1{
2 "auth": {
3 "oauth2": {
4 "scopes": {
5 "https://www.googleapis.com/auth/cloud-platform": {
6 "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
7 }
8 }
9 }
10 },
11 "basePath": "",
12 "baseUrl": "https://cloudcontrolspartner.googleapis.com/",
13 "batchPath": "batch",
14 "canonicalName": "Cloud Controls Partner Service",
15 "description": "Provides insights about your customers and their Assured Workloads based on your Sovereign Controls by Partners offering.",
16 "discoveryVersion": "v1",
17 "documentationLink": "https://cloud.google.com/sovereign-controls-by-partners/docs/sovereign-partners/reference/rest",
18 "fullyEncodeReservedExpansion": true,
19 "icons": {
20 "x16": "http://www.google.com/images/icons/product/search-16.gif",
21 "x32": "http://www.google.com/images/icons/product/search-32.gif"
22 },
23 "id": "cloudcontrolspartner:v1",
24 "kind": "discovery#restDescription",
25 "mtlsRootUrl": "https://cloudcontrolspartner.mtls.googleapis.com/",
26 "name": "cloudcontrolspartner",
27 "ownerDomain": "google.com",
28 "ownerName": "Google",
29 "parameters": {
30 "$.xgafv": {
31 "description": "V1 error format.",
32 "enum": [
33 "1",
34 "2"
35 ],
36 "enumDescriptions": [
37 "v1 error format",
38 "v2 error format"
39 ],
40 "location": "query",
41 "type": "string"
42 },
43 "access_token": {
44 "description": "OAuth access token.",
45 "location": "query",
46 "type": "string"
47 },
48 "alt": {
49 "default": "json",
50 "description": "Data format for response.",
51 "enum": [
52 "json",
53 "media",
54 "proto"
55 ],
56 "enumDescriptions": [
57 "Responses with Content-Type of application/json",
58 "Media download with context-dependent Content-Type",
59 "Responses with Content-Type of application/x-protobuf"
60 ],
61 "location": "query",
62 "type": "string"
63 },
64 "callback": {
65 "description": "JSONP",
66 "location": "query",
67 "type": "string"
68 },
69 "fields": {
70 "description": "Selector specifying which fields to include in a partial response.",
71 "location": "query",
72 "type": "string"
73 },
74 "key": {
75 "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
76 "location": "query",
77 "type": "string"
78 },
79 "oauth_token": {
80 "description": "OAuth 2.0 token for the current user.",
81 "location": "query",
82 "type": "string"
83 },
84 "prettyPrint": {
85 "default": "true",
86 "description": "Returns response with indentations and line breaks.",
87 "location": "query",
88 "type": "boolean"
89 },
90 "quotaUser": {
91 "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
92 "location": "query",
93 "type": "string"
94 },
95 "uploadType": {
96 "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
97 "location": "query",
98 "type": "string"
99 },
100 "upload_protocol": {
101 "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
102 "location": "query",
103 "type": "string"
104 }
105 },
106 "protocol": "rest",
107 "resources": {
108 "organizations": {
109 "resources": {
110 "locations": {
111 "methods": {
112 "getPartner": {
113 "description": "Get details of a Partner.",
114 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/partner",
115 "httpMethod": "GET",
116 "id": "cloudcontrolspartner.organizations.locations.getPartner",
117 "parameterOrder": [
118 "name"
119 ],
120 "parameters": {
121 "name": {
122 "description": "Required. Format: `organizations/{organization}/locations/{location}/partner`",
123 "location": "path",
124 "pattern": "^organizations/[^/]+/locations/[^/]+/partner$",
125 "required": true,
126 "type": "string"
127 }
128 },
129 "path": "v1/{+name}",
130 "response": {
131 "$ref": "Partner"
132 },
133 "scopes": [
134 "https://www.googleapis.com/auth/cloud-platform"
135 ]
136 }
137 },
138 "resources": {
139 "customers": {
140 "methods": {
141 "get": {
142 "description": "Gets details of a single customer",
143 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}",
144 "httpMethod": "GET",
145 "id": "cloudcontrolspartner.organizations.locations.customers.get",
146 "parameterOrder": [
147 "name"
148 ],
149 "parameters": {
150 "name": {
151 "description": "Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}`",
152 "location": "path",
153 "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+$",
154 "required": true,
155 "type": "string"
156 }
157 },
158 "path": "v1/{+name}",
159 "response": {
160 "$ref": "Customer"
161 },
162 "scopes": [
163 "https://www.googleapis.com/auth/cloud-platform"
164 ]
165 },
166 "list": {
167 "description": "Lists customers of a partner identified by its Google Cloud organization ID",
168 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers",
169 "httpMethod": "GET",
170 "id": "cloudcontrolspartner.organizations.locations.customers.list",
171 "parameterOrder": [
172 "parent"
173 ],
174 "parameters": {
175 "filter": {
176 "description": "Optional. Filtering results",
177 "location": "query",
178 "type": "string"
179 },
180 "orderBy": {
181 "description": "Optional. Hint for how to order the results",
182 "location": "query",
183 "type": "string"
184 },
185 "pageSize": {
186 "description": "The maximum number of Customers to return. The service may return fewer than this value. If unspecified, at most 500 Customers will be returned.",
187 "format": "int32",
188 "location": "query",
189 "type": "integer"
190 },
191 "pageToken": {
192 "description": "A page token, received from a previous `ListCustomers` call. Provide this to retrieve the subsequent page.",
193 "location": "query",
194 "type": "string"
195 },
196 "parent": {
197 "description": "Required. Parent resource Format: `organizations/{organization}/locations/{location}`",
198 "location": "path",
199 "pattern": "^organizations/[^/]+/locations/[^/]+$",
200 "required": true,
201 "type": "string"
202 }
203 },
204 "path": "v1/{+parent}/customers",
205 "response": {
206 "$ref": "ListCustomersResponse"
207 },
208 "scopes": [
209 "https://www.googleapis.com/auth/cloud-platform"
210 ]
211 }
212 },
213 "resources": {
214 "workloads": {
215 "methods": {
216 "get": {
217 "description": "Gets details of a single workload",
218 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}",
219 "httpMethod": "GET",
220 "id": "cloudcontrolspartner.organizations.locations.customers.workloads.get",
221 "parameterOrder": [
222 "name"
223 ],
224 "parameters": {
225 "name": {
226 "description": "Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`",
227 "location": "path",
228 "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+$",
229 "required": true,
230 "type": "string"
231 }
232 },
233 "path": "v1/{+name}",
234 "response": {
235 "$ref": "Workload"
236 },
237 "scopes": [
238 "https://www.googleapis.com/auth/cloud-platform"
239 ]
240 },
241 "getEkmConnections": {
242 "description": "Gets the EKM connections associated with a workload",
243 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/ekmConnections",
244 "httpMethod": "GET",
245 "id": "cloudcontrolspartner.organizations.locations.customers.workloads.getEkmConnections",
246 "parameterOrder": [
247 "name"
248 ],
249 "parameters": {
250 "name": {
251 "description": "Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/ekmConnections`",
252 "location": "path",
253 "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+/ekmConnections$",
254 "required": true,
255 "type": "string"
256 }
257 },
258 "path": "v1/{+name}",
259 "response": {
260 "$ref": "EkmConnections"
261 },
262 "scopes": [
263 "https://www.googleapis.com/auth/cloud-platform"
264 ]
265 },
266 "getPartnerPermissions": {
267 "description": "Gets the partner permissions granted for a workload",
268 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/partnerPermissions",
269 "httpMethod": "GET",
270 "id": "cloudcontrolspartner.organizations.locations.customers.workloads.getPartnerPermissions",
271 "parameterOrder": [
272 "name"
273 ],
274 "parameters": {
275 "name": {
276 "description": "Required. Name of the resource to get in the format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/partnerPermissions`",
277 "location": "path",
278 "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+/partnerPermissions$",
279 "required": true,
280 "type": "string"
281 }
282 },
283 "path": "v1/{+name}",
284 "response": {
285 "$ref": "PartnerPermissions"
286 },
287 "scopes": [
288 "https://www.googleapis.com/auth/cloud-platform"
289 ]
290 },
291 "list": {
292 "description": "Lists customer workloads for a given customer org id",
293 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads",
294 "httpMethod": "GET",
295 "id": "cloudcontrolspartner.organizations.locations.customers.workloads.list",
296 "parameterOrder": [
297 "parent"
298 ],
299 "parameters": {
300 "filter": {
301 "description": "Optional. Filtering results.",
302 "location": "query",
303 "type": "string"
304 },
305 "orderBy": {
306 "description": "Optional. Hint for how to order the results.",
307 "location": "query",
308 "type": "string"
309 },
310 "pageSize": {
311 "description": "The maximum number of workloads to return. The service may return fewer than this value. If unspecified, at most 500 workloads will be returned.",
312 "format": "int32",
313 "location": "query",
314 "type": "integer"
315 },
316 "pageToken": {
317 "description": "A page token, received from a previous `ListWorkloads` call. Provide this to retrieve the subsequent page.",
318 "location": "query",
319 "type": "string"
320 },
321 "parent": {
322 "description": "Required. Parent resource Format: `organizations/{organization}/locations/{location}/customers/{customer}`",
323 "location": "path",
324 "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+$",
325 "required": true,
326 "type": "string"
327 }
328 },
329 "path": "v1/{+parent}/workloads",
330 "response": {
331 "$ref": "ListWorkloadsResponse"
332 },
333 "scopes": [
334 "https://www.googleapis.com/auth/cloud-platform"
335 ]
336 }
337 },
338 "resources": {
339 "accessApprovalRequests": {
340 "methods": {
341 "list": {
342 "description": "Lists access requests associated with a workload",
343 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/accessApprovalRequests",
344 "httpMethod": "GET",
345 "id": "cloudcontrolspartner.organizations.locations.customers.workloads.accessApprovalRequests.list",
346 "parameterOrder": [
347 "parent"
348 ],
349 "parameters": {
350 "filter": {
351 "description": "Optional. Filtering results.",
352 "location": "query",
353 "type": "string"
354 },
355 "orderBy": {
356 "description": "Optional. Hint for how to order the results.",
357 "location": "query",
358 "type": "string"
359 },
360 "pageSize": {
361 "description": "Optional. The maximum number of access requests to return. The service may return fewer than this value. If unspecified, at most 500 access requests will be returned.",
362 "format": "int32",
363 "location": "query",
364 "type": "integer"
365 },
366 "pageToken": {
367 "description": "Optional. A page token, received from a previous `ListAccessApprovalRequests` call. Provide this to retrieve the subsequent page.",
368 "location": "query",
369 "type": "string"
370 },
371 "parent": {
372 "description": "Required. Parent resource Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`",
373 "location": "path",
374 "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+$",
375 "required": true,
376 "type": "string"
377 }
378 },
379 "path": "v1/{+parent}/accessApprovalRequests",
380 "response": {
381 "$ref": "ListAccessApprovalRequestsResponse"
382 },
383 "scopes": [
384 "https://www.googleapis.com/auth/cloud-platform"
385 ]
386 }
387 }
388 },
389 "violations": {
390 "methods": {
391 "get": {
392 "description": "Gets details of a single Violation.",
393 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/violations/{violationsId}",
394 "httpMethod": "GET",
395 "id": "cloudcontrolspartner.organizations.locations.customers.workloads.violations.get",
396 "parameterOrder": [
397 "name"
398 ],
399 "parameters": {
400 "name": {
401 "description": "Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation}`",
402 "location": "path",
403 "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+/violations/[^/]+$",
404 "required": true,
405 "type": "string"
406 }
407 },
408 "path": "v1/{+name}",
409 "response": {
410 "$ref": "Violation"
411 },
412 "scopes": [
413 "https://www.googleapis.com/auth/cloud-platform"
414 ]
415 },
416 "list": {
417 "description": "Lists Violations for a workload Callers may also choose to read across multiple Customers or for a single customer as per [AIP-159](https://google.aip.dev/159) by using '-' (the hyphen or dash character) as a wildcard character instead of {customer} \u0026 {workload}. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`",
418 "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/violations",
419 "httpMethod": "GET",
420 "id": "cloudcontrolspartner.organizations.locations.customers.workloads.violations.list",
421 "parameterOrder": [
422 "parent"
423 ],
424 "parameters": {
425 "filter": {
426 "description": "Optional. Filtering results",
427 "location": "query",
428 "type": "string"
429 },
430 "interval.endTime": {
431 "description": "Optional. Exclusive end of the interval. If specified, a Timestamp matching this interval will have to be before the end.",
432 "format": "google-datetime",
433 "location": "query",
434 "type": "string"
435 },
436 "interval.startTime": {
437 "description": "Optional. Inclusive start of the interval. If specified, a Timestamp matching this interval will have to be the same or after the start.",
438 "format": "google-datetime",
439 "location": "query",
440 "type": "string"
441 },
442 "orderBy": {
443 "description": "Optional. Hint for how to order the results",
444 "location": "query",
445 "type": "string"
446 },
447 "pageSize": {
448 "description": "Optional. The maximum number of customers row to return. The service may return fewer than this value. If unspecified, at most 10 customers will be returned.",
449 "format": "int32",
450 "location": "query",
451 "type": "integer"
452 },
453 "pageToken": {
454 "description": "Optional. A page token, received from a previous `ListViolations` call. Provide this to retrieve the subsequent page.",
455 "location": "query",
456 "type": "string"
457 },
458 "parent": {
459 "description": "Required. Parent resource Format `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`",
460 "location": "path",
461 "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+$",
462 "required": true,
463 "type": "string"
464 }
465 },
466 "path": "v1/{+parent}/violations",
467 "response": {
468 "$ref": "ListViolationsResponse"
469 },
470 "scopes": [
471 "https://www.googleapis.com/auth/cloud-platform"
472 ]
473 }
474 }
475 }
476 }
477 }
478 }
479 }
480 }
481 }
482 }
483 }
484 },
485 "revision": "20240320",
486 "rootUrl": "https://cloudcontrolspartner.googleapis.com/",
487 "schemas": {
488 "AccessApprovalRequest": {
489 "description": "Details about the Access request.",
490 "id": "AccessApprovalRequest",
491 "properties": {
492 "name": {
493 "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/accessApprovalRequests/{access_approval_request}`",
494 "type": "string"
495 },
496 "requestTime": {
497 "description": "The time at which approval was requested.",
498 "format": "google-datetime",
499 "type": "string"
500 },
501 "requestedExpirationTime": {
502 "description": "The requested expiration for the approval. If the request is approved, access will be granted from the time of approval until the expiration time.",
503 "format": "google-datetime",
504 "type": "string"
505 },
506 "requestedReason": {
507 "$ref": "AccessReason",
508 "description": "The justification for which approval is being requested."
509 }
510 },
511 "type": "object"
512 },
513 "AccessReason": {
514 "description": "Reason for the access.",
515 "id": "AccessReason",
516 "properties": {
517 "detail": {
518 "description": "More detail about certain reason types. See comments for each type above.",
519 "type": "string"
520 },
521 "type": {
522 "description": "Type of access justification.",
523 "enum": [
524 "TYPE_UNSPECIFIED",
525 "CUSTOMER_INITIATED_SUPPORT",
526 "GOOGLE_INITIATED_SERVICE",
527 "GOOGLE_INITIATED_REVIEW",
528 "THIRD_PARTY_DATA_REQUEST",
529 "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT",
530 "CLOUD_INITIATED_ACCESS"
531 ],
532 "enumDescriptions": [
533 "Default value for proto, shouldn't be used.",
534 "Customer made a request or raised an issue that required the principal to access customer data. `detail` is of the form (\"#####\" is the issue ID): - \"Feedback Report: #####\" - \"Case Number: #####\" - \"Case ID: #####\" - \"E-PIN Reference: #####\" - \"Google-#####\" - \"T-#####\"",
535 "The principal accessed customer data in order to diagnose or resolve a suspected issue in services. Often this access is used to confirm that customers are not affected by a suspected service issue or to remediate a reversible system issue.",
536 "Google initiated service for security, fraud, abuse, or compliance purposes.",
537 "The principal was compelled to access customer data in order to respond to a legal third party data request or process, including legal processes from customers themselves.",
538 "The principal accessed customer data in order to diagnose or resolve a suspected issue in services or a known outage.",
539 "Similar to 'GOOGLE_INITIATED_SERVICE' or 'GOOGLE_INITIATED_REVIEW', but with universe agnostic naming. The principal accessed customer data in order to diagnose or resolve a suspected issue in services or a known outage, or for security, fraud, abuse, or compliance review purposes."
540 ],
541 "type": "string"
542 }
543 },
544 "type": "object"
545 },
546 "ConnectionError": {
547 "description": "Information around the error that occurred if the connection state is anything other than available or unspecified",
548 "id": "ConnectionError",
549 "properties": {
550 "errorDomain": {
551 "description": "The error domain for the error",
552 "type": "string"
553 },
554 "errorMessage": {
555 "description": "The error message for the error",
556 "type": "string"
557 }
558 },
559 "type": "object"
560 },
561 "Console": {
562 "description": "Remediation instructions to resolve violation via cloud console",
563 "id": "Console",
564 "properties": {
565 "additionalLinks": {
566 "description": "Additional urls for more information about steps",
567 "items": {
568 "type": "string"
569 },
570 "type": "array"
571 },
572 "consoleUris": {
573 "description": "Link to console page where violations can be resolved",
574 "items": {
575 "type": "string"
576 },
577 "type": "array"
578 },
579 "steps": {
580 "description": "Steps to resolve violation via cloud console",
581 "items": {
582 "type": "string"
583 },
584 "type": "array"
585 }
586 },
587 "type": "object"
588 },
589 "Customer": {
590 "description": "Contains metadata around a Cloud Controls Partner Customer",
591 "id": "Customer",
592 "properties": {
593 "customerOnboardingState": {
594 "$ref": "CustomerOnboardingState",
595 "description": "Container for customer onboarding steps"
596 },
597 "displayName": {
598 "description": "The customer organization's display name. E.g. \"google.com\".",
599 "type": "string"
600 },
601 "isOnboarded": {
602 "description": "Indicates whether a customer is fully onboarded",
603 "type": "boolean"
604 },
605 "name": {
606 "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}`",
607 "type": "string"
608 }
609 },
610 "type": "object"
611 },
612 "CustomerOnboardingState": {
613 "description": "Container for customer onboarding steps",
614 "id": "CustomerOnboardingState",
615 "properties": {
616 "onboardingSteps": {
617 "description": "List of customer onboarding steps",
618 "items": {
619 "$ref": "CustomerOnboardingStep"
620 },
621 "type": "array"
622 }
623 },
624 "type": "object"
625 },
626 "CustomerOnboardingStep": {
627 "description": "Container for customer onboarding information",
628 "id": "CustomerOnboardingStep",
629 "properties": {
630 "completionState": {
631 "description": "Output only. Current state of the step",
632 "enum": [
633 "COMPLETION_STATE_UNSPECIFIED",
634 "PENDING",
635 "SUCCEEDED",
636 "FAILED",
637 "NOT_APPLICABLE"
638 ],
639 "enumDescriptions": [
640 "Unspecified completion state.",
641 "Task started (has start date) but not yet completed.",
642 "Succeeded state.",
643 "Failed state.",
644 "Not applicable state."
645 ],
646 "readOnly": true,
647 "type": "string"
648 },
649 "completionTime": {
650 "description": "The completion time of the onboarding step",
651 "format": "google-datetime",
652 "type": "string"
653 },
654 "startTime": {
655 "description": "The starting time of the onboarding step",
656 "format": "google-datetime",
657 "type": "string"
658 },
659 "step": {
660 "description": "The onboarding step",
661 "enum": [
662 "STEP_UNSPECIFIED",
663 "KAJ_ENROLLMENT",
664 "CUSTOMER_ENVIRONMENT"
665 ],
666 "enumDescriptions": [
667 "Unspecified step",
668 "KAJ Enrollment",
669 "Customer Environment"
670 ],
671 "type": "string"
672 }
673 },
674 "type": "object"
675 },
676 "EkmConnection": {
677 "description": "Details about the EKM connection",
678 "id": "EkmConnection",
679 "properties": {
680 "connectionError": {
681 "$ref": "ConnectionError",
682 "description": "The connection error that occurred if any"
683 },
684 "connectionName": {
685 "description": "Resource name of the EKM connection in the format: projects/{project}/locations/{location}/ekmConnections/{ekm_connection}",
686 "type": "string"
687 },
688 "connectionState": {
689 "description": "Output only. The connection state",
690 "enum": [
691 "CONNECTION_STATE_UNSPECIFIED",
692 "AVAILABLE",
693 "NOT_AVAILABLE",
694 "ERROR",
695 "PERMISSION_DENIED"
696 ],
697 "enumDescriptions": [
698 "Unspecified EKM connection state",
699 "Available EKM connection state",
700 "Not available EKM connection state",
701 "Error EKM connection state",
702 "Permission denied EKM connection state"
703 ],
704 "readOnly": true,
705 "type": "string"
706 }
707 },
708 "type": "object"
709 },
710 "EkmConnections": {
711 "description": "The EKM connections associated with a workload",
712 "id": "EkmConnections",
713 "properties": {
714 "ekmConnections": {
715 "description": "The EKM connections associated with the workload",
716 "items": {
717 "$ref": "EkmConnection"
718 },
719 "type": "array"
720 },
721 "name": {
722 "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/ekmConnections`",
723 "type": "string"
724 }
725 },
726 "type": "object"
727 },
728 "EkmMetadata": {
729 "description": "Holds information needed by Mudbray to use partner EKMs for workloads.",
730 "id": "EkmMetadata",
731 "properties": {
732 "ekmEndpointUri": {
733 "description": "Endpoint for sending requests to the EKM for key provisioning during Assured Workload creation.",
734 "type": "string"
735 },
736 "ekmSolution": {
737 "description": "The Cloud EKM partner.",
738 "enum": [
739 "EKM_SOLUTION_UNSPECIFIED",
740 "FORTANIX",
741 "FUTUREX",
742 "THALES",
743 "VIRTRU"
744 ],
745 "enumDescriptions": [
746 "Unspecified EKM solution",
747 "EKM Partner Fortanix",
748 "EKM Partner FutureX",
749 "EKM Partner Thales",
750 "EKM Partner Virtu"
751 ],
752 "type": "string"
753 }
754 },
755 "type": "object"
756 },
757 "Gcloud": {
758 "description": "Remediation instructions to resolve violation via gcloud cli",
759 "id": "Gcloud",
760 "properties": {
761 "additionalLinks": {
762 "description": "Additional urls for more information about steps",
763 "items": {
764 "type": "string"
765 },
766 "type": "array"
767 },
768 "gcloudCommands": {
769 "description": "Gcloud command to resolve violation",
770 "items": {
771 "type": "string"
772 },
773 "type": "array"
774 },
775 "steps": {
776 "description": "Steps to resolve violation via gcloud cli",
777 "items": {
778 "type": "string"
779 },
780 "type": "array"
781 }
782 },
783 "type": "object"
784 },
785 "Instructions": {
786 "description": "Instructions to remediate violation",
787 "id": "Instructions",
788 "properties": {
789 "consoleInstructions": {
790 "$ref": "Console",
791 "description": "Remediation instructions to resolve violation via cloud console"
792 },
793 "gcloudInstructions": {
794 "$ref": "Gcloud",
795 "description": "Remediation instructions to resolve violation via gcloud cli"
796 }
797 },
798 "type": "object"
799 },
800 "ListAccessApprovalRequestsResponse": {
801 "description": "Response message for list access requests.",
802 "id": "ListAccessApprovalRequestsResponse",
803 "properties": {
804 "accessApprovalRequests": {
805 "description": "List of access approval requests",
806 "items": {
807 "$ref": "AccessApprovalRequest"
808 },
809 "type": "array"
810 },
811 "nextPageToken": {
812 "description": "A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
813 "type": "string"
814 },
815 "unreachable": {
816 "description": "Locations that could not be reached.",
817 "items": {
818 "type": "string"
819 },
820 "type": "array"
821 }
822 },
823 "type": "object"
824 },
825 "ListCustomersResponse": {
826 "description": "Response message for list customer Customers requests",
827 "id": "ListCustomersResponse",
828 "properties": {
829 "customers": {
830 "description": "List of customers",
831 "items": {
832 "$ref": "Customer"
833 },
834 "type": "array"
835 },
836 "nextPageToken": {
837 "description": "A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
838 "type": "string"
839 },
840 "unreachable": {
841 "description": "Locations that could not be reached.",
842 "items": {
843 "type": "string"
844 },
845 "type": "array"
846 }
847 },
848 "type": "object"
849 },
850 "ListViolationsResponse": {
851 "description": "Response message for list customer violation requests",
852 "id": "ListViolationsResponse",
853 "properties": {
854 "nextPageToken": {
855 "description": "A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
856 "type": "string"
857 },
858 "unreachable": {
859 "description": "Workloads that could not be reached due to permission errors or any other error. Ref: https://google.aip.dev/217",
860 "items": {
861 "type": "string"
862 },
863 "type": "array"
864 },
865 "violations": {
866 "description": "List of violation",
867 "items": {
868 "$ref": "Violation"
869 },
870 "type": "array"
871 }
872 },
873 "type": "object"
874 },
875 "ListWorkloadsResponse": {
876 "description": "Response message for list customer workloads requests.",
877 "id": "ListWorkloadsResponse",
878 "properties": {
879 "nextPageToken": {
880 "description": "A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
881 "type": "string"
882 },
883 "unreachable": {
884 "description": "Locations that could not be reached.",
885 "items": {
886 "type": "string"
887 },
888 "type": "array"
889 },
890 "workloads": {
891 "description": "List of customer workloads",
892 "items": {
893 "$ref": "Workload"
894 },
895 "type": "array"
896 }
897 },
898 "type": "object"
899 },
900 "OperationMetadata": {
901 "description": "Represents the metadata of the long-running operation.",
902 "id": "OperationMetadata",
903 "properties": {
904 "apiVersion": {
905 "description": "Output only. API version used to start the operation.",
906 "readOnly": true,
907 "type": "string"
908 },
909 "createTime": {
910 "description": "Output only. The time the operation was created.",
911 "format": "google-datetime",
912 "readOnly": true,
913 "type": "string"
914 },
915 "endTime": {
916 "description": "Output only. The time the operation finished running.",
917 "format": "google-datetime",
918 "readOnly": true,
919 "type": "string"
920 },
921 "requestedCancellation": {
922 "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have been cancelled successfully have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
923 "readOnly": true,
924 "type": "boolean"
925 },
926 "statusMessage": {
927 "description": "Output only. Human-readable status of the operation, if any.",
928 "readOnly": true,
929 "type": "string"
930 },
931 "target": {
932 "description": "Output only. Server-defined resource path for the target of the operation.",
933 "readOnly": true,
934 "type": "string"
935 },
936 "verb": {
937 "description": "Output only. Name of the verb executed by the operation.",
938 "readOnly": true,
939 "type": "string"
940 }
941 },
942 "type": "object"
943 },
944 "Partner": {
945 "description": "Message describing Partner resource",
946 "id": "Partner",
947 "properties": {
948 "createTime": {
949 "description": "Output only. Time the resource was created",
950 "format": "google-datetime",
951 "readOnly": true,
952 "type": "string"
953 },
954 "ekmSolutions": {
955 "description": "List of Google Cloud supported EKM partners supported by the partner",
956 "items": {
957 "$ref": "EkmMetadata"
958 },
959 "type": "array"
960 },
961 "name": {
962 "description": "Identifier. The resource name of the partner. Format: `organizations/{organization}/locations/{location}/partner` Example: \"organizations/123456/locations/us-central1/partner\"",
963 "type": "string"
964 },
965 "operatedCloudRegions": {
966 "description": "List of Google Cloud regions that the partner sells services to customers. Valid Google Cloud regions found here: https://cloud.google.com/compute/docs/regions-zones",
967 "items": {
968 "type": "string"
969 },
970 "type": "array"
971 },
972 "partnerProjectId": {
973 "description": "Google Cloud project ID in the partner's Google Cloud organization for receiving enhanced Logs for Partners.",
974 "type": "string"
975 },
976 "skus": {
977 "description": "List of SKUs the partner is offering",
978 "items": {
979 "$ref": "Sku"
980 },
981 "type": "array"
982 },
983 "updateTime": {
984 "description": "Output only. The last time the resource was updated",
985 "format": "google-datetime",
986 "readOnly": true,
987 "type": "string"
988 }
989 },
990 "type": "object"
991 },
992 "PartnerPermissions": {
993 "description": "The permissions granted to the partner for a workload",
994 "id": "PartnerPermissions",
995 "properties": {
996 "name": {
997 "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/partnerPermissions`",
998 "type": "string"
999 },
1000 "partnerPermissions": {
1001 "description": "The partner permissions granted for the workload",
1002 "items": {
1003 "enum": [
1004 "PERMISSION_UNSPECIFIED",
1005 "ACCESS_TRANSPARENCY_AND_EMERGENCY_ACCESS_LOGS",
1006 "ASSURED_WORKLOADS_MONITORING",
1007 "ACCESS_APPROVAL_REQUESTS",
1008 "ASSURED_WORKLOADS_EKM_CONNECTION_STATUS"
1009 ],
1010 "enumDescriptions": [
1011 "Unspecified partner permission",
1012 "Permission for Access Transparency and emergency logs",
1013 "Permission for Assured Workloads monitoring violations",
1014 "Permission for Access Approval requests",
1015 "Permission for External Key Manager connection status"
1016 ],
1017 "type": "string"
1018 },
1019 "type": "array"
1020 }
1021 },
1022 "type": "object"
1023 },
1024 "Remediation": {
1025 "description": "Represents remediation guidance to resolve compliance violation for AssuredWorkload",
1026 "id": "Remediation",
1027 "properties": {
1028 "compliantValues": {
1029 "description": "Values that can resolve the violation For example: for list org policy violations, this will either be the list of allowed or denied values",
1030 "items": {
1031 "type": "string"
1032 },
1033 "type": "array"
1034 },
1035 "instructions": {
1036 "$ref": "Instructions",
1037 "description": "Required. Remediation instructions to resolve violations"
1038 },
1039 "remediationType": {
1040 "description": "Output only. Remediation type based on the type of org policy values violated",
1041 "enum": [
1042 "REMEDIATION_TYPE_UNSPECIFIED",
1043 "REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION",
1044 "REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION",
1045 "REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION",
1046 "REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION",
1047 "REMEDIATION_RESOURCE_VIOLATION"
1048 ],
1049 "enumDescriptions": [
1050 "Unspecified remediation type",
1051 "Remediation type for boolean org policy",
1052 "Remediation type for list org policy which have allowed values in the monitoring rule",
1053 "Remediation type for list org policy which have denied values in the monitoring rule",
1054 "Remediation type for gcp.restrictCmekCryptoKeyProjects",
1055 "Remediation type for resource violation."
1056 ],
1057 "readOnly": true,
1058 "type": "string"
1059 }
1060 },
1061 "type": "object"
1062 },
1063 "Sku": {
1064 "description": "Represents the SKU a partner owns inside Google Cloud to sell to customers.",
1065 "id": "Sku",
1066 "properties": {
1067 "displayName": {
1068 "description": "Display name of the product identified by the SKU. A partner may want to show partner branded names for their offerings such as local sovereign cloud solutions.",
1069 "type": "string"
1070 },
1071 "id": {
1072 "description": "Argentum product SKU, that is associated with the partner offerings to customers used by Syntro for billing purposes. SKUs can represent resold Google products or support services.",
1073 "type": "string"
1074 }
1075 },
1076 "type": "object"
1077 },
1078 "Violation": {
1079 "description": "Details of resource Violation",
1080 "id": "Violation",
1081 "properties": {
1082 "beginTime": {
1083 "description": "Output only. Time of the event which triggered the Violation.",
1084 "format": "google-datetime",
1085 "readOnly": true,
1086 "type": "string"
1087 },
1088 "category": {
1089 "description": "Output only. Category under which this violation is mapped. e.g. Location, Service Usage, Access, Encryption, etc.",
1090 "readOnly": true,
1091 "type": "string"
1092 },
1093 "description": {
1094 "description": "Output only. Description for the Violation. e.g. OrgPolicy gcp.resourceLocations has non compliant value.",
1095 "readOnly": true,
1096 "type": "string"
1097 },
1098 "folderId": {
1099 "description": "The folder_id of the violation",
1100 "format": "int64",
1101 "type": "string"
1102 },
1103 "name": {
1104 "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation}`",
1105 "type": "string"
1106 },
1107 "nonCompliantOrgPolicy": {
1108 "description": "Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and resulted this violation. Format: `projects/{project_number}/policies/{constraint_name}` `folders/{folder_id}/policies/{constraint_name}` `organizations/{organization_id}/policies/{constraint_name}`",
1109 "readOnly": true,
1110 "type": "string"
1111 },
1112 "remediation": {
1113 "$ref": "Remediation",
1114 "description": "Output only. Compliance violation remediation",
1115 "readOnly": true
1116 },
1117 "resolveTime": {
1118 "description": "Output only. Time of the event which fixed the Violation. If the violation is ACTIVE this will be empty.",
1119 "format": "google-datetime",
1120 "readOnly": true,
1121 "type": "string"
1122 },
1123 "state": {
1124 "description": "Output only. State of the violation",
1125 "enum": [
1126 "STATE_UNSPECIFIED",
1127 "RESOLVED",
1128 "UNRESOLVED",
1129 "EXCEPTION"
1130 ],
1131 "enumDescriptions": [
1132 "Unspecified state.",
1133 "Violation is resolved.",
1134 "Violation is Unresolved",
1135 "Violation is Exception"
1136 ],
1137 "readOnly": true,
1138 "type": "string"
1139 },
1140 "updateTime": {
1141 "description": "Output only. The last time when the Violation record was updated.",
1142 "format": "google-datetime",
1143 "readOnly": true,
1144 "type": "string"
1145 }
1146 },
1147 "type": "object"
1148 },
1149 "Workload": {
1150 "description": "Contains metadata around the [Workload resource](https://cloud.google.com/assured-workloads/docs/reference/rest/Shared.Types/Workload) in the Assured Workloads API.",
1151 "id": "Workload",
1152 "properties": {
1153 "createTime": {
1154 "description": "Output only. Time the resource was created.",
1155 "format": "google-datetime",
1156 "readOnly": true,
1157 "type": "string"
1158 },
1159 "folder": {
1160 "description": "Output only. The name of container folder of the assured workload",
1161 "readOnly": true,
1162 "type": "string"
1163 },
1164 "folderId": {
1165 "description": "Output only. Folder id this workload is associated with",
1166 "format": "int64",
1167 "readOnly": true,
1168 "type": "string"
1169 },
1170 "isOnboarded": {
1171 "description": "Indicates whether a workload is fully onboarded.",
1172 "type": "boolean"
1173 },
1174 "keyManagementProjectId": {
1175 "description": "The project id of the key management project for the workload",
1176 "type": "string"
1177 },
1178 "location": {
1179 "description": "The Google Cloud location of the workload",
1180 "type": "string"
1181 },
1182 "name": {
1183 "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`",
1184 "type": "string"
1185 },
1186 "partner": {
1187 "description": "Partner associated with this workload.",
1188 "enum": [
1189 "PARTNER_UNSPECIFIED",
1190 "PARTNER_LOCAL_CONTROLS_BY_S3NS",
1191 "PARTNER_SOVEREIGN_CONTROLS_BY_T_SYSTEMS",
1192 "PARTNER_SOVEREIGN_CONTROLS_BY_SIA_MINSAIT",
1193 "PARTNER_SOVEREIGN_CONTROLS_BY_PSN",
1194 "PARTNER_SOVEREIGN_CONTROLS_BY_CNTXT",
1195 "PARTNER_SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM"
1196 ],
1197 "enumDescriptions": [
1198 "Unknown Partner.",
1199 "Enum representing S3NS (Thales) partner.",
1200 "Enum representing T_SYSTEM (TSI) partner.",
1201 "Enum representing SIA_MINSAIT (Indra) partner.",
1202 "Enum representing PSN (TIM) partner.",
1203 "Enum representing CNTXT (Kingdom of Saudi Arabia) partner.",
1204 "Enum representing CNXT (Kingdom of Saudi Arabia) partner offering without EKM provisioning."
1205 ],
1206 "type": "string"
1207 },
1208 "workloadOnboardingState": {
1209 "$ref": "WorkloadOnboardingState",
1210 "description": "Container for workload onboarding steps."
1211 }
1212 },
1213 "type": "object"
1214 },
1215 "WorkloadOnboardingState": {
1216 "description": "Container for workload onboarding steps.",
1217 "id": "WorkloadOnboardingState",
1218 "properties": {
1219 "onboardingSteps": {
1220 "description": "List of workload onboarding steps.",
1221 "items": {
1222 "$ref": "WorkloadOnboardingStep"
1223 },
1224 "type": "array"
1225 }
1226 },
1227 "type": "object"
1228 },
1229 "WorkloadOnboardingStep": {
1230 "description": "Container for workload onboarding information.",
1231 "id": "WorkloadOnboardingStep",
1232 "properties": {
1233 "completionState": {
1234 "description": "Output only. The completion state of the onboarding step.",
1235 "enum": [
1236 "COMPLETION_STATE_UNSPECIFIED",
1237 "PENDING",
1238 "SUCCEEDED",
1239 "FAILED",
1240 "NOT_APPLICABLE"
1241 ],
1242 "enumDescriptions": [
1243 "Unspecified completion state.",
1244 "Task started (has start date) but not yet completed.",
1245 "Succeeded state.",
1246 "Failed state.",
1247 "Not applicable state."
1248 ],
1249 "readOnly": true,
1250 "type": "string"
1251 },
1252 "completionTime": {
1253 "description": "The completion time of the onboarding step.",
1254 "format": "google-datetime",
1255 "type": "string"
1256 },
1257 "startTime": {
1258 "description": "The starting time of the onboarding step.",
1259 "format": "google-datetime",
1260 "type": "string"
1261 },
1262 "step": {
1263 "description": "The onboarding step.",
1264 "enum": [
1265 "STEP_UNSPECIFIED",
1266 "EKM_PROVISIONED",
1267 "SIGNED_ACCESS_APPROVAL_CONFIGURED"
1268 ],
1269 "enumDescriptions": [
1270 "Unspecified step.",
1271 "EKM Provisioned step.",
1272 "Signed Access Approval step."
1273 ],
1274 "type": "string"
1275 }
1276 },
1277 "type": "object"
1278 }
1279 },
1280 "servicePath": "",
1281 "title": "Cloud Controls Partner API",
1282 "version": "v1",
1283 "version_module": true
1284}View as plain text