Method: organizations.locations.workloads.restrictAllowedServices

HTTP request
Path parameters
Request body
- JSON representation
Response body
Authorization Scopes
IAM Permissions
RestrictionType

Restrict the list of services allowed in the Workload environment. The current list of allowed services can be found at https://cloud.google.com/assured-workloads/docs/supported-products In addition to assuredworkloads.workload.create permission, the user should also have orgpolicy.policy.set permission on the folder resource to use this functionality.

HTTP request

POST https://{endpoint}/v1beta1/{name=organizations/*/locations/*/workloads/*}:restrictAllowedServices

Where {endpoint} is one of the supported service endpoints.

The URLs use gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`name`	`string` Required. The resource name of the Workload. This is the workloads's relative path in the API, formatted as "organizations/{organization_id}/locations/{locationId}/workloads/{workload_id}". For example, "organizations/123/locations/us-east1/workloads/assured-workload-1".

name

string

Required. The resource name of the Workload. This is the workloads's relative path in the API, formatted as "organizations/{organization_id}/locations/{locationId}/workloads/{workload_id}". For example, "organizations/123/locations/us-east1/workloads/assured-workload-1".

Request body

The request body contains data with the following structure:

JSON representation
{ "restrictionType": enum (`RestrictionType`) }

Fields

Fields
`restrictionType`	`enum (RestrictionType)` Required. The type of restriction for using gcp services in the Workload environment.

restrictionType

enum (RestrictionType)

Required. The type of restriction for using gcp services in the Workload environment.

Response body

If successful, the response body is empty.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

assuredworkloads.workload.update

For more information, see the IAM documentation.

RestrictionType

The type of restriction.

Enums
`RESTRICTION_TYPE_UNSPECIFIED`	Unknown restriction type.
`ALLOW_ALL_GCP_SERVICES`	Allow the use all services. This effectively remove all restrictions placed on the Folder.
`ALLOW_COMPLIANT_SERVICES`	Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of allowed services.