gcp.assuredworkloads.Workload
Explore with Pulumi AI
The AssuredWorkloads Workload resource
Example Usage
Basic_workload
A basic test of a assuredworkloads api
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const primary = new gcp.assuredworkloads.Workload("primary", {
complianceRegime: "FEDRAMP_MODERATE",
displayName: "{{display}}",
location: "us-west1",
organization: "123456789",
billingAccount: "billingAccounts/000000-0000000-0000000-000000",
kmsSettings: {
nextRotationTime: "9999-10-02T15:01:23Z",
rotationPeriod: "10368000s",
},
provisionedResourcesParent: "folders/519620126891",
resourceSettings: [
{
displayName: "{{name}}",
resourceType: "CONSUMER_FOLDER",
},
{
resourceType: "ENCRYPTION_KEYS_PROJECT",
},
{
resourceId: "ring",
resourceType: "KEYRING",
},
],
violationNotificationsEnabled: true,
workloadOptions: {
kajEnrollmentType: "KEY_ACCESS_TRANSPARENCY_OFF",
},
labels: {
"label-one": "value-one",
},
});
import pulumi
import pulumi_gcp as gcp
primary = gcp.assuredworkloads.Workload("primary",
compliance_regime="FEDRAMP_MODERATE",
display_name="{{display}}",
location="us-west1",
organization="123456789",
billing_account="billingAccounts/000000-0000000-0000000-000000",
kms_settings={
"next_rotation_time": "9999-10-02T15:01:23Z",
"rotation_period": "10368000s",
},
provisioned_resources_parent="folders/519620126891",
resource_settings=[
{
"display_name": "{{name}}",
"resource_type": "CONSUMER_FOLDER",
},
{
"resource_type": "ENCRYPTION_KEYS_PROJECT",
},
{
"resource_id": "ring",
"resource_type": "KEYRING",
},
],
violation_notifications_enabled=True,
workload_options={
"kaj_enrollment_type": "KEY_ACCESS_TRANSPARENCY_OFF",
},
labels={
"label-one": "value-one",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
ComplianceRegime: pulumi.String("FEDRAMP_MODERATE"),
DisplayName: pulumi.String("{{display}}"),
Location: pulumi.String("us-west1"),
Organization: pulumi.String("123456789"),
BillingAccount: pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
RotationPeriod: pulumi.String("10368000s"),
},
ProvisionedResourcesParent: pulumi.String("folders/519620126891"),
ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
&assuredworkloads.WorkloadResourceSettingArgs{
DisplayName: pulumi.String("{{name}}"),
ResourceType: pulumi.String("CONSUMER_FOLDER"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceId: pulumi.String("ring"),
ResourceType: pulumi.String("KEYRING"),
},
},
ViolationNotificationsEnabled: pulumi.Bool(true),
WorkloadOptions: &assuredworkloads.WorkloadWorkloadOptionsArgs{
KajEnrollmentType: pulumi.String("KEY_ACCESS_TRANSPARENCY_OFF"),
},
Labels: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
{
ComplianceRegime = "FEDRAMP_MODERATE",
DisplayName = "{{display}}",
Location = "us-west1",
Organization = "123456789",
BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
{
NextRotationTime = "9999-10-02T15:01:23Z",
RotationPeriod = "10368000s",
},
ProvisionedResourcesParent = "folders/519620126891",
ResourceSettings = new[]
{
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
DisplayName = "{{name}}",
ResourceType = "CONSUMER_FOLDER",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceType = "ENCRYPTION_KEYS_PROJECT",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceId = "ring",
ResourceType = "KEYRING",
},
},
ViolationNotificationsEnabled = true,
WorkloadOptions = new Gcp.AssuredWorkloads.Inputs.WorkloadWorkloadOptionsArgs
{
KajEnrollmentType = "KEY_ACCESS_TRANSPARENCY_OFF",
},
Labels =
{
{ "label-one", "value-one" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadWorkloadOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primary = new Workload("primary", WorkloadArgs.builder()
.complianceRegime("FEDRAMP_MODERATE")
.displayName("{{display}}")
.location("us-west1")
.organization("123456789")
.billingAccount("billingAccounts/000000-0000000-0000000-000000")
.kmsSettings(WorkloadKmsSettingsArgs.builder()
.nextRotationTime("9999-10-02T15:01:23Z")
.rotationPeriod("10368000s")
.build())
.provisionedResourcesParent("folders/519620126891")
.resourceSettings(
WorkloadResourceSettingArgs.builder()
.displayName("{{name}}")
.resourceType("CONSUMER_FOLDER")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceType("ENCRYPTION_KEYS_PROJECT")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceId("ring")
.resourceType("KEYRING")
.build())
.violationNotificationsEnabled(true)
.workloadOptions(WorkloadWorkloadOptionsArgs.builder()
.kajEnrollmentType("KEY_ACCESS_TRANSPARENCY_OFF")
.build())
.labels(Map.of("label-one", "value-one"))
.build());
}
}
resources:
primary:
type: gcp:assuredworkloads:Workload
properties:
complianceRegime: FEDRAMP_MODERATE
displayName: '{{display}}'
location: us-west1
organization: '123456789'
billingAccount: billingAccounts/000000-0000000-0000000-000000
kmsSettings:
nextRotationTime: 9999-10-02T15:01:23Z
rotationPeriod: 10368000s
provisionedResourcesParent: folders/519620126891
resourceSettings:
- displayName: '{{name}}'
resourceType: CONSUMER_FOLDER
- resourceType: ENCRYPTION_KEYS_PROJECT
- resourceId: ring
resourceType: KEYRING
violationNotificationsEnabled: true
workloadOptions:
kajEnrollmentType: KEY_ACCESS_TRANSPARENCY_OFF
labels:
label-one: value-one
Sovereign_controls_workload
A Sovereign Controls test of the assuredworkloads api
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const primary = new gcp.assuredworkloads.Workload("primary", {
complianceRegime: "EU_REGIONS_AND_SUPPORT",
displayName: "display",
location: "europe-west9",
organization: "123456789",
billingAccount: "billingAccounts/000000-0000000-0000000-000000",
enableSovereignControls: true,
kmsSettings: {
nextRotationTime: "9999-10-02T15:01:23Z",
rotationPeriod: "10368000s",
},
resourceSettings: [
{
resourceType: "CONSUMER_FOLDER",
},
{
resourceType: "ENCRYPTION_KEYS_PROJECT",
},
{
resourceId: "ring",
resourceType: "KEYRING",
},
],
labels: {
"label-one": "value-one",
},
});
import pulumi
import pulumi_gcp as gcp
primary = gcp.assuredworkloads.Workload("primary",
compliance_regime="EU_REGIONS_AND_SUPPORT",
display_name="display",
location="europe-west9",
organization="123456789",
billing_account="billingAccounts/000000-0000000-0000000-000000",
enable_sovereign_controls=True,
kms_settings={
"next_rotation_time": "9999-10-02T15:01:23Z",
"rotation_period": "10368000s",
},
resource_settings=[
{
"resource_type": "CONSUMER_FOLDER",
},
{
"resource_type": "ENCRYPTION_KEYS_PROJECT",
},
{
"resource_id": "ring",
"resource_type": "KEYRING",
},
],
labels={
"label-one": "value-one",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
ComplianceRegime: pulumi.String("EU_REGIONS_AND_SUPPORT"),
DisplayName: pulumi.String("display"),
Location: pulumi.String("europe-west9"),
Organization: pulumi.String("123456789"),
BillingAccount: pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
EnableSovereignControls: pulumi.Bool(true),
KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
RotationPeriod: pulumi.String("10368000s"),
},
ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceType: pulumi.String("CONSUMER_FOLDER"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceId: pulumi.String("ring"),
ResourceType: pulumi.String("KEYRING"),
},
},
Labels: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
{
ComplianceRegime = "EU_REGIONS_AND_SUPPORT",
DisplayName = "display",
Location = "europe-west9",
Organization = "123456789",
BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
EnableSovereignControls = true,
KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
{
NextRotationTime = "9999-10-02T15:01:23Z",
RotationPeriod = "10368000s",
},
ResourceSettings = new[]
{
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceType = "CONSUMER_FOLDER",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceType = "ENCRYPTION_KEYS_PROJECT",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceId = "ring",
ResourceType = "KEYRING",
},
},
Labels =
{
{ "label-one", "value-one" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primary = new Workload("primary", WorkloadArgs.builder()
.complianceRegime("EU_REGIONS_AND_SUPPORT")
.displayName("display")
.location("europe-west9")
.organization("123456789")
.billingAccount("billingAccounts/000000-0000000-0000000-000000")
.enableSovereignControls(true)
.kmsSettings(WorkloadKmsSettingsArgs.builder()
.nextRotationTime("9999-10-02T15:01:23Z")
.rotationPeriod("10368000s")
.build())
.resourceSettings(
WorkloadResourceSettingArgs.builder()
.resourceType("CONSUMER_FOLDER")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceType("ENCRYPTION_KEYS_PROJECT")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceId("ring")
.resourceType("KEYRING")
.build())
.labels(Map.of("label-one", "value-one"))
.build());
}
}
resources:
primary:
type: gcp:assuredworkloads:Workload
properties:
complianceRegime: EU_REGIONS_AND_SUPPORT
displayName: display
location: europe-west9
organization: '123456789'
billingAccount: billingAccounts/000000-0000000-0000000-000000
enableSovereignControls: true
kmsSettings:
nextRotationTime: 9999-10-02T15:01:23Z
rotationPeriod: 10368000s
resourceSettings:
- resourceType: CONSUMER_FOLDER
- resourceType: ENCRYPTION_KEYS_PROJECT
- resourceId: ring
resourceType: KEYRING
labels:
label-one: value-one
Split_billing_partner_workload
A Split billing partner test of the assuredworkloads api
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const primary = new gcp.assuredworkloads.Workload("primary", {
complianceRegime: "ASSURED_WORKLOADS_FOR_PARTNERS",
displayName: "display",
location: "europe-west8",
organization: "123456789",
billingAccount: "billingAccounts/000000-0000000-0000000-000000",
partner: "SOVEREIGN_CONTROLS_BY_PSN",
partnerPermissions: {
assuredWorkloadsMonitoring: true,
dataLogsViewer: true,
serviceAccessApprover: true,
},
partnerServicesBillingAccount: "billingAccounts/01BF3F-2C6DE5-30C607",
resourceSettings: [
{
resourceType: "CONSUMER_FOLDER",
},
{
resourceType: "ENCRYPTION_KEYS_PROJECT",
},
{
resourceId: "ring",
resourceType: "KEYRING",
},
],
violationNotificationsEnabled: true,
labels: {
"label-one": "value-one",
},
});
import pulumi
import pulumi_gcp as gcp
primary = gcp.assuredworkloads.Workload("primary",
compliance_regime="ASSURED_WORKLOADS_FOR_PARTNERS",
display_name="display",
location="europe-west8",
organization="123456789",
billing_account="billingAccounts/000000-0000000-0000000-000000",
partner="SOVEREIGN_CONTROLS_BY_PSN",
partner_permissions={
"assured_workloads_monitoring": True,
"data_logs_viewer": True,
"service_access_approver": True,
},
partner_services_billing_account="billingAccounts/01BF3F-2C6DE5-30C607",
resource_settings=[
{
"resource_type": "CONSUMER_FOLDER",
},
{
"resource_type": "ENCRYPTION_KEYS_PROJECT",
},
{
"resource_id": "ring",
"resource_type": "KEYRING",
},
],
violation_notifications_enabled=True,
labels={
"label-one": "value-one",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
ComplianceRegime: pulumi.String("ASSURED_WORKLOADS_FOR_PARTNERS"),
DisplayName: pulumi.String("display"),
Location: pulumi.String("europe-west8"),
Organization: pulumi.String("123456789"),
BillingAccount: pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
Partner: pulumi.String("SOVEREIGN_CONTROLS_BY_PSN"),
PartnerPermissions: &assuredworkloads.WorkloadPartnerPermissionsArgs{
AssuredWorkloadsMonitoring: pulumi.Bool(true),
DataLogsViewer: pulumi.Bool(true),
ServiceAccessApprover: pulumi.Bool(true),
},
PartnerServicesBillingAccount: pulumi.String("billingAccounts/01BF3F-2C6DE5-30C607"),
ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceType: pulumi.String("CONSUMER_FOLDER"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
},
&assuredworkloads.WorkloadResourceSettingArgs{
ResourceId: pulumi.String("ring"),
ResourceType: pulumi.String("KEYRING"),
},
},
ViolationNotificationsEnabled: pulumi.Bool(true),
Labels: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
{
ComplianceRegime = "ASSURED_WORKLOADS_FOR_PARTNERS",
DisplayName = "display",
Location = "europe-west8",
Organization = "123456789",
BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
Partner = "SOVEREIGN_CONTROLS_BY_PSN",
PartnerPermissions = new Gcp.AssuredWorkloads.Inputs.WorkloadPartnerPermissionsArgs
{
AssuredWorkloadsMonitoring = true,
DataLogsViewer = true,
ServiceAccessApprover = true,
},
PartnerServicesBillingAccount = "billingAccounts/01BF3F-2C6DE5-30C607",
ResourceSettings = new[]
{
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceType = "CONSUMER_FOLDER",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceType = "ENCRYPTION_KEYS_PROJECT",
},
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
ResourceId = "ring",
ResourceType = "KEYRING",
},
},
ViolationNotificationsEnabled = true,
Labels =
{
{ "label-one", "value-one" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadPartnerPermissionsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primary = new Workload("primary", WorkloadArgs.builder()
.complianceRegime("ASSURED_WORKLOADS_FOR_PARTNERS")
.displayName("display")
.location("europe-west8")
.organization("123456789")
.billingAccount("billingAccounts/000000-0000000-0000000-000000")
.partner("SOVEREIGN_CONTROLS_BY_PSN")
.partnerPermissions(WorkloadPartnerPermissionsArgs.builder()
.assuredWorkloadsMonitoring(true)
.dataLogsViewer(true)
.serviceAccessApprover(true)
.build())
.partnerServicesBillingAccount("billingAccounts/01BF3F-2C6DE5-30C607")
.resourceSettings(
WorkloadResourceSettingArgs.builder()
.resourceType("CONSUMER_FOLDER")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceType("ENCRYPTION_KEYS_PROJECT")
.build(),
WorkloadResourceSettingArgs.builder()
.resourceId("ring")
.resourceType("KEYRING")
.build())
.violationNotificationsEnabled(true)
.labels(Map.of("label-one", "value-one"))
.build());
}
}
resources:
primary:
type: gcp:assuredworkloads:Workload
properties:
complianceRegime: ASSURED_WORKLOADS_FOR_PARTNERS
displayName: display
location: europe-west8
organization: '123456789'
billingAccount: billingAccounts/000000-0000000-0000000-000000
partner: SOVEREIGN_CONTROLS_BY_PSN
partnerPermissions:
assuredWorkloadsMonitoring: true
dataLogsViewer: true
serviceAccessApprover: true
partnerServicesBillingAccount: billingAccounts/01BF3F-2C6DE5-30C607
resourceSettings:
- resourceType: CONSUMER_FOLDER
- resourceType: ENCRYPTION_KEYS_PROJECT
- resourceId: ring
resourceType: KEYRING
violationNotificationsEnabled: true
labels:
label-one: value-one
Create Workload Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Workload(name: string, args: WorkloadArgs, opts?: CustomResourceOptions);
@overload
def Workload(resource_name: str,
args: WorkloadArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Workload(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[str] = None,
compliance_regime: Optional[str] = None,
display_name: Optional[str] = None,
organization: Optional[str] = None,
enable_sovereign_controls: Optional[bool] = None,
labels: Optional[Mapping[str, str]] = None,
kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
billing_account: Optional[str] = None,
partner: Optional[str] = None,
partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
partner_services_billing_account: Optional[str] = None,
provisioned_resources_parent: Optional[str] = None,
resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
violation_notifications_enabled: Optional[bool] = None,
workload_options: Optional[WorkloadWorkloadOptionsArgs] = None)
func NewWorkload(ctx *Context, name string, args WorkloadArgs, opts ...ResourceOption) (*Workload, error)
public Workload(string name, WorkloadArgs args, CustomResourceOptions? opts = null)
public Workload(String name, WorkloadArgs args)
public Workload(String name, WorkloadArgs args, CustomResourceOptions options)
type: gcp:assuredworkloads:Workload
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WorkloadArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gcpWorkloadResource = new Gcp.AssuredWorkloads.Workload("gcpWorkloadResource", new()
{
Location = "string",
ComplianceRegime = "string",
DisplayName = "string",
Organization = "string",
EnableSovereignControls = false,
Labels =
{
{ "string", "string" },
},
KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
{
NextRotationTime = "string",
RotationPeriod = "string",
},
BillingAccount = "string",
Partner = "string",
PartnerPermissions = new Gcp.AssuredWorkloads.Inputs.WorkloadPartnerPermissionsArgs
{
AssuredWorkloadsMonitoring = false,
DataLogsViewer = false,
ServiceAccessApprover = false,
},
PartnerServicesBillingAccount = "string",
ProvisionedResourcesParent = "string",
ResourceSettings = new[]
{
new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
{
DisplayName = "string",
ResourceId = "string",
ResourceType = "string",
},
},
ViolationNotificationsEnabled = false,
WorkloadOptions = new Gcp.AssuredWorkloads.Inputs.WorkloadWorkloadOptionsArgs
{
KajEnrollmentType = "string",
},
});
example, err := assuredworkloads.NewWorkload(ctx, "gcpWorkloadResource", &assuredworkloads.WorkloadArgs{
Location: pulumi.String("string"),
ComplianceRegime: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Organization: pulumi.String("string"),
EnableSovereignControls: pulumi.Bool(false),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
NextRotationTime: pulumi.String("string"),
RotationPeriod: pulumi.String("string"),
},
BillingAccount: pulumi.String("string"),
Partner: pulumi.String("string"),
PartnerPermissions: &assuredworkloads.WorkloadPartnerPermissionsArgs{
AssuredWorkloadsMonitoring: pulumi.Bool(false),
DataLogsViewer: pulumi.Bool(false),
ServiceAccessApprover: pulumi.Bool(false),
},
PartnerServicesBillingAccount: pulumi.String("string"),
ProvisionedResourcesParent: pulumi.String("string"),
ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
&assuredworkloads.WorkloadResourceSettingArgs{
DisplayName: pulumi.String("string"),
ResourceId: pulumi.String("string"),
ResourceType: pulumi.String("string"),
},
},
ViolationNotificationsEnabled: pulumi.Bool(false),
WorkloadOptions: &assuredworkloads.WorkloadWorkloadOptionsArgs{
KajEnrollmentType: pulumi.String("string"),
},
})
var gcpWorkloadResource = new Workload("gcpWorkloadResource", WorkloadArgs.builder()
.location("string")
.complianceRegime("string")
.displayName("string")
.organization("string")
.enableSovereignControls(false)
.labels(Map.of("string", "string"))
.kmsSettings(WorkloadKmsSettingsArgs.builder()
.nextRotationTime("string")
.rotationPeriod("string")
.build())
.billingAccount("string")
.partner("string")
.partnerPermissions(WorkloadPartnerPermissionsArgs.builder()
.assuredWorkloadsMonitoring(false)
.dataLogsViewer(false)
.serviceAccessApprover(false)
.build())
.partnerServicesBillingAccount("string")
.provisionedResourcesParent("string")
.resourceSettings(WorkloadResourceSettingArgs.builder()
.displayName("string")
.resourceId("string")
.resourceType("string")
.build())
.violationNotificationsEnabled(false)
.workloadOptions(WorkloadWorkloadOptionsArgs.builder()
.kajEnrollmentType("string")
.build())
.build());
gcp_workload_resource = gcp.assuredworkloads.Workload("gcpWorkloadResource",
location="string",
compliance_regime="string",
display_name="string",
organization="string",
enable_sovereign_controls=False,
labels={
"string": "string",
},
kms_settings={
"next_rotation_time": "string",
"rotation_period": "string",
},
billing_account="string",
partner="string",
partner_permissions={
"assured_workloads_monitoring": False,
"data_logs_viewer": False,
"service_access_approver": False,
},
partner_services_billing_account="string",
provisioned_resources_parent="string",
resource_settings=[{
"display_name": "string",
"resource_id": "string",
"resource_type": "string",
}],
violation_notifications_enabled=False,
workload_options={
"kaj_enrollment_type": "string",
})
const gcpWorkloadResource = new gcp.assuredworkloads.Workload("gcpWorkloadResource", {
location: "string",
complianceRegime: "string",
displayName: "string",
organization: "string",
enableSovereignControls: false,
labels: {
string: "string",
},
kmsSettings: {
nextRotationTime: "string",
rotationPeriod: "string",
},
billingAccount: "string",
partner: "string",
partnerPermissions: {
assuredWorkloadsMonitoring: false,
dataLogsViewer: false,
serviceAccessApprover: false,
},
partnerServicesBillingAccount: "string",
provisionedResourcesParent: "string",
resourceSettings: [{
displayName: "string",
resourceId: "string",
resourceType: "string",
}],
violationNotificationsEnabled: false,
workloadOptions: {
kajEnrollmentType: "string",
},
});
type: gcp:assuredworkloads:Workload
properties:
billingAccount: string
complianceRegime: string
displayName: string
enableSovereignControls: false
kmsSettings:
nextRotationTime: string
rotationPeriod: string
labels:
string: string
location: string
organization: string
partner: string
partnerPermissions:
assuredWorkloadsMonitoring: false
dataLogsViewer: false
serviceAccessApprover: false
partnerServicesBillingAccount: string
provisionedResourcesParent: string
resourceSettings:
- displayName: string
resourceId: string
resourceType: string
violationNotificationsEnabled: false
workloadOptions:
kajEnrollmentType: string
Workload Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Workload resource accepts the following input properties:
- Compliance
Regime string - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- Display
Name string - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- Location string
- The location for the resource
- Organization string
- The organization for the resource
- Billing
Account string - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - Enable
Sovereign boolControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Kms
Settings WorkloadKms Settings - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels Dictionary<string, string>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Partner string
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- Partner
Permissions WorkloadPartner Permissions - Optional. Permissions granted to the AW Partner SA account for the customer workload
- Partner
Services stringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- Provisioned
Resources stringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- Resource
Settings List<WorkloadResource Setting> - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Violation
Notifications boolEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- Workload
Options WorkloadWorkload Options - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- Compliance
Regime string - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- Display
Name string - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- Location string
- The location for the resource
- Organization string
- The organization for the resource
- Billing
Account string - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - Enable
Sovereign boolControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Kms
Settings WorkloadKms Settings Args - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels map[string]string
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Partner string
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- Partner
Permissions WorkloadPartner Permissions Args - Optional. Permissions granted to the AW Partner SA account for the customer workload
- Partner
Services stringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- Provisioned
Resources stringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- Resource
Settings []WorkloadResource Setting Args - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Violation
Notifications boolEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- Workload
Options WorkloadWorkload Options Args - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- compliance
Regime String - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- display
Name String - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- location String
- The location for the resource
- organization String
- The organization for the resource
- billing
Account String - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - enable
Sovereign BooleanControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kms
Settings WorkloadKms Settings - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String,String>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- partner String
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- partner
Permissions WorkloadPartner Permissions - Optional. Permissions granted to the AW Partner SA account for the customer workload
- partner
Services StringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- provisioned
Resources StringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource
Settings List<WorkloadResource Setting> - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- violation
Notifications BooleanEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- workload
Options WorkloadWorkload Options - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- compliance
Regime string - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- display
Name string - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- location string
- The location for the resource
- organization string
- The organization for the resource
- billing
Account string - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - enable
Sovereign booleanControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kms
Settings WorkloadKms Settings - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels {[key: string]: string}
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- partner string
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- partner
Permissions WorkloadPartner Permissions - Optional. Permissions granted to the AW Partner SA account for the customer workload
- partner
Services stringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- provisioned
Resources stringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource
Settings WorkloadResource Setting[] - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- violation
Notifications booleanEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- workload
Options WorkloadWorkload Options - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- compliance_
regime str - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- display_
name str - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- location str
- The location for the resource
- organization str
- The organization for the resource
- billing_
account str - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - enable_
sovereign_ boolcontrols - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kms_
settings WorkloadKms Settings Args - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Mapping[str, str]
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- partner str
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- partner_
permissions WorkloadPartner Permissions Args - Optional. Permissions granted to the AW Partner SA account for the customer workload
- partner_
services_ strbilling_ account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- provisioned_
resources_ strparent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource_
settings Sequence[WorkloadResource Setting Args] - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- violation_
notifications_ boolenabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- workload_
options WorkloadWorkload Options Args - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- compliance
Regime String - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- display
Name String - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- location String
- The location for the resource
- organization String
- The organization for the resource
- billing
Account String - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - enable
Sovereign BooleanControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kms
Settings Property Map - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- partner String
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- partner
Permissions Property Map - Optional. Permissions granted to the AW Partner SA account for the customer workload
- partner
Services StringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- provisioned
Resources StringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- resource
Settings List<Property Map> - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- violation
Notifications BooleanEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- workload
Options Property Map - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
Outputs
All input properties are implicitly available as output properties. Additionally, the Workload resource produces the following output properties:
- Compliance
Statuses List<WorkloadCompliance Status> - Output only. Count of active Violations in the Workload.
- Compliant
But List<string>Disallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- Create
Time string - Output only. Immutable. The Workload creation timestamp.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ekm
Provisioning List<WorkloadResponses Ekm Provisioning Response> - Optional. Represents the Ekm Provisioning State of the given workload.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kaj
Enrollment stringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- Name string
- Output only. The resource name of the workload.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Resources
List<Workload
Resource> - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- Saa
Enrollment List<WorkloadResponses Saa Enrollment Response> - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- Compliance
Statuses []WorkloadCompliance Status - Output only. Count of active Violations in the Workload.
- Compliant
But []stringDisallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- Create
Time string - Output only. Immutable. The Workload creation timestamp.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ekm
Provisioning []WorkloadResponses Ekm Provisioning Response - Optional. Represents the Ekm Provisioning State of the given workload.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kaj
Enrollment stringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- Name string
- Output only. The resource name of the workload.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Resources
[]Workload
Resource - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- Saa
Enrollment []WorkloadResponses Saa Enrollment Response - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- compliance
Statuses List<WorkloadCompliance Status> - Output only. Count of active Violations in the Workload.
- compliant
But List<String>Disallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time String - Output only. Immutable. The Workload creation timestamp.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning List<WorkloadResponses Ekm Provisioning Response> - Optional. Represents the Ekm Provisioning State of the given workload.
- id String
- The provider-assigned unique ID for this managed resource.
- kaj
Enrollment StringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- name String
- Output only. The resource name of the workload.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- resources
List<Workload
Resource> - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment List<WorkloadResponses Saa Enrollment Response> - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- compliance
Statuses WorkloadCompliance Status[] - Output only. Count of active Violations in the Workload.
- compliant
But string[]Disallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time string - Output only. Immutable. The Workload creation timestamp.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning WorkloadResponses Ekm Provisioning Response[] - Optional. Represents the Ekm Provisioning State of the given workload.
- id string
- The provider-assigned unique ID for this managed resource.
- kaj
Enrollment stringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- name string
- Output only. The resource name of the workload.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- resources
Workload
Resource[] - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment WorkloadResponses Saa Enrollment Response[] - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- compliance_
statuses Sequence[WorkloadCompliance Status] - Output only. Count of active Violations in the Workload.
- compliant_
but_ Sequence[str]disallowed_ services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create_
time str - Output only. Immutable. The Workload creation timestamp.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm_
provisioning_ Sequence[Workloadresponses Ekm Provisioning Response] - Optional. Represents the Ekm Provisioning State of the given workload.
- id str
- The provider-assigned unique ID for this managed resource.
- kaj_
enrollment_ strstate - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- name str
- Output only. The resource name of the workload.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- resources
Sequence[Workload
Resource] - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa_
enrollment_ Sequence[Workloadresponses Saa Enrollment Response] - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- compliance
Statuses List<Property Map> - Output only. Count of active Violations in the Workload.
- compliant
But List<String>Disallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time String - Output only. Immutable. The Workload creation timestamp.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning List<Property Map>Responses - Optional. Represents the Ekm Provisioning State of the given workload.
- id String
- The provider-assigned unique ID for this managed resource.
- kaj
Enrollment StringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- name String
- Output only. The resource name of the workload.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- resources List<Property Map>
- Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment List<Property Map>Responses - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
Look up Existing Workload Resource
Get an existing Workload resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WorkloadState, opts?: CustomResourceOptions): Workload
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
billing_account: Optional[str] = None,
compliance_regime: Optional[str] = None,
compliance_statuses: Optional[Sequence[WorkloadComplianceStatusArgs]] = None,
compliant_but_disallowed_services: Optional[Sequence[str]] = None,
create_time: Optional[str] = None,
display_name: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
ekm_provisioning_responses: Optional[Sequence[WorkloadEkmProvisioningResponseArgs]] = None,
enable_sovereign_controls: Optional[bool] = None,
kaj_enrollment_state: Optional[str] = None,
kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
organization: Optional[str] = None,
partner: Optional[str] = None,
partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
partner_services_billing_account: Optional[str] = None,
provisioned_resources_parent: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
resources: Optional[Sequence[WorkloadResourceArgs]] = None,
saa_enrollment_responses: Optional[Sequence[WorkloadSaaEnrollmentResponseArgs]] = None,
violation_notifications_enabled: Optional[bool] = None,
workload_options: Optional[WorkloadWorkloadOptionsArgs] = None) -> Workload
func GetWorkload(ctx *Context, name string, id IDInput, state *WorkloadState, opts ...ResourceOption) (*Workload, error)
public static Workload Get(string name, Input<string> id, WorkloadState? state, CustomResourceOptions? opts = null)
public static Workload get(String name, Output<String> id, WorkloadState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Billing
Account string - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - Compliance
Regime string - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- Compliance
Statuses List<WorkloadCompliance Status> - Output only. Count of active Violations in the Workload.
- Compliant
But List<string>Disallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- Create
Time string - Output only. Immutable. The Workload creation timestamp.
- Display
Name string - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ekm
Provisioning List<WorkloadResponses Ekm Provisioning Response> - Optional. Represents the Ekm Provisioning State of the given workload.
- Enable
Sovereign boolControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Kaj
Enrollment stringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- Kms
Settings WorkloadKms Settings - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels Dictionary<string, string>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Location string
- The location for the resource
- Name string
- Output only. The resource name of the workload.
- Organization string
- The organization for the resource
- Partner string
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- Partner
Permissions WorkloadPartner Permissions - Optional. Permissions granted to the AW Partner SA account for the customer workload
- Partner
Services stringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- Provisioned
Resources stringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Resource
Settings List<WorkloadResource Setting> - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Resources
List<Workload
Resource> - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- Saa
Enrollment List<WorkloadResponses Saa Enrollment Response> - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- Violation
Notifications boolEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- Workload
Options WorkloadWorkload Options - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- Billing
Account string - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - Compliance
Regime string - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- Compliance
Statuses []WorkloadCompliance Status Args - Output only. Count of active Violations in the Workload.
- Compliant
But []stringDisallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- Create
Time string - Output only. Immutable. The Workload creation timestamp.
- Display
Name string - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ekm
Provisioning []WorkloadResponses Ekm Provisioning Response Args - Optional. Represents the Ekm Provisioning State of the given workload.
- Enable
Sovereign boolControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- Kaj
Enrollment stringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- Kms
Settings WorkloadKms Settings Args - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- Labels map[string]string
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Location string
- The location for the resource
- Name string
- Output only. The resource name of the workload.
- Organization string
- The organization for the resource
- Partner string
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- Partner
Permissions WorkloadPartner Permissions Args - Optional. Permissions granted to the AW Partner SA account for the customer workload
- Partner
Services stringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- Provisioned
Resources stringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Resource
Settings []WorkloadResource Setting Args - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- Resources
[]Workload
Resource Args - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- Saa
Enrollment []WorkloadResponses Saa Enrollment Response Args - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- Violation
Notifications boolEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- Workload
Options WorkloadWorkload Options Args - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- billing
Account String - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - compliance
Regime String - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- compliance
Statuses List<WorkloadCompliance Status> - Output only. Count of active Violations in the Workload.
- compliant
But List<String>Disallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time String - Output only. Immutable. The Workload creation timestamp.
- display
Name String - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning List<WorkloadResponses Ekm Provisioning Response> - Optional. Represents the Ekm Provisioning State of the given workload.
- enable
Sovereign BooleanControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kaj
Enrollment StringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- kms
Settings WorkloadKms Settings - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String,String>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- location String
- The location for the resource
- name String
- Output only. The resource name of the workload.
- organization String
- The organization for the resource
- partner String
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- partner
Permissions WorkloadPartner Permissions - Optional. Permissions granted to the AW Partner SA account for the customer workload
- partner
Services StringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- provisioned
Resources StringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- resource
Settings List<WorkloadResource Setting> - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
List<Workload
Resource> - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment List<WorkloadResponses Saa Enrollment Response> - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- violation
Notifications BooleanEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- workload
Options WorkloadWorkload Options - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- billing
Account string - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - compliance
Regime string - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- compliance
Statuses WorkloadCompliance Status[] - Output only. Count of active Violations in the Workload.
- compliant
But string[]Disallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time string - Output only. Immutable. The Workload creation timestamp.
- display
Name string - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning WorkloadResponses Ekm Provisioning Response[] - Optional. Represents the Ekm Provisioning State of the given workload.
- enable
Sovereign booleanControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kaj
Enrollment stringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- kms
Settings WorkloadKms Settings - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels {[key: string]: string}
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- location string
- The location for the resource
- name string
- Output only. The resource name of the workload.
- organization string
- The organization for the resource
- partner string
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- partner
Permissions WorkloadPartner Permissions - Optional. Permissions granted to the AW Partner SA account for the customer workload
- partner
Services stringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- provisioned
Resources stringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- resource
Settings WorkloadResource Setting[] - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
Workload
Resource[] - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment WorkloadResponses Saa Enrollment Response[] - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- violation
Notifications booleanEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- workload
Options WorkloadWorkload Options - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- billing_
account str - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - compliance_
regime str - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- compliance_
statuses Sequence[WorkloadCompliance Status Args] - Output only. Count of active Violations in the Workload.
- compliant_
but_ Sequence[str]disallowed_ services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create_
time str - Output only. Immutable. The Workload creation timestamp.
- display_
name str - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm_
provisioning_ Sequence[Workloadresponses Ekm Provisioning Response Args] - Optional. Represents the Ekm Provisioning State of the given workload.
- enable_
sovereign_ boolcontrols - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kaj_
enrollment_ strstate - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- kms_
settings WorkloadKms Settings Args - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Mapping[str, str]
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- location str
- The location for the resource
- name str
- Output only. The resource name of the workload.
- organization str
- The organization for the resource
- partner str
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- partner_
permissions WorkloadPartner Permissions Args - Optional. Permissions granted to the AW Partner SA account for the customer workload
- partner_
services_ strbilling_ account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- provisioned_
resources_ strparent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- resource_
settings Sequence[WorkloadResource Setting Args] - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources
Sequence[Workload
Resource Args] - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa_
enrollment_ Sequence[Workloadresponses Saa Enrollment Response Args] - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- violation_
notifications_ boolenabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- workload_
options WorkloadWorkload Options Args - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
- billing
Account String - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/{billing_account_id}
. For example,billingAccounts/012345-567890-ABCDEF
. - compliance
Regime String - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT
- compliance
Statuses List<Property Map> - Output only. Count of active Violations in the Workload.
- compliant
But List<String>Disallowed Services - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
- create
Time String - Output only. Immutable. The Workload creation timestamp.
- display
Name String - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ekm
Provisioning List<Property Map>Responses - Optional. Represents the Ekm Provisioning State of the given workload.
- enable
Sovereign BooleanControls - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
- kaj
Enrollment StringState - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
- kms
Settings Property Map - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
- labels Map<String>
Optional. Labels applied to the workload.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- location String
- The location for the resource
- name String
- Output only. The resource name of the workload.
- organization String
- The organization for the resource
- partner String
- Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM
- partner
Permissions Property Map - Optional. Permissions granted to the AW Partner SA account for the customer workload
- partner
Services StringBilling Account - Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.
- provisioned
Resources StringParent - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- resource
Settings List<Property Map> - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
- resources List<Property Map>
- Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
- saa
Enrollment List<Property Map>Responses - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.
- violation
Notifications BooleanEnabled - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.
- workload
Options Property Map - Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.
Supporting Types
WorkloadComplianceStatus, WorkloadComplianceStatusArgs
- Acknowledged
Violation List<int>Counts - Number of current orgPolicy violations which are acknowledged.
- Active
Violation List<int>Counts - Number of current orgPolicy violations which are not acknowledged.
- Acknowledged
Violation []intCounts - Number of current orgPolicy violations which are acknowledged.
- Active
Violation []intCounts - Number of current orgPolicy violations which are not acknowledged.
- acknowledged
Violation List<Integer>Counts - Number of current orgPolicy violations which are acknowledged.
- active
Violation List<Integer>Counts - Number of current orgPolicy violations which are not acknowledged.
- acknowledged
Violation number[]Counts - Number of current orgPolicy violations which are acknowledged.
- active
Violation number[]Counts - Number of current orgPolicy violations which are not acknowledged.
- acknowledged_
violation_ Sequence[int]counts - Number of current orgPolicy violations which are acknowledged.
- active_
violation_ Sequence[int]counts - Number of current orgPolicy violations which are not acknowledged.
- acknowledged
Violation List<Number>Counts - Number of current orgPolicy violations which are acknowledged.
- active
Violation List<Number>Counts - Number of current orgPolicy violations which are not acknowledged.
WorkloadEkmProvisioningResponse, WorkloadEkmProvisioningResponseArgs
- Ekm
Provisioning stringError Domain - Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
- Ekm
Provisioning stringError Mapping - Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
- Ekm
Provisioning stringState - Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
- Ekm
Provisioning stringError Domain - Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
- Ekm
Provisioning stringError Mapping - Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
- Ekm
Provisioning stringState - Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
- ekm
Provisioning StringError Domain - Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
- ekm
Provisioning StringError Mapping - Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
- ekm
Provisioning StringState - Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
- ekm
Provisioning stringError Domain - Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
- ekm
Provisioning stringError Mapping - Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
- ekm
Provisioning stringState - Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
- ekm_
provisioning_ strerror_ domain - Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
- ekm_
provisioning_ strerror_ mapping - Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
- ekm_
provisioning_ strstate - Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
- ekm
Provisioning StringError Domain - Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
- ekm
Provisioning StringError Mapping - Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
- ekm
Provisioning StringState - Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED
WorkloadKmsSettings, WorkloadKmsSettingsArgs
- Next
Rotation stringTime - Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- Rotation
Period string - Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- Next
Rotation stringTime - Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- Rotation
Period string - Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next
Rotation StringTime - Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation
Period String - Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next
Rotation stringTime - Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation
Period string - Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next_
rotation_ strtime - Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation_
period str - Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
- next
Rotation StringTime - Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
- rotation
Period String - Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
WorkloadPartnerPermissions, WorkloadPartnerPermissionsArgs
- Assured
Workloads boolMonitoring - Optional. Allow partner to view violation alerts.
- Data
Logs boolViewer - Allow the partner to view inspectability logs and monitoring violations.
- Service
Access boolApprover - Optional. Allow partner to view access approval logs.
- Assured
Workloads boolMonitoring - Optional. Allow partner to view violation alerts.
- Data
Logs boolViewer - Allow the partner to view inspectability logs and monitoring violations.
- Service
Access boolApprover - Optional. Allow partner to view access approval logs.
- assured
Workloads BooleanMonitoring - Optional. Allow partner to view violation alerts.
- data
Logs BooleanViewer - Allow the partner to view inspectability logs and monitoring violations.
- service
Access BooleanApprover - Optional. Allow partner to view access approval logs.
- assured
Workloads booleanMonitoring - Optional. Allow partner to view violation alerts.
- data
Logs booleanViewer - Allow the partner to view inspectability logs and monitoring violations.
- service
Access booleanApprover - Optional. Allow partner to view access approval logs.
- assured_
workloads_ boolmonitoring - Optional. Allow partner to view violation alerts.
- data_
logs_ boolviewer - Allow the partner to view inspectability logs and monitoring violations.
- service_
access_ boolapprover - Optional. Allow partner to view access approval logs.
- assured
Workloads BooleanMonitoring - Optional. Allow partner to view violation alerts.
- data
Logs BooleanViewer - Allow the partner to view inspectability logs and monitoring violations.
- service
Access BooleanApprover - Optional. Allow partner to view access approval logs.
WorkloadResource, WorkloadResourceArgs
- Resource
Id int - Resource identifier. For a project this represents project_number.
- Resource
Type string - Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- Resource
Id int - Resource identifier. For a project this represents project_number.
- Resource
Type string - Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- resource
Id Integer - Resource identifier. For a project this represents project_number.
- resource
Type String - Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- resource
Id number - Resource identifier. For a project this represents project_number.
- resource
Type string - Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- resource_
id int - Resource identifier. For a project this represents project_number.
- resource_
type str - Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- resource
Id Number - Resource identifier. For a project this represents project_number.
- resource
Type String - Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
WorkloadResourceSetting, WorkloadResourceSettingArgs
- Display
Name string - User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- Resource
Id string - Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- Resource
Type string - Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- Display
Name string - User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- Resource
Id string - Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- Resource
Type string - Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- display
Name String - User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource
Id String - Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type String - Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- display
Name string - User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource
Id string - Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type string - Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- display_
name str - User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource_
id str - Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource_
type str - Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
- display
Name String - User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
- resource
Id String - Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
- resource
Type String - Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
WorkloadSaaEnrollmentResponse, WorkloadSaaEnrollmentResponseArgs
- Setup
Errors List<string> - Indicates SAA enrollment setup error if any.
- Setup
Status string - Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
- Setup
Errors []string - Indicates SAA enrollment setup error if any.
- Setup
Status string - Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
- setup
Errors List<String> - Indicates SAA enrollment setup error if any.
- setup
Status String - Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
- setup
Errors string[] - Indicates SAA enrollment setup error if any.
- setup
Status string - Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
- setup_
errors Sequence[str] - Indicates SAA enrollment setup error if any.
- setup_
status str - Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
- setup
Errors List<String> - Indicates SAA enrollment setup error if any.
- setup
Status String - Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE
WorkloadWorkloadOptions, WorkloadWorkloadOptionsArgs
- Kaj
Enrollment stringType - Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF
- Kaj
Enrollment stringType - Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF
- kaj
Enrollment StringType - Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF
- kaj
Enrollment stringType - Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF
- kaj_
enrollment_ strtype - Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF
- kaj
Enrollment StringType - Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF
Import
Workload can be imported using any of these accepted formats:
organizations/{{organization}}/locations/{{location}}/workloads/{{name}}
{{organization}}/{{location}}/{{name}}
When using the pulumi import
command, Workload can be imported using one of the formats above. For example:
$ pulumi import gcp:assuredworkloads/workload:Workload default organizations/{{organization}}/locations/{{location}}/workloads/{{name}}
$ pulumi import gcp:assuredworkloads/workload:Workload default {{organization}}/{{location}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.