feat: add new field for exception audit log link (#193)

* feat: add new field for exception audit log link
feat: add support of new compliance regime for regions and new partner T systems
docs: fix some typos in documentation

Deprecated non_compliant_org_policy from AcknowledgeViolationRequest. It has no effect and shouldn't be used.

Committer: @ViswasK
PiperOrigin-RevId: 480599318

Source-Link: googleapis/googleapis@7090dbe

Source-Link: googleapis/googleapis-gen@94a1322
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiOTRhMTMyMmQ3Njc4ZGQ5MzY3OGI5Mjc3YjBmYTU5YzJkZTIzMTllOSJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

packages/google-cloud-assuredworkloads/protos/google/cloud/assuredworkloads/v1/assuredworkloads.proto

@@ -181,7 +181,7 @@ message DeleteWorkloadRequest {
 
 // Request for fetching a workload.
 message GetWorkloadRequest {
-  // Required. The resource name of the Workload to fetch. This is the workloads's
+  // Required. The resource name of the Workload to fetch. This is the workload's
   // relative path in the API, formatted as
   // "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}".
   // For example,
@@ -227,7 +227,7 @@ message ListWorkloadsResponse {
   string next_page_token = 2;
 }
 
-// An Workload object for managing highly regulated workloads of cloud
+// A Workload object for managing highly regulated workloads of cloud
 // customers.
 message Workload {
   option (google.api.resource) = {
@@ -302,11 +302,19 @@ message Workload {
     // International Traffic in Arms Regulations
     ITAR = 10;
 
-    // Assured Workloads for Partners;
+    // Assured Workloads for Australia Regions and Support controls
+    // Available for public preview consumption.
+    // Don't create production workloads.
+    AU_REGIONS_AND_US_SUPPORT = 11;
+
+    // Assured Workloads for Partners
     ASSURED_WORKLOADS_FOR_PARTNERS = 12;
   }
 
   // Settings specific to the Key Management Service.
+  // This message is deprecated.
+  // In order to create a Keyring, callers should specify,
+  // ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
   message KMSSettings {
     option deprecated = true;
 
@@ -338,7 +346,7 @@ message Workload {
     string resource_id = 1;
 
     // Indicates the type of resource. This field should be specified to
-    // correspond the id to the right project type (CONSUMER_PROJECT or
+    // correspond the id to the right resource type (CONSUMER_FOLDER or
     // ENCRYPTION_KEYS_PROJECT)
     ResourceInfo.ResourceType resource_type = 2;
 
@@ -404,10 +412,10 @@ message Workload {
 
   // Supported Assured Workloads Partners.
   enum Partner {
-    // Unknown compliance regime.
+    // Unknown partner regime/controls.
     PARTNER_UNSPECIFIED = 0;
 
-    // S3NS regime
+    // S3NS regime/controls.
     LOCAL_CONTROLS_BY_S3NS = 1;
   }
 
@@ -567,13 +575,17 @@ message AcknowledgeViolationRequest {
   // Required. Business justification explaining the need for violation acknowledgement
   string comment = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. Name of the OrgPolicy which was modified with non-compliant change and
+  // Optional. This field is deprecated and will be removed in future version of the API.
+  // Name of the OrgPolicy which was modified with non-compliant change and
   // resulted in this violation.
   // Format:
   // projects/{project_number}/policies/{constraint_name}
   // folders/{folder_id}/policies/{constraint_name}
   // organizations/{organization_id}/policies/{constraint_name}
-  string non_compliant_org_policy = 3 [(google.api.field_behavior) = OPTIONAL];
+  string non_compliant_org_policy = 3 [
+    deprecated = true,
+    (google.api.field_behavior) = OPTIONAL
+  ];
 }
 
 // Response for violation acknowledgement
@@ -795,4 +807,12 @@ message Violation {
   // Optional. Timestamp when this violation was acknowledged last.
   // This will be absent when acknowledged field is marked as false.
   optional google.protobuf.Timestamp acknowledgement_time = 15 [(google.api.field_behavior) = OPTIONAL];
+
+  // Output only. Immutable. Audit Log link to find business justification provided for violation
+  // exception. Format:
+  // https://console.cloud.google.com/logs/query;query={logName}{protoPayload.resourceName}{protoPayload.methodName}{timeRange}{organization}
+  string exception_audit_log_link = 16 [
+    (google.api.field_behavior) = OUTPUT_ONLY,
+    (google.api.field_behavior) = IMMUTABLE
+  ];
 }

packages/google-cloud-assuredworkloads/samples/generated/v1/assured_workloads_service.acknowledge_violation.js

@@ -39,7 +39,8 @@ function main(name, comment) {
    */
   // const comment = 'abc123'
   /**
-   *  Optional. Name of the OrgPolicy which was modified with non-compliant change and
+   *  Optional. This field is deprecated and will be removed in future version of the API.
+   *  Name of the OrgPolicy which was modified with non-compliant change and
    *  resulted in this violation.
    *  Format:
    *  projects/{project_number}/policies/{constraint_name}

packages/google-cloud-assuredworkloads/samples/generated/v1/assured_workloads_service.get_workload.js

@@ -29,7 +29,7 @@ function main(name) {
    * TODO(developer): Uncomment these variables before running the sample.
    */
   /**
-   *  Required. The resource name of the Workload to fetch. This is the workloads's
+   *  Required. The resource name of the Workload to fetch. This is the workload's
    *  relative path in the API, formatted as
    *  "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}".
    *  For example,

packages/google-cloud-assuredworkloads/samples/generated/v1/snippet_metadata.google.cloud.assuredworkloads.v1.json

@@ -390,7 +390,7 @@
             "segments": [
                 {
                     "start": 25,
-                    "end": 69,
+                    "end": 70,
                     "type": "FULL"
                 }
             ],

packages/google-cloud-assuredworkloads/src/v1/assured_workloads_service_client.ts

@@ -721,7 +721,7 @@ export class AssuredWorkloadsServiceClient {
    * @param {Object} request
    *   The request object that will be sent.
    * @param {string} request.name
-   *   Required. The resource name of the Workload to fetch. This is the workloads's
+   *   Required. The resource name of the Workload to fetch. This is the workload's
    *   relative path in the API, formatted as
    *   "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}".
    *   For example,
@@ -914,7 +914,8 @@ export class AssuredWorkloadsServiceClient {
    * @param {string} request.comment
    *   Required. Business justification explaining the need for violation acknowledgement
    * @param {string} [request.nonCompliantOrgPolicy]
-   *   Optional. Name of the OrgPolicy which was modified with non-compliant change and
+   *   Optional. This field is deprecated and will be removed in future version of the API.
+   *   Name of the OrgPolicy which was modified with non-compliant change and
    *   resulted in this violation.
    *   Format:
    *   projects/{project_number}/policies/{constraint_name}