package google.cloud.cloudcontrolspartner.v1beta

Get desktop application:
View/edit binary Protocol Buffers messages

Service describing handlers for resources

• rpc GetWorkload (GetWorkloadRequest, Workload)

  core.proto:51

  Gets details of a single workload

  message GetWorkloadRequest

  customer_workloads.proto:139

  Message for getting a customer workload.

  • string name = 1

    Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`

• rpc ListWorkloads (ListWorkloadsRequest, ListWorkloadsResponse)

  core.proto:59

  Lists customer workloads for a given customer org id

  message ListWorkloadsRequest

  customer_workloads.proto:99

  Request to list customer workloads.

  • string parent = 1

    Required. Parent resource Format: `organizations/{organization}/locations/{location}/customers/{customer}`

  • int32 page_size = 2

    The maximum number of workloads to return. The service may return fewer than this value. If unspecified, at most 500 workloads will be returned.

  • string page_token = 3

    A page token, received from a previous `ListWorkloads` call. Provide this to retrieve the subsequent page.

  • string filter = 4

    Optional. Filtering results.

  • string order_by = 5

    Optional. Hint for how to order the results.

  message ListWorkloadsResponse

  customer_workloads.proto:126

  Response message for list customer workloads requests.

  • repeated Workload workloads = 1

    List of customer workloads

  • string next_page_token = 2

    A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.

  • repeated string unreachable = 3

    Locations that could not be reached.

• rpc GetCustomer (GetCustomerRequest, Customer)

  core.proto:67

  Gets details of a single customer

  message GetCustomerRequest

  customers.proto:121

  Message for getting a customer

  • string name = 1

    Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}`

• rpc ListCustomers (ListCustomersRequest, ListCustomersResponse)

  core.proto:75

  Lists customers of a partner identified by its Google Cloud organization ID

  message ListCustomersRequest

  customers.proto:62

  Request to list customers

  • string parent = 1

    Required. Parent resource Format: `organizations/{organization}/locations/{location}`

  • int32 page_size = 2

    The maximum number of Customers to return. The service may return fewer than this value. If unspecified, at most 500 Customers will be returned.

  • string page_token = 3

    A page token, received from a previous `ListCustomers` call. Provide this to retrieve the subsequent page.

  • string filter = 4

    Optional. Filtering results

  • string order_by = 5

    Optional. Hint for how to order the results

  message ListCustomersResponse

  customers.proto:88

  Response message for list customer Customers requests

  • repeated Customer customers = 1

    List of customers

  • string next_page_token = 2

    A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.

  • repeated string unreachable = 3

    Locations that could not be reached.

• rpc GetEkmConnections (GetEkmConnectionsRequest, EkmConnections)

  core.proto:83

  Gets the EKM connections associated with a workload

  message GetEkmConnectionsRequest

  ekm_connections.proto:46

  Request for getting the EKM connections associated with a workload

  • string name = 1

    Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/ekmConnections`

  message EkmConnections

  ekm_connections.proto:31

  The EKM connections associated with a workload

  • string name = 1

    Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/ekmConnections`

  • repeated EkmConnection ekm_connections = 2

    The EKM connections associated with the workload

• rpc GetPartnerPermissions (GetPartnerPermissionsRequest, PartnerPermissions)

  core.proto:91

  Gets the partner permissions granted for a workload

  message GetPartnerPermissionsRequest

  partner_permissions.proto:66

  Request for getting the partner permissions granted for a workload

  • string name = 1

    Required. Name of the resource to get in the format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/partnerPermissions`

  message PartnerPermissions

  partner_permissions.proto:31

  The permissions granted to the partner for a workload

  • string name = 1

    Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/partnerPermissions`

  • repeated PartnerPermissions.Permission partner_permissions = 2

    The partner permissions granted for the workload

• rpc ListAccessApprovalRequests (ListAccessApprovalRequestsRequest, ListAccessApprovalRequestsResponse)

  core.proto:101

  Deprecated: Only returns access approval requests directly associated with an assured workload folder.

  message ListAccessApprovalRequestsRequest

  access_approval_requests.proto:56

  Request for getting the access requests associated with a workload.

  • string parent = 1

    Required. Parent resource Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`

  • int32 page_size = 2

    Optional. The maximum number of access requests to return. The service may return fewer than this value. If unspecified, at most 500 access requests will be returned.

  • string page_token = 3

    Optional. A page token, received from a previous `ListAccessApprovalRequests` call. Provide this to retrieve the subsequent page.

  • string filter = 4

    Optional. Filtering results.

  • string order_by = 5

    Optional. Hint for how to order the results.

  message ListAccessApprovalRequestsResponse

  access_approval_requests.proto:85

  Response message for list access requests.

  • repeated AccessApprovalRequest access_approval_requests = 1

    List of access approval requests

  • string next_page_token = 2

    A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.

  • repeated string unreachable = 3

    Locations that could not be reached.

• rpc GetPartner (GetPartnerRequest, Partner)

  core.proto:111

  Get details of a Partner.

  message GetPartnerRequest

  partners.proto:69

  Message for getting a Partner

  • string name = 1

    Required. Format: `organizations/{organization}/locations/{location}/partner`

  message Partner

  partners.proto:32

  Message describing Partner resource

  • string name = 1

    Identifier. The resource name of the partner. Format: `organizations/{organization}/locations/{location}/partner` Example: "organizations/123456/locations/us-central1/partner"

  • repeated Sku skus = 3

    List of SKUs the partner is offering

  • repeated EkmMetadata ekm_solutions = 4

    List of Google Cloud supported EKM partners supported by the partner

  • repeated string operated_cloud_regions = 5

    List of Google Cloud regions that the partner sells services to customers. Valid Google Cloud regions found here: https://cloud.google.com/compute/docs/regions-zones

  • string partner_project_id = 7

    Google Cloud project ID in the partner's Google Cloud organization for receiving enhanced Logs for Partners.

  • optional protobuf.Timestamp create_time = 9

    Output only. Time the resource was created

  • optional protobuf.Timestamp update_time = 10

    Output only. The last time the resource was updated

• rpc CreateCustomer (CreateCustomerRequest, Customer)

  core.proto:119

  Creates a new customer.

  message CreateCustomerRequest

  customers.proto:101

  Request to create a customer

  • string parent = 1

    Required. Parent resource Format: `organizations/{organization}/locations/{location}`

  • optional Customer customer = 2

    Required. The customer to create.

  • string customer_id = 3

    Required. The customer id to use for the customer, which will become the final component of the customer's resource name. The specified value must be a valid Google cloud organization id.

• rpc UpdateCustomer (UpdateCustomerRequest, Customer)

  core.proto:128

  Update details of a single customer

  message UpdateCustomerRequest

  customers.proto:167

  Request to update a customer

  • optional Customer customer = 1

    Required. The customer to update Format: `organizations/{organization}/locations/{location}/customers/{customer}`

  • optional protobuf.FieldMask update_mask = 2

    Optional. The list of fields to update

• rpc DeleteCustomer (DeleteCustomerRequest, protobuf.Empty)

  core.proto:137

  Delete details of a single customer

  message DeleteCustomerRequest

  customers.proto:179

  Message for deleting customer

  • string name = 1

    Required. name of the resource to be deleted format: name=organizations/*/locations/*/customers/*

Service describing handlers for resources

• rpc ListViolations (ListViolationsRequest, ListViolationsResponse)

  monitoring.proto:44

  Lists Violations for a workload Callers may also choose to read across multiple Customers or for a single customer as per [AIP-159](https://google.aip.dev/159) by using '-' (the hyphen or dash character) as a wildcard character instead of {customer} & {workload}. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`

  message ListViolationsRequest

  violations.proto:178

  Message for requesting list of Violations

  • string parent = 1

    Required. Parent resource Format `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`

  • int32 page_size = 2

    Optional. The maximum number of customers row to return. The service may return fewer than this value. If unspecified, at most 10 customers will be returned.

  • string page_token = 3

    Optional. A page token, received from a previous `ListViolations` call. Provide this to retrieve the subsequent page.

  • string filter = 4

    Optional. Filtering results

  • string order_by = 5

    Optional. Hint for how to order the results

  • optional type.Interval interval = 6

    Optional. Specifies the interval for retrieving violations. if unspecified, all violations will be returned.

  message ListViolationsResponse

  violations.proto:210

  Response message for list customer violation requests

  • repeated Violation violations = 1

    List of violation

  • string next_page_token = 2

    A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.

  • repeated string unreachable = 3

    Workloads that could not be reached due to permission errors or any other error. Ref: https://google.aip.dev/217

• rpc GetViolation (GetViolationRequest, Violation)

  monitoring.proto:52

  Gets details of a single Violation.

  message GetViolationRequest

  violations.proto:224

  Message for getting a Violation

  • string name = 1

    Required. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation}`

Details about the Access request.

Used in: ListAccessApprovalRequestsResponse

• string name = 1

  Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/accessApprovalRequests/{access_approval_request}`

• optional protobuf.Timestamp request_time = 2

  The time at which approval was requested.

• optional AccessReason requested_reason = 3

  The justification for which approval is being requested.

• optional protobuf.Timestamp requested_expiration_time = 4

  The requested expiration for the approval. If the request is approved, access will be granted from the time of approval until the expiration time.

Reason for the access.

Used in: AccessApprovalRequest

• AccessReason.Type type = 1

  Type of access justification.

• string detail = 2

  More detail about certain reason types. See comments for each type above.

Type of access justification.

Used in: AccessReason

• TYPE_UNSPECIFIED = 0

  Default value for proto, shouldn't be used.

• CUSTOMER_INITIATED_SUPPORT = 1

  Customer made a request or raised an issue that required the principal to access customer data. `detail` is of the form ("#####" is the issue ID): - "Feedback Report: #####" - "Case Number: #####" - "Case ID: #####" - "E-PIN Reference: #####" - "Google-#####" - "T-#####"

• GOOGLE_INITIATED_SERVICE = 2

  The principal accessed customer data in order to diagnose or resolve a suspected issue in services. Often this access is used to confirm that customers are not affected by a suspected service issue or to remediate a reversible system issue.

• GOOGLE_INITIATED_REVIEW = 3

  Google initiated service for security, fraud, abuse, or compliance purposes.

• THIRD_PARTY_DATA_REQUEST = 4

  The principal was compelled to access customer data in order to respond to a legal third party data request or process, including legal processes from customers themselves.

• GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5

  The principal accessed customer data in order to diagnose or resolve a suspected issue in services or a known outage.

• CLOUD_INITIATED_ACCESS = 6

  Similar to 'GOOGLE_INITIATED_SERVICE' or 'GOOGLE_INITIATED_REVIEW', but with universe agnostic naming. The principal accessed customer data in order to diagnose or resolve a suspected issue in services or a known outage, or for security, fraud, abuse, or compliance review purposes.

Enum for possible completion states.

Used in: CustomerOnboardingStep, WorkloadOnboardingStep

• COMPLETION_STATE_UNSPECIFIED = 0

  Unspecified completion state.

• PENDING = 1

  Task started (has start date) but not yet completed.

• SUCCEEDED = 2

  Succeeded state.

• FAILED = 3

  Failed state.

• NOT_APPLICABLE = 4

  Not applicable state.

Contains metadata around a Cloud Controls Partner Customer

Used as response type in: CloudControlsPartnerCore.CreateCustomer, CloudControlsPartnerCore.GetCustomer, CloudControlsPartnerCore.UpdateCustomer

Used as field type in: CreateCustomerRequest, ListCustomersResponse, UpdateCustomerRequest

• string name = 1

  Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}`

• string display_name = 2

  Required. Display name for the customer

• optional CustomerOnboardingState customer_onboarding_state = 3

  Output only. Container for customer onboarding steps

• bool is_onboarded = 4

  Output only. Indicates whether a customer is fully onboarded

• string organization_domain = 5

  Output only. The customer organization domain, extracted from CRM Organization’s display_name field. e.g. "google.com"

Container for customer onboarding steps

Used in: Customer

• repeated CustomerOnboardingStep onboarding_steps = 1

  List of customer onboarding steps

Container for customer onboarding information

Used in: CustomerOnboardingState

• CustomerOnboardingStep.Step step = 1

  The onboarding step

• optional protobuf.Timestamp start_time = 2

  The starting time of the onboarding step

• optional protobuf.Timestamp completion_time = 3

  The completion time of the onboarding step

• CompletionState completion_state = 4

  Output only. Current state of the step

Enum for possible onboarding steps

Used in: CustomerOnboardingStep

• STEP_UNSPECIFIED = 0

  Unspecified step

• KAJ_ENROLLMENT = 1

  KAJ Enrollment

• CUSTOMER_ENVIRONMENT = 2

  Customer Environment

Details about the EKM connection

Used in: EkmConnections

• string connection_name = 1

  Resource name of the EKM connection in the format: projects/{project}/locations/{location}/ekmConnections/{ekm_connection}

• EkmConnection.ConnectionState connection_state = 2

  Output only. The connection state

• optional EkmConnection.ConnectionError connection_error = 3

  The connection error that occurred if any

Information around the error that occurred if the connection state is anything other than available or unspecified

Used in: EkmConnection

• string error_domain = 1

  The error domain for the error

• string error_message = 2

  The error message for the error

The EKM connection state.

Used in: EkmConnection

• CONNECTION_STATE_UNSPECIFIED = 0

  Unspecified EKM connection state

• AVAILABLE = 1

  Available EKM connection state

• NOT_AVAILABLE = 2

  Not available EKM connection state

• ERROR = 3

  Error EKM connection state

• PERMISSION_DENIED = 4

  Permission denied EKM connection state

Holds information needed by Mudbray to use partner EKMs for workloads.

Used in: Partner

• EkmMetadata.EkmSolution ekm_solution = 1

  The Cloud EKM partner.

• string ekm_endpoint_uri = 2

  Endpoint for sending requests to the EKM for key provisioning during Assured Workload creation.

Represents Google Cloud supported external key management partners [Google Cloud EKM partners docs](https://cloud.google.com/kms/docs/ekm#supported_partners).

Used in: EkmMetadata

• EKM_SOLUTION_UNSPECIFIED = 0

  Unspecified EKM solution

• FORTANIX = 1

  EKM Partner Fortanix

• FUTUREX = 2

  EKM Partner FutureX

• THALES = 3

  EKM Partner Thales

• VIRTRU = 4

  This enum value is never used.

Represents the metadata of the long-running operation.

• optional protobuf.Timestamp create_time = 1

  Output only. The time the operation was created.

• optional protobuf.Timestamp end_time = 2

  Output only. The time the operation finished running.

• string target = 3

  Output only. Server-defined resource path for the target of the operation.

• string verb = 4

  Output only. Name of the verb executed by the operation.

• string status_message = 5

  Output only. Human-readable status of the operation, if any.

• bool requested_cancellation = 6

  Output only. Identifies whether the user has requested cancellation of the operation. Operations that have been cancelled successfully have [Operation.error][google.longrunning.Operation.error] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to `Code.CANCELLED`.

• string api_version = 7

  Output only. API version used to start the operation.

Used in: PartnerPermissions

• PERMISSION_UNSPECIFIED = 0

  Unspecified partner permission

• ACCESS_TRANSPARENCY_AND_EMERGENCY_ACCESS_LOGS = 1

  Permission for Access Transparency and emergency logs

• ASSURED_WORKLOADS_MONITORING = 2

  Permission for Assured Workloads monitoring violations

• ACCESS_APPROVAL_REQUESTS = 3

  Permission for Access Approval requests

• ASSURED_WORKLOADS_EKM_CONNECTION_STATUS = 4

  Permission for External Key Manager connection status

• ACCESS_TRANSPARENCY_LOGS_SUPPORT_CASE_VIEWER = 5

  Permission for support case details for Access Transparency log entries

Represents the SKU a partner owns inside Google Cloud to sell to customers.

Used in: Partner

• string id = 1

  Argentum product SKU, that is associated with the partner offerings to customers used by Syntro for billing purposes. SKUs can represent resold Google products or support services.

• string display_name = 2

  Display name of the product identified by the SKU. A partner may want to show partner branded names for their offerings such as local sovereign cloud solutions.

Details of resource Violation

Used as response type in: CloudControlsPartnerMonitoring.GetViolation

Used as field type in: ListViolationsResponse

• string name = 1

  Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation}`

• string description = 2

  Output only. Description for the Violation. e.g. OrgPolicy gcp.resourceLocations has non compliant value.

• optional protobuf.Timestamp begin_time = 3

  Output only. Time of the event which triggered the Violation.

• optional protobuf.Timestamp update_time = 4

  Output only. The last time when the Violation record was updated.

• optional protobuf.Timestamp resolve_time = 5

  Output only. Time of the event which fixed the Violation. If the violation is ACTIVE this will be empty.

• string category = 6

  Output only. Category under which this violation is mapped. e.g. Location, Service Usage, Access, Encryption, etc.

• Violation.State state = 7

  Output only. State of the violation

• string non_compliant_org_policy = 8

  Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and resulted this violation. Format: `projects/{project_number}/policies/{constraint_name}` `folders/{folder_id}/policies/{constraint_name}` `organizations/{organization_id}/policies/{constraint_name}`

• int64 folder_id = 9

  The folder_id of the violation

• optional Violation.Remediation remediation = 13

  Output only. Compliance violation remediation

Represents remediation guidance to resolve compliance violation for AssuredWorkload

Used in: Violation

• optional Remediation.Instructions instructions = 1

  Required. Remediation instructions to resolve violations

• repeated string compliant_values = 2

  Values that can resolve the violation For example: for list org policy violations, this will either be the list of allowed or denied values

• Remediation.RemediationType remediation_type = 3

  Output only. Remediation type based on the type of org policy values violated

Instructions to remediate violation

Used in: Remediation

• optional Instructions.Gcloud gcloud_instructions = 1

  Remediation instructions to resolve violation via gcloud cli

• optional Instructions.Console console_instructions = 2

  Remediation instructions to resolve violation via cloud console

Remediation instructions to resolve violation via cloud console

Used in: Instructions

• repeated string console_uris = 1

  Link to console page where violations can be resolved

• repeated string steps = 2

  Steps to resolve violation via cloud console

• repeated string additional_links = 3

  Additional urls for more information about steps

Remediation instructions to resolve violation via gcloud cli

Used in: Instructions

• repeated string gcloud_commands = 1

  Gcloud command to resolve violation

• repeated string steps = 2

  Steps to resolve violation via gcloud cli

• repeated string additional_links = 3

  Additional urls for more information about steps

Classifying remediation into various types based on the kind of violation. For example, violations caused due to changes in boolean org policy requires different remediation instructions compared to violation caused due to changes in allowed values of list org policy.

Used in: Remediation

• REMEDIATION_TYPE_UNSPECIFIED = 0

  Unspecified remediation type

• REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION = 1

  Remediation type for boolean org policy

• REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION = 2

  Remediation type for list org policy which have allowed values in the monitoring rule

• REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION = 3

  Remediation type for list org policy which have denied values in the monitoring rule

• REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION = 4

  Remediation type for gcp.restrictCmekCryptoKeyProjects

• REMEDIATION_RESOURCE_VIOLATION = 5

  Remediation type for resource violation.

Violation State Values

Used in: Violation

• STATE_UNSPECIFIED = 0

  Unspecified state.

• RESOLVED = 1

  Violation is resolved.

• UNRESOLVED = 2

  Violation is Unresolved

• EXCEPTION = 3

  Violation is Exception

Contains metadata around the [Workload resource](https://cloud.google.com/assured-workloads/docs/reference/rest/Shared.Types/Workload) in the Assured Workloads API.

Used as response type in: CloudControlsPartnerCore.GetWorkload

Used as field type in: ListWorkloadsResponse

• string name = 1

  Identifier. Format: `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}`

• int64 folder_id = 2

  Output only. Folder id this workload is associated with

• optional protobuf.Timestamp create_time = 3

  Output only. Time the resource was created.

• string folder = 4

  Output only. The name of container folder of the assured workload

• optional WorkloadOnboardingState workload_onboarding_state = 5

  Container for workload onboarding steps.

• bool is_onboarded = 6

  Indicates whether a workload is fully onboarded.

• string key_management_project_id = 7

  The project id of the key management project for the workload

• string location = 8

  The Google Cloud location of the workload

• Workload.Partner partner = 9

  Partner associated with this workload.

Supported Assured Workloads Partners.

Used in: Workload

• PARTNER_UNSPECIFIED = 0

  Unknown Partner.

• PARTNER_LOCAL_CONTROLS_BY_S3NS = 1

  Enum representing S3NS (Thales) partner.

• PARTNER_SOVEREIGN_CONTROLS_BY_T_SYSTEMS = 2

  Enum representing T_SYSTEM (TSI) partner.

• PARTNER_SOVEREIGN_CONTROLS_BY_SIA_MINSAIT = 3

  Enum representing SIA_MINSAIT (Indra) partner.

• PARTNER_SOVEREIGN_CONTROLS_BY_PSN = 4

  Enum representing PSN (TIM) partner.

• PARTNER_SOVEREIGN_CONTROLS_BY_CNTXT = 6

  Enum representing CNTXT (Kingdom of Saudi Arabia) partner.

• PARTNER_SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM = 7

  Enum representing CNXT (Kingdom of Saudi Arabia) partner offering without EKM provisioning.

Container for workload onboarding steps.

Used in: Workload

• repeated WorkloadOnboardingStep onboarding_steps = 1

  List of workload onboarding steps.

Container for workload onboarding information.

Used in: WorkloadOnboardingState

• WorkloadOnboardingStep.Step step = 1

  The onboarding step.

• optional protobuf.Timestamp start_time = 2

  The starting time of the onboarding step.

• optional protobuf.Timestamp completion_time = 3

  The completion time of the onboarding step.

• CompletionState completion_state = 4

  Output only. The completion state of the onboarding step.

Enum for possible onboarding steps.

Used in: WorkloadOnboardingStep

• STEP_UNSPECIFIED = 0

  Unspecified step.

• EKM_PROVISIONED = 1

  EKM Provisioned step.

• SIGNED_ACCESS_APPROVAL_CONFIGURED = 2

  Signed Access Approval step.