CloudControl(mapping=None, *, ignore_unknown_fields=False, **kwargs)A CloudControl is the fundamental unit encapsulating the rules to meet a specific security or compliance intent. It can contain various rule types (like Organization Policies, CEL expressions, etc.) enabling different enforcement modes (Preventive, Detective, Audit). CloudControls are often parameterized for reusability and can be either BUILT_IN (provided by Google) or CUSTOM (defined by the user).
Attributes |
|
|---|---|
| Name | Description |
name |
str
Required. Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id} |
major_revision_id |
int
Output only. Major revision of the cloud control incremented in ascending order. |
description |
str
Optional. A description of the cloud control. The maximum length is 2000 characters. |
display_name |
str
Optional. The display name of the cloud control. The maximum length is 200 characters. |
supported_enforcement_modes |
MutableSequence[google.cloud.cloudsecuritycompliance_v1.types.EnforcementMode]
Output only. The supported enforcement mode of the cloud control. Default is DETECTIVE. |
parameter_spec |
MutableSequence[google.cloud.cloudsecuritycompliance_v1.types.ParameterSpec]
Optional. The parameter spec of the cloud control. |
rules |
MutableSequence[google.cloud.cloudsecuritycompliance_v1.types.Rule]
Optional. The Policy to be enforced to prevent/detect resource non-compliance. |
severity |
google.cloud.cloudsecuritycompliance_v1.types.Severity
Optional. The severity of findings generated by the cloud control. |
finding_category |
str
Optional. The finding_category of the cloud control. The maximum length is 255 characters. |
supported_cloud_providers |
MutableSequence[google.cloud.cloudsecuritycompliance_v1.types.CloudProvider]
Optional. cloud providers supported |
related_frameworks |
MutableSequence[str]
Output only. The Frameworks that include this CloudControl |
remediation_steps |
str
Optional. The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters. |
categories |
MutableSequence[google.cloud.cloudsecuritycompliance_v1.types.CloudControlCategory]
Optional. The categories of the cloud control. |
create_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC. |
supported_target_resource_types |
MutableSequence[google.cloud.cloudsecuritycompliance_v1.types.TargetResourceType]
Optional. target resource types supported by the CloudControl. |