feat: add new field for exception audit log link

Google APIs · copybara-github · commit 7090dbed5f8b · 2022-10-12T05:38:47.000-07:00
feat: add support of new compliance regime for regions and new partner T systems docs: fix some typos in documentation Deprecated non_compliant_org_policy from AcknowledgeViolationRequest. It has no effect and shouldn't be used. Committer: @ViswasK PiperOrigin-RevId: 480599318
diff --git a/google/cloud/assuredworkloads/v1/assuredworkloads.proto b/google/cloud/assuredworkloads/v1/assuredworkloads.proto
@@ -181,7 +181,7 @@ message DeleteWorkloadRequest {
 
 // Request for fetching a workload.
 message GetWorkloadRequest {
-  // Required. The resource name of the Workload to fetch. This is the workloads's
+  // Required. The resource name of the Workload to fetch. This is the workload's
   // relative path in the API, formatted as
   // "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}".
   // For example,
@@ -227,7 +227,7 @@ message ListWorkloadsResponse {
   string next_page_token = 2;
 }
 
-// An Workload object for managing highly regulated workloads of cloud
+// A Workload object for managing highly regulated workloads of cloud
 // customers.
 message Workload {
   option (google.api.resource) = {
@@ -302,11 +302,19 @@ message Workload {
     // International Traffic in Arms Regulations
     ITAR = 10;
 
-    // Assured Workloads for Partners;
+    // Assured Workloads for Australia Regions and Support controls
+    // Available for public preview consumption.
+    // Don't create production workloads.
+    AU_REGIONS_AND_US_SUPPORT = 11;
+
+    // Assured Workloads for Partners
     ASSURED_WORKLOADS_FOR_PARTNERS = 12;
   }
 
   // Settings specific to the Key Management Service.
+  // This message is deprecated.
+  // In order to create a Keyring, callers should specify,
+  // ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
   message KMSSettings {
     option deprecated = true;
 
@@ -338,7 +346,7 @@ message Workload {
     string resource_id = 1;
 
     // Indicates the type of resource. This field should be specified to
-    // correspond the id to the right project type (CONSUMER_PROJECT or
+    // correspond the id to the right resource type (CONSUMER_FOLDER or
     // ENCRYPTION_KEYS_PROJECT)
     ResourceInfo.ResourceType resource_type = 2;
 
@@ -404,10 +412,10 @@ message Workload {
 
   // Supported Assured Workloads Partners.
   enum Partner {
-    // Unknown compliance regime.
+    // Unknown partner regime/controls.
     PARTNER_UNSPECIFIED = 0;
 
-    // S3NS regime
+    // S3NS regime/controls.
     LOCAL_CONTROLS_BY_S3NS = 1;
   }
 
@@ -567,13 +575,17 @@ message AcknowledgeViolationRequest {
   // Required. Business justification explaining the need for violation acknowledgement
   string comment = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. Name of the OrgPolicy which was modified with non-compliant change and
+  // Optional. This field is deprecated and will be removed in future version of the API.
+  // Name of the OrgPolicy which was modified with non-compliant change and
   // resulted in this violation.
   // Format:
   // projects/{project_number}/policies/{constraint_name}
   // folders/{folder_id}/policies/{constraint_name}
   // organizations/{organization_id}/policies/{constraint_name}
-  string non_compliant_org_policy = 3 [(google.api.field_behavior) = OPTIONAL];
+  string non_compliant_org_policy = 3 [
+    deprecated = true,
+    (google.api.field_behavior) = OPTIONAL
+  ];
 }
 
 // Response for violation acknowledgement
@@ -795,4 +807,12 @@ message Violation {
   // Optional. Timestamp when this violation was acknowledged last.
   // This will be absent when acknowledged field is marked as false.
   optional google.protobuf.Timestamp acknowledgement_time = 15 [(google.api.field_behavior) = OPTIONAL];
+
+  // Output only. Immutable. Audit Log link to find business justification provided for violation
+  // exception. Format:
+  // https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{protoPayload.methodName}{timeRange}{organization}
+  string exception_audit_log_link = 16 [
+    (google.api.field_behavior) = OUTPUT_ONLY,
+    (google.api.field_behavior) = IMMUTABLE
+  ];
 }
