violations
Creates, updates, deletes, gets or lists a violations resource.
Overview
| Name | violations |
| Type | Resource |
| Id | google.assuredworkloads.violations |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. Immutable. Name of the Violation. Format: organizations/{organization}/locations/{location}/workloads/{workload_id}/violations/{violations_id} |
description | string | Output only. Description for the Violation. e.g. OrgPolicy gcp.resourceLocations has non compliant value. |
acknowledged | boolean | A boolean that indicates if the violation is acknowledged |
acknowledgementTime | string | Optional. Timestamp when this violation was acknowledged first. Check exception_contexts to find the last time the violation was acknowledged when there are more than one violations. This field will be absent when acknowledged field is marked as false. |
associatedOrgPolicyViolationId | string | Optional. Output only. Violation Id of the org-policy violation due to which the resource violation is caused. Empty for org-policy violations. |
auditLogLink | string | Output only. Immutable. Audit Log Link for violated resource Format: https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{timeRange}{folder} |
beginTime | string | Output only. Time of the event which triggered the Violation. |
category | string | Output only. Category under which this violation is mapped. e.g. Location, Service Usage, Access, Encryption, etc. |
exceptionAuditLogLink | string | Output only. Immutable. Audit Log link to find business justification provided for violation exception. Format: https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{protoPayload.methodName}{timeRange}{organization} |
exceptionContexts | array | Output only. List of all the exception detail added for the violation. |
nonCompliantOrgPolicy | string | Output only. Immutable. Name of the OrgPolicy which was modified with non-compliant change and resulted this violation. Format: projects/{project_number}/policies/{constraint_name} folders/{folder_id}/policies/{constraint_name} organizations/{organization_id}/policies/{constraint_name} |
orgPolicyConstraint | string | Output only. Immutable. The org-policy-constraint that was incorrectly changed, which resulted in this violation. |
parentProjectNumber | string | Optional. Output only. Parent project number where resource is present. Empty for org-policy violations. |
remediation | object | Represents remediation guidance to resolve compliance violation for AssuredWorkload |
resolveTime | string | Output only. Time of the event which fixed the Violation. If the violation is ACTIVE this will be empty. |
resourceName | string | Optional. Output only. Name of the resource like //storage.googleapis.com/myprojectxyz-testbucket. Empty for org-policy violations. |
resourceType | string | Optional. Output only. Type of the resource like compute.googleapis.com/Disk, etc. Empty for org-policy violations. |
state | string | Output only. State of the violation |
updateTime | string | Output only. The last time when the Violation record was updated. |
violationType | string | Output only. Type of the violation |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | locationsId, organizationsId, violationsId, workloadsId | Retrieves Assured Workload Violation based on ID. |
list | SELECT | locationsId, organizationsId, workloadsId | Lists the Violations in the AssuredWorkload Environment. Callers may also choose to read across multiple Workloads as per AIP-159 by using '-' (the hyphen or dash character) as a wildcard character instead of workload-id in the parent. Format organizations/{org_id}/locations/{location}/workloads/- |
acknowledge | EXEC | locationsId, organizationsId, violationsId, workloadsId | Acknowledges an existing violation. By acknowledging a violation, users acknowledge the existence of a compliance violation in their workload and decide to ignore it due to a valid business justification. Acknowledgement is a permanent operation and it cannot be reverted. |
SELECT examples
Lists the Violations in the AssuredWorkload Environment. Callers may also choose to read across multiple Workloads as per AIP-159 by using '-' (the hyphen or dash character) as a wildcard character instead of workload-id in the parent. Format organizations/{org_id}/locations/{location}/workloads/-
SELECT
name,
description,
acknowledged,
acknowledgementTime,
associatedOrgPolicyViolationId,
auditLogLink,
beginTime,
category,
exceptionAuditLogLink,
exceptionContexts,
nonCompliantOrgPolicy,
orgPolicyConstraint,
parentProjectNumber,
remediation,
resolveTime,
resourceName,
resourceType,
state,
updateTime,
violationType
FROM google.assuredworkloads.violations
WHERE locationsId = '{{ locationsId }}'
AND organizationsId = '{{ organizationsId }}'
AND workloadsId = '{{ workloadsId }}';