Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.assuredworkloads/v1.getWorkload

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

Using getWorkload

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getWorkload(args: GetWorkloadArgs, opts?: InvokeOptions): Promise<GetWorkloadResult>
function getWorkloadOutput(args: GetWorkloadOutputArgs, opts?: InvokeOptions): Output<GetWorkloadResult>

def get_workload(location: Optional[str] = None,
                 organization_id: Optional[str] = None,
                 workload_id: Optional[str] = None,
                 opts: Optional[InvokeOptions] = None) -> GetWorkloadResult
def get_workload_output(location: Optional[pulumi.Input[str]] = None,
                 organization_id: Optional[pulumi.Input[str]] = None,
                 workload_id: Optional[pulumi.Input[str]] = None,
                 opts: Optional[InvokeOptions] = None) -> Output[GetWorkloadResult]

func LookupWorkload(ctx *Context, args *LookupWorkloadArgs, opts ...InvokeOption) (*LookupWorkloadResult, error)
func LookupWorkloadOutput(ctx *Context, args *LookupWorkloadOutputArgs, opts ...InvokeOption) LookupWorkloadResultOutput

> Note: This function is named LookupWorkload in the Go SDK.

public static class GetWorkload 
{
    public static Task<GetWorkloadResult> InvokeAsync(GetWorkloadArgs args, InvokeOptions? opts = null)
    public static Output<GetWorkloadResult> Invoke(GetWorkloadInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetWorkloadResult> getWorkload(GetWorkloadArgs args, InvokeOptions options)
public static Output<GetWorkloadResult> getWorkload(GetWorkloadArgs args, InvokeOptions options)

fn::invoke:
  function: google-native:assuredworkloads/v1:getWorkload
  arguments:
    # arguments dictionary

The following arguments are supported:

Location string
OrganizationId string
WorkloadId string

Location string
OrganizationId string
WorkloadId string

location String
organizationId String
workloadId String

location string
organizationId string
workloadId string

location str
organization_id str
workload_id str

location String
organizationId String
workloadId String

getWorkload Result

The following output properties are available:

BillingAccount string: Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
ComplianceRegime string: Immutable. Compliance Regime associated with this workload.
ComplianceStatus Pulumi.GoogleNative.AssuredWorkloads.V1.Outputs.GoogleCloudAssuredworkloadsV1WorkloadComplianceStatusResponse: Count of active Violations in the Workload.
CompliantButDisallowedServices List<string>: Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
CreateTime string: Immutable. The Workload creation timestamp.
DisplayName string: The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
EkmProvisioningResponse Pulumi.GoogleNative.AssuredWorkloads.V1.Outputs.GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponseResponse: Represents the Ekm Provisioning State of the given workload.
EnableSovereignControls bool: Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
Etag string: Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
KajEnrollmentState string: Represents the KAJ enrollment state of the given workload.
KmsSettings Pulumi.GoogleNative.AssuredWorkloads.V1.Outputs.GoogleCloudAssuredworkloadsV1WorkloadKMSSettingsResponse: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
Deprecated: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
Labels Dictionary<string, string>: Optional. Labels applied to the workload.
Name string: Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
Partner string: Optional. Partner regime associated with this workload.
PartnerPermissions Pulumi.GoogleNative.AssuredWorkloads.V1.Outputs.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissionsResponse: Optional. Permissions granted to the AW Partner SA account for the customer workload
ProvisionedResourcesParent string: Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
ResourceMonitoringEnabled bool: Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
ResourceSettings List<Pulumi.GoogleNative.AssuredWorkloads.V1.Outputs.GoogleCloudAssuredworkloadsV1WorkloadResourceSettingsResponse>: Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
Resources List<Pulumi.GoogleNative.AssuredWorkloads.V1.Outputs.GoogleCloudAssuredworkloadsV1WorkloadResourceInfoResponse>: The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
SaaEnrollmentResponse Pulumi.GoogleNative.AssuredWorkloads.V1.Outputs.GoogleCloudAssuredworkloadsV1WorkloadSaaEnrollmentResponseResponse: Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
ViolationNotificationsEnabled bool: Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

BillingAccount string: Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
ComplianceRegime string: Immutable. Compliance Regime associated with this workload.
ComplianceStatus GoogleCloudAssuredworkloadsV1WorkloadComplianceStatusResponse: Count of active Violations in the Workload.
CompliantButDisallowedServices []string: Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
CreateTime string: Immutable. The Workload creation timestamp.
DisplayName string: The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
EkmProvisioningResponse GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponseResponse: Represents the Ekm Provisioning State of the given workload.
EnableSovereignControls bool: Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
Etag string: Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
KajEnrollmentState string: Represents the KAJ enrollment state of the given workload.
KmsSettings GoogleCloudAssuredworkloadsV1WorkloadKMSSettingsResponse: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
Deprecated: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
Labels map[string]string: Optional. Labels applied to the workload.
Name string: Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
Partner string: Optional. Partner regime associated with this workload.
PartnerPermissions GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissionsResponse: Optional. Permissions granted to the AW Partner SA account for the customer workload
ProvisionedResourcesParent string: Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
ResourceMonitoringEnabled bool: Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
ResourceSettings []GoogleCloudAssuredworkloadsV1WorkloadResourceSettingsResponse: Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
Resources []GoogleCloudAssuredworkloadsV1WorkloadResourceInfoResponse: The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
SaaEnrollmentResponse GoogleCloudAssuredworkloadsV1WorkloadSaaEnrollmentResponseResponse: Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
ViolationNotificationsEnabled bool: Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

billingAccount String: Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
complianceRegime String: Immutable. Compliance Regime associated with this workload.
complianceStatus GoogleCloudAssuredworkloadsV1WorkloadComplianceStatusResponse: Count of active Violations in the Workload.
compliantButDisallowedServices List<String>: Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime String: Immutable. The Workload creation timestamp.
displayName String: The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
ekmProvisioningResponse GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponseResponse: Represents the Ekm Provisioning State of the given workload.
enableSovereignControls Boolean: Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
etag String: Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
kajEnrollmentState String: Represents the KAJ enrollment state of the given workload.
kmsSettings GoogleCloudAssuredworkloadsV1WorkloadKMSSettingsResponse: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
Deprecated: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
labels Map<String,String>: Optional. Labels applied to the workload.
name String: Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
partner String: Optional. Partner regime associated with this workload.
partnerPermissions GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissionsResponse: Optional. Permissions granted to the AW Partner SA account for the customer workload
provisionedResourcesParent String: Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
resourceMonitoringEnabled Boolean: Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
resourceSettings List<GoogleCloudAssuredworkloadsV1WorkloadResourceSettingsResponse>: Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
resources List<GoogleCloudAssuredworkloadsV1WorkloadResourceInfoResponse>: The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponse GoogleCloudAssuredworkloadsV1WorkloadSaaEnrollmentResponseResponse: Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
violationNotificationsEnabled Boolean: Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

billingAccount string: Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
complianceRegime string: Immutable. Compliance Regime associated with this workload.
complianceStatus GoogleCloudAssuredworkloadsV1WorkloadComplianceStatusResponse: Count of active Violations in the Workload.
compliantButDisallowedServices string[]: Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime string: Immutable. The Workload creation timestamp.
displayName string: The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
ekmProvisioningResponse GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponseResponse: Represents the Ekm Provisioning State of the given workload.
enableSovereignControls boolean: Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
etag string: Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
kajEnrollmentState string: Represents the KAJ enrollment state of the given workload.
kmsSettings GoogleCloudAssuredworkloadsV1WorkloadKMSSettingsResponse: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
Deprecated: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
labels {[key: string]: string}: Optional. Labels applied to the workload.
name string: Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
partner string: Optional. Partner regime associated with this workload.
partnerPermissions GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissionsResponse: Optional. Permissions granted to the AW Partner SA account for the customer workload
provisionedResourcesParent string: Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
resourceMonitoringEnabled boolean: Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
resourceSettings GoogleCloudAssuredworkloadsV1WorkloadResourceSettingsResponse[]: Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
resources GoogleCloudAssuredworkloadsV1WorkloadResourceInfoResponse[]: The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponse GoogleCloudAssuredworkloadsV1WorkloadSaaEnrollmentResponseResponse: Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
violationNotificationsEnabled boolean: Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

billing_account str: Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
compliance_regime str: Immutable. Compliance Regime associated with this workload.
compliance_status GoogleCloudAssuredworkloadsV1WorkloadComplianceStatusResponse: Count of active Violations in the Workload.
compliant_but_disallowed_services Sequence[str]: Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
create_time str: Immutable. The Workload creation timestamp.
display_name str: The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
ekm_provisioning_response GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponseResponse: Represents the Ekm Provisioning State of the given workload.
enable_sovereign_controls bool: Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
etag str: Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
kaj_enrollment_state str: Represents the KAJ enrollment state of the given workload.
kms_settings GoogleCloudAssuredworkloadsV1WorkloadKMSSettingsResponse: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
Deprecated: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
labels Mapping[str, str]: Optional. Labels applied to the workload.
name str: Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
partner str: Optional. Partner regime associated with this workload.
partner_permissions GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissionsResponse: Optional. Permissions granted to the AW Partner SA account for the customer workload
provisioned_resources_parent str: Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
resource_monitoring_enabled bool: Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
resource_settings Sequence[GoogleCloudAssuredworkloadsV1WorkloadResourceSettingsResponse]: Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
resources Sequence[GoogleCloudAssuredworkloadsV1WorkloadResourceInfoResponse]: The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saa_enrollment_response GoogleCloudAssuredworkloadsV1WorkloadSaaEnrollmentResponseResponse: Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
violation_notifications_enabled bool: Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

billingAccount String: Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.
complianceRegime String: Immutable. Compliance Regime associated with this workload.
complianceStatus Property Map: Count of active Violations in the Workload.
compliantButDisallowedServices List<String>: Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime String: Immutable. The Workload creation timestamp.
displayName String: The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
ekmProvisioningResponse Property Map: Represents the Ekm Provisioning State of the given workload.
enableSovereignControls Boolean: Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
etag String: Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.
kajEnrollmentState String: Represents the KAJ enrollment state of the given workload.
kmsSettings Property Map: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
Deprecated: Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
labels Map<String>: Optional. Labels applied to the workload.
name String: Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload} Read-only.
partner String: Optional. Partner regime associated with this workload.
partnerPermissions Property Map: Optional. Permissions granted to the AW Partner SA account for the customer workload
provisionedResourcesParent String: Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}
resourceMonitoringEnabled Boolean: Indicates whether resource monitoring is enabled for workload or not. It is true when Resource feed is subscribed to AWM topic and AWM Service Agent Role is binded to AW Service Account for resource Assured workload.
resourceSettings List<Property Map>: Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
resources List<Property Map>: The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponse Property Map: Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.
violationNotificationsEnabled Boolean: Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

Supporting Types

GoogleCloudAssuredworkloadsV1WorkloadComplianceStatusResponse

AcknowledgedResourceViolationCount int: Number of current resource violations which are not acknowledged.
AcknowledgedViolationCount int: Number of current orgPolicy violations which are acknowledged.
ActiveResourceViolationCount int: Number of current resource violations which are acknowledged.
ActiveViolationCount int: Number of current orgPolicy violations which are not acknowledged.

AcknowledgedResourceViolationCount int: Number of current resource violations which are not acknowledged.
AcknowledgedViolationCount int: Number of current orgPolicy violations which are acknowledged.
ActiveResourceViolationCount int: Number of current resource violations which are acknowledged.
ActiveViolationCount int: Number of current orgPolicy violations which are not acknowledged.

acknowledgedResourceViolationCount Integer: Number of current resource violations which are not acknowledged.
acknowledgedViolationCount Integer: Number of current orgPolicy violations which are acknowledged.
activeResourceViolationCount Integer: Number of current resource violations which are acknowledged.
activeViolationCount Integer: Number of current orgPolicy violations which are not acknowledged.

acknowledgedResourceViolationCount number: Number of current resource violations which are not acknowledged.
acknowledgedViolationCount number: Number of current orgPolicy violations which are acknowledged.
activeResourceViolationCount number: Number of current resource violations which are acknowledged.
activeViolationCount number: Number of current orgPolicy violations which are not acknowledged.

acknowledged_resource_violation_count int: Number of current resource violations which are not acknowledged.
acknowledged_violation_count int: Number of current orgPolicy violations which are acknowledged.
active_resource_violation_count int: Number of current resource violations which are acknowledged.
active_violation_count int: Number of current orgPolicy violations which are not acknowledged.

acknowledgedResourceViolationCount Number: Number of current resource violations which are not acknowledged.
acknowledgedViolationCount Number: Number of current orgPolicy violations which are acknowledged.
activeResourceViolationCount Number: Number of current resource violations which are acknowledged.
activeViolationCount Number: Number of current orgPolicy violations which are not acknowledged.

GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponseResponse

EkmProvisioningErrorDomain string: Indicates Ekm provisioning error if any.
EkmProvisioningErrorMapping string: Detailed error message if Ekm provisioning fails
EkmProvisioningState string: Indicates Ekm enrollment Provisioning of a given workload.

EkmProvisioningErrorDomain string: Indicates Ekm provisioning error if any.
EkmProvisioningErrorMapping string: Detailed error message if Ekm provisioning fails
EkmProvisioningState string: Indicates Ekm enrollment Provisioning of a given workload.

ekmProvisioningErrorDomain String: Indicates Ekm provisioning error if any.
ekmProvisioningErrorMapping String: Detailed error message if Ekm provisioning fails
ekmProvisioningState String: Indicates Ekm enrollment Provisioning of a given workload.

ekmProvisioningErrorDomain string: Indicates Ekm provisioning error if any.
ekmProvisioningErrorMapping string: Detailed error message if Ekm provisioning fails
ekmProvisioningState string: Indicates Ekm enrollment Provisioning of a given workload.

ekm_provisioning_error_domain str: Indicates Ekm provisioning error if any.
ekm_provisioning_error_mapping str: Detailed error message if Ekm provisioning fails
ekm_provisioning_state str: Indicates Ekm enrollment Provisioning of a given workload.

ekmProvisioningErrorDomain String: Indicates Ekm provisioning error if any.
ekmProvisioningErrorMapping String: Detailed error message if Ekm provisioning fails
ekmProvisioningState String: Indicates Ekm enrollment Provisioning of a given workload.

GoogleCloudAssuredworkloadsV1WorkloadKMSSettingsResponse

NextRotationTime string: Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
RotationPeriod string: Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

NextRotationTime string: Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
RotationPeriod string: Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime String: Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod String: Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime string: Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod string: Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

next_rotation_time str: Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotation_period str: Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime String: Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod String: Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissionsResponse

AssuredWorkloadsMonitoring bool: Optional. Allow partner to view violation alerts.
DataLogsViewer bool: Allow the partner to view inspectability logs and monitoring violations.
ServiceAccessApprover bool: Optional. Allow partner to view access approval logs.

AssuredWorkloadsMonitoring bool: Optional. Allow partner to view violation alerts.
DataLogsViewer bool: Allow the partner to view inspectability logs and monitoring violations.
ServiceAccessApprover bool: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring Boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer Boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover Boolean: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover boolean: Optional. Allow partner to view access approval logs.

assured_workloads_monitoring bool: Optional. Allow partner to view violation alerts.
data_logs_viewer bool: Allow the partner to view inspectability logs and monitoring violations.
service_access_approver bool: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring Boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer Boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover Boolean: Optional. Allow partner to view access approval logs.

GoogleCloudAssuredworkloadsV1WorkloadResourceInfoResponse

ResourceId string: Resource identifier. For a project this represents project_number.
ResourceType string: Indicates the type of resource.

ResourceId string: Resource identifier. For a project this represents project_number.
ResourceType string: Indicates the type of resource.

resourceId String: Resource identifier. For a project this represents project_number.
resourceType String: Indicates the type of resource.

resourceId string: Resource identifier. For a project this represents project_number.
resourceType string: Indicates the type of resource.

resource_id str: Resource identifier. For a project this represents project_number.
resource_type str: Indicates the type of resource.

resourceId String: Resource identifier. For a project this represents project_number.
resourceType String: Indicates the type of resource.

GoogleCloudAssuredworkloadsV1WorkloadResourceSettingsResponse

DisplayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
ResourceId string: Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
ResourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)

DisplayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
ResourceId string: Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
ResourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)

displayName String: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId String: Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType String: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)

displayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId string: Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)

display_name str: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resource_id str: Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resource_type str: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)

displayName String: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId String: Resource identifier. For a project this represents project_id. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType String: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)

GoogleCloudAssuredworkloadsV1WorkloadSaaEnrollmentResponseResponse

SetupErrors List<string>: Indicates SAA enrollment setup error if any.
SetupStatus string: Indicates SAA enrollment status of a given workload.

SetupErrors []string: Indicates SAA enrollment setup error if any.
SetupStatus string: Indicates SAA enrollment status of a given workload.

setupErrors List<String>: Indicates SAA enrollment setup error if any.
setupStatus String: Indicates SAA enrollment status of a given workload.

setupErrors string[]: Indicates SAA enrollment setup error if any.
setupStatus string: Indicates SAA enrollment status of a given workload.

setup_errors Sequence[str]: Indicates SAA enrollment setup error if any.
setup_status str: Indicates SAA enrollment status of a given workload.

setupErrors List<String>: Indicates SAA enrollment setup error if any.
setupStatus String: Indicates SAA enrollment status of a given workload.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.assuredworkloads/v1.getWorkload

On this page

On this page

Using getWorkload

getWorkload Result

Supporting Types

GoogleCloudAssuredworkloadsV1WorkloadComplianceStatusResponse

GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponseResponse

GoogleCloudAssuredworkloadsV1WorkloadKMSSettingsResponse

GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissionsResponse

GoogleCloudAssuredworkloadsV1WorkloadResourceInfoResponse

GoogleCloudAssuredworkloadsV1WorkloadResourceSettingsResponse

GoogleCloudAssuredworkloadsV1WorkloadSaaEnrollmentResponseResponse

Package Details

On this page

On this page