Google Cloud Classic v7.2.1, Nov 22 23

Google Cloud Classic v7.2.1 published on Wednesday, Nov 22, 2023 by Pulumi

gcp.assuredworkloads.Workload

Explore with Pulumi AI

Google Cloud Classic v7.2.1 published on Wednesday, Nov 22, 2023 by Pulumi

pulumi/pulumi-gcp

Example Usage

Basic_workload

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
    {
        BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
        ComplianceRegime = "FEDRAMP_MODERATE",
        DisplayName = "{{display}}",
        KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
        {
            NextRotationTime = "9999-10-02T15:01:23Z",
            RotationPeriod = "10368000s",
        },
        Labels = 
        {
            { "label-one", "value-one" },
        },
        Location = "us-west1",
        Organization = "123456789",
        ProvisionedResourcesParent = "folders/519620126891",
        ResourceSettings = new[]
        {
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                DisplayName = "folder-display-name",
                ResourceType = "CONSUMER_FOLDER",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceType = "ENCRYPTION_KEYS_PROJECT",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceId = "ring",
                ResourceType = "KEYRING",
            },
        },
        ViolationNotificationsEnabled = true,
    });

});

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/assuredworkloads"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
			BillingAccount:   pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
			ComplianceRegime: pulumi.String("FEDRAMP_MODERATE"),
			DisplayName:      pulumi.String("{{display}}"),
			KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
				NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
				RotationPeriod:   pulumi.String("10368000s"),
			},
			Labels: pulumi.StringMap{
				"label-one": pulumi.String("value-one"),
			},
			Location:                   pulumi.String("us-west1"),
			Organization:               pulumi.String("123456789"),
			ProvisionedResourcesParent: pulumi.String("folders/519620126891"),
			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
				&assuredworkloads.WorkloadResourceSettingArgs{
					DisplayName:  pulumi.String("folder-display-name"),
					ResourceType: pulumi.String("CONSUMER_FOLDER"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceId:   pulumi.String("ring"),
					ResourceType: pulumi.String("KEYRING"),
				},
			},
			ViolationNotificationsEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var primary = new Workload("primary", WorkloadArgs.builder()        
            .billingAccount("billingAccounts/000000-0000000-0000000-000000")
            .complianceRegime("FEDRAMP_MODERATE")
            .displayName("{{display}}")
            .kmsSettings(WorkloadKmsSettingsArgs.builder()
                .nextRotationTime("9999-10-02T15:01:23Z")
                .rotationPeriod("10368000s")
                .build())
            .labels(Map.of("label-one", "value-one"))
            .location("us-west1")
            .organization("123456789")
            .provisionedResourcesParent("folders/519620126891")
            .resourceSettings(            
                WorkloadResourceSettingArgs.builder()
                    .displayName("folder-display-name")
                    .resourceType("CONSUMER_FOLDER")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceType("ENCRYPTION_KEYS_PROJECT")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceId("ring")
                    .resourceType("KEYRING")
                    .build())
            .violationNotificationsEnabled(true)
            .build());

    }
}

import pulumi
import pulumi_gcp as gcp

primary = gcp.assuredworkloads.Workload("primary",
    billing_account="billingAccounts/000000-0000000-0000000-000000",
    compliance_regime="FEDRAMP_MODERATE",
    display_name="{{display}}",
    kms_settings=gcp.assuredworkloads.WorkloadKmsSettingsArgs(
        next_rotation_time="9999-10-02T15:01:23Z",
        rotation_period="10368000s",
    ),
    labels={
        "label-one": "value-one",
    },
    location="us-west1",
    organization="123456789",
    provisioned_resources_parent="folders/519620126891",
    resource_settings=[
        gcp.assuredworkloads.WorkloadResourceSettingArgs(
            display_name="folder-display-name",
            resource_type="CONSUMER_FOLDER",
        ),
        gcp.assuredworkloads.WorkloadResourceSettingArgs(
            resource_type="ENCRYPTION_KEYS_PROJECT",
        ),
        gcp.assuredworkloads.WorkloadResourceSettingArgs(
            resource_id="ring",
            resource_type="KEYRING",
        ),
    ],
    violation_notifications_enabled=True)

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const primary = new gcp.assuredworkloads.Workload("primary", {
    billingAccount: "billingAccounts/000000-0000000-0000000-000000",
    complianceRegime: "FEDRAMP_MODERATE",
    displayName: "{{display}}",
    kmsSettings: {
        nextRotationTime: "9999-10-02T15:01:23Z",
        rotationPeriod: "10368000s",
    },
    labels: {
        "label-one": "value-one",
    },
    location: "us-west1",
    organization: "123456789",
    provisionedResourcesParent: "folders/519620126891",
    resourceSettings: [
        {
            displayName: "folder-display-name",
            resourceType: "CONSUMER_FOLDER",
        },
        {
            resourceType: "ENCRYPTION_KEYS_PROJECT",
        },
        {
            resourceId: "ring",
            resourceType: "KEYRING",
        },
    ],
    violationNotificationsEnabled: true,
});

resources:
  primary:
    type: gcp:assuredworkloads:Workload
    properties:
      billingAccount: billingAccounts/000000-0000000-0000000-000000
      complianceRegime: FEDRAMP_MODERATE
      displayName: '{{display}}'
      kmsSettings:
        nextRotationTime: 9999-10-02T15:01:23Z
        rotationPeriod: 10368000s
      labels:
        label-one: value-one
      location: us-west1
      organization: '123456789'
      provisionedResourcesParent: folders/519620126891
      resourceSettings:
        - displayName: folder-display-name
          resourceType: CONSUMER_FOLDER
        - resourceType: ENCRYPTION_KEYS_PROJECT
        - resourceId: ring
          resourceType: KEYRING
      violationNotificationsEnabled: true

Sovereign_controls_workload

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
    {
        ComplianceRegime = "EU_REGIONS_AND_SUPPORT",
        DisplayName = "display",
        Location = "europe-west9",
        Organization = "123456789",
        BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
        EnableSovereignControls = true,
        KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
        {
            NextRotationTime = "9999-10-02T15:01:23Z",
            RotationPeriod = "10368000s",
        },
        ResourceSettings = new[]
        {
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceType = "CONSUMER_FOLDER",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceType = "ENCRYPTION_KEYS_PROJECT",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceId = "ring",
                ResourceType = "KEYRING",
            },
        },
        Labels = 
        {
            { "label-one", "value-one" },
        },
    }, new CustomResourceOptions
    {
        Provider = google_beta,
    });

});

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/assuredworkloads"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
			ComplianceRegime:        pulumi.String("EU_REGIONS_AND_SUPPORT"),
			DisplayName:             pulumi.String("display"),
			Location:                pulumi.String("europe-west9"),
			Organization:            pulumi.String("123456789"),
			BillingAccount:          pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
			EnableSovereignControls: pulumi.Bool(true),
			KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
				NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
				RotationPeriod:   pulumi.String("10368000s"),
			},
			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceType: pulumi.String("CONSUMER_FOLDER"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceId:   pulumi.String("ring"),
					ResourceType: pulumi.String("KEYRING"),
				},
			},
			Labels: pulumi.StringMap{
				"label-one": pulumi.String("value-one"),
			},
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var primary = new Workload("primary", WorkloadArgs.builder()        
            .complianceRegime("EU_REGIONS_AND_SUPPORT")
            .displayName("display")
            .location("europe-west9")
            .organization("123456789")
            .billingAccount("billingAccounts/000000-0000000-0000000-000000")
            .enableSovereignControls(true)
            .kmsSettings(WorkloadKmsSettingsArgs.builder()
                .nextRotationTime("9999-10-02T15:01:23Z")
                .rotationPeriod("10368000s")
                .build())
            .resourceSettings(            
                WorkloadResourceSettingArgs.builder()
                    .resourceType("CONSUMER_FOLDER")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceType("ENCRYPTION_KEYS_PROJECT")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceId("ring")
                    .resourceType("KEYRING")
                    .build())
            .labels(Map.of("label-one", "value-one"))
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}

import pulumi
import pulumi_gcp as gcp

primary = gcp.assuredworkloads.Workload("primary",
    compliance_regime="EU_REGIONS_AND_SUPPORT",
    display_name="display",
    location="europe-west9",
    organization="123456789",
    billing_account="billingAccounts/000000-0000000-0000000-000000",
    enable_sovereign_controls=True,
    kms_settings=gcp.assuredworkloads.WorkloadKmsSettingsArgs(
        next_rotation_time="9999-10-02T15:01:23Z",
        rotation_period="10368000s",
    ),
    resource_settings=[
        gcp.assuredworkloads.WorkloadResourceSettingArgs(
            resource_type="CONSUMER_FOLDER",
        ),
        gcp.assuredworkloads.WorkloadResourceSettingArgs(
            resource_type="ENCRYPTION_KEYS_PROJECT",
        ),
        gcp.assuredworkloads.WorkloadResourceSettingArgs(
            resource_id="ring",
            resource_type="KEYRING",
        ),
    ],
    labels={
        "label-one": "value-one",
    },
    opts=pulumi.ResourceOptions(provider=google_beta))

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const primary = new gcp.assuredworkloads.Workload("primary", {
    complianceRegime: "EU_REGIONS_AND_SUPPORT",
    displayName: "display",
    location: "europe-west9",
    organization: "123456789",
    billingAccount: "billingAccounts/000000-0000000-0000000-000000",
    enableSovereignControls: true,
    kmsSettings: {
        nextRotationTime: "9999-10-02T15:01:23Z",
        rotationPeriod: "10368000s",
    },
    resourceSettings: [
        {
            resourceType: "CONSUMER_FOLDER",
        },
        {
            resourceType: "ENCRYPTION_KEYS_PROJECT",
        },
        {
            resourceId: "ring",
            resourceType: "KEYRING",
        },
    ],
    labels: {
        "label-one": "value-one",
    },
}, {
    provider: google_beta,
});

resources:
  primary:
    type: gcp:assuredworkloads:Workload
    properties:
      complianceRegime: EU_REGIONS_AND_SUPPORT
      displayName: display
      location: europe-west9
      organization: '123456789'
      billingAccount: billingAccounts/000000-0000000-0000000-000000
      enableSovereignControls: true
      kmsSettings:
        nextRotationTime: 9999-10-02T15:01:23Z
        rotationPeriod: 10368000s
      resourceSettings:
        - resourceType: CONSUMER_FOLDER
        - resourceType: ENCRYPTION_KEYS_PROJECT
        - resourceId: ring
          resourceType: KEYRING
      labels:
        label-one: value-one
    options:
      provider: ${["google-beta"]}

Create Workload Resource

new Workload(name: string, args: WorkloadArgs, opts?: CustomResourceOptions);

@overload
def Workload(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             billing_account: Optional[str] = None,
             compliance_regime: Optional[str] = None,
             display_name: Optional[str] = None,
             enable_sovereign_controls: Optional[bool] = None,
             kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
             labels: Optional[Mapping[str, str]] = None,
             location: Optional[str] = None,
             organization: Optional[str] = None,
             partner: Optional[str] = None,
             partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
             provisioned_resources_parent: Optional[str] = None,
             resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
             violation_notifications_enabled: Optional[bool] = None)
@overload
def Workload(resource_name: str,
             args: WorkloadArgs,
             opts: Optional[ResourceOptions] = None)

func NewWorkload(ctx *Context, name string, args WorkloadArgs, opts ...ResourceOption) (*Workload, error)

public Workload(string name, WorkloadArgs args, CustomResourceOptions? opts = null)

public Workload(String name, WorkloadArgs args)
public Workload(String name, WorkloadArgs args, CustomResourceOptions options)

type: gcp:assuredworkloads:Workload
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Workload Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Workload resource accepts the following input properties:

ComplianceRegime string

Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

DisplayName string

Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

Location string

The location for the resource

Organization string

The organization for the resource

BillingAccount string

Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

EnableSovereignControls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

KmsSettings WorkloadKmsSettings

DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

Labels Dictionary<string, string>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Partner string

Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

PartnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

ProvisionedResourcesParent string

Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

ResourceSettings List<WorkloadResourceSetting>

Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

ViolationNotificationsEnabled bool

Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

ComplianceRegime string

DisplayName string

Location string

The location for the resource

Organization string

The organization for the resource

BillingAccount string

EnableSovereignControls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

KmsSettings WorkloadKmsSettingsArgs

Labels map[string]string

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Partner string

PartnerPermissions WorkloadPartnerPermissionsArgs

Optional. Permissions granted to the AW Partner SA account for the customer workload

ProvisionedResourcesParent string

ResourceSettings []WorkloadResourceSettingArgs

ViolationNotificationsEnabled bool

complianceRegime String

displayName String

location String

The location for the resource

organization String

The organization for the resource

billingAccount String

enableSovereignControls Boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kmsSettings WorkloadKmsSettings

labels Map<String,String>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

partner String

partnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

provisionedResourcesParent String

resourceSettings List<WorkloadResourceSetting>

violationNotificationsEnabled Boolean

complianceRegime string

displayName string

location string

The location for the resource

organization string

The organization for the resource

billingAccount string

enableSovereignControls boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kmsSettings WorkloadKmsSettings

labels {[key: string]: string}

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

partner string

partnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

provisionedResourcesParent string

resourceSettings WorkloadResourceSetting[]

violationNotificationsEnabled boolean

compliance_regime str

display_name str

location str

The location for the resource

organization str

The organization for the resource

billing_account str

enable_sovereign_controls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kms_settings WorkloadKmsSettingsArgs

labels Mapping[str, str]

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

partner str

partner_permissions WorkloadPartnerPermissionsArgs

Optional. Permissions granted to the AW Partner SA account for the customer workload

provisioned_resources_parent str

resource_settings Sequence[WorkloadResourceSettingArgs]

violation_notifications_enabled bool

complianceRegime String

displayName String

location String

The location for the resource

organization String

The organization for the resource

billingAccount String

enableSovereignControls Boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kmsSettings Property Map

labels Map<String>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

partner String

partnerPermissions Property Map

Optional. Permissions granted to the AW Partner SA account for the customer workload

provisionedResourcesParent String

resourceSettings List<Property Map>

violationNotificationsEnabled Boolean

Outputs

All input properties are implicitly available as output properties. Additionally, the Workload resource produces the following output properties:

ComplianceStatuses List<WorkloadComplianceStatus>: Output only. Count of active Violations in the Workload.
CompliantButDisallowedServices List<string>: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
CreateTime string: Output only. Immutable. The Workload creation timestamp.
EffectiveLabels Dictionary<string, object>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
EkmProvisioningResponses List<WorkloadEkmProvisioningResponse>: Optional. Represents the Ekm Provisioning State of the given workload.
Id string: The provider-assigned unique ID for this managed resource.
KajEnrollmentState string: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
Name string: Output only. The resource name of the workload.
PulumiLabels Dictionary<string, object>: The combination of labels configured directly on the resource and default labels configured on the provider.
Resources List<WorkloadResource>: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
SaaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

ComplianceStatuses []WorkloadComplianceStatus: Output only. Count of active Violations in the Workload.
CompliantButDisallowedServices []string: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
CreateTime string: Output only. Immutable. The Workload creation timestamp.
EffectiveLabels map[string]interface{}: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
EkmProvisioningResponses []WorkloadEkmProvisioningResponse: Optional. Represents the Ekm Provisioning State of the given workload.
Id string: The provider-assigned unique ID for this managed resource.
KajEnrollmentState string: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
Name string: Output only. The resource name of the workload.
PulumiLabels map[string]interface{}: The combination of labels configured directly on the resource and default labels configured on the provider.
Resources []WorkloadResource: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
SaaEnrollmentResponses []WorkloadSaaEnrollmentResponse: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

complianceStatuses List<WorkloadComplianceStatus>: Output only. Count of active Violations in the Workload.
compliantButDisallowedServices List<String>: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime String: Output only. Immutable. The Workload creation timestamp.
effectiveLabels Map<String,Object>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
ekmProvisioningResponses List<WorkloadEkmProvisioningResponse>: Optional. Represents the Ekm Provisioning State of the given workload.
id String: The provider-assigned unique ID for this managed resource.
kajEnrollmentState String: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
name String: Output only. The resource name of the workload.
pulumiLabels Map<String,Object>: The combination of labels configured directly on the resource and default labels configured on the provider.
resources List<WorkloadResource>: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

complianceStatuses WorkloadComplianceStatus[]: Output only. Count of active Violations in the Workload.
compliantButDisallowedServices string[]: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime string: Output only. Immutable. The Workload creation timestamp.
effectiveLabels {[key: string]: any}: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
ekmProvisioningResponses WorkloadEkmProvisioningResponse[]: Optional. Represents the Ekm Provisioning State of the given workload.
id string: The provider-assigned unique ID for this managed resource.
kajEnrollmentState string: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
name string: Output only. The resource name of the workload.
pulumiLabels {[key: string]: any}: The combination of labels configured directly on the resource and default labels configured on the provider.
resources WorkloadResource[]: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponses WorkloadSaaEnrollmentResponse[]: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

compliance_statuses Sequence[WorkloadComplianceStatus]: Output only. Count of active Violations in the Workload.
compliant_but_disallowed_services Sequence[str]: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
create_time str: Output only. Immutable. The Workload creation timestamp.
effective_labels Mapping[str, Any]: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
ekm_provisioning_responses Sequence[WorkloadEkmProvisioningResponse]: Optional. Represents the Ekm Provisioning State of the given workload.
id str: The provider-assigned unique ID for this managed resource.
kaj_enrollment_state str: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
name str: Output only. The resource name of the workload.
pulumi_labels Mapping[str, Any]: The combination of labels configured directly on the resource and default labels configured on the provider.
resources Sequence[WorkloadResource]: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saa_enrollment_responses Sequence[WorkloadSaaEnrollmentResponse]: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

complianceStatuses List<Property Map>: Output only. Count of active Violations in the Workload.
compliantButDisallowedServices List<String>: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime String: Output only. Immutable. The Workload creation timestamp.
effectiveLabels Map<Any>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
ekmProvisioningResponses List<Property Map>: Optional. Represents the Ekm Provisioning State of the given workload.
id String: The provider-assigned unique ID for this managed resource.
kajEnrollmentState String: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
name String: Output only. The resource name of the workload.
pulumiLabels Map<Any>: The combination of labels configured directly on the resource and default labels configured on the provider.
resources List<Property Map>: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponses List<Property Map>: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

Look up Existing Workload Resource

Get an existing Workload resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WorkloadState, opts?: CustomResourceOptions): Workload

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        billing_account: Optional[str] = None,
        compliance_regime: Optional[str] = None,
        compliance_statuses: Optional[Sequence[WorkloadComplianceStatusArgs]] = None,
        compliant_but_disallowed_services: Optional[Sequence[str]] = None,
        create_time: Optional[str] = None,
        display_name: Optional[str] = None,
        effective_labels: Optional[Mapping[str, Any]] = None,
        ekm_provisioning_responses: Optional[Sequence[WorkloadEkmProvisioningResponseArgs]] = None,
        enable_sovereign_controls: Optional[bool] = None,
        kaj_enrollment_state: Optional[str] = None,
        kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
        labels: Optional[Mapping[str, str]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        organization: Optional[str] = None,
        partner: Optional[str] = None,
        partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
        provisioned_resources_parent: Optional[str] = None,
        pulumi_labels: Optional[Mapping[str, Any]] = None,
        resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
        resources: Optional[Sequence[WorkloadResourceArgs]] = None,
        saa_enrollment_responses: Optional[Sequence[WorkloadSaaEnrollmentResponseArgs]] = None,
        violation_notifications_enabled: Optional[bool] = None) -> Workload

func GetWorkload(ctx *Context, name string, id IDInput, state *WorkloadState, opts ...ResourceOption) (*Workload, error)

public static Workload Get(string name, Input<string> id, WorkloadState? state, CustomResourceOptions? opts = null)

public static Workload get(String name, Output<String> id, WorkloadState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BillingAccount string

ComplianceRegime string

ComplianceStatuses List<WorkloadComplianceStatus>

Output only. Count of active Violations in the Workload.

CompliantButDisallowedServices List<string>

Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

CreateTime string

Output only. Immutable. The Workload creation timestamp.

DisplayName string

EffectiveLabels Dictionary<string, object>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

EkmProvisioningResponses List<WorkloadEkmProvisioningResponse>

Optional. Represents the Ekm Provisioning State of the given workload.

EnableSovereignControls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

KajEnrollmentState string

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

KmsSettings WorkloadKmsSettings

Labels Dictionary<string, string>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Location string

The location for the resource

Name string

Output only. The resource name of the workload.

Organization string

The organization for the resource

Partner string

PartnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

ProvisionedResourcesParent string

PulumiLabels Dictionary<string, object>

The combination of labels configured directly on the resource and default labels configured on the provider.

ResourceSettings List<WorkloadResourceSetting>

Resources List<WorkloadResource>

Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

SaaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>

Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

ViolationNotificationsEnabled bool

BillingAccount string

ComplianceRegime string

ComplianceStatuses []WorkloadComplianceStatusArgs

Output only. Count of active Violations in the Workload.

CompliantButDisallowedServices []string

CreateTime string

Output only. Immutable. The Workload creation timestamp.

DisplayName string

EffectiveLabels map[string]interface{}

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

EkmProvisioningResponses []WorkloadEkmProvisioningResponseArgs

Optional. Represents the Ekm Provisioning State of the given workload.

EnableSovereignControls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

KajEnrollmentState string

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

KmsSettings WorkloadKmsSettingsArgs

Labels map[string]string

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Location string

The location for the resource

Name string

Output only. The resource name of the workload.

Organization string

The organization for the resource

Partner string

PartnerPermissions WorkloadPartnerPermissionsArgs

Optional. Permissions granted to the AW Partner SA account for the customer workload

ProvisionedResourcesParent string

PulumiLabels map[string]interface{}

The combination of labels configured directly on the resource and default labels configured on the provider.

ResourceSettings []WorkloadResourceSettingArgs

Resources []WorkloadResourceArgs

SaaEnrollmentResponses []WorkloadSaaEnrollmentResponseArgs

ViolationNotificationsEnabled bool

billingAccount String

complianceRegime String

complianceStatuses List<WorkloadComplianceStatus>

Output only. Count of active Violations in the Workload.

compliantButDisallowedServices List<String>

createTime String

Output only. Immutable. The Workload creation timestamp.

displayName String

effectiveLabels Map<String,Object>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

ekmProvisioningResponses List<WorkloadEkmProvisioningResponse>

Optional. Represents the Ekm Provisioning State of the given workload.

enableSovereignControls Boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kajEnrollmentState String

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

kmsSettings WorkloadKmsSettings

labels Map<String,String>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location String

The location for the resource

name String

Output only. The resource name of the workload.

organization String

The organization for the resource

partner String

partnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

provisionedResourcesParent String

pulumiLabels Map<String,Object>

The combination of labels configured directly on the resource and default labels configured on the provider.

resourceSettings List<WorkloadResourceSetting>

resources List<WorkloadResource>

saaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>

violationNotificationsEnabled Boolean

billingAccount string

complianceRegime string

complianceStatuses WorkloadComplianceStatus[]

Output only. Count of active Violations in the Workload.

compliantButDisallowedServices string[]

createTime string

Output only. Immutable. The Workload creation timestamp.

displayName string

effectiveLabels {[key: string]: any}

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

ekmProvisioningResponses WorkloadEkmProvisioningResponse[]

Optional. Represents the Ekm Provisioning State of the given workload.

enableSovereignControls boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kajEnrollmentState string

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

kmsSettings WorkloadKmsSettings

labels {[key: string]: string}

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location string

The location for the resource

name string

Output only. The resource name of the workload.

organization string

The organization for the resource

partner string

partnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

provisionedResourcesParent string

pulumiLabels {[key: string]: any}

The combination of labels configured directly on the resource and default labels configured on the provider.

resourceSettings WorkloadResourceSetting[]

resources WorkloadResource[]

saaEnrollmentResponses WorkloadSaaEnrollmentResponse[]

violationNotificationsEnabled boolean

billing_account str

compliance_regime str

compliance_statuses Sequence[WorkloadComplianceStatusArgs]

Output only. Count of active Violations in the Workload.

compliant_but_disallowed_services Sequence[str]

create_time str

Output only. Immutable. The Workload creation timestamp.

display_name str

effective_labels Mapping[str, Any]

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

ekm_provisioning_responses Sequence[WorkloadEkmProvisioningResponseArgs]

Optional. Represents the Ekm Provisioning State of the given workload.

enable_sovereign_controls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kaj_enrollment_state str

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

kms_settings WorkloadKmsSettingsArgs

labels Mapping[str, str]

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location str

The location for the resource

name str

Output only. The resource name of the workload.

organization str

The organization for the resource

partner str

partner_permissions WorkloadPartnerPermissionsArgs

Optional. Permissions granted to the AW Partner SA account for the customer workload

provisioned_resources_parent str

pulumi_labels Mapping[str, Any]

The combination of labels configured directly on the resource and default labels configured on the provider.

resource_settings Sequence[WorkloadResourceSettingArgs]

resources Sequence[WorkloadResourceArgs]

saa_enrollment_responses Sequence[WorkloadSaaEnrollmentResponseArgs]

violation_notifications_enabled bool

billingAccount String

complianceRegime String

complianceStatuses List<Property Map>

Output only. Count of active Violations in the Workload.

compliantButDisallowedServices List<String>

createTime String

Output only. Immutable. The Workload creation timestamp.

displayName String

effectiveLabels Map<Any>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

ekmProvisioningResponses List<Property Map>

Optional. Represents the Ekm Provisioning State of the given workload.

enableSovereignControls Boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kajEnrollmentState String

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

kmsSettings Property Map

labels Map<String>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location String

The location for the resource

name String

Output only. The resource name of the workload.

organization String

The organization for the resource

partner String

partnerPermissions Property Map

Optional. Permissions granted to the AW Partner SA account for the customer workload

provisionedResourcesParent String

pulumiLabels Map<Any>

The combination of labels configured directly on the resource and default labels configured on the provider.

resourceSettings List<Property Map>

resources List<Property Map>

saaEnrollmentResponses List<Property Map>

violationNotificationsEnabled Boolean

Supporting Types

WorkloadComplianceStatus, WorkloadComplianceStatusArgs

AcknowledgedViolationCounts List<int>
ActiveViolationCounts List<int>

AcknowledgedViolationCounts []int
ActiveViolationCounts []int

acknowledgedViolationCounts List<Integer>
activeViolationCounts List<Integer>

acknowledgedViolationCounts number[]
activeViolationCounts number[]

acknowledged_violation_counts Sequence[int]
active_violation_counts Sequence[int]

acknowledgedViolationCounts List<Number>
activeViolationCounts List<Number>

WorkloadEkmProvisioningResponse, WorkloadEkmProvisioningResponseArgs

EkmProvisioningErrorDomain string
EkmProvisioningErrorMapping string
EkmProvisioningState string

EkmProvisioningErrorDomain string
EkmProvisioningErrorMapping string
EkmProvisioningState string

ekmProvisioningErrorDomain String
ekmProvisioningErrorMapping String
ekmProvisioningState String

ekmProvisioningErrorDomain string
ekmProvisioningErrorMapping string
ekmProvisioningState string

ekm_provisioning_error_domain str
ekm_provisioning_error_mapping str
ekm_provisioning_state str

ekmProvisioningErrorDomain String
ekmProvisioningErrorMapping String
ekmProvisioningState String

WorkloadKmsSettings, WorkloadKmsSettingsArgs

NextRotationTime string: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
RotationPeriod string: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

NextRotationTime string: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
RotationPeriod string: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime String: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod String: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime string: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod string: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

next_rotation_time str: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotation_period str: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime String: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod String: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

WorkloadPartnerPermissions, WorkloadPartnerPermissionsArgs

AssuredWorkloadsMonitoring bool: Optional. Allow partner to view violation alerts.
DataLogsViewer bool: Allow the partner to view inspectability logs and monitoring violations.
ServiceAccessApprover bool: Optional. Allow partner to view access approval logs.

AssuredWorkloadsMonitoring bool: Optional. Allow partner to view violation alerts.
DataLogsViewer bool: Allow the partner to view inspectability logs and monitoring violations.
ServiceAccessApprover bool: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring Boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer Boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover Boolean: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover boolean: Optional. Allow partner to view access approval logs.

assured_workloads_monitoring bool: Optional. Allow partner to view violation alerts.
data_logs_viewer bool: Allow the partner to view inspectability logs and monitoring violations.
service_access_approver bool: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring Boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer Boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover Boolean: Optional. Allow partner to view access approval logs.

WorkloadResource, WorkloadResourceArgs

ResourceId int: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
ResourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

ResourceId int: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
ResourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

resourceId Integer: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType String: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

resourceId number: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

resource_id int: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resource_type str: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

resourceId Number: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType String: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

WorkloadResourceSetting, WorkloadResourceSettingArgs

DisplayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
ResourceId string: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
ResourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

DisplayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
ResourceId string: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
ResourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

displayName String: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId String: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType String: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

displayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId string: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

display_name str: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resource_id str: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resource_type str: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

displayName String: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId String: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType String: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

WorkloadSaaEnrollmentResponse, WorkloadSaaEnrollmentResponseArgs

SetupErrors List<string>
SetupStatus string

SetupErrors []string
SetupStatus string

setupErrors List<String>
setupStatus String

setupErrors string[]
setupStatus string

setup_errors Sequence[str]
setup_status str

setupErrors List<String>
setupStatus String

Import

Workload can be imported using any of these accepted formats* organizations/{{organization}}/locations/{{location}}/workloads/{{name}} * {{organization}}/{{location}}/{{name}} In Terraform v1.5.0 and later, use an import block to import Workload using one of the formats above. For exampletf import {

id = “organizations/{{organization}}/locations/{{location}}/workloads/{{name}}”

to = google_assured_workloads_workload.default }

 $ pulumi import gcp:assuredworkloads/workload:Workload When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Workload can be imported using one of the formats above. For example

 $ pulumi import gcp:assuredworkloads/workload:Workload default organizations/{{organization}}/locations/{{location}}/workloads/{{name}}

 $ pulumi import gcp:assuredworkloads/workload:Workload default {{organization}}/{{location}}/{{name}}

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud Classic v7.2.1 published on Wednesday, Nov 22, 2023 by Pulumi

pulumi/pulumi-gcp

gcp.assuredworkloads.Workload

On this page

On this page

Example Usage

Basic_workload

Sovereign_controls_workload

Create Workload Resource

Workload Resource Properties

Inputs

Outputs

Look up Existing Workload Resource

Supporting Types

WorkloadComplianceStatus, WorkloadComplianceStatusArgs

WorkloadEkmProvisioningResponse, WorkloadEkmProvisioningResponseArgs

WorkloadKmsSettings, WorkloadKmsSettingsArgs

WorkloadPartnerPermissions, WorkloadPartnerPermissionsArgs

WorkloadResource, WorkloadResourceArgs

WorkloadResourceSetting, WorkloadResourceSettingArgs

WorkloadSaaEnrollmentResponse, WorkloadSaaEnrollmentResponseArgs

Import

Package Details

On this page

On this page