REST Resource: organizations.locations.cloudControls

Resource: CloudControl
Methods

Resource: CloudControl

A cloud control is a set of rules and associated metadata that you can use to define your organization's security or compliance intent.

JSON representation

JSON representation
{ "name": string, "majorRevisionId": string, "description": string, "displayName": string, "supportedEnforcementModes": [ enum (`EnforcementMode`) ], "parameterSpec": [ { object (`ParameterSpec`) } ], "rules": [ { object (`Rule`) } ], "severity": enum (`Severity`), "findingCategory": string, "supportedCloudProviders": [ enum (`CloudProvider`) ], "relatedFrameworks": [ string ], "remediationSteps": string, "categories": [ enum (`CloudControlCategory`) ], "createTime": string, "supportedTargetResourceTypes": [ enum (`TargetResourceType`) ] }

{
  "name": string,
  "majorRevisionId": string,
  "description": string,
  "displayName": string,
  "supportedEnforcementModes": [
    enum (EnforcementMode)
  ],
  "parameterSpec": [
    {
      object (ParameterSpec)
    }
  ],
  "rules": [
    {
      object (Rule)
    }
  ],
  "severity": enum (Severity),
  "findingCategory": string,
  "supportedCloudProviders": [
    enum (CloudProvider)
  ],
  "relatedFrameworks": [
    string
  ],
  "remediationSteps": string,
  "categories": [
    enum (CloudControlCategory)
  ],
  "createTime": string,
  "supportedTargetResourceTypes": [
    enum (TargetResourceType)
  ]
}

Fields
`name`	`string` Required. Identifier. The name of the cloud control, in the format `organizations/{organization}/locations/{location}/cloudControls/{cloudControlId}`. The only supported location is `global`.
`majorRevisionId`	`string (int64 format)` Output only. The major version of the cloud control, which is incremented in ascending order.
`description`	`string` Optional. A description of the cloud control. The maximum length is 2000 characters.
`displayName`	`string` Optional. The friendly name of the cloud control. The maximum length is 200 characters.
`supportedEnforcementModes[]`	`enum (EnforcementMode)` Output only. The supported enforcement modes for the cloud control.
`parameterSpec[]`	`object (ParameterSpec)` Optional. The parameter specifications for the cloud control.
`rules[]`	`object (Rule)` Optional. The rules that you can enforce to meet your security or compliance intent.
`severity`	`enum (Severity)` Optional. The severity of the findings that are generated by the cloud control.
`findingCategory`	`string` Optional. The finding category for the cloud control findings. The maximum length is 255 characters.
`supportedCloudProviders[]`	`enum (CloudProvider)` Optional. The supported cloud providers.
`relatedFrameworks[]`	`string` Output only. The frameworks that include this cloud control.
`remediationSteps`	`string` Optional. The remediation steps for the cloud control findings. The maximum length is 400 characters.
`categories[]`	`enum (CloudControlCategory)` Optional. The categories for the cloud control.
`createTime`	`string (Timestamp format)` Output only. The time that the cloud control was last updated. `createTime` is used because a new cloud control is created whenever an existing cloud control is updated. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`supportedTargetResourceTypes[]`	`enum (TargetResourceType)` Optional. The target resource types that are supported by the cloud control.

ParameterSpec

The parameter specification for the cloud control.

JSON representation

JSON representation
{ "name": string, "displayName": string, "description": string, "isRequired": boolean, "valueType": enum (`ValueType`), "defaultValue": { object (`ParamValue`) }, "substitutionRules": [ { object (`ParameterSubstitutionRule`) } ], "subParameters": [ { object (`ParameterSpec`) } ], "validation": { object (`Validation`) } }

{
  "name": string,
  "displayName": string,
  "description": string,
  "isRequired": boolean,
  "valueType": enum (ValueType),
  "defaultValue": {
    object (ParamValue)
  },
  "substitutionRules": [
    {
      object (ParameterSubstitutionRule)
    }
  ],
  "subParameters": [
    {
      object (ParameterSpec)
    }
  ],
  "validation": {
    object (Validation)
  }
}

Fields
`name`	`string` Required. The name of the parameter.
`displayName`	`string` Optional. The friendly name of the parameter. The maximum length is 200 characters.
`description`	`string` Optional. The description of the parameter. The maximum length is 2000 characters.
`isRequired`	`boolean` Required. Whether the parameter is required.
`valueType`	`enum (ValueType)` Required. The parameter value type.
`defaultValue`	`object (ParamValue)` Optional. The default value of the parameter.
`substitutionRules[]`	`object (ParameterSubstitutionRule)` Optional. The list of parameter substitutions.
`subParameters[]`	`object (ParameterSpec)` Optional. The parameter specification for `oneOf` attributes.
`validation`	`object (Validation)` Optional. The permitted set of values for the parameter.

ValueType

The type of parameter value.

Enums
`VALUE_TYPE_UNSPECIFIED`	Default value. This value is unused.
`STRING`	A string value.
`BOOLEAN`	A boolean value.
`STRINGLIST`	A string list value.
`NUMBER`	A numeric value.
`ONEOF`	A oneOf value.

ParameterSubstitutionRule

The parameter substitution rules.

JSON representation

JSON representation
{ // Union field `substitution_type` can be only one of the following: "placeholderSubstitutionRule": { object (`PlaceholderSubstitutionRule`) }, "attributeSubstitutionRule": { object (`AttributeSubstitutionRule`) } // End of list of possible types for union field `substitution_type`. }

{

  // Union field substitution_type can be only one of the following:
  "placeholderSubstitutionRule": {
    object (PlaceholderSubstitutionRule)
  },
  "attributeSubstitutionRule": {
    object (AttributeSubstitutionRule)
  }
  // End of list of possible types for union field substitution_type.
}

Fields

Fields
Union field `substitution_type`. The type of substitution. `substitution_type` can be only one of the following:
`placeholderSubstitutionRule`	`object (PlaceholderSubstitutionRule)` The placeholder substitution rule.
`attributeSubstitutionRule`	`object (AttributeSubstitutionRule)` The attribute substitution rule.

Union field substitution_type. The type of substitution. substitution_type can be only one of the following:

placeholderSubstitutionRule

object (PlaceholderSubstitutionRule)

The placeholder substitution rule.

attributeSubstitutionRule

object (AttributeSubstitutionRule)

The attribute substitution rule.

PlaceholderSubstitutionRule

The placeholder that's substituted in the rendered string.

JSON representation
{ "attribute": string }

Fields

Fields
`attribute`	`string` The fully qualified proto attribute path, in dot notation.

attribute

string

The fully qualified proto attribute path, in dot notation.

AttributeSubstitutionRule

The attribute at the given path that's substituted entirely.

JSON representation
{ "attribute": string }

Fields

Fields
`attribute`	`string` The fully qualified proto attribute path, in dot notation. For example: `rules[0].cel_expression.resource_types_values`

attribute

string

The fully qualified proto attribute path, in dot notation. For example: rules[0].cel_expression.resource_types_values

Validation

The validation of the parameter.

JSON representation

JSON representation
{ // Union field `constraint` can be only one of the following: "allowedValues": { object (`AllowedValues`) }, "intRange": { object (`IntRange`) }, "regexpPattern": { object (`RegexpPattern`) } // End of list of possible types for union field `constraint`. }

{

  // Union field constraint can be only one of the following:
  "allowedValues": {
    object (AllowedValues)
  },
  "intRange": {
    object (IntRange)
  },
  "regexpPattern": {
    object (RegexpPattern)
  }
  // End of list of possible types for union field constraint.
}

Fields
Union field `constraint`. Defines validators for parameter values. `constraint` can be only one of the following:
`allowedValues`	`object (AllowedValues)` The permitted set of values for the parameter.
`intRange`	`object (IntRange)` The permitted range for numeric parameters.
`regexpPattern`	`object (RegexpPattern)` The regular expression for string parameters.

AllowedValues

The allowed set of values for the parameter.

JSON representation
{ "values": [ { object (`ParamValue`) } ] }

Fields

Fields
`values[]`	`object (ParamValue)` Required. The list of allowed values for the parameter.

values[]

object (ParamValue)

Required. The list of allowed values for the parameter.

IntRange

The number range for number parameters.

JSON representation
{ "min": string, "max": string }

Fields

Fields
`min`	`string (int64 format)` Required. The minimum permitted value for the numeric parameter (inclusive).
`max`	`string (int64 format)` Required. The maximum permitted value for the numeric parameter (inclusive).

min

string (int64 format)

Required. The minimum permitted value for the numeric parameter (inclusive).

max

string (int64 format)

Required. The maximum permitted value for the numeric parameter (inclusive).

RegexpPattern

The regular expression (regex) validator for parameter values.

JSON representation
{ "pattern": string }

Fields

Fields
`pattern`	`string` Required. The regex pattern to match the values of the parameter with.

pattern

string

Required. The regex pattern to match the values of the parameter with.

CloudControlCategory

The category for the cloud control.

Enums
`CLOUD_CONTROL_CATEGORY_UNSPECIFIED`	Default value. This value is unused.
`CC_CATEGORY_INFRASTRUCTURE`	The infrastructure security category.
`CC_CATEGORY_ARTIFICIAL_INTELLIGENCE`	The artificial intelligence category.
`CC_CATEGORY_PHYSICAL_SECURITY`	The physical security category.
`CC_CATEGORY_DATA_SECURITY`	The data security category.
`CC_CATEGORY_NETWORK_SECURITY`	The network security category.
`CC_CATEGORY_INCIDENT_MANAGEMENT`	The incident management category.
`CC_CATEGORY_IDENTITY_AND_ACCESS_MANAGEMENT`	The identity and access management category.
`CC_CATEGORY_ENCRYPTION`	The encryption category.
`CC_CATEGORY_LOGS_MANAGEMENT_AND_INFRASTRUCTURE`	The logs management and infrastructure category.
`CC_CATEGORY_HR_ADMIN_AND_PROCESSES`	The HR, admin, and processes category.
`CC_CATEGORY_THIRD_PARTY_AND_SUB_PROCESSOR_MANAGEMENT`	The third-party and sub-processor management category.
`CC_CATEGORY_LEGAL_AND_DISCLOSURES`	The legal and disclosures category.
`CC_CATEGORY_VULNERABILITY_MANAGEMENT`	The vulnerability management category.
`CC_CATEGORY_PRIVACY`	The privacy category.
`CC_CATEGORY_BCDR`	The business continuity and disaster recovery (BCDR) category.

Methods
`create`	Creates a custom cloud control in a given parent resource.
`delete`	Deletes a custom cloud control, including all its major and minor revisions.
`get`	Gets details about a cloud control.
`list`	Lists the cloud controls (both built-in and custom) that are available in a given parent resource.
`patch`	Updates a custom cloud control.

REST Resource: organizations.locations.cloudControls

Resource: CloudControl

ParameterSpec

ValueType

ParameterSubstitutionRule

PlaceholderSubstitutionRule

AttributeSubstitutionRule

Validation

AllowedValues

IntRange

RegexpPattern

CloudControlCategory

Methods

`create`

`delete`

`get`

`list`

`patch`

REST Resource: organizations.locations.cloudControls Stay organized with collections Save and categorize content based on your preferences.

Resource: CloudControl

ParameterSpec

ValueType

ParameterSubstitutionRule

PlaceholderSubstitutionRule

AttributeSubstitutionRule

Validation

AllowedValues

IntRange

RegexpPattern

CloudControlCategory

Methods

create

delete

get

list

patch

REST Resource: organizations.locations.cloudControls

`create`

`delete`

`get`

`list`

`patch`