Google Cloud v8.21.0, Mar 5 25

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

gcp.assuredworkloads.Workload

Explore with Pulumi AI

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

Example Usage

Basic_workload

A basic test of a assuredworkloads api

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const primary = new gcp.assuredworkloads.Workload("primary", {
    complianceRegime: "FEDRAMP_MODERATE",
    displayName: "{{display}}",
    location: "us-west1",
    organization: "123456789",
    billingAccount: "billingAccounts/000000-0000000-0000000-000000",
    kmsSettings: {
        nextRotationTime: "9999-10-02T15:01:23Z",
        rotationPeriod: "10368000s",
    },
    provisionedResourcesParent: "folders/519620126891",
    resourceSettings: [
        {
            displayName: "{{name}}",
            resourceType: "CONSUMER_FOLDER",
        },
        {
            resourceType: "ENCRYPTION_KEYS_PROJECT",
        },
        {
            resourceId: "ring",
            resourceType: "KEYRING",
        },
    ],
    violationNotificationsEnabled: true,
    workloadOptions: {
        kajEnrollmentType: "KEY_ACCESS_TRANSPARENCY_OFF",
    },
    labels: {
        "label-one": "value-one",
    },
});

import pulumi
import pulumi_gcp as gcp

primary = gcp.assuredworkloads.Workload("primary",
    compliance_regime="FEDRAMP_MODERATE",
    display_name="{{display}}",
    location="us-west1",
    organization="123456789",
    billing_account="billingAccounts/000000-0000000-0000000-000000",
    kms_settings={
        "next_rotation_time": "9999-10-02T15:01:23Z",
        "rotation_period": "10368000s",
    },
    provisioned_resources_parent="folders/519620126891",
    resource_settings=[
        {
            "display_name": "{{name}}",
            "resource_type": "CONSUMER_FOLDER",
        },
        {
            "resource_type": "ENCRYPTION_KEYS_PROJECT",
        },
        {
            "resource_id": "ring",
            "resource_type": "KEYRING",
        },
    ],
    violation_notifications_enabled=True,
    workload_options={
        "kaj_enrollment_type": "KEY_ACCESS_TRANSPARENCY_OFF",
    },
    labels={
        "label-one": "value-one",
    })

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
			ComplianceRegime: pulumi.String("FEDRAMP_MODERATE"),
			DisplayName:      pulumi.String("{{display}}"),
			Location:         pulumi.String("us-west1"),
			Organization:     pulumi.String("123456789"),
			BillingAccount:   pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
			KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
				NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
				RotationPeriod:   pulumi.String("10368000s"),
			},
			ProvisionedResourcesParent: pulumi.String("folders/519620126891"),
			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
				&assuredworkloads.WorkloadResourceSettingArgs{
					DisplayName:  pulumi.String("{{name}}"),
					ResourceType: pulumi.String("CONSUMER_FOLDER"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceId:   pulumi.String("ring"),
					ResourceType: pulumi.String("KEYRING"),
				},
			},
			ViolationNotificationsEnabled: pulumi.Bool(true),
			WorkloadOptions: &assuredworkloads.WorkloadWorkloadOptionsArgs{
				KajEnrollmentType: pulumi.String("KEY_ACCESS_TRANSPARENCY_OFF"),
			},
			Labels: pulumi.StringMap{
				"label-one": pulumi.String("value-one"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
    {
        ComplianceRegime = "FEDRAMP_MODERATE",
        DisplayName = "{{display}}",
        Location = "us-west1",
        Organization = "123456789",
        BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
        KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
        {
            NextRotationTime = "9999-10-02T15:01:23Z",
            RotationPeriod = "10368000s",
        },
        ProvisionedResourcesParent = "folders/519620126891",
        ResourceSettings = new[]
        {
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                DisplayName = "{{name}}",
                ResourceType = "CONSUMER_FOLDER",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceType = "ENCRYPTION_KEYS_PROJECT",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceId = "ring",
                ResourceType = "KEYRING",
            },
        },
        ViolationNotificationsEnabled = true,
        WorkloadOptions = new Gcp.AssuredWorkloads.Inputs.WorkloadWorkloadOptionsArgs
        {
            KajEnrollmentType = "KEY_ACCESS_TRANSPARENCY_OFF",
        },
        Labels = 
        {
            { "label-one", "value-one" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadWorkloadOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var primary = new Workload("primary", WorkloadArgs.builder()
            .complianceRegime("FEDRAMP_MODERATE")
            .displayName("{{display}}")
            .location("us-west1")
            .organization("123456789")
            .billingAccount("billingAccounts/000000-0000000-0000000-000000")
            .kmsSettings(WorkloadKmsSettingsArgs.builder()
                .nextRotationTime("9999-10-02T15:01:23Z")
                .rotationPeriod("10368000s")
                .build())
            .provisionedResourcesParent("folders/519620126891")
            .resourceSettings(            
                WorkloadResourceSettingArgs.builder()
                    .displayName("{{name}}")
                    .resourceType("CONSUMER_FOLDER")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceType("ENCRYPTION_KEYS_PROJECT")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceId("ring")
                    .resourceType("KEYRING")
                    .build())
            .violationNotificationsEnabled(true)
            .workloadOptions(WorkloadWorkloadOptionsArgs.builder()
                .kajEnrollmentType("KEY_ACCESS_TRANSPARENCY_OFF")
                .build())
            .labels(Map.of("label-one", "value-one"))
            .build());

    }
}

resources:
  primary:
    type: gcp:assuredworkloads:Workload
    properties:
      complianceRegime: FEDRAMP_MODERATE
      displayName: '{{display}}'
      location: us-west1
      organization: '123456789'
      billingAccount: billingAccounts/000000-0000000-0000000-000000
      kmsSettings:
        nextRotationTime: 9999-10-02T15:01:23Z
        rotationPeriod: 10368000s
      provisionedResourcesParent: folders/519620126891
      resourceSettings:
        - displayName: '{{name}}'
          resourceType: CONSUMER_FOLDER
        - resourceType: ENCRYPTION_KEYS_PROJECT
        - resourceId: ring
          resourceType: KEYRING
      violationNotificationsEnabled: true
      workloadOptions:
        kajEnrollmentType: KEY_ACCESS_TRANSPARENCY_OFF
      labels:
        label-one: value-one

Sovereign_controls_workload

A Sovereign Controls test of the assuredworkloads api

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const primary = new gcp.assuredworkloads.Workload("primary", {
    complianceRegime: "EU_REGIONS_AND_SUPPORT",
    displayName: "display",
    location: "europe-west9",
    organization: "123456789",
    billingAccount: "billingAccounts/000000-0000000-0000000-000000",
    enableSovereignControls: true,
    kmsSettings: {
        nextRotationTime: "9999-10-02T15:01:23Z",
        rotationPeriod: "10368000s",
    },
    resourceSettings: [
        {
            resourceType: "CONSUMER_FOLDER",
        },
        {
            resourceType: "ENCRYPTION_KEYS_PROJECT",
        },
        {
            resourceId: "ring",
            resourceType: "KEYRING",
        },
    ],
    labels: {
        "label-one": "value-one",
    },
});

import pulumi
import pulumi_gcp as gcp

primary = gcp.assuredworkloads.Workload("primary",
    compliance_regime="EU_REGIONS_AND_SUPPORT",
    display_name="display",
    location="europe-west9",
    organization="123456789",
    billing_account="billingAccounts/000000-0000000-0000000-000000",
    enable_sovereign_controls=True,
    kms_settings={
        "next_rotation_time": "9999-10-02T15:01:23Z",
        "rotation_period": "10368000s",
    },
    resource_settings=[
        {
            "resource_type": "CONSUMER_FOLDER",
        },
        {
            "resource_type": "ENCRYPTION_KEYS_PROJECT",
        },
        {
            "resource_id": "ring",
            "resource_type": "KEYRING",
        },
    ],
    labels={
        "label-one": "value-one",
    })

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
			ComplianceRegime:        pulumi.String("EU_REGIONS_AND_SUPPORT"),
			DisplayName:             pulumi.String("display"),
			Location:                pulumi.String("europe-west9"),
			Organization:            pulumi.String("123456789"),
			BillingAccount:          pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
			EnableSovereignControls: pulumi.Bool(true),
			KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
				NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
				RotationPeriod:   pulumi.String("10368000s"),
			},
			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceType: pulumi.String("CONSUMER_FOLDER"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceId:   pulumi.String("ring"),
					ResourceType: pulumi.String("KEYRING"),
				},
			},
			Labels: pulumi.StringMap{
				"label-one": pulumi.String("value-one"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
    {
        ComplianceRegime = "EU_REGIONS_AND_SUPPORT",
        DisplayName = "display",
        Location = "europe-west9",
        Organization = "123456789",
        BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
        EnableSovereignControls = true,
        KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
        {
            NextRotationTime = "9999-10-02T15:01:23Z",
            RotationPeriod = "10368000s",
        },
        ResourceSettings = new[]
        {
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceType = "CONSUMER_FOLDER",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceType = "ENCRYPTION_KEYS_PROJECT",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceId = "ring",
                ResourceType = "KEYRING",
            },
        },
        Labels = 
        {
            { "label-one", "value-one" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var primary = new Workload("primary", WorkloadArgs.builder()
            .complianceRegime("EU_REGIONS_AND_SUPPORT")
            .displayName("display")
            .location("europe-west9")
            .organization("123456789")
            .billingAccount("billingAccounts/000000-0000000-0000000-000000")
            .enableSovereignControls(true)
            .kmsSettings(WorkloadKmsSettingsArgs.builder()
                .nextRotationTime("9999-10-02T15:01:23Z")
                .rotationPeriod("10368000s")
                .build())
            .resourceSettings(            
                WorkloadResourceSettingArgs.builder()
                    .resourceType("CONSUMER_FOLDER")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceType("ENCRYPTION_KEYS_PROJECT")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceId("ring")
                    .resourceType("KEYRING")
                    .build())
            .labels(Map.of("label-one", "value-one"))
            .build());

    }
}

resources:
  primary:
    type: gcp:assuredworkloads:Workload
    properties:
      complianceRegime: EU_REGIONS_AND_SUPPORT
      displayName: display
      location: europe-west9
      organization: '123456789'
      billingAccount: billingAccounts/000000-0000000-0000000-000000
      enableSovereignControls: true
      kmsSettings:
        nextRotationTime: 9999-10-02T15:01:23Z
        rotationPeriod: 10368000s
      resourceSettings:
        - resourceType: CONSUMER_FOLDER
        - resourceType: ENCRYPTION_KEYS_PROJECT
        - resourceId: ring
          resourceType: KEYRING
      labels:
        label-one: value-one

Split_billing_partner_workload

A Split billing partner test of the assuredworkloads api

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const primary = new gcp.assuredworkloads.Workload("primary", {
    complianceRegime: "ASSURED_WORKLOADS_FOR_PARTNERS",
    displayName: "display",
    location: "europe-west8",
    organization: "123456789",
    billingAccount: "billingAccounts/000000-0000000-0000000-000000",
    partner: "SOVEREIGN_CONTROLS_BY_PSN",
    partnerPermissions: {
        assuredWorkloadsMonitoring: true,
        dataLogsViewer: true,
        serviceAccessApprover: true,
    },
    partnerServicesBillingAccount: "billingAccounts/01BF3F-2C6DE5-30C607",
    resourceSettings: [
        {
            resourceType: "CONSUMER_FOLDER",
        },
        {
            resourceType: "ENCRYPTION_KEYS_PROJECT",
        },
        {
            resourceId: "ring",
            resourceType: "KEYRING",
        },
    ],
    violationNotificationsEnabled: true,
    labels: {
        "label-one": "value-one",
    },
});

import pulumi
import pulumi_gcp as gcp

primary = gcp.assuredworkloads.Workload("primary",
    compliance_regime="ASSURED_WORKLOADS_FOR_PARTNERS",
    display_name="display",
    location="europe-west8",
    organization="123456789",
    billing_account="billingAccounts/000000-0000000-0000000-000000",
    partner="SOVEREIGN_CONTROLS_BY_PSN",
    partner_permissions={
        "assured_workloads_monitoring": True,
        "data_logs_viewer": True,
        "service_access_approver": True,
    },
    partner_services_billing_account="billingAccounts/01BF3F-2C6DE5-30C607",
    resource_settings=[
        {
            "resource_type": "CONSUMER_FOLDER",
        },
        {
            "resource_type": "ENCRYPTION_KEYS_PROJECT",
        },
        {
            "resource_id": "ring",
            "resource_type": "KEYRING",
        },
    ],
    violation_notifications_enabled=True,
    labels={
        "label-one": "value-one",
    })

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/assuredworkloads"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
			ComplianceRegime: pulumi.String("ASSURED_WORKLOADS_FOR_PARTNERS"),
			DisplayName:      pulumi.String("display"),
			Location:         pulumi.String("europe-west8"),
			Organization:     pulumi.String("123456789"),
			BillingAccount:   pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
			Partner:          pulumi.String("SOVEREIGN_CONTROLS_BY_PSN"),
			PartnerPermissions: &assuredworkloads.WorkloadPartnerPermissionsArgs{
				AssuredWorkloadsMonitoring: pulumi.Bool(true),
				DataLogsViewer:             pulumi.Bool(true),
				ServiceAccessApprover:      pulumi.Bool(true),
			},
			PartnerServicesBillingAccount: pulumi.String("billingAccounts/01BF3F-2C6DE5-30C607"),
			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceType: pulumi.String("CONSUMER_FOLDER"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
				},
				&assuredworkloads.WorkloadResourceSettingArgs{
					ResourceId:   pulumi.String("ring"),
					ResourceType: pulumi.String("KEYRING"),
				},
			},
			ViolationNotificationsEnabled: pulumi.Bool(true),
			Labels: pulumi.StringMap{
				"label-one": pulumi.String("value-one"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
    {
        ComplianceRegime = "ASSURED_WORKLOADS_FOR_PARTNERS",
        DisplayName = "display",
        Location = "europe-west8",
        Organization = "123456789",
        BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
        Partner = "SOVEREIGN_CONTROLS_BY_PSN",
        PartnerPermissions = new Gcp.AssuredWorkloads.Inputs.WorkloadPartnerPermissionsArgs
        {
            AssuredWorkloadsMonitoring = true,
            DataLogsViewer = true,
            ServiceAccessApprover = true,
        },
        PartnerServicesBillingAccount = "billingAccounts/01BF3F-2C6DE5-30C607",
        ResourceSettings = new[]
        {
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceType = "CONSUMER_FOLDER",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceType = "ENCRYPTION_KEYS_PROJECT",
            },
            new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
            {
                ResourceId = "ring",
                ResourceType = "KEYRING",
            },
        },
        ViolationNotificationsEnabled = true,
        Labels = 
        {
            { "label-one", "value-one" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.assuredworkloads.Workload;
import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadPartnerPermissionsArgs;
import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var primary = new Workload("primary", WorkloadArgs.builder()
            .complianceRegime("ASSURED_WORKLOADS_FOR_PARTNERS")
            .displayName("display")
            .location("europe-west8")
            .organization("123456789")
            .billingAccount("billingAccounts/000000-0000000-0000000-000000")
            .partner("SOVEREIGN_CONTROLS_BY_PSN")
            .partnerPermissions(WorkloadPartnerPermissionsArgs.builder()
                .assuredWorkloadsMonitoring(true)
                .dataLogsViewer(true)
                .serviceAccessApprover(true)
                .build())
            .partnerServicesBillingAccount("billingAccounts/01BF3F-2C6DE5-30C607")
            .resourceSettings(            
                WorkloadResourceSettingArgs.builder()
                    .resourceType("CONSUMER_FOLDER")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceType("ENCRYPTION_KEYS_PROJECT")
                    .build(),
                WorkloadResourceSettingArgs.builder()
                    .resourceId("ring")
                    .resourceType("KEYRING")
                    .build())
            .violationNotificationsEnabled(true)
            .labels(Map.of("label-one", "value-one"))
            .build());

    }
}

resources:
  primary:
    type: gcp:assuredworkloads:Workload
    properties:
      complianceRegime: ASSURED_WORKLOADS_FOR_PARTNERS
      displayName: display
      location: europe-west8
      organization: '123456789'
      billingAccount: billingAccounts/000000-0000000-0000000-000000
      partner: SOVEREIGN_CONTROLS_BY_PSN
      partnerPermissions:
        assuredWorkloadsMonitoring: true
        dataLogsViewer: true
        serviceAccessApprover: true
      partnerServicesBillingAccount: billingAccounts/01BF3F-2C6DE5-30C607
      resourceSettings:
        - resourceType: CONSUMER_FOLDER
        - resourceType: ENCRYPTION_KEYS_PROJECT
        - resourceId: ring
          resourceType: KEYRING
      violationNotificationsEnabled: true
      labels:
        label-one: value-one

Create Workload Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Workload(name: string, args: WorkloadArgs, opts?: CustomResourceOptions);

@overload
def Workload(resource_name: str,
             args: WorkloadArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Workload(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             location: Optional[str] = None,
             compliance_regime: Optional[str] = None,
             display_name: Optional[str] = None,
             organization: Optional[str] = None,
             enable_sovereign_controls: Optional[bool] = None,
             labels: Optional[Mapping[str, str]] = None,
             kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
             billing_account: Optional[str] = None,
             partner: Optional[str] = None,
             partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
             partner_services_billing_account: Optional[str] = None,
             provisioned_resources_parent: Optional[str] = None,
             resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
             violation_notifications_enabled: Optional[bool] = None,
             workload_options: Optional[WorkloadWorkloadOptionsArgs] = None)

func NewWorkload(ctx *Context, name string, args WorkloadArgs, opts ...ResourceOption) (*Workload, error)

public Workload(string name, WorkloadArgs args, CustomResourceOptions? opts = null)

public Workload(String name, WorkloadArgs args)
public Workload(String name, WorkloadArgs args, CustomResourceOptions options)

type: gcp:assuredworkloads:Workload
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args WorkloadArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var gcpWorkloadResource = new Gcp.AssuredWorkloads.Workload("gcpWorkloadResource", new()
{
    Location = "string",
    ComplianceRegime = "string",
    DisplayName = "string",
    Organization = "string",
    EnableSovereignControls = false,
    Labels = 
    {
        { "string", "string" },
    },
    KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
    {
        NextRotationTime = "string",
        RotationPeriod = "string",
    },
    BillingAccount = "string",
    Partner = "string",
    PartnerPermissions = new Gcp.AssuredWorkloads.Inputs.WorkloadPartnerPermissionsArgs
    {
        AssuredWorkloadsMonitoring = false,
        DataLogsViewer = false,
        ServiceAccessApprover = false,
    },
    PartnerServicesBillingAccount = "string",
    ProvisionedResourcesParent = "string",
    ResourceSettings = new[]
    {
        new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
        {
            DisplayName = "string",
            ResourceId = "string",
            ResourceType = "string",
        },
    },
    ViolationNotificationsEnabled = false,
    WorkloadOptions = new Gcp.AssuredWorkloads.Inputs.WorkloadWorkloadOptionsArgs
    {
        KajEnrollmentType = "string",
    },
});

example, err := assuredworkloads.NewWorkload(ctx, "gcpWorkloadResource", &assuredworkloads.WorkloadArgs{
	Location:                pulumi.String("string"),
	ComplianceRegime:        pulumi.String("string"),
	DisplayName:             pulumi.String("string"),
	Organization:            pulumi.String("string"),
	EnableSovereignControls: pulumi.Bool(false),
	Labels: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
		NextRotationTime: pulumi.String("string"),
		RotationPeriod:   pulumi.String("string"),
	},
	BillingAccount: pulumi.String("string"),
	Partner:        pulumi.String("string"),
	PartnerPermissions: &assuredworkloads.WorkloadPartnerPermissionsArgs{
		AssuredWorkloadsMonitoring: pulumi.Bool(false),
		DataLogsViewer:             pulumi.Bool(false),
		ServiceAccessApprover:      pulumi.Bool(false),
	},
	PartnerServicesBillingAccount: pulumi.String("string"),
	ProvisionedResourcesParent:    pulumi.String("string"),
	ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
		&assuredworkloads.WorkloadResourceSettingArgs{
			DisplayName:  pulumi.String("string"),
			ResourceId:   pulumi.String("string"),
			ResourceType: pulumi.String("string"),
		},
	},
	ViolationNotificationsEnabled: pulumi.Bool(false),
	WorkloadOptions: &assuredworkloads.WorkloadWorkloadOptionsArgs{
		KajEnrollmentType: pulumi.String("string"),
	},
})

var gcpWorkloadResource = new Workload("gcpWorkloadResource", WorkloadArgs.builder()
    .location("string")
    .complianceRegime("string")
    .displayName("string")
    .organization("string")
    .enableSovereignControls(false)
    .labels(Map.of("string", "string"))
    .kmsSettings(WorkloadKmsSettingsArgs.builder()
        .nextRotationTime("string")
        .rotationPeriod("string")
        .build())
    .billingAccount("string")
    .partner("string")
    .partnerPermissions(WorkloadPartnerPermissionsArgs.builder()
        .assuredWorkloadsMonitoring(false)
        .dataLogsViewer(false)
        .serviceAccessApprover(false)
        .build())
    .partnerServicesBillingAccount("string")
    .provisionedResourcesParent("string")
    .resourceSettings(WorkloadResourceSettingArgs.builder()
        .displayName("string")
        .resourceId("string")
        .resourceType("string")
        .build())
    .violationNotificationsEnabled(false)
    .workloadOptions(WorkloadWorkloadOptionsArgs.builder()
        .kajEnrollmentType("string")
        .build())
    .build());

gcp_workload_resource = gcp.assuredworkloads.Workload("gcpWorkloadResource",
    location="string",
    compliance_regime="string",
    display_name="string",
    organization="string",
    enable_sovereign_controls=False,
    labels={
        "string": "string",
    },
    kms_settings={
        "next_rotation_time": "string",
        "rotation_period": "string",
    },
    billing_account="string",
    partner="string",
    partner_permissions={
        "assured_workloads_monitoring": False,
        "data_logs_viewer": False,
        "service_access_approver": False,
    },
    partner_services_billing_account="string",
    provisioned_resources_parent="string",
    resource_settings=[{
        "display_name": "string",
        "resource_id": "string",
        "resource_type": "string",
    }],
    violation_notifications_enabled=False,
    workload_options={
        "kaj_enrollment_type": "string",
    })

const gcpWorkloadResource = new gcp.assuredworkloads.Workload("gcpWorkloadResource", {
    location: "string",
    complianceRegime: "string",
    displayName: "string",
    organization: "string",
    enableSovereignControls: false,
    labels: {
        string: "string",
    },
    kmsSettings: {
        nextRotationTime: "string",
        rotationPeriod: "string",
    },
    billingAccount: "string",
    partner: "string",
    partnerPermissions: {
        assuredWorkloadsMonitoring: false,
        dataLogsViewer: false,
        serviceAccessApprover: false,
    },
    partnerServicesBillingAccount: "string",
    provisionedResourcesParent: "string",
    resourceSettings: [{
        displayName: "string",
        resourceId: "string",
        resourceType: "string",
    }],
    violationNotificationsEnabled: false,
    workloadOptions: {
        kajEnrollmentType: "string",
    },
});

type: gcp:assuredworkloads:Workload
properties:
    billingAccount: string
    complianceRegime: string
    displayName: string
    enableSovereignControls: false
    kmsSettings:
        nextRotationTime: string
        rotationPeriod: string
    labels:
        string: string
    location: string
    organization: string
    partner: string
    partnerPermissions:
        assuredWorkloadsMonitoring: false
        dataLogsViewer: false
        serviceAccessApprover: false
    partnerServicesBillingAccount: string
    provisionedResourcesParent: string
    resourceSettings:
        - displayName: string
          resourceId: string
          resourceType: string
    violationNotificationsEnabled: false
    workloadOptions:
        kajEnrollmentType: string

Workload Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Workload resource accepts the following input properties:

ComplianceRegime string

Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT, IRS_1075

DisplayName string

Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

Location string

The location for the resource

Organization string

The organization for the resource

BillingAccount string

Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

EnableSovereignControls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

KmsSettings WorkloadKmsSettings

DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

Labels Dictionary<string, string>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Partner string

Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM

PartnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

PartnerServicesBillingAccount string

Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.

ProvisionedResourcesParent string

Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

ResourceSettings List<WorkloadResourceSetting>

Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

ViolationNotificationsEnabled bool

Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

WorkloadOptions WorkloadWorkloadOptions

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

ComplianceRegime string

DisplayName string

Location string

The location for the resource

Organization string

The organization for the resource

BillingAccount string

EnableSovereignControls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

KmsSettings WorkloadKmsSettingsArgs

Labels map[string]string

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Partner string

PartnerPermissions WorkloadPartnerPermissionsArgs

Optional. Permissions granted to the AW Partner SA account for the customer workload

PartnerServicesBillingAccount string

ProvisionedResourcesParent string

ResourceSettings []WorkloadResourceSettingArgs

ViolationNotificationsEnabled bool

WorkloadOptions WorkloadWorkloadOptionsArgs

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

complianceRegime String

displayName String

location String

The location for the resource

organization String

The organization for the resource

billingAccount String

enableSovereignControls Boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kmsSettings WorkloadKmsSettings

labels Map<String,String>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

partner String

partnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

partnerServicesBillingAccount String

provisionedResourcesParent String

resourceSettings List<WorkloadResourceSetting>

violationNotificationsEnabled Boolean

workloadOptions WorkloadWorkloadOptions

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

complianceRegime string

displayName string

location string

The location for the resource

organization string

The organization for the resource

billingAccount string

enableSovereignControls boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kmsSettings WorkloadKmsSettings

labels {[key: string]: string}

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

partner string

partnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

partnerServicesBillingAccount string

provisionedResourcesParent string

resourceSettings WorkloadResourceSetting[]

violationNotificationsEnabled boolean

workloadOptions WorkloadWorkloadOptions

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

compliance_regime str

display_name str

location str

The location for the resource

organization str

The organization for the resource

billing_account str

enable_sovereign_controls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kms_settings WorkloadKmsSettingsArgs

labels Mapping[str, str]

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

partner str

partner_permissions WorkloadPartnerPermissionsArgs

Optional. Permissions granted to the AW Partner SA account for the customer workload

partner_services_billing_account str

provisioned_resources_parent str

resource_settings Sequence[WorkloadResourceSettingArgs]

violation_notifications_enabled bool

workload_options WorkloadWorkloadOptionsArgs

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

complianceRegime String

displayName String

location String

The location for the resource

organization String

The organization for the resource

billingAccount String

enableSovereignControls Boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kmsSettings Property Map

labels Map<String>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

partner String

partnerPermissions Property Map

Optional. Permissions granted to the AW Partner SA account for the customer workload

partnerServicesBillingAccount String

provisionedResourcesParent String

resourceSettings List<Property Map>

violationNotificationsEnabled Boolean

workloadOptions Property Map

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

Outputs

All input properties are implicitly available as output properties. Additionally, the Workload resource produces the following output properties:

ComplianceStatuses List<WorkloadComplianceStatus>: Output only. Count of active Violations in the Workload.
CompliantButDisallowedServices List<string>: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
CreateTime string: Output only. Immutable. The Workload creation timestamp.
EffectiveLabels Dictionary<string, string>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
EkmProvisioningResponses List<WorkloadEkmProvisioningResponse>: Optional. Represents the Ekm Provisioning State of the given workload.
Id string: The provider-assigned unique ID for this managed resource.
KajEnrollmentState string: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
Name string: Output only. The resource name of the workload.
PulumiLabels Dictionary<string, string>: The combination of labels configured directly on the resource and default labels configured on the provider.
Resources List<WorkloadResource>: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
SaaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

ComplianceStatuses []WorkloadComplianceStatus: Output only. Count of active Violations in the Workload.
CompliantButDisallowedServices []string: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
CreateTime string: Output only. Immutable. The Workload creation timestamp.
EffectiveLabels map[string]string: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
EkmProvisioningResponses []WorkloadEkmProvisioningResponse: Optional. Represents the Ekm Provisioning State of the given workload.
Id string: The provider-assigned unique ID for this managed resource.
KajEnrollmentState string: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
Name string: Output only. The resource name of the workload.
PulumiLabels map[string]string: The combination of labels configured directly on the resource and default labels configured on the provider.
Resources []WorkloadResource: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
SaaEnrollmentResponses []WorkloadSaaEnrollmentResponse: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

complianceStatuses List<WorkloadComplianceStatus>: Output only. Count of active Violations in the Workload.
compliantButDisallowedServices List<String>: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime String: Output only. Immutable. The Workload creation timestamp.
effectiveLabels Map<String,String>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
ekmProvisioningResponses List<WorkloadEkmProvisioningResponse>: Optional. Represents the Ekm Provisioning State of the given workload.
id String: The provider-assigned unique ID for this managed resource.
kajEnrollmentState String: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
name String: Output only. The resource name of the workload.
pulumiLabels Map<String,String>: The combination of labels configured directly on the resource and default labels configured on the provider.
resources List<WorkloadResource>: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

complianceStatuses WorkloadComplianceStatus[]: Output only. Count of active Violations in the Workload.
compliantButDisallowedServices string[]: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime string: Output only. Immutable. The Workload creation timestamp.
effectiveLabels {[key: string]: string}: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
ekmProvisioningResponses WorkloadEkmProvisioningResponse[]: Optional. Represents the Ekm Provisioning State of the given workload.
id string: The provider-assigned unique ID for this managed resource.
kajEnrollmentState string: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
name string: Output only. The resource name of the workload.
pulumiLabels {[key: string]: string}: The combination of labels configured directly on the resource and default labels configured on the provider.
resources WorkloadResource[]: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponses WorkloadSaaEnrollmentResponse[]: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

compliance_statuses Sequence[WorkloadComplianceStatus]: Output only. Count of active Violations in the Workload.
compliant_but_disallowed_services Sequence[str]: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
create_time str: Output only. Immutable. The Workload creation timestamp.
effective_labels Mapping[str, str]: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
ekm_provisioning_responses Sequence[WorkloadEkmProvisioningResponse]: Optional. Represents the Ekm Provisioning State of the given workload.
id str: The provider-assigned unique ID for this managed resource.
kaj_enrollment_state str: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
name str: Output only. The resource name of the workload.
pulumi_labels Mapping[str, str]: The combination of labels configured directly on the resource and default labels configured on the provider.
resources Sequence[WorkloadResource]: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saa_enrollment_responses Sequence[WorkloadSaaEnrollmentResponse]: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

complianceStatuses List<Property Map>: Output only. Count of active Violations in the Workload.
compliantButDisallowedServices List<String>: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
createTime String: Output only. Immutable. The Workload creation timestamp.
effectiveLabels Map<String>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
ekmProvisioningResponses List<Property Map>: Optional. Represents the Ekm Provisioning State of the given workload.
id String: The provider-assigned unique ID for this managed resource.
kajEnrollmentState String: Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE
name String: Output only. The resource name of the workload.
pulumiLabels Map<String>: The combination of labels configured directly on the resource and default labels configured on the provider.
resources List<Property Map>: Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.
saaEnrollmentResponses List<Property Map>: Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

Look up Existing Workload Resource

Get an existing Workload resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WorkloadState, opts?: CustomResourceOptions): Workload

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        billing_account: Optional[str] = None,
        compliance_regime: Optional[str] = None,
        compliance_statuses: Optional[Sequence[WorkloadComplianceStatusArgs]] = None,
        compliant_but_disallowed_services: Optional[Sequence[str]] = None,
        create_time: Optional[str] = None,
        display_name: Optional[str] = None,
        effective_labels: Optional[Mapping[str, str]] = None,
        ekm_provisioning_responses: Optional[Sequence[WorkloadEkmProvisioningResponseArgs]] = None,
        enable_sovereign_controls: Optional[bool] = None,
        kaj_enrollment_state: Optional[str] = None,
        kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
        labels: Optional[Mapping[str, str]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        organization: Optional[str] = None,
        partner: Optional[str] = None,
        partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
        partner_services_billing_account: Optional[str] = None,
        provisioned_resources_parent: Optional[str] = None,
        pulumi_labels: Optional[Mapping[str, str]] = None,
        resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
        resources: Optional[Sequence[WorkloadResourceArgs]] = None,
        saa_enrollment_responses: Optional[Sequence[WorkloadSaaEnrollmentResponseArgs]] = None,
        violation_notifications_enabled: Optional[bool] = None,
        workload_options: Optional[WorkloadWorkloadOptionsArgs] = None) -> Workload

func GetWorkload(ctx *Context, name string, id IDInput, state *WorkloadState, opts ...ResourceOption) (*Workload, error)

public static Workload Get(string name, Input<string> id, WorkloadState? state, CustomResourceOptions? opts = null)

public static Workload get(String name, Output<String> id, WorkloadState state, CustomResourceOptions options)

resources:  _:    type: gcp:assuredworkloads:Workload    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BillingAccount string

ComplianceRegime string

ComplianceStatuses List<WorkloadComplianceStatus>

Output only. Count of active Violations in the Workload.

CompliantButDisallowedServices List<string>

Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

CreateTime string

Output only. Immutable. The Workload creation timestamp.

DisplayName string

EffectiveLabels Dictionary<string, string>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

EkmProvisioningResponses List<WorkloadEkmProvisioningResponse>

Optional. Represents the Ekm Provisioning State of the given workload.

EnableSovereignControls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

KajEnrollmentState string

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

KmsSettings WorkloadKmsSettings

Labels Dictionary<string, string>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Location string

The location for the resource

Name string

Output only. The resource name of the workload.

Organization string

The organization for the resource

Partner string

PartnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

PartnerServicesBillingAccount string

ProvisionedResourcesParent string

PulumiLabels Dictionary<string, string>

The combination of labels configured directly on the resource and default labels configured on the provider.

ResourceSettings List<WorkloadResourceSetting>

Resources List<WorkloadResource>

Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

SaaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>

Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

ViolationNotificationsEnabled bool

WorkloadOptions WorkloadWorkloadOptions

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

BillingAccount string

ComplianceRegime string

ComplianceStatuses []WorkloadComplianceStatusArgs

Output only. Count of active Violations in the Workload.

CompliantButDisallowedServices []string

CreateTime string

Output only. Immutable. The Workload creation timestamp.

DisplayName string

EffectiveLabels map[string]string

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

EkmProvisioningResponses []WorkloadEkmProvisioningResponseArgs

Optional. Represents the Ekm Provisioning State of the given workload.

EnableSovereignControls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

KajEnrollmentState string

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

KmsSettings WorkloadKmsSettingsArgs

Labels map[string]string

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

Location string

The location for the resource

Name string

Output only. The resource name of the workload.

Organization string

The organization for the resource

Partner string

PartnerPermissions WorkloadPartnerPermissionsArgs

Optional. Permissions granted to the AW Partner SA account for the customer workload

PartnerServicesBillingAccount string

ProvisionedResourcesParent string

PulumiLabels map[string]string

The combination of labels configured directly on the resource and default labels configured on the provider.

ResourceSettings []WorkloadResourceSettingArgs

Resources []WorkloadResourceArgs

SaaEnrollmentResponses []WorkloadSaaEnrollmentResponseArgs

ViolationNotificationsEnabled bool

WorkloadOptions WorkloadWorkloadOptionsArgs

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

billingAccount String

complianceRegime String

complianceStatuses List<WorkloadComplianceStatus>

Output only. Count of active Violations in the Workload.

compliantButDisallowedServices List<String>

createTime String

Output only. Immutable. The Workload creation timestamp.

displayName String

effectiveLabels Map<String,String>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

ekmProvisioningResponses List<WorkloadEkmProvisioningResponse>

Optional. Represents the Ekm Provisioning State of the given workload.

enableSovereignControls Boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kajEnrollmentState String

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

kmsSettings WorkloadKmsSettings

labels Map<String,String>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location String

The location for the resource

name String

Output only. The resource name of the workload.

organization String

The organization for the resource

partner String

partnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

partnerServicesBillingAccount String

provisionedResourcesParent String

pulumiLabels Map<String,String>

The combination of labels configured directly on the resource and default labels configured on the provider.

resourceSettings List<WorkloadResourceSetting>

resources List<WorkloadResource>

saaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>

violationNotificationsEnabled Boolean

workloadOptions WorkloadWorkloadOptions

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

billingAccount string

complianceRegime string

complianceStatuses WorkloadComplianceStatus[]

Output only. Count of active Violations in the Workload.

compliantButDisallowedServices string[]

createTime string

Output only. Immutable. The Workload creation timestamp.

displayName string

effectiveLabels {[key: string]: string}

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

ekmProvisioningResponses WorkloadEkmProvisioningResponse[]

Optional. Represents the Ekm Provisioning State of the given workload.

enableSovereignControls boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kajEnrollmentState string

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

kmsSettings WorkloadKmsSettings

labels {[key: string]: string}

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location string

The location for the resource

name string

Output only. The resource name of the workload.

organization string

The organization for the resource

partner string

partnerPermissions WorkloadPartnerPermissions

Optional. Permissions granted to the AW Partner SA account for the customer workload

partnerServicesBillingAccount string

provisionedResourcesParent string

pulumiLabels {[key: string]: string}

The combination of labels configured directly on the resource and default labels configured on the provider.

resourceSettings WorkloadResourceSetting[]

resources WorkloadResource[]

saaEnrollmentResponses WorkloadSaaEnrollmentResponse[]

violationNotificationsEnabled boolean

workloadOptions WorkloadWorkloadOptions

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

billing_account str

compliance_regime str

compliance_statuses Sequence[WorkloadComplianceStatusArgs]

Output only. Count of active Violations in the Workload.

compliant_but_disallowed_services Sequence[str]

create_time str

Output only. Immutable. The Workload creation timestamp.

display_name str

effective_labels Mapping[str, str]

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

ekm_provisioning_responses Sequence[WorkloadEkmProvisioningResponseArgs]

Optional. Represents the Ekm Provisioning State of the given workload.

enable_sovereign_controls bool

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kaj_enrollment_state str

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

kms_settings WorkloadKmsSettingsArgs

labels Mapping[str, str]

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location str

The location for the resource

name str

Output only. The resource name of the workload.

organization str

The organization for the resource

partner str

partner_permissions WorkloadPartnerPermissionsArgs

Optional. Permissions granted to the AW Partner SA account for the customer workload

partner_services_billing_account str

provisioned_resources_parent str

pulumi_labels Mapping[str, str]

The combination of labels configured directly on the resource and default labels configured on the provider.

resource_settings Sequence[WorkloadResourceSettingArgs]

resources Sequence[WorkloadResourceArgs]

saa_enrollment_responses Sequence[WorkloadSaaEnrollmentResponseArgs]

violation_notifications_enabled bool

workload_options WorkloadWorkloadOptionsArgs

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

billingAccount String

complianceRegime String

complianceStatuses List<Property Map>

Output only. Count of active Violations in the Workload.

compliantButDisallowedServices List<String>

createTime String

Output only. Immutable. The Workload creation timestamp.

displayName String

effectiveLabels Map<String>

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

ekmProvisioningResponses List<Property Map>

Optional. Represents the Ekm Provisioning State of the given workload.

enableSovereignControls Boolean

Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

kajEnrollmentState String

Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

kmsSettings Property Map

labels Map<String>

Optional. Labels applied to the workload.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

location String

The location for the resource

name String

Output only. The resource name of the workload.

organization String

The organization for the resource

partner String

partnerPermissions Property Map

Optional. Permissions granted to the AW Partner SA account for the customer workload

partnerServicesBillingAccount String

provisionedResourcesParent String

pulumiLabels Map<String>

The combination of labels configured directly on the resource and default labels configured on the provider.

resourceSettings List<Property Map>

resources List<Property Map>

saaEnrollmentResponses List<Property Map>

violationNotificationsEnabled Boolean

workloadOptions Property Map

Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.

Supporting Types

WorkloadComplianceStatus, WorkloadComplianceStatusArgs

AcknowledgedViolationCounts List<int>: Number of current orgPolicy violations which are acknowledged.
ActiveViolationCounts List<int>: Number of current orgPolicy violations which are not acknowledged.

AcknowledgedViolationCounts []int: Number of current orgPolicy violations which are acknowledged.
ActiveViolationCounts []int: Number of current orgPolicy violations which are not acknowledged.

acknowledgedViolationCounts List<Integer>: Number of current orgPolicy violations which are acknowledged.
activeViolationCounts List<Integer>: Number of current orgPolicy violations which are not acknowledged.

acknowledgedViolationCounts number[]: Number of current orgPolicy violations which are acknowledged.
activeViolationCounts number[]: Number of current orgPolicy violations which are not acknowledged.

acknowledged_violation_counts Sequence[int]: Number of current orgPolicy violations which are acknowledged.
active_violation_counts Sequence[int]: Number of current orgPolicy violations which are not acknowledged.

acknowledgedViolationCounts List<Number>: Number of current orgPolicy violations which are acknowledged.
activeViolationCounts List<Number>: Number of current orgPolicy violations which are not acknowledged.

WorkloadEkmProvisioningResponse, WorkloadEkmProvisioningResponseArgs

EkmProvisioningErrorDomain string: Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
EkmProvisioningErrorMapping string: Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
EkmProvisioningState string: Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED

EkmProvisioningErrorDomain string: Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
EkmProvisioningErrorMapping string: Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
EkmProvisioningState string: Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED

ekmProvisioningErrorDomain String: Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
ekmProvisioningErrorMapping String: Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
ekmProvisioningState String: Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED

ekmProvisioningErrorDomain string: Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
ekmProvisioningErrorMapping string: Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
ekmProvisioningState string: Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED

ekm_provisioning_error_domain str: Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
ekm_provisioning_error_mapping str: Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
ekm_provisioning_state str: Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED

ekmProvisioningErrorDomain String: Indicates Ekm provisioning error if any. Possible values: EKM_PROVISIONING_ERROR_DOMAIN_UNSPECIFIED, UNSPECIFIED_ERROR, GOOGLE_SERVER_ERROR, EXTERNAL_USER_ERROR, EXTERNAL_PARTNER_ERROR, TIMEOUT_ERROR
ekmProvisioningErrorMapping String: Detailed error message if Ekm provisioning fails Possible values: EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED, INVALID_SERVICE_ACCOUNT, MISSING_METRICS_SCOPE_ADMIN_PERMISSION, MISSING_EKM_CONNECTION_ADMIN_PERMISSION
ekmProvisioningState String: Indicates Ekm enrollment Provisioning of a given workload. Possible values: EKM_PROVISIONING_STATE_UNSPECIFIED, EKM_PROVISIONING_STATE_PENDING, EKM_PROVISIONING_STATE_FAILED, EKM_PROVISIONING_STATE_COMPLETED

WorkloadKmsSettings, WorkloadKmsSettingsArgs

NextRotationTime string: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
RotationPeriod string: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

NextRotationTime string: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
RotationPeriod string: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime String: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod String: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime string: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod string: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

next_rotation_time str: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotation_period str: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

nextRotationTime String: Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotationPeriod String: Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

WorkloadPartnerPermissions, WorkloadPartnerPermissionsArgs

AssuredWorkloadsMonitoring bool: Optional. Allow partner to view violation alerts.
DataLogsViewer bool: Allow the partner to view inspectability logs and monitoring violations.
ServiceAccessApprover bool: Optional. Allow partner to view access approval logs.

AssuredWorkloadsMonitoring bool: Optional. Allow partner to view violation alerts.
DataLogsViewer bool: Allow the partner to view inspectability logs and monitoring violations.
ServiceAccessApprover bool: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring Boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer Boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover Boolean: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover boolean: Optional. Allow partner to view access approval logs.

assured_workloads_monitoring bool: Optional. Allow partner to view violation alerts.
data_logs_viewer bool: Allow the partner to view inspectability logs and monitoring violations.
service_access_approver bool: Optional. Allow partner to view access approval logs.

assuredWorkloadsMonitoring Boolean: Optional. Allow partner to view violation alerts.
dataLogsViewer Boolean: Allow the partner to view inspectability logs and monitoring violations.
serviceAccessApprover Boolean: Optional. Allow partner to view access approval logs.

WorkloadResource, WorkloadResourceArgs

ResourceId int: Resource identifier. For a project this represents project_number.
ResourceType string: Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

ResourceId int: Resource identifier. For a project this represents project_number.
ResourceType string: Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

resourceId Integer: Resource identifier. For a project this represents project_number.
resourceType String: Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

resourceId number: Resource identifier. For a project this represents project_number.
resourceType string: Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

resource_id int: Resource identifier. For a project this represents project_number.
resource_type str: Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

resourceId Number: Resource identifier. For a project this represents project_number.
resourceType String: Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

WorkloadResourceSetting, WorkloadResourceSettingArgs

DisplayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
ResourceId string: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
ResourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

DisplayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
ResourceId string: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
ResourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

displayName String: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId String: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType String: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

displayName string: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId string: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType string: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

display_name str: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resource_id str: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resource_type str: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

displayName String: User-assigned resource display name. If not empty it will be used to create a resource with the specified name.
resourceId String: Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.
resourceType String: Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

WorkloadSaaEnrollmentResponse, WorkloadSaaEnrollmentResponseArgs

SetupErrors List<string>: Indicates SAA enrollment setup error if any.
SetupStatus string: Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE

SetupErrors []string: Indicates SAA enrollment setup error if any.
SetupStatus string: Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE

setupErrors List<String>: Indicates SAA enrollment setup error if any.
setupStatus String: Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE

setupErrors string[]: Indicates SAA enrollment setup error if any.
setupStatus string: Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE

setup_errors Sequence[str]: Indicates SAA enrollment setup error if any.
setup_status str: Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE

setupErrors List<String>: Indicates SAA enrollment setup error if any.
setupStatus String: Indicates SAA enrollment status of a given workload. Possible values: SETUP_STATE_UNSPECIFIED, STATUS_PENDING, STATUS_COMPLETE

WorkloadWorkloadOptions, WorkloadWorkloadOptionsArgs

KajEnrollmentType string: Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF

KajEnrollmentType string: Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF

kajEnrollmentType String: Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF

kajEnrollmentType string: Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF

kaj_enrollment_type str: Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF

kajEnrollmentType String: Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF

Import

Workload can be imported using any of these accepted formats:

organizations/{{organization}}/locations/{{location}}/workloads/{{name}}
{{organization}}/{{location}}/{{name}}

When using the pulumi import command, Workload can be imported using one of the formats above. For example:

$ pulumi import gcp:assuredworkloads/workload:Workload default organizations/{{organization}}/locations/{{location}}/workloads/{{name}}

$ pulumi import gcp:assuredworkloads/workload:Workload default {{organization}}/{{location}}/{{name}}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.assuredworkloads.Workload

On this page

On this page

Example Usage

Basic_workload

Sovereign_controls_workload

Split_billing_partner_workload

Create Workload Resource

Constructor syntax

Parameters

Constructor example

Workload Resource Properties

Inputs

Outputs

Look up Existing Workload Resource

Supporting Types

WorkloadComplianceStatus, WorkloadComplianceStatusArgs

WorkloadEkmProvisioningResponse, WorkloadEkmProvisioningResponseArgs

WorkloadKmsSettings, WorkloadKmsSettingsArgs

WorkloadPartnerPermissions, WorkloadPartnerPermissionsArgs

WorkloadResource, WorkloadResourceArgs

WorkloadResourceSetting, WorkloadResourceSettingArgs

WorkloadSaaEnrollmentResponse, WorkloadSaaEnrollmentResponseArgs

WorkloadWorkloadOptions, WorkloadWorkloadOptionsArgs

Import

Package Details

On this page

On this page