REST Resource: organizations.locations.workloads.violations

Resource: Violation

Workload monitoring Violation.

JSON representation
{
  "name": string,
  "description": string,
  "beginTime": string,
  "updateTime": string,
  "resolveTime": string,
  "category": string,
  "state": enum (State),
  "orgPolicyConstraint": string,
  "auditLogLink": string,
  "nonCompliantOrgPolicy": string,
  "remediation": {
    object (Remediation)
  },
  "acknowledged": boolean,
  "exceptionAuditLogLink": string,
  "exceptionContexts": [
    {
      object (ExceptionContext)
    }
  ],
  "violationType": enum (ViolationType),
  "associatedOrgPolicyViolationId": string,
  "parentProjectNumber": string,
  "resourceType": string,
  "resourceName": string,
  "acknowledgementTime": string
}
Fields
name

string

Output only. Immutable. Name of the Violation. Format: organizations/{organization}/locations/{location}/workloads/{workload_id}/violations/{violations_id}

description

string

Output only. Description for the Violation. e.g. OrgPolicy gcp.resourceLocations has non compliant value.

beginTime

string (Timestamp format)

Output only. Time of the event which triggered the Violation.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. The last time when the Violation record was updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

resolveTime

string (Timestamp format)

Output only. Time of the event which fixed the Violation. If the violation is ACTIVE this will be empty.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

category

string

Output only. Category under which this violation is mapped. e.g. Location, Service Usage, Access, Encryption, etc.

state

enum (State)

Output only. State of the violation

orgPolicyConstraint
(deprecated)

string

Output only. Immutable. The org-policy-constraint that was incorrectly changed, which resulted in this violation.

nonCompliantOrgPolicy

string

Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and resulted this violation. Format: projects/{project_number}/policies/{constraint_name} folders/{folderId}/policies/{constraint_name} organizations/{organization_id}/policies/{constraint_name}

remediation

object (Remediation)

Output only. Compliance violation remediation

acknowledged

boolean

A boolean that indicates if the violation is acknowledged

exceptionContexts[]

object (ExceptionContext)

Output only. List of all the exception detail added for the violation.

violationType

enum (ViolationType)

Output only. Type of the violation

associatedOrgPolicyViolationId

string

Optional. Output only. Violation Id of the org-policy violation due to which the resource violation is caused. Empty for org-policy violations.

parentProjectNumber

string

Optional. Output only. Parent project number where resource is present. Empty for org-policy violations.

resourceType

string

Optional. Output only. Type of the resource like compute.googleapis.com/Disk, etc. Empty for org-policy violations.

resourceName

string

Optional. Output only. Name of the resource like //storage.googleapis.com/myprojectxyz-testbucket. Empty for org-policy violations.

acknowledgementTime

string (Timestamp format)

Optional. Timestamp when this violation was acknowledged first. Check exceptionContexts to find the last time the violation was acknowledged when there are more than one violations. This field will be absent when acknowledged field is marked as false.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

State

Violation State Values

Enums
STATE_UNSPECIFIED Unspecified state.
RESOLVED Violation is resolved.
UNRESOLVED Violation is Unresolved
EXCEPTION Violation is Exception

Remediation

Represents remediation guidance to resolve compliance violation for AssuredWorkload

JSON representation
{
  "instructions": {
    object (Instructions)
  },
  "compliantValues": [
    string
  ],
  "remediationType": enum (RemediationType)
}
Fields
instructions

object (Instructions)

Required. Remediation instructions to resolve violations

compliantValues[]

string

Values that can resolve the violation For example: for list org policy violations, this will either be the list of allowed or denied values

remediationType

enum (RemediationType)

Output only. Reemediation type based on the type of org policy values violated

Instructions

Instructions to remediate violation

JSON representation
{
  "gcloudInstructions": {
    object (Gcloud)
  },
  "consoleInstructions": {
    object (Console)
  }
}
Fields
gcloudInstructions

object (Gcloud)

Remediation instructions to resolve violation via gcloud cli

consoleInstructions

object (Console)

Remediation instructions to resolve violation via cloud console

Gcloud

Remediation instructions to resolve violation via gcloud cli

JSON representation
{
  "gcloudCommands": [
    string
  ],
  "steps": [
    string
  ],
  "additionalLinks": [
    string
  ]
}
Fields
gcloudCommands[]

string

Gcloud command to resolve violation

steps[]

string

Steps to resolve violation via gcloud cli

Console

Remediation instructions to resolve violation via cloud console

JSON representation
{
  "consoleUris": [
    string
  ],
  "steps": [
    string
  ],
  "additionalLinks": [
    string
  ]
}
Fields
consoleUris[]

string

Link to console page where violations can be resolved

steps[]

string

Steps to resolve violation via cloud console

RemediationType

Classifying remediation into various types based on the kind of violation. For example, violations caused due to changes in boolean org policy requires different remediation instructions compared to violation caused due to changes in allowed values of list org policy.

Enums
REMEDIATION_TYPE_UNSPECIFIED Unspecified remediation type
REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION Remediation type for boolean org policy
REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION Remediation type for list org policy which have allowed values in the monitoring rule
REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION Remediation type for list org policy which have denied values in the monitoring rule
REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION Remediation type for gcp.restrictCmekCryptoKeyProjects
REMEDIATION_RESOURCE_VIOLATION Remediation type for resource violation.
REMEDIATION_RESOURCE_VIOLATION_NON_CMEK_SERVICES Remediation type for resource violation due to gcp.restrictNonCmekServices

ExceptionContext

Violation exception detail.

JSON representation
{
  "comment": string,
  "acknowledgementTime": string,
  "userName": string
}
Fields
comment

string

Business justification provided towards the acknowledgement of the violation.

acknowledgementTime

string (Timestamp format)

Timestamp when the violation was acknowledged.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

userName

string

Name of the user (or service account) who acknowledged the violation.

ViolationType

Violation Type Values

Enums
VIOLATION_TYPE_UNSPECIFIED Unspecified type.
ORG_POLICY Org Policy Violation.
RESOURCE Resource Violation.

Methods

acknowledge

Acknowledges an existing violation.

get

Retrieves Assured Workload Violation based on ID.

list

Lists the Violations in the AssuredWorkload Environment.