- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- RestrictionType
Restrict the list of resources allowed in the Workload environment. The current list of allowed products can be found at https://cloud.google.com/assured-workloads/docs/supported-products In addition to assuredworkloads.workload.update permission, the user should also have orgpolicy.policy.set permission on the folder resource to use this functionality.
HTTP request
POST https://{endpoint}/v1beta1/{name=organizations/*/locations/*/workloads/*}:restrictAllowedResources
Where {endpoint}
is one of the supported service endpoints.
The URLs use gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. The resource name of the Workload. This is the workloads's relative path in the API, formatted as "organizations/{organization_id}/locations/{locationId}/workloads/{workload_id}". For example, "organizations/123/locations/us-east1/workloads/assured-workload-1". |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{
"restrictionType": enum ( |
Fields | |
---|---|
restrictionType |
Required. The type of restriction for using gcp products in the Workload environment. |
Response body
If successful, the response body is empty.
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the name
resource:
assuredworkloads.workload.update
For more information, see the IAM documentation.
RestrictionType
The type of restriction.
Enums | |
---|---|
RESTRICTION_TYPE_UNSPECIFIED |
Unknown restriction type. |
ALLOW_ALL_GCP_RESOURCES |
Allow the use all of all gcp products, irrespective of the compliance posture. This effectively removes gcp.restrictServiceUsage OrgPolicy on the AssuredWorkloads Folder. |
ALLOW_COMPLIANT_RESOURCES |
Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources. |
APPEND_COMPLIANT_RESOURCES |
Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of compliant resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows. |