REST Resource: organizations.locations.workloads.violations

Stay organized with collections Save and categorize content based on your preferences.

Resource: Violation

Workload monitoring Violation.

JSON representation
{
  "name": string,
  "description": string,
  "beginTime": string,
  "updateTime": string,
  "resolveTime": string,
  "category": string,
  "state": enum (State),
  "orgPolicyConstraint": string,
  "auditLogLink": string,
  "nonCompliantOrgPolicy": string,
  "remediation": {
    object (Remediation)
  },
  "acknowledged": boolean,
  "exceptionAuditLogLink": string,
  "acknowledgementTime": string
}
Fields
name

string

Output only. Immutable. Name of the Violation. Format: organizations/{organization}/locations/{location}/workloads/{workload_id}/violations/{violations_id}

description

string

Output only. Description for the Violation. e.g. OrgPolicy gcp.resourceLocations has non compliant value.

beginTime

string (Timestamp format)

Output only. Time of the event which triggered the Violation.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. The last time when the Violation record was updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

resolveTime

string (Timestamp format)

Output only. Time of the event which fixed the Violation. If the violation is ACTIVE this will be empty.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

category

string

Output only. Category under which this violation is mapped. e.g. Location, Service Usage, Access, Encryption, etc.

state

enum (State)

Output only. State of the violation

orgPolicyConstraint

string

Output only. Immutable. The org-policy-constraint that was incorrectly changed, which resulted in this violation.

nonCompliantOrgPolicy

string

Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and resulted this violation. Format: projects/{project_number}/policies/{constraint_name} folders/{folder_id}/policies/{constraint_name} organizations/{organization_id}/policies/{constraint_name}

remediation

object (Remediation)

Output only. Compliance violation remediation

acknowledged

boolean

A boolean that indicates if the violation is acknowledged

acknowledgementTime

string (Timestamp format)

Optional. Timestamp when this violation was acknowledged last. This will be absent when acknowledged field is marked as false.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

State

Violation State Values

Enums
STATE_UNSPECIFIED Unspecified state.
RESOLVED Violation is resolved.
UNRESOLVED Violation is Unresolved
EXCEPTION Violation is Exception

Remediation

Represents remediation guidance to resolve compliance violation for AssuredWorkload

JSON representation
{
  "instructions": {
    object (Instructions)
  },
  "compliantValues": [
    string
  ],
  "remediationType": enum (RemediationType)
}
Fields
instructions

object (Instructions)

Required. Remediation instructions to resolve violations

compliantValues[]

string

Values that can resolve the violation For example: for list org policy violations, this will either be the list of allowed or denied values

remediationType

enum (RemediationType)

Output only. Reemediation type based on the type of org policy values violated

Instructions

Instructions to remediate violation

JSON representation
{
  "gcloudInstructions": {
    object (Gcloud)
  },
  "consoleInstructions": {
    object (Console)
  }
}
Fields
gcloudInstructions

object (Gcloud)

Remediation instructions to resolve violation via gcloud cli

consoleInstructions

object (Console)

Remediation instructions to resolve violation via cloud console

Gcloud

Remediation instructions to resolve violation via gcloud cli

JSON representation
{
  "gcloudCommands": [
    string
  ],
  "steps": [
    string
  ],
  "additionalLinks": [
    string
  ]
}
Fields
gcloudCommands[]

string

Gcloud command to resolve violation

steps[]

string

Steps to resolve violation via gcloud cli

Console

Remediation instructions to resolve violation via cloud console

JSON representation
{
  "consoleUris": [
    string
  ],
  "steps": [
    string
  ],
  "additionalLinks": [
    string
  ]
}
Fields
consoleUris[]

string

Link to console page where violations can be resolved

steps[]

string

Steps to resolve violation via cloud console

RemediationType

Classifying remediation into various types based on the kind of violation. For example, violations caused due to changes in boolean org policy requires different remediation instructions compared to violation caused due to changes in allowed values of list org policy.

Enums
REMEDIATION_TYPE_UNSPECIFIED Unspecified remediation type
REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION Remediation type for boolean org policy
REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION Remediation type for list org policy which have allowed values in the monitoring rule
REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION Remediation type for list org policy which have denied values in the monitoring rule
REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION Remediation type for gcp.restrictCmekCryptoKeyProjects

Methods

acknowledge

Acknowledges an existing violation.

get

Retrieves Assured Workload Violation based on ID.

list

Lists the Violations in the AssuredWorkload Environment.