning State of the given workload.
- id string
The provider-assigned unique ID for this managed resource.
- kaj
Enrollment stringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- name string
Output only. The resource name of the workload.
- pulumi
Labels {[key: string]: any} The combination of labels configured directly on the resource and default labels configured on the provider.
- resources
Workload
Resource[] Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment WorkloadResponses Saa Enrollment Response[] Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- compliance_
statuses Sequence[WorkloadCompliance Status] Output only. Count of active Violations in the Workload.
- compliant_
but_ Sequence[str]disallowed_ services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create_
time str Output only. Immutable. The Workload creation timestamp.
- effective_
labels Mapping[str, Any] All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm_
provisioning_ Sequence[Workloadresponses Ekm Provisioning Response] Optional. Represents the Ekm Provisioning State of the given workload.
- id str
The provider-assigned unique ID for this managed resource.
- kaj_
enrollment_ strstate Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- name str
Output only. The resource name of the workload.
- pulumi_
labels Mapping[str, Any] The combination of labels configured directly on the resource and default labels configured on the provider.
- resources
Sequence[Workload
Resource] Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa_
enrollment_ Sequence[Workloadresponses Saa Enrollment Response] Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- compliance
Statuses List<Property Map> Output only. Count of active Violations in the Workload.
- compliant
But List<String>Disallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time String Output only. Immutable. The Workload creation timestamp.
- effective
Labels Map<Any> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning List<Property Map>Responses Optional. Represents the Ekm Provisioning State of the given workload.
- id String
The provider-assigned unique ID for this managed resource.
- kaj
Enrollment StringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- name String
Output only. The resource name of the workload.
- pulumi
Labels Map<Any> The combination of labels configured directly on the resource and default labels configured on the provider.
- resources List<Property Map>
Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment List<Property Map>Responses Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
Look up Existing Workload Resource
Get an existing Workload resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WorkloadState, opts?: CustomResourceOptions): Workload
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
billing_account: Optional[str] = None,
compliance_regime: Optional[str] = None,
compliance_statuses: Optional[Sequence[WorkloadComplianceStatusArgs]] = None,
compliant_but_disallowed_services: Optional[Sequence[str]] = None,
create_time: Optional[str] = None,
display_name: Optional[str] = None,
effective_labels: Optional[Mapping[str, Any]] = None,
ekm_provisioning_responses: Optional[Sequence[WorkloadEkmProvisioningResponseArgs]] = None,
enable_sovereign_controls: Optional[bool] = None,
kaj_enrollment_state: Optional[str] = None,
kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
organization: Optional[str] = None,
partner: Optional[str] = None,
partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
provisioned_resources_parent: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, Any]] = None,
resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
resources: Optional[Sequence[WorkloadResourceArgs]] = None,
saa_enrollment_responses: Optional[Sequence[WorkloadSaaEnrollmentResponseArgs]] = None,
violation_notifications_enabled: Optional[bool] = None) -> Workload
func GetWorkload(ctx *Context, name string, id IDInput, state *WorkloadState, opts ...ResourceOption) (*Workload, error)
public static Workload Get(string name, Input<string> id, WorkloadState? state, CustomResourceOptions? opts = null)
public static Workload get(String name, Output<String> id, WorkloadState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Billing
Account string Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- Compliance
Regime string Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- Compliance
Statuses List<WorkloadCompliance Status> Output only. Count of active Violations in the Workload.
- Compliant
But List<string>Disallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- Create
Time string Output only. Immutable. The Workload creation timestamp.
- Display
Name string Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- Effective
Labels Dictionary<string, object> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ekm
Provisioning List<WorkloadResponses Ekm Provisioning Response> Optional. Represents the Ekm Provisioning State of the given workload.
- Enable
Sovereign boolControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Kaj
Enrollment stringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- Kms
Settings WorkloadKms Settings DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels Dictionary<string, string>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Location string
The location for the resource
- Name string
Output only. The resource name of the workload.
- Organization string
The organization for the resource
- Partner string
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- Partner
Permissions WorkloadPartner Permissions Optional. Permissions granted to the AW Partner SA account for the customer workload
- Provisioned
Resources stringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- Pulumi
Labels Dictionary<string, object> The combination of labels configured directly on the resource and default labels configured on the provider.
- Resource
Settings List<WorkloadResource Setting> Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Resources
List<Workload
Resource> Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- Saa
Enrollment List<WorkloadResponses Saa Enrollment Response> Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- Violation
Notifications boolEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- Billing
Account string Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- Compliance
Regime string Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- Compliance
Statuses []WorkloadCompliance Status Args Output only. Count of active Violations in the Workload.
- Compliant
But []stringDisallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- Create
Time string Output only. Immutable. The Workload creation timestamp.
- Display
Name string Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- Effective
Labels map[string]interface{} All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ekm
Provisioning []WorkloadResponses Ekm Provisioning Response Args Optional. Represents the Ekm Provisioning State of the given workload.
- Enable
Sovereign boolControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Kaj
Enrollment stringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- Kms
Settings WorkloadKms Settings Args DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels map[string]string
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Location string
The location for the resource
- Name string
Output only. The resource name of the workload.
- Organization string
The organization for the resource
- Partner string
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- Partner
Permissions WorkloadPartner Permissions Args Optional. Permissions granted to the AW Partner SA account for the customer workload
- Provisioned
Resources stringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- Pulumi
Labels map[string]interface{} The combination of labels configured directly on the resource and default labels configured on the provider.
- Resource
Settings []WorkloadResource Setting Args Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Resources
[]Workload
Resource Args Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- Saa
Enrollment []WorkloadResponses Saa Enrollment Response Args Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- Violation
Notifications boolEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- billing
Account String Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- compliance
Regime String Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- compliance
Statuses List<WorkloadCompliance Status> Output only. Count of active Violations in the Workload.
- compliant
But List<String>Disallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time String Output only. Immutable. The Workload creation timestamp.
- display
Name String Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- effective
Labels Map<String,Object> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning List<WorkloadResponses Ekm Provisioning Response> Optional. Represents the Ekm Provisioning State of the given workload.
- enable
Sovereign BooleanControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kaj
Enrollment StringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- kms
Settings WorkloadKms Settings DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String,String>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- location String
The location for the resource
- name String
Output only. The resource name of the workload.
- organization String
The organization for the resource
- partner String
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- partner
Permissions WorkloadPartner Permissions Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned
Resources StringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- pulumi
Labels Map<String,Object> The combination of labels configured directly on the resource and default labels configured on the provider.
- resource
Settings List<WorkloadResource Setting> Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
List<Workload
Resource> Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment List<WorkloadResponses Saa Enrollment Response> Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- violation
Notifications BooleanEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- billing
Account string Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- compliance
Regime string Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- compliance
Statuses WorkloadCompliance Status[] Output only. Count of active Violations in the Workload.
- compliant
But string[]Disallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time string Output only. Immutable. The Workload creation timestamp.
- display
Name string Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- effective
Labels {[key: string]: any} All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning WorkloadResponses Ekm Provisioning Response[] Optional. Represents the Ekm Provisioning State of the given workload.
- enable
Sovereign booleanControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kaj
Enrollment stringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- kms
Settings WorkloadKms Settings DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels {[key: string]: string}
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- location string
The location for the resource
- name string
Output only. The resource name of the workload.
- organization string
The organization for the resource
- partner string
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- partner
Permissions WorkloadPartner Permissions Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned
Resources stringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- pulumi
Labels {[key: string]: any} The combination of labels configured directly on the resource and default labels configured on the provider.
- resource
Settings WorkloadResource Setting[] Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
Workload
Resource[] Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment WorkloadResponses Saa Enrollment Response[] Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- violation
Notifications booleanEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- billing_
account str Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- compliance_
regime str Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- compliance_
statuses Sequence[WorkloadCompliance Status Args] Output only. Count of active Violations in the Workload.
- compliant_
but_ Sequence[str]disallowed_ services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create_
time str Output only. Immutable. The Workload creation timestamp.
- display_
name str Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- effective_
labels Mapping[str, Any] All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm_
provisioning_ Sequence[Workloadresponses Ekm Provisioning Response Args] Optional. Represents the Ekm Provisioning State of the given workload.
- enable_
sovereign_ boolcontrols Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kaj_
enrollment_ strstate Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- kms_
settings WorkloadKms Settings Args DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Mapping[str, str]
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- location str
The location for the resource
- name str
Output only. The resource name of the workload.
- organization str
The organization for the resource
- partner str
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- partner_
permissions WorkloadPartner Permissions Args Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned_
resources_ strparent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- pulumi_
labels Mapping[str, Any] The combination of labels configured directly on the resource and default labels configured on the provider.
- resource_
settings Sequence[WorkloadResource Setting Args] Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
Sequence[Workload
Resource Args] Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa_
enrollment_ Sequence[Workloadresponses Saa Enrollment Response Args] Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- violation_
notifications_ boolenabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- billing
Account String Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
.- compliance
Regime String Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT
- compliance
Statuses List<Property Map> Output only. Count of active Violations in the Workload.
- compliant
But List<String>Disallowed Services Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time String Output only. Immutable. The Workload creation timestamp.
- display
Name String Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- effective
Labels Map<Any> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning List<Property Map>Responses Optional. Represents the Ekm Provisioning State of the given workload.
- enable
Sovereign BooleanControls Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kaj
Enrollment StringState Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- kms
Settings Property Map DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- location String
The location for the resource
- name String
Output only. The resource name of the workload.
- organization String
The organization for the resource
- partner String
Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN
- partner
Permissions Property Map Optional. Permissions granted to the AW Partner SA account for the customer workload
- provisioned
Resources StringParent Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- pulumi
Labels Map<Any> The combination of labels configured directly on the resource and default labels configured on the provider.
- resource
Settings List<Property Map> Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources List<Property Map>
Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment List<Property Map>Responses Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- violation
Notifications BooleanEnabled Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
Supporting Types
WorkloadComplianceStatus, WorkloadComplianceStatusArgs
- Acknowledged
Violation List<int>Counts - Active
Violation List<int>Counts
- Acknowledged
Violation []intCounts - Active
Violation []intCounts
- acknowledged
Violation List<Integer>Counts - active
Violation List<Integer>Counts
- acknowledged
Violation number[]Counts - active
Violation number[]Counts
- acknowledged_
violation_ Sequence[int]counts - active_
violation_ Sequence[int]counts
- acknowledged
Violation List<Number>Counts - active
Violation List<Number>Counts
WorkloadEkmProvisioningResponse, WorkloadEkmProvisioningResponseArgs
- Ekm
Provisioning stringError Domain - Ekm
Provisioning stringError Mapping - Ekm
Provisioning stringState
- Ekm
Provisioning stringError Domain - Ekm
Provisioning stringError Mapping - Ekm
Provisioning stringState
- ekm
Provisioning StringError Domain - ekm
Provisioning StringError Mapping - ekm
Provisioning StringState
- ekm
Provisioning stringError Domain - ekm
Provisioning stringError Mapping - ekm
Provisioning stringState
- ekm
Provisioning StringError Domain - ekm
Provisioning StringError Mapping - ekm
Provisioning StringState
WorkloadKmsSettings, WorkloadKmsSettingsArgs
- Next
Rotation stringTime Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- Rotation
Period string Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- Next
Rotation stringTime Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- Rotation
Period string Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next
Rotation StringTime Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation
Period String Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next
Rotation stringTime Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation
Period string Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next_
rotation_ strtime Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation_
period str Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next
Rotation StringTime Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation
Period String Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
WorkloadPartnerPermissions, WorkloadPartnerPermissionsArgs
- Assured
Workloads boolMonitoring Optional. Allow partner to view violation alerts.
- Data
Logs boolViewer Allow the partner to view inspectability logs and monitoring violations.
- Service
Access boolApprover Optional. Allow partner to view access approval logs.
- Assured
Workloads boolMonitoring Optional. Allow partner to view violation alerts.
- Data
Logs boolViewer Allow the partner to view inspectability logs and monitoring violations.
- Service
Access boolApprover Optional. Allow partner to view access approval logs.
- assured
Workloads BooleanMonitoring Optional. Allow partner to view violation alerts.
- data
Logs BooleanViewer Allow the partner to view inspectability logs and monitoring violations.
- service
Access BooleanApprover Optional. Allow partner to view access approval logs.
- assured
Workloads booleanMonitoring Optional. Allow partner to view violation alerts.
- data
Logs booleanViewer Allow the partner to view inspectability logs and monitoring violations.
- service
Access booleanApprover Optional. Allow partner to view access approval logs.
- assured_
workloads_ boolmonitoring Optional. Allow partner to view violation alerts.
- data_
logs_ boolviewer Allow the partner to view inspectability logs and monitoring violations.
- service_
access_ boolapprover Optional. Allow partner to view access approval logs.
- assured
Workloads BooleanMonitoring Optional. Allow partner to view violation alerts.
- data
Logs BooleanViewer Allow the partner to view inspectability logs and monitoring violations.
- service
Access BooleanApprover Optional. Allow partner to view access approval logs.
WorkloadResource, WorkloadResourceArgs
- Resource
Id int Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- Resource
Type string Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- Resource
Id int Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- Resource
Type string Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- resource
Id Integer Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type String Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- resource
Id number Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type string Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- resource_
id int Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource_
type str Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- resource
Id Number Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type String Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
WorkloadResourceSetting, WorkloadResourceSettingArgs
- Display
Name string User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- Resource
Id string Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- Resource
Type string Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- Display
Name string User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- Resource
Id string Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- Resource
Type string Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- display
Name String User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource
Id String Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type String Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- display
Name string User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource
Id string Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type string Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- display_
name str User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource_
id str Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource_
type str Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- display
Name String User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource
Id String Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type String Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
WorkloadSaaEnrollmentResponse, WorkloadSaaEnrollmentResponseArgs
- Setup
Errors List<string> - Setup
Status string
- Setup
Errors []string - Setup
Status string
- setup
Errors List<String> - setup
Status String
- setup
Errors string[] - setup
Status string
- setup_
errors Sequence[str] - setup_
status str
- setup
Errors List<String> - setup
Status String
Import
Workload can be imported using any of these accepted formats* organizations/{{organization}}/locations/{{location}}/workloads/{{name}}
* {{organization}}/{{location}}/{{name}}
In Terraform v1.5.0 and later, use an import
block to import Workload using one of the formats above. For exampletf import {
id = “organizations/{{organization}}/locations/{{location}}/workloads/{{name}}”
to = google_assured_workloads_workload.default }
$ pulumi import gcp:assuredworkloads/workload:Workload When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Workload can be imported using one of the formats above. For example
$ pulumi import gcp:assuredworkloads/workload:Workload default organizations/{{organization}}/locations/{{location}}/workloads/{{name}}
$ pulumi import gcp:assuredworkloads/workload:Workload default {{organization}}/{{location}}/{{name}}
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-beta
Terraform Provider.