Resource: Violation
Workload monitoring Violation.
JSON representation |
---|
{ "name": string, "description": string, "beginTime": string, "updateTime": string, "resolveTime": string, "category": string, "state": enum ( |
Fields | |
---|---|
name |
Output only. Immutable. Name of the Violation. Format: organizations/{organization}/locations/{location}/workloads/{workload_id}/violations/{violations_id} |
description |
Output only. Description for the Violation. e.g. OrgPolicy gcp.resourceLocations has non compliant value. |
beginTime |
Output only. Time of the event which triggered the Violation. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
Output only. The last time when the Violation record was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
resolveTime |
Output only. Time of the event which fixed the Violation. If the violation is ACTIVE this will be empty. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
category |
Output only. Category under which this violation is mapped. e.g. Location, Service Usage, Access, Encryption, etc. |
state |
Output only. State of the violation |
orgPolicyConstraint |
Output only. Immutable. The org-policy-constraint that was incorrectly changed, which resulted in this violation. |
auditLogLink |
Output only. Immutable. Audit Log Link for violated resource Format: https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{timeRange}{folder} |
nonCompliantOrgPolicy |
Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and resulted this violation. Format: projects/{project_number}/policies/{constraint_name} folders/{folder_id}/policies/{constraint_name} organizations/{organization_id}/policies/{constraint_name} |
remediation |
Output only. Compliance violation remediation |
acknowledged |
A boolean that indicates if the violation is acknowledged |
exceptionAuditLogLink |
Output only. Immutable. Audit Log link to find business justification provided for violation exception. Format: https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{protoPayload.methodName}{timeRange}{organization} |
acknowledgementTime |
Optional. Timestamp when this violation was acknowledged last. This will be absent when acknowledged field is marked as false. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
State
Violation State Values
Enums | |
---|---|
STATE_UNSPECIFIED |
Unspecified state. |
RESOLVED |
Violation is resolved. |
UNRESOLVED |
Violation is Unresolved |
EXCEPTION |
Violation is Exception |
Remediation
Represents remediation guidance to resolve compliance violation for AssuredWorkload
JSON representation |
---|
{ "instructions": { object ( |
Fields | |
---|---|
instructions |
Required. Remediation instructions to resolve violations |
compliantValues[] |
Values that can resolve the violation For example: for list org policy violations, this will either be the list of allowed or denied values |
remediationType |
Output only. Reemediation type based on the type of org policy values violated |
Instructions
Instructions to remediate violation
JSON representation |
---|
{ "gcloudInstructions": { object ( |
Fields | |
---|---|
gcloudInstructions |
Remediation instructions to resolve violation via gcloud cli |
consoleInstructions |
Remediation instructions to resolve violation via cloud console |
Gcloud
Remediation instructions to resolve violation via gcloud cli
JSON representation |
---|
{ "gcloudCommands": [ string ], "steps": [ string ], "additionalLinks": [ string ] } |
Fields | |
---|---|
gcloudCommands[] |
Gcloud command to resolve violation |
steps[] |
Steps to resolve violation via gcloud cli |
additionalLinks[] |
Additional urls for more information about steps |
Console
Remediation instructions to resolve violation via cloud console
JSON representation |
---|
{ "consoleUris": [ string ], "steps": [ string ], "additionalLinks": [ string ] } |
Fields | |
---|---|
consoleUris[] |
Link to console page where violations can be resolved |
steps[] |
Steps to resolve violation via cloud console |
additionalLinks[] |
Additional urls for more information about steps |
RemediationType
Classifying remediation into various types based on the kind of violation. For example, violations caused due to changes in boolean org policy requires different remediation instructions compared to violation caused due to changes in allowed values of list org policy.
Enums | |
---|---|
REMEDIATION_TYPE_UNSPECIFIED |
Unspecified remediation type |
REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION |
Remediation type for boolean org policy |
REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION |
Remediation type for list org policy which have allowed values in the monitoring rule |
REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION |
Remediation type for list org policy which have denied values in the monitoring rule |
REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION |
Remediation type for gcp.restrictCmekCryptoKeyProjects |
Methods |
|
---|---|
|
Acknowledges an existing violation. |
|
Retrieves Assured Workload Violation based on ID. |
|
Lists the Violations in the AssuredWorkload Environment. |