feat(assuredworkloads): update the API

#### assuredworkloads:v1beta1

The following keys were changed:
- schemas.GoogleCloudAssuredworkloadsV1beta1RestrictAllowedResourcesRequest.properties.restrictionType.enum
- schemas.GoogleCloudAssuredworkloadsV1beta1RestrictAllowedResourcesRequest.properties.restrictionType.enumDescriptions
- schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.complianceRegime.enum
- schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.complianceRegime.enumDescriptions
- schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.partner.description
- schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.partner.enum
- schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.partner.enumDescriptions

#### assuredworkloads:v1

The following keys were added:
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.description
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.flatPath
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.httpMethod
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.id
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameterOrder
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.description
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.location
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.pattern
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.required
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.type
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.path
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.request.$ref
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.response.$ref
- resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.scopes
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.description
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.id
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.etag.description
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.etag.type
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.partnerPermissions.$ref
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.partnerPermissions.description
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.updateMask.description
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.updateMask.format
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.updateMask.type
- schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.type
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.description
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.id
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.dataLogsViewer.description
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.dataLogsViewer.type
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.remediateFolderViolations.description
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.remediateFolderViolations.type
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.serviceAccessApprover.description
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.serviceAccessApprover.type
- schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.type

The following keys were changed:
- schemas.GoogleCloudAssuredworkloadsV1CreateWorkloadOperationMetadata.properties.complianceRegime.enum
- schemas.GoogleCloudAssuredworkloadsV1CreateWorkloadOperationMetadata.properties.complianceRegime.enumDescriptions
- schemas.GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest.properties.restrictionType.enum
- schemas.GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest.properties.restrictionType.enumDescriptions
- schemas.GoogleCloudAssuredworkloadsV1Workload.properties.complianceRegime.enum
- schemas.GoogleCloudAssuredworkloadsV1Workload.properties.complianceRegime.enumDescriptions
- schemas.GoogleCloudAssuredworkloadsV1Workload.properties.partner.description
- schemas.GoogleCloudAssuredworkloadsV1Workload.properties.partner.enum
- schemas.GoogleCloudAssuredworkloadsV1Workload.properties.partner.enumDescriptions

discovery/assuredworkloads-v1.json

@@ -310,6 +310,34 @@
  "https://www.googleapis.com/auth/cloud-platform"
  ]
  },
+ "mutatePartnerPermissions": {
+ "description": "Update the permissions settings for an existing partner workload. For force updates don't set etag field in the Workload. Only one update operation per workload can be in progress.",
+ "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/workloads/{workloadsId}:mutatePartnerPermissions",
+ "httpMethod": "PATCH",
+ "id": "assuredworkloads.organizations.locations.workloads.mutatePartnerPermissions",
+ "parameterOrder": [
+ "name"
+ ],
+ "parameters": {
+ "name": {
+ "description": "Required. The `name` field is used to identify the workload. Format: organizations/{org_id}/locations/{location_id}/workloads/{workload_id}",
+ "location": "path",
+ "pattern": "^organizations/[^/]+/locations/[^/]+/workloads/[^/]+$",
+ "required": true,
+ "type": "string"
+ }
+ },
+ "path": "v1/{+name}:mutatePartnerPermissions",
+ "request": {
+ "$ref": "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest"
+ },
+ "response": {
+ "$ref": "GoogleCloudAssuredworkloadsV1Workload"
+ },
+ "scopes": [
+ "https://www.googleapis.com/auth/cloud-platform"
+ ]
+ },
  "patch": {
  "description": "Updates an existing workload. Currently allows updating of workload display_name and labels. For force updates don't set etag field in the Workload. Only one update operation per workload can be in progress.",
  "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/workloads/{workloadsId}",
@@ -491,7 +519,7 @@
  }
  }
  },
- "revision": "20221020",
+ "revision": "20221212",
  "rootUrl": "https://assuredworkloads.googleapis.com/",
  "schemas": {
  "GoogleCloudAssuredworkloadsV1AcknowledgeViolationRequest": {
@@ -534,7 +562,8 @@
  "CA_REGIONS_AND_SUPPORT",
  "ITAR",
  "AU_REGIONS_AND_US_SUPPORT",
- "ASSURED_WORKLOADS_FOR_PARTNERS"
+ "ASSURED_WORKLOADS_FOR_PARTNERS",
+ "ISR_REGIONS"
  ],
  "enumDescriptions": [
  "Unknown compliance regime.",
@@ -549,7 +578,8 @@
  "Assured Workloads For Canada Regions and Support controls",
  "International Traffic in Arms Regulations",
  "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.",
- "Assured Workloads for Partners"
+ "Assured Workloads for Partners",
+ "Assured Workloads for Israel Regions"
  ],
  "type": "string"
  },
@@ -605,6 +635,26 @@
  },
  "type": "object"
  },
+ "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest": {
+ "description": "Request of updating permission settings for a partner workload.",
+ "id": "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest",
+ "properties": {
+ "etag": {
+ "description": "Optional. The etag of the workload. If this is provided, it must match the server's etag.",
+ "type": "string"
+ },
+ "partnerPermissions": {
+ "$ref": "GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions",
+ "description": "Required. The partner permissions to be updated."
+ },
+ "updateMask": {
+ "description": "Required. The list of fields to be updated. E.g. update_mask { paths: \"partner_permissions.data_logs_viewer\"}",
+ "format": "google-fieldmask",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
  "GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest": {
  "description": "Request for restricting list of available resources in Workload environment.",
  "id": "GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest",
@@ -614,12 +664,14 @@
  "enum": [
  "RESTRICTION_TYPE_UNSPECIFIED",
  "ALLOW_ALL_GCP_RESOURCES",
- "ALLOW_COMPLIANT_RESOURCES"
+ "ALLOW_COMPLIANT_RESOURCES",
+ "APPEND_COMPLIANT_RESOURCES"
  ],
  "enumDescriptions": [
  "Unknown restriction type.",
  "Allow the use all of all gcp products, irrespective of the compliance posture. This effectively removes gcp.restrictServiceUsage OrgPolicy on the AssuredWorkloads Folder.",
- "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources."
+ "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources.",
+ "Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows."
  ],
  "type": "string"
  }
@@ -854,7 +906,8 @@
  "CA_REGIONS_AND_SUPPORT",
  "ITAR",
  "AU_REGIONS_AND_US_SUPPORT",
- "ASSURED_WORKLOADS_FOR_PARTNERS"
+ "ASSURED_WORKLOADS_FOR_PARTNERS",
+ "ISR_REGIONS"
  ],
  "enumDescriptions": [
  "Unknown compliance regime.",
@@ -869,7 +922,8 @@
  "Assured Workloads For Canada Regions and Support controls",
  "International Traffic in Arms Regulations",
  "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.",
- "Assured Workloads for Partners"
+ "Assured Workloads for Partners",
+ "Assured Workloads for Israel Regions"
  ],
  "type": "string"
  },
@@ -935,14 +989,16 @@
  "type": "string"
  },
  "partner": {
- "description": "Optional. Compliance Regime associated with this workload.",
+ "description": "Optional. Partner regime associated with this workload.",
  "enum": [
  "PARTNER_UNSPECIFIED",
- "LOCAL_CONTROLS_BY_S3NS"
+ "LOCAL_CONTROLS_BY_S3NS",
+ "SOVEREIGN_CONTROLS_BY_T_SYSTEMS"
  ],
  "enumDescriptions": [
- "Unknown partner regime/controls.",
- "S3NS regime/controls."
+ "",
+ "Enum representing S3NS partner.",
+ "Enum representing T_SYSTEM partner."
  ],
  "type": "string"
  },
@@ -1007,6 +1063,25 @@
  },
  "type": "object"
  },
+ "GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions": {
+ "description": "Permissions granted to the AW Partner SA account for the customer workload",
+ "id": "GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions",
+ "properties": {
+ "dataLogsViewer": {
+ "description": "Allow partner to view data and logs",
+ "type": "boolean"
+ },
+ "remediateFolderViolations": {
+ "description": "Allow partner to monitor folder and remediate violations",
+ "type": "boolean"
+ },
+ "serviceAccessApprover": {
+ "description": "Allow partner to approve or reject Service Access requests",
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
  "GoogleCloudAssuredworkloadsV1WorkloadResourceInfo": {
  "description": "Represent the resources that are children of this Workload.",
  "id": "GoogleCloudAssuredworkloadsV1WorkloadResourceInfo",

discovery/assuredworkloads-v1beta1.json

@@ -595,7 +595,7 @@
  }
  }
  },
- "revision": "20221020",
+ "revision": "20221212",
  "rootUrl": "https://assuredworkloads.googleapis.com/",
  "schemas": {
  "GoogleCloudAssuredworkloadsV1beta1AcknowledgeViolationRequest": {
@@ -678,12 +678,14 @@
  "enum": [
  "RESTRICTION_TYPE_UNSPECIFIED",
  "ALLOW_ALL_GCP_RESOURCES",
- "ALLOW_COMPLIANT_RESOURCES"
+ "ALLOW_COMPLIANT_RESOURCES",
+ "APPEND_COMPLIANT_RESOURCES"
  ],
  "enumDescriptions": [
  "Unknown restriction type.",
  "Allow the use all of all gcp products, irrespective of the compliance posture. This effectively removes gcp.restrictServiceUsage OrgPolicy on the AssuredWorkloads Folder.",
- "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources."
+ "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources.",
+ "Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of compliant resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows."
  ],
  "type": "string"
  }
@@ -922,7 +924,8 @@
  "CA_REGIONS_AND_SUPPORT",
  "ITAR",
  "AU_REGIONS_AND_US_SUPPORT",
- "ASSURED_WORKLOADS_FOR_PARTNERS"
+ "ASSURED_WORKLOADS_FOR_PARTNERS",
+ "ISR_REGIONS"
  ],
  "enumDescriptions": [
  "Unknown compliance regime.",
@@ -937,7 +940,8 @@
  "Assured Workloads For Canada Regions and Support controls",
  "International Traffic in Arms Regulations",
  "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.",
- "Assured Workloads for Partners;"
+ "Assured Workloads for Partners;",
+ "Assured Workloads for Israel"
  ],
  "type": "string"
  },
@@ -1015,14 +1019,16 @@
  "type": "string"
  },
  "partner": {
- "description": "Optional. Compliance Regime associated with this workload.",
+ "description": "Optional. Partner regime associated with this workload.",
  "enum": [
  "PARTNER_UNSPECIFIED",
- "LOCAL_CONTROLS_BY_S3NS"
+ "LOCAL_CONTROLS_BY_S3NS",
+ "SOVEREIGN_CONTROLS_BY_T_SYSTEMS"
  ],
  "enumDescriptions": [
- "Unknown partner regime/controls.",
- "S3NS regime/controls."
+ "",
+ "Enum representing S3NS partner.",
+ "Enum representing T_SYSTEM partner."
  ],
  "type": "string"
  },