{ "resources": { "organizations": { "resources": { "locations": { "methods": { "getPartner": { "path": "v1/{+name}", "parameterOrder": [ "name" ], "description": "Get details of a Partner.", "id": "cloudcontrolspartner.organizations.locations.getPartner", "parameters": { "name": { "location": "path", "type": "string", "description": "Required. Format: `organizations/{organization}/locations/{location}/partner`", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/partner$" } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/partner", "httpMethod": "GET", "response": { "$ref": "Partner" } } }, "resources": { "customers": { "methods": { "create": { "id": "cloudcontrolspartner.organizations.locations.customers.create", "parameters": { "parent": { "type": "string", "location": "path", "description": "Required. Parent resource Format: `organizations/{organization}/locations/{location}`", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+$" }, "customerId": { "description": "Required. The customer id to use for the customer, which will become the final component of the customer's resource name. The specified value must be a valid Google cloud organization id.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "description": "Creates a new customer.", "path": "v1/{+parent}/customers", "request": { "$ref": "Customer" }, "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers", "httpMethod": "POST", "response": { "$ref": "Customer" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "get": { "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}", "httpMethod": "GET", "response": { "$ref": "Customer" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "name" ], "description": "Gets details of a single customer", "path": "v1/{+name}", "id": "cloudcontrolspartner.organizations.locations.customers.get", "parameters": { "name": { "type": "string", "location": "path", "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+$", "description": "Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}`", "required": true } } }, "list": { "parameterOrder": [ "parent" ], "description": "Lists customers of a partner identified by its Google Cloud organization ID", "path": "v1/{+parent}/customers", "id": "cloudcontrolspartner.organizations.locations.customers.list", "parameters": { "pageToken": { "type": "string", "description": "A page token, received from a previous `ListCustomers` call. Provide this to retrieve the subsequent page.", "location": "query" }, "filter": { "description": "Optional. Filtering results", "location": "query", "type": "string" }, "orderBy": { "description": "Optional. Hint for how to order the results", "location": "query", "type": "string" }, "parent": { "description": "Required. Parent resource Format: `organizations/{organization}/locations/{location}`", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+$", "type": "string", "location": "path" }, "pageSize": { "type": "integer", "description": "The maximum number of Customers to return. The service may return fewer than this value. If unspecified, at most 500 Customers will be returned.", "location": "query", "format": "int32" } }, "response": { "$ref": "ListCustomersResponse" }, "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "delete": { "id": "cloudcontrolspartner.organizations.locations.customers.delete", "parameters": { "name": { "description": "Required. name of the resource to be deleted format: name=organizations/*/locations/*/customers/*", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+$", "type": "string", "location": "path" } }, "parameterOrder": [ "name" ], "description": "Delete details of a single customer", "path": "v1/{+name}", "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}", "httpMethod": "DELETE", "response": { "$ref": "Empty" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "patch": { "request": { "$ref": "Customer" }, "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}", "httpMethod": "PATCH", "response": { "$ref": "Customer" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "cloudcontrolspartner.organizations.locations.customers.patch", "parameters": { "updateMask": { "description": "Optional. The list of fields to update", "location": "query", "format": "google-fieldmask", "type": "string" }, "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+$", "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}`", "required": true, "location": "path", "type": "string" } }, "parameterOrder": [ "name" ], "description": "Update details of a single customer", "path": "v1/{+name}" } }, "resources": { "workloads": { "methods": { "getEkmConnections": { "parameterOrder": [ "name" ], "description": "Gets the EKM connections associated with a workload", "path": "v1/{+name}", "id": "cloudcontrolspartner.organizations.locations.customers.workloads.getEkmConnections", "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+/ekmConnections$", "description": "Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/ekmConnections`", "required": true, "type": "string", "location": "path" } }, "response": { "$ref": "EkmConnections" }, "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/ekmConnections", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "get": { "id": "cloudcontrolspartner.organizations.locations.customers.workloads.get", "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+$", "description": "Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`", "required": true, "type": "string", "location": "path" } }, "parameterOrder": [ "name" ], "description": "Gets details of a single workload", "path": "v1/{+name}", "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}", "httpMethod": "GET", "response": { "$ref": "Workload" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "list": { "response": { "$ref": "ListWorkloadsResponse" }, "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "parent" ], "description": "Lists customer workloads for a given customer org id", "path": "v1/{+parent}/workloads", "id": "cloudcontrolspartner.organizations.locations.customers.workloads.list", "parameters": { "pageToken": { "description": "A page token, received from a previous `ListWorkloads` call. Provide this to retrieve the subsequent page.", "location": "query", "type": "string" }, "filter": { "description": "Optional. Filtering results.", "location": "query", "type": "string" }, "orderBy": { "description": "Optional. Hint for how to order the results.", "location": "query", "type": "string" }, "parent": { "type": "string", "location": "path", "description": "Required. Parent resource Format: `organizations/{organization}/locations/{location}/customers/{customer}`", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+$" }, "pageSize": { "description": "The maximum number of workloads to return. The service may return fewer than this value. If unspecified, at most 500 workloads will be returned.", "location": "query", "format": "int32", "type": "integer" } } }, "getPartnerPermissions": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/partnerPermissions", "httpMethod": "GET", "response": { "$ref": "PartnerPermissions" }, "id": "cloudcontrolspartner.organizations.locations.customers.workloads.getPartnerPermissions", "parameters": { "name": { "description": "Required. Name of the resource to get in the format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/partnerPermissions`", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+/partnerPermissions$", "location": "path", "type": "string" } }, "path": "v1/{+name}", "parameterOrder": [ "name" ], "description": "Gets the partner permissions granted for a workload" } }, "resources": { "accessApprovalRequests": { "methods": { "list": { "id": "cloudcontrolspartner.organizations.locations.customers.workloads.accessApprovalRequests.list", "parameters": { "parent": { "description": "Required. Parent resource Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+$", "location": "path", "type": "string" }, "pageSize": { "description": "Optional. The maximum number of access requests to return. The service may return fewer than this value. If unspecified, at most 500 access requests will be returned.", "location": "query", "format": "int32", "type": "integer" }, "orderBy": { "description": "Optional. Hint for how to order the results.", "location": "query", "type": "string" }, "filter": { "type": "string", "description": "Optional. Filtering results.", "location": "query" }, "pageToken": { "type": "string", "description": "Optional. A page token, received from a previous `ListAccessApprovalRequests` call. Provide this to retrieve the subsequent page.", "location": "query" } }, "parameterOrder": [ "parent" ], "description": "Deprecated: Only returns access approval requests directly associated with an assured workload folder.", "path": "v1/{+parent}/accessApprovalRequests", "response": { "$ref": "ListAccessApprovalRequestsResponse" }, "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/accessApprovalRequests", "httpMethod": "GET", "deprecated": true, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] } }, "deprecated": true }, "violations": { "methods": { "list": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/violations", "httpMethod": "GET", "response": { "$ref": "ListViolationsResponse" }, "id": "cloudcontrolspartner.organizations.locations.customers.workloads.violations.list", "parameters": { "orderBy": { "type": "string", "description": "Optional. Hint for how to order the results", "location": "query" }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+$", "description": "Required. Parent resource Format `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`", "required": true, "location": "path", "type": "string" }, "pageSize": { "type": "integer", "description": "Optional. The maximum number of customers row to return. The service may return fewer than this value. If unspecified, at most 10 customers will be returned.", "location": "query", "format": "int32" }, "pageToken": { "description": "Optional. A page token, received from a previous `ListViolations` call. Provide this to retrieve the subsequent page.", "location": "query", "type": "string" }, "interval.startTime": { "type": "string", "description": "Optional. Inclusive start of the interval. If specified, a Timestamp matching this interval will have to be the same or after the start.", "location": "query", "format": "google-datetime" }, "filter": { "description": "Optional. Filtering results", "location": "query", "type": "string" }, "interval.endTime": { "description": "Optional. Exclusive end of the interval. If specified, a Timestamp matching this interval will have to be before the end.", "location": "query", "format": "google-datetime", "type": "string" } }, "path": "v1/{+parent}/violations", "parameterOrder": [ "parent" ], "description": "Lists Violations for a workload Callers may also choose to read across multiple Customers or for a single customer as per [AIP-159](https://google.aip.dev/159) by using '-' (the hyphen or dash character) as a wildcard character instead of {customer} & {workload}. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`" }, "get": { "response": { "$ref": "Violation" }, "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/customers/{customersId}/workloads/{workloadsId}/violations/{violationsId}", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "name" ], "description": "Gets details of a single Violation.", "path": "v1/{+name}", "id": "cloudcontrolspartner.organizations.locations.customers.workloads.violations.get", "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/customers/[^/]+/workloads/[^/]+/violations/[^/]+$", "description": "Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation}`", "required": true, "location": "path", "type": "string" } } } } } } } } } } } } } }, "protocol": "rest", "ownerName": "Google", "auth": { "oauth2": { "scopes": { "https://www.googleapis.com/auth/cloud-platform": { "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account." } } } }, "icons": { "x16": "http://www.google.com/images/icons/product/search-16.gif", "x32": "http://www.google.com/images/icons/product/search-32.gif" }, "batchPath": "batch", "baseUrl": "https://cloudcontrolspartner.googleapis.com/", "kind": "discovery#restDescription", "title": "Cloud Controls Partner API", "revision": "20260401", "description": "Provides insights about your customers and their Assured Workloads based on your Sovereign Controls by Partners offering.", "discoveryVersion": "v1", "ownerDomain": "google.com", "id": "cloudcontrolspartner:v1", "parameters": { "callback": { "description": "JSONP", "location": "query", "type": "string" }, "alt": { "description": "Data format for response.", "default": "json", "enum": [ "json", "media", "proto" ], "location": "query", "enumDescriptions": [ "Responses with Content-Type of application/json", "Media download with context-dependent Content-Type", "Responses with Content-Type of application/x-protobuf" ], "type": "string" }, "fields": { "description": "Selector specifying which fields to include in a partial response.", "location": "query", "type": "string" }, "upload_protocol": { "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", "location": "query", "type": "string" }, "$.xgafv": { "location": "query", "type": "string", "enumDescriptions": [ "v1 error format", "v2 error format" ], "description": "V1 error format.", "enum": [ "1", "2" ] }, "oauth_token": { "description": "OAuth 2.0 token for the current user.", "location": "query", "type": "string" }, "access_token": { "description": "OAuth access token.", "location": "query", "type": "string" }, "prettyPrint": { "type": "boolean", "description": "Returns response with indentations and line breaks.", "default": "true", "location": "query" }, "uploadType": { "type": "string", "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", "location": "query" }, "key": { "type": "string", "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", "location": "query" }, "quotaUser": { "type": "string", "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", "location": "query" } }, "fullyEncodeReservedExpansion": true, "version_module": true, "servicePath": "", "documentationLink": "https://cloud.google.com/sovereign-controls-by-partners/docs/sovereign-partners/reference/rest", "rootUrl": "https://cloudcontrolspartner.googleapis.com/", "name": "cloudcontrolspartner", "basePath": "", "schemas": { "ListWorkloadsResponse": { "description": "Response message for list customer workloads requests.", "type": "object", "id": "ListWorkloadsResponse", "properties": { "unreachable": { "type": "array", "items": { "type": "string" }, "description": "Locations that could not be reached." }, "workloads": { "description": "List of customer workloads", "type": "array", "items": { "$ref": "Workload" } }, "nextPageToken": { "description": "A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" } } }, "WorkloadOnboardingState": { "id": "WorkloadOnboardingState", "properties": { "onboardingSteps": { "items": { "$ref": "WorkloadOnboardingStep" }, "type": "array", "description": "List of workload onboarding steps." } }, "type": "object", "description": "Container for workload onboarding steps." }, "EkmConnections": { "type": "object", "id": "EkmConnections", "properties": { "ekmConnections": { "description": "The EKM connections associated with the workload", "items": { "$ref": "EkmConnection" }, "type": "array" }, "name": { "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/ekmConnections`", "type": "string" } }, "description": "The EKM connections associated with a workload" }, "Console": { "type": "object", "id": "Console", "properties": { "consoleUris": { "type": "array", "items": { "type": "string" }, "description": "Link to console page where violations can be resolved" }, "additionalLinks": { "description": "Additional urls for more information about steps", "type": "array", "items": { "type": "string" } }, "steps": { "type": "array", "items": { "type": "string" }, "description": "Steps to resolve violation via cloud console" } }, "description": "Remediation instructions to resolve violation via cloud console" }, "EkmMetadata": { "description": "Holds information needed by Mudbray to use partner EKMs for workloads.", "id": "EkmMetadata", "properties": { "ekmSolution": { "enum": [ "EKM_SOLUTION_UNSPECIFIED", "FORTANIX", "FUTUREX", "THALES", "VIRTRU" ], "description": "The Cloud EKM partner.", "enumDescriptions": [ "Unspecified EKM solution", "EKM Partner Fortanix", "EKM Partner FutureX", "EKM Partner Thales", "This enum value is never used." ], "type": "string", "enumDeprecated": [ false, false, false, false, true ] }, "ekmEndpointUri": { "description": "Endpoint for sending requests to the EKM for key provisioning during Assured Workload creation.", "type": "string" } }, "type": "object" }, "ListViolationsResponse": { "description": "Response message for list customer violation requests", "type": "object", "id": "ListViolationsResponse", "properties": { "unreachable": { "type": "array", "items": { "type": "string" }, "description": "Workloads that could not be reached due to permission errors or any other error. Ref: https://google.aip.dev/217" }, "violations": { "description": "List of violation", "type": "array", "items": { "$ref": "Violation" } }, "nextPageToken": { "description": "A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" } } }, "PartnerPermissions": { "type": "object", "id": "PartnerPermissions", "properties": { "partnerPermissions": { "description": "The partner permissions granted for the workload", "type": "array", "items": { "type": "string", "enumDescriptions": [ "Unspecified partner permission", "Permission for Access Transparency and emergency logs", "Permission for Assured Workloads monitoring violations", "Permission for Access Approval requests", "Permission for External Key Manager connection status", "Permission for support case details for Access Transparency log entries" ], "enum": [ "PERMISSION_UNSPECIFIED", "ACCESS_TRANSPARENCY_AND_EMERGENCY_ACCESS_LOGS", "ASSURED_WORKLOADS_MONITORING", "ACCESS_APPROVAL_REQUESTS", "ASSURED_WORKLOADS_EKM_CONNECTION_STATUS", "ACCESS_TRANSPARENCY_LOGS_SUPPORT_CASE_VIEWER" ] } }, "name": { "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/partnerPermissions`", "type": "string" } }, "description": "The permissions granted to the partner for a workload" }, "EkmConnection": { "id": "EkmConnection", "properties": { "connectionName": { "description": "Resource name of the EKM connection in the format: projects/{project}/locations/{location}/ekmConnections/{ekm_connection}", "type": "string" }, "connectionError": { "description": "The connection error that occurred if any", "$ref": "ConnectionError" }, "connectionState": { "type": "string", "enumDescriptions": [ "Unspecified EKM connection state", "Available EKM connection state", "Not available EKM connection state", "Error EKM connection state", "Permission denied EKM connection state" ], "enum": [ "CONNECTION_STATE_UNSPECIFIED", "AVAILABLE", "NOT_AVAILABLE", "ERROR", "PERMISSION_DENIED" ], "description": "Output only. The connection state", "readOnly": true } }, "type": "object", "description": "Details about the EKM connection" }, "ListCustomersResponse": { "type": "object", "id": "ListCustomersResponse", "properties": { "nextPageToken": { "description": "A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" }, "customers": { "type": "array", "items": { "$ref": "Customer" }, "description": "List of customers" }, "unreachable": { "items": { "type": "string" }, "type": "array", "description": "Locations that could not be reached." } }, "description": "Response message for list customer Customers requests" }, "OperationMetadata": { "description": "Represents the metadata of the long-running operation.", "id": "OperationMetadata", "properties": { "createTime": { "description": "Output only. The time the operation was created.", "format": "google-datetime", "readOnly": true, "type": "string" }, "endTime": { "readOnly": true, "description": "Output only. The time the operation finished running.", "format": "google-datetime", "type": "string" }, "requestedCancellation": { "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have been cancelled successfully have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.", "readOnly": true, "type": "boolean" }, "statusMessage": { "type": "string", "readOnly": true, "description": "Output only. Human-readable status of the operation, if any." }, "apiVersion": { "readOnly": true, "description": "Output only. API version used to start the operation.", "type": "string" }, "target": { "type": "string", "readOnly": true, "description": "Output only. Server-defined resource path for the target of the operation." }, "verb": { "readOnly": true, "description": "Output only. Name of the verb executed by the operation.", "type": "string" } }, "type": "object" }, "CustomerOnboardingState": { "id": "CustomerOnboardingState", "properties": { "onboardingSteps": { "description": "List of customer onboarding steps", "items": { "$ref": "CustomerOnboardingStep" }, "type": "array" } }, "type": "object", "description": "Container for customer onboarding steps" }, "Gcloud": { "id": "Gcloud", "properties": { "steps": { "description": "Steps to resolve violation via gcloud cli", "type": "array", "items": { "type": "string" } }, "gcloudCommands": { "description": "Gcloud command to resolve violation", "items": { "type": "string" }, "type": "array" }, "additionalLinks": { "description": "Additional urls for more information about steps", "items": { "type": "string" }, "type": "array" } }, "type": "object", "description": "Remediation instructions to resolve violation via gcloud cli" }, "AccessReason": { "description": "Reason for the access.", "type": "object", "id": "AccessReason", "properties": { "type": { "description": "Type of access justification.", "type": "string", "enumDescriptions": [ "Default value for proto, shouldn't be used.", "Customer made a request or raised an issue that required the principal to access customer data. `detail` is of the form (\"#####\" is the issue ID): - \"Feedback Report: #####\" - \"Case Number: #####\" - \"Case ID: #####\" - \"E-PIN Reference: #####\" - \"Google-#####\" - \"T-#####\"", "The principal accessed customer data in order to diagnose or resolve a suspected issue in services. Often this access is used to confirm that customers are not affected by a suspected service issue or to remediate a reversible system issue.", "Google initiated service for security, fraud, abuse, or compliance purposes.", "The principal was compelled to access customer data in order to respond to a legal third party data request or process, including legal processes from customers themselves.", "The principal accessed customer data in order to diagnose or resolve a suspected issue in services or a known outage.", "Similar to 'GOOGLE_INITIATED_SERVICE' or 'GOOGLE_INITIATED_REVIEW', but with universe agnostic naming. The principal accessed customer data in order to diagnose or resolve a suspected issue in services or a known outage, or for security, fraud, abuse, or compliance review purposes." ], "enum": [ "TYPE_UNSPECIFIED", "CUSTOMER_INITIATED_SUPPORT", "GOOGLE_INITIATED_SERVICE", "GOOGLE_INITIATED_REVIEW", "THIRD_PARTY_DATA_REQUEST", "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT", "CLOUD_INITIATED_ACCESS" ] }, "detail": { "description": "More detail about certain reason types. See comments for each type above.", "type": "string" } } }, "Customer": { "description": "Contains metadata around a Cloud Controls Partner Customer", "type": "object", "id": "Customer", "properties": { "name": { "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}`", "type": "string" }, "isOnboarded": { "type": "boolean", "readOnly": true, "description": "Output only. Indicates whether a customer is fully onboarded" }, "organizationDomain": { "type": "string", "description": "Output only. The customer organization domain, extracted from CRM Organization’s display_name field. e.g. \"google.com\"", "readOnly": true }, "customerOnboardingState": { "$ref": "CustomerOnboardingState", "readOnly": true, "description": "Output only. Container for customer onboarding steps" }, "displayName": { "description": "Required. Display name for the customer", "type": "string" } } }, "Remediation": { "description": "Represents remediation guidance to resolve compliance violation for AssuredWorkload", "id": "Remediation", "properties": { "remediationType": { "description": "Output only. Remediation type based on the type of org policy values violated", "readOnly": true, "enum": [ "REMEDIATION_TYPE_UNSPECIFIED", "REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION", "REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION", "REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION", "REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION", "REMEDIATION_RESOURCE_VIOLATION" ], "type": "string", "enumDescriptions": [ "Unspecified remediation type", "Remediation type for boolean org policy", "Remediation type for list org policy which have allowed values in the monitoring rule", "Remediation type for list org policy which have denied values in the monitoring rule", "Remediation type for gcp.restrictCmekCryptoKeyProjects", "Remediation type for resource violation." ] }, "instructions": { "description": "Required. Remediation instructions to resolve violations", "$ref": "Instructions" }, "compliantValues": { "items": { "type": "string" }, "type": "array", "description": "Values that can resolve the violation For example: for list org policy violations, this will either be the list of allowed or denied values" } }, "type": "object" }, "Workload": { "description": "Contains metadata around the [Workload resource](https://cloud.google.com/assured-workloads/docs/reference/rest/Shared.Types/Workload) in the Assured Workloads API.", "type": "object", "id": "Workload", "properties": { "folder": { "description": "Output only. The name of container folder of the assured workload", "readOnly": true, "type": "string" }, "createTime": { "type": "string", "description": "Output only. Time the resource was created.", "format": "google-datetime", "readOnly": true }, "name": { "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`", "type": "string" }, "workloadOnboardingState": { "description": "Container for workload onboarding steps.", "$ref": "WorkloadOnboardingState" }, "location": { "description": "The Google Cloud location of the workload", "type": "string" }, "partner": { "enumDescriptions": [ "Unknown Partner.", "Enum representing S3NS (Thales) partner.", "Enum representing T_SYSTEM (TSI) partner.", "Enum representing SIA_MINSAIT (Indra) partner.", "Enum representing PSN (TIM) partner.", "Enum representing CNTXT (Kingdom of Saudi Arabia) partner.", "Enum representing CNXT (Kingdom of Saudi Arabia) partner offering without EKM provisioning.", "Enum representing Telefonica (Spain) partner." ], "enum": [ "PARTNER_UNSPECIFIED", "PARTNER_LOCAL_CONTROLS_BY_S3NS", "PARTNER_SOVEREIGN_CONTROLS_BY_T_SYSTEMS", "PARTNER_SOVEREIGN_CONTROLS_BY_SIA_MINSAIT", "PARTNER_SOVEREIGN_CONTROLS_BY_PSN", "PARTNER_SOVEREIGN_CONTROLS_BY_CNTXT", "PARTNER_SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM", "PARTNER_SPAIN_DATA_BOUNDARY_BY_TELEFONICA" ], "type": "string", "description": "Partner associated with this workload." }, "keyManagementProjectId": { "description": "The project id of the key management project for the workload", "type": "string" }, "folderId": { "description": "Output only. Folder id this workload is associated with", "format": "int64", "readOnly": true, "type": "string" }, "isOnboarded": { "description": "Indicates whether a workload is fully onboarded.", "type": "boolean" } } }, "WorkloadOnboardingStep": { "description": "Container for workload onboarding information.", "id": "WorkloadOnboardingStep", "properties": { "startTime": { "description": "The starting time of the onboarding step.", "format": "google-datetime", "type": "string" }, "completionState": { "readOnly": true, "description": "Output only. The completion state of the onboarding step.", "enum": [ "COMPLETION_STATE_UNSPECIFIED", "PENDING", "SUCCEEDED", "FAILED", "NOT_APPLICABLE" ], "enumDescriptions": [ "Unspecified completion state.", "Task started (has start date) but not yet completed.", "Succeeded state.", "Failed state.", "Not applicable state." ], "type": "string" }, "step": { "type": "string", "enumDescriptions": [ "Unspecified step.", "EKM Provisioned step.", "Signed Access Approval step." ], "enum": [ "STEP_UNSPECIFIED", "EKM_PROVISIONED", "SIGNED_ACCESS_APPROVAL_CONFIGURED" ], "description": "The onboarding step." }, "completionTime": { "type": "string", "description": "The completion time of the onboarding step.", "format": "google-datetime" } }, "type": "object" }, "ConnectionError": { "description": "Information around the error that occurred if the connection state is anything other than available or unspecified", "type": "object", "id": "ConnectionError", "properties": { "errorDomain": { "description": "The error domain for the error", "type": "string" }, "errorMessage": { "description": "The error message for the error", "type": "string" } } }, "CustomerOnboardingStep": { "description": "Container for customer onboarding information", "type": "object", "id": "CustomerOnboardingStep", "properties": { "startTime": { "type": "string", "description": "The starting time of the onboarding step", "format": "google-datetime" }, "completionState": { "enum": [ "COMPLETION_STATE_UNSPECIFIED", "PENDING", "SUCCEEDED", "FAILED", "NOT_APPLICABLE" ], "description": "Output only. Current state of the step", "readOnly": true, "type": "string", "enumDescriptions": [ "Unspecified completion state.", "Task started (has start date) but not yet completed.", "Succeeded state.", "Failed state.", "Not applicable state." ] }, "step": { "description": "The onboarding step", "enumDescriptions": [ "Unspecified step", "KAJ Enrollment", "Customer Environment" ], "enum": [ "STEP_UNSPECIFIED", "KAJ_ENROLLMENT", "CUSTOMER_ENVIRONMENT" ], "type": "string" }, "completionTime": { "description": "The completion time of the onboarding step", "format": "google-datetime", "type": "string" } } }, "Violation": { "type": "object", "id": "Violation", "properties": { "state": { "enumDescriptions": [ "Unspecified state.", "Violation is resolved.", "Violation is Unresolved", "Violation is Exception" ], "type": "string", "enum": [ "STATE_UNSPECIFIED", "RESOLVED", "UNRESOLVED", "EXCEPTION" ], "readOnly": true, "description": "Output only. State of the violation" }, "nonCompliantOrgPolicy": { "description": "Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and resulted this violation. Format: `projects/{project_number}/policies/{constraint_name}` `folders/{folder_id}/policies/{constraint_name}` `organizations/{organization_id}/policies/{constraint_name}`", "readOnly": true, "type": "string" }, "updateTime": { "readOnly": true, "description": "Output only. The last time when the Violation record was updated.", "format": "google-datetime", "type": "string" }, "resolveTime": { "description": "Output only. Time of the event which fixed the Violation. If the violation is ACTIVE this will be empty.", "format": "google-datetime", "readOnly": true, "type": "string" }, "name": { "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation}`", "type": "string" }, "beginTime": { "type": "string", "readOnly": true, "description": "Output only. Time of the event which triggered the Violation.", "format": "google-datetime" }, "remediation": { "readOnly": true, "description": "Output only. Compliance violation remediation", "$ref": "Remediation" }, "description": { "type": "string", "readOnly": true, "description": "Output only. Description for the Violation. e.g. OrgPolicy gcp.resourceLocations has non compliant value." }, "category": { "type": "string", "description": "Output only. Category under which this violation is mapped. e.g. Location, Service Usage, Access, Encryption, etc.", "readOnly": true }, "folderId": { "description": "The folder_id of the violation", "format": "int64", "type": "string" } }, "description": "Details of resource Violation" }, "ListAccessApprovalRequestsResponse": { "description": "Response message for list access requests.", "id": "ListAccessApprovalRequestsResponse", "properties": { "accessApprovalRequests": { "description": "List of access approval requests", "type": "array", "items": { "$ref": "AccessApprovalRequest" } }, "unreachable": { "description": "Locations that could not be reached.", "items": { "type": "string" }, "type": "array" }, "nextPageToken": { "description": "A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" } }, "type": "object" }, "AccessApprovalRequest": { "description": "Details about the Access request.", "type": "object", "id": "AccessApprovalRequest", "properties": { "name": { "description": "Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/accessApprovalRequests/{access_approval_request}`", "type": "string" }, "requestTime": { "description": "The time at which approval was requested.", "format": "google-datetime", "type": "string" }, "requestedReason": { "description": "The justification for which approval is being requested.", "$ref": "AccessReason" }, "requestedExpirationTime": { "description": "The requested expiration for the approval. If the request is approved, access will be granted from the time of approval until the expiration time.", "format": "google-datetime", "type": "string" } } }, "Empty": { "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }", "type": "object", "id": "Empty", "properties": {} }, "Sku": { "type": "object", "id": "Sku", "properties": { "id": { "description": "Argentum product SKU, that is associated with the partner offerings to customers used by Syntro for billing purposes. SKUs can represent resold Google products or support services.", "type": "string" }, "displayName": { "description": "Display name of the product identified by the SKU. A partner may want to show partner branded names for their offerings such as local sovereign cloud solutions.", "type": "string" } }, "description": "Represents the SKU a partner owns inside Google Cloud to sell to customers." }, "Partner": { "description": "Message describing Partner resource", "id": "Partner", "properties": { "updateTime": { "type": "string", "description": "Output only. The last time the resource was updated", "format": "google-datetime", "readOnly": true }, "ekmSolutions": { "type": "array", "items": { "$ref": "EkmMetadata" }, "description": "List of Google Cloud supported EKM partners supported by the partner" }, "createTime": { "type": "string", "description": "Output only. Time the resource was created", "format": "google-datetime", "readOnly": true }, "operatedCloudRegions": { "items": { "type": "string" }, "type": "array", "description": "List of Google Cloud regions that the partner sells services to customers. Valid Google Cloud regions found here: https://cloud.google.com/compute/docs/regions-zones" }, "name": { "description": "Identifier. The resource name of the partner. Format: `organizations/{organization}/locations/{location}/partner` Example: \"organizations/123456/locations/us-central1/partner\"", "type": "string" }, "partnerProjectId": { "description": "Google Cloud project ID in the partner's Google Cloud organization for receiving enhanced Logs for Partners.", "type": "string" }, "skus": { "type": "array", "items": { "$ref": "Sku" }, "description": "List of SKUs the partner is offering" } }, "type": "object" }, "Instructions": { "description": "Instructions to remediate violation", "type": "object", "id": "Instructions", "properties": { "gcloudInstructions": { "description": "Remediation instructions to resolve violation via gcloud cli", "$ref": "Gcloud" }, "consoleInstructions": { "description": "Remediation instructions to resolve violation via cloud console", "$ref": "Console" } } } }, "version": "v1", "canonicalName": "Cloud Controls Partner Service", "mtlsRootUrl": "https://cloudcontrolspartner.mtls.googleapis.com/" }