REST Resource: organizations.locations.workloads

{
  "name": string,
  "displayName": string,
  "resources": [
    {
      object (ResourceInfo)
    }
  ],
  "complianceRegime": enum (ComplianceRegime),
  "createTime": string,
  "billingAccount": string,
  "etag": string,
  "labels": {
    string: string,
    ...
  },
  "provisionedResourcesParent": string,
  "kmsSettings": {
    object (KMSSettings)
  },
  "resourceSettings": [
    {
      object (ResourceSettings)
    }
  ],
  "kajEnrollmentState": enum (KajEnrollmentState),
  "enableSovereignControls": boolean,
  "saaEnrollmentResponse": {
    object (SaaEnrollmentResponse)
  },
  "complianceStatus": {
    object (ComplianceStatus)
  },
  "compliantButDisallowedServices": [
    string
  ],
  "partner": enum (Partner),

  // Union field compliance_regime_settings can be only one of the following:
  "il4Settings": {
    object (IL4Settings)
  },
  "cjisSettings": {
    object (CJISSettings)
  },
  "fedrampHighSettings": {
    object (FedrampHighSettings)
  },
  "fedrampModerateSettings": {
    object (FedrampModerateSettings)
  }
  // End of list of possible types for union field compliance_regime_settings.
}

string

Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload}

Read-only.

string

Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces.

Example: My Workload

object (ResourceInfo)

Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

enum (ComplianceRegime)

Required. Immutable. Compliance Regime associated with this workload.

string (Timestamp format)

Output only. Immutable. The Workload creation timestamp.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string

Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

string

Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.

map (key: string, value: string)

Optional. Labels applied to the workload.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

string

Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

object (KMSSettings)

Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

object (ResourceSettings)

Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

enum (KajEnrollmentState)

Output only. Represents the KAJ enrollment state of the given workload.

boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

object (SaaEnrollmentResponse)

Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

object (ComplianceStatus)

Output only. Count of active Violations in the Workload.

string

Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment."

enum (Partner)

Optional. Compliance Regime associated with this workload.

object (IL4Settings)

Input only. Immutable. Settings specific to resources needed for IL4.

object (CJISSettings)

Input only. Immutable. Settings specific to resources needed for CJIS.

object (FedrampHighSettings)

Input only. Immutable. Settings specific to resources needed for FedRAMP High.

object (FedrampModerateSettings)

Input only. Immutable. Settings specific to resources needed for FedRAMP Moderate.

{
  "kmsSettings": {
    object (KMSSettings)
  }
}

object (KMSSettings)

Input only. Immutable. Settings used to create a CMEK crypto key.

{
  "nextRotationTime": string,
  "rotationPeriod": string
}

string (Timestamp format)

Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string (Duration format)

Required. Input only. Immutable. [nextRotationTime] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

{
  "kmsSettings": {
    object (KMSSettings)
  }
}

object (KMSSettings)

Input only. Immutable. Settings used to create a CMEK crypto key.

{
  "kmsSettings": {
    object (KMSSettings)
  }
}

object (KMSSettings)

Input only. Immutable. Settings used to create a CMEK crypto key.

{
  "kmsSettings": {
    object (KMSSettings)
  }
}

object (KMSSettings)

Input only. Immutable. Settings used to create a CMEK crypto key.

{
  "resourceId": string,
  "resourceType": enum (ResourceType)
}

string (int64 format)

Resource identifier. For a project this represents project_number.

enum (ResourceType)

Indicates the type of resource.

{
  "resourceId": string,
  "resourceType": enum (ResourceType),
  "displayName": string
}

string

Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

enum (ResourceType)

Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)

string

User-assigned resource display name. If not empty it will be used to create a resource with the specified name.

{
  "setupErrors": [
    enum (SetupError)
  ],
  "setupStatus": enum (SetupState)
}

enum (SetupError)

Indicates SAA enrollment setup error if any.

enum (SetupState)

Indicates SAA enrollment status of a given workload.

{
  "activeViolationCount": integer,
  "acknowledgedViolationCount": integer
}

integer

Count of active Violations which haven't been acknowledged.

integer

Count of active Violations which are acknowledged in the Workload.