Class: Google::Cloud::AssuredWorkloads::V1::Workload

Inherits:

Object

• Object
• Google::Cloud::AssuredWorkloads::V1::Workload

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb

Overview

A Workload object for managing highly regulated workloads of cloud customers.

Defined Under Namespace

Modules: ComplianceRegime, KajEnrollmentState, Partner Classes: KMSSettings, LabelsEntry, ResourceInfo, ResourceSettings, SaaEnrollmentResponse

Instance Attribute Summary

• #billing_account ⇒ ::String

  Optional.

• #compliance_regime ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::ComplianceRegime

  Required.

• #compliant_but_disallowed_services ⇒ ::Array<::String> readonly

  Output only.

• #create_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

• #display_name ⇒ ::String

  Required.

• #enable_sovereign_controls ⇒ ::Boolean

  Optional.

• #etag ⇒ ::String

  Optional.

• #kaj_enrollment_state ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::KajEnrollmentState readonly

  Output only.

• #kms_settings ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::KMSSettings deprecated Deprecated.

  This field is deprecated and may be removed in the next major version update.

• #labels ⇒ ::Google::Protobuf::Map{::String => ::String}

  Optional.

• #name ⇒ ::String

  Optional.

• #partner ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::Partner

  Optional.

• #provisioned_resources_parent ⇒ ::String

  Input only.

• #resource_settings ⇒ ::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceSettings>

  Input only.

• #resources ⇒ ::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo> readonly

  Output only.

• #saa_enrollment_response ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse readonly

  Output only.

Instance Attribute Details

#billing_account ⇒ ::String

Returns Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

Returns:

• (::String) —

  Optional. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#compliance_regime ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::ComplianceRegime

Returns Required. Immutable. Compliance Regime associated with this workload.

Returns:

• (::Google::Cloud::AssuredWorkloads::V1::Workload::ComplianceRegime) —

  Required. Immutable. Compliance Regime associated with this workload.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#compliant_but_disallowed_services ⇒ ::Array<::String> (readonly)

Returns Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment.".

Returns:

• (::Array<::String>) —

  Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke RestrictAllowedResources endpoint to allow your project developers to use these services in their environment."

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#create_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. Immutable. The Workload creation timestamp.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. Immutable. The Workload creation timestamp.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#display_name ⇒ ::String

Returns Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces.

Example: My Workload.

Returns:

• (::String) —

  Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces.

  Example: My Workload

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#enable_sovereign_controls ⇒ ::Boolean

Returns Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

Returns:

• (::Boolean) —

  Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#etag ⇒ ::String

Returns Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.

Returns:

• (::String) —

  Optional. ETag of the workload, it is calculated on the basis of the Workload contents. It will be used in Update & Delete operations.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#kaj_enrollment_state ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::KajEnrollmentState (readonly)

Returns Output only. Represents the KAJ enrollment state of the given workload.

Returns:

• (::Google::Cloud::AssuredWorkloads::V1::Workload::KajEnrollmentState) —

  Output only. Represents the KAJ enrollment state of the given workload.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#kms_settings ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::KMSSettings

Deprecated.

This field is deprecated and may be removed in the next major version update.

Returns Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

Returns:

• (::Google::Cloud::AssuredWorkloads::V1::Workload::KMSSettings) —

  Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#labels ⇒ ::Google::Protobuf::Map{::String => ::String}

Returns Optional. Labels applied to the workload.

Returns:

• (::Google::Protobuf::Map{::String => ::String}) —

  Optional. Labels applied to the workload.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#name ⇒ ::String

Returns Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload}

Read-only.

Returns:

• (::String) —

  Optional. The resource name of the workload. Format: organizations/{organization}/locations/{location}/workloads/{workload}

  Read-only.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#partner ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::Partner

Returns Optional. Compliance Regime associated with this workload.

Returns:

• (::Google::Cloud::AssuredWorkloads::V1::Workload::Partner) —

  Optional. Compliance Regime associated with this workload.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#provisioned_resources_parent ⇒ ::String

Returns Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}.

Returns:

• (::String) —

  Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#resource_settings ⇒ ::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceSettings>

Returns Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

Returns:

• (::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceSettings>) —

  Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#resources ⇒ ::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo> (readonly)

Returns Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

Returns:

• (::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo>) —

  Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end

#saa_enrollment_response ⇒ ::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse (readonly)

Returns Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.

Returns:

• (::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse) —

  Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during GetWorkload call. In failure cases, user friendly error message is shown in SAA details page.

# File 'proto_docs/google/cloud/assuredworkloads/v1/assuredworkloads.rb', line 208

class Workload
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represent the resources that are children of this Workload.
  # @!attribute [rw] resource_id
  #   @return [::Integer]
  #     Resource identifier.
  #     For a project this represents project_number.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource.
  class ResourceInfo
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # The type of resource.
    module ResourceType
      # Unknown resource type.
      RESOURCE_TYPE_UNSPECIFIED = 0

      # Consumer project.
      # AssuredWorkloads Projects are no longer supported. This field will be
      # ignored only in CreateWorkload requests. ListWorkloads and GetWorkload
      # will continue to provide projects information.
      # Use CONSUMER_FOLDER instead.
      CONSUMER_PROJECT = 1

      # Consumer Folder.
      CONSUMER_FOLDER = 4

      # Consumer project containing encryption keys.
      ENCRYPTION_KEYS_PROJECT = 2

      # Keyring resource that hosts encryption keys.
      KEYRING = 3
    end
  end

  # Settings specific to the Key Management Service.
  # This message is deprecated.
  # In order to create a Keyring, callers should specify,
  # ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
  # @deprecated This message is deprecated and may be removed in the next major version update.
  # @!attribute [rw] next_rotation_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Required. Input only. Immutable. The time at which the Key Management Service will automatically create a
  #     new version of the crypto key and mark it as the primary.
  # @!attribute [rw] rotation_period
  #   @return [::Google::Protobuf::Duration]
  #     Required. Input only. Immutable. [next_rotation_time] will be advanced by this period when the Key
  #     Management Service automatically rotates a key. Must be at least 24 hours
  #     and at most 876,000 hours.
  class KMSSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Represent the custom settings for the resources to be created.
  # @!attribute [rw] resource_id
  #   @return [::String]
  #     Resource identifier.
  #     For a project this represents project_id. If the project is already
  #     taken, the workload creation will fail.
  #     For KeyRing, this represents the keyring_id.
  #     For a folder, don't set this value as folder_id is assigned by Google.
  # @!attribute [rw] resource_type
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::ResourceInfo::ResourceType]
  #     Indicates the type of resource. This field should be specified to
  #     correspond the id to the right resource type (CONSUMER_FOLDER or
  #     ENCRYPTION_KEYS_PROJECT)
  # @!attribute [rw] display_name
  #   @return [::String]
  #     User-assigned resource display name.
  #     If not empty it will be used to create a resource with the specified
  #     name.
  class ResourceSettings
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Signed Access Approvals (SAA) enrollment response.
  # @!attribute [rw] setup_status
  #   @return [::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupState]
  #     Indicates SAA enrollment status of a given workload.
  # @!attribute [rw] setup_errors
  #   @return [::Array<::Google::Cloud::AssuredWorkloads::V1::Workload::SaaEnrollmentResponse::SetupError>]
  #     Indicates SAA enrollment setup error if any.
  class SaaEnrollmentResponse
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Setup state of SAA enrollment.
    module SetupState
      # Unspecified.
      SETUP_STATE_UNSPECIFIED = 0

      # SAA enrollment pending.
      STATUS_PENDING = 1

      # SAA enrollment comopleted.
      STATUS_COMPLETE = 2
    end

    # Setup error of SAA enrollment.
    module SetupError
      # Unspecified.
      SETUP_ERROR_UNSPECIFIED = 0

      # Invalid states for all customers, to be redirected to AA UI for
      # additional details.
      ERROR_INVALID_BASE_SETUP = 1

      # Returned when there is not an EKM key configured.
      ERROR_MISSING_EXTERNAL_SIGNING_KEY = 2

      # Returned when there are no enrolled services or the customer is
      # enrolled in CAA only for a subset of services.
      ERROR_NOT_ALL_SERVICES_ENROLLED = 3

      # Returned when exception was encountered during evaluation of other
      # criteria.
      ERROR_SETUP_CHECK_FAILED = 4
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Supported Compliance Regimes.
  module ComplianceRegime
    # Unknown compliance regime.
    COMPLIANCE_REGIME_UNSPECIFIED = 0

    # Information protection as per DoD IL4 requirements.
    IL4 = 1

    # Criminal Justice Information Services (CJIS) Security policies.
    CJIS = 2

    # FedRAMP High data protection controls
    FEDRAMP_HIGH = 3

    # FedRAMP Moderate data protection controls
    FEDRAMP_MODERATE = 4

    # Assured Workloads For US Regions data protection controls
    US_REGIONAL_ACCESS = 5

    # Health Insurance Portability and Accountability Act controls
    HIPAA = 6

    # Health Information Trust Alliance controls
    HITRUST = 7

    # Assured Workloads For EU Regions and Support controls
    EU_REGIONS_AND_SUPPORT = 8

    # Assured Workloads For Canada Regions and Support controls
    CA_REGIONS_AND_SUPPORT = 9

    # International Traffic in Arms Regulations
    ITAR = 10

    # Assured Workloads for Australia Regions and Support controls
    # Available for public preview consumption.
    # Don't create production workloads.
    AU_REGIONS_AND_US_SUPPORT = 11

    # Assured Workloads for Partners
    ASSURED_WORKLOADS_FOR_PARTNERS = 12
  end

  # Key Access Justifications(KAJ) Enrollment State.
  module KajEnrollmentState
    # Default State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_UNSPECIFIED = 0

    # Pending State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_PENDING = 1

    # Complete State for KAJ Enrollment.
    KAJ_ENROLLMENT_STATE_COMPLETE = 2
  end

  # Supported Assured Workloads Partners.
  module Partner
    # Unknown partner regime/controls.
    PARTNER_UNSPECIFIED = 0

    # S3NS regime/controls.
    LOCAL_CONTROLS_BY_S3NS = 1
  end
end