From 32d2f9baba398950771969e8cef4d96560a0600c Mon Sep 17 00:00:00 2001
From: Google APIs <noreply@google.com>
Date: Tue, 23 Aug 2022 18:28:40 -0700
Subject: [PATCH] feat: Updated v1beta1 analyzeWorkloadMove documentation

Committer: @ketanbshah
PiperOrigin-RevId: 469606602
---
 .../v1beta1/assuredworkloads.proto            | 88 ++++++-------------
 .../assuredworkloads_grpc_service_config.json |  4 -
 .../v1beta1/assuredworkloads_service.proto    | 29 ++----
 3 files changed, 35 insertions(+), 86 deletions(-)

diff --git a/google/cloud/assuredworkloads/v1beta1/assuredworkloads.proto b/google/cloud/assuredworkloads/v1beta1/assuredworkloads.proto
index 5967dd884fd2f..589010c9ac1ab 100644
--- a/google/cloud/assuredworkloads/v1beta1/assuredworkloads.proto
+++ b/google/cloud/assuredworkloads/v1beta1/assuredworkloads.proto
@@ -67,39 +67,6 @@ message UpdateWorkloadRequest {
   google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
-// Request for restricting list of available services in Workload environment.
-message RestrictAllowedServicesRequest {
-  // The type of restriction.
-  enum RestrictionType {
-    // Unknown restriction type.
-    RESTRICTION_TYPE_UNSPECIFIED = 0;
-
-    // Allow the use all services. This effectively remove all restrictions
-    // placed on the Folder.
-    ALLOW_ALL_GCP_SERVICES = 1;
-
-    // Based on Workload's compliance regime, allowed list changes.
-    // See - https://cloud.google.com/assured-workloads/docs/supported-products
-    // for the list of allowed services.
-    ALLOW_COMPLIANT_SERVICES = 2;
-  }
-
-  // Required. The resource name of the Workload. This is the workloads's
-  // relative path in the API, formatted as
-  // "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}".
-  // For example,
-  // "organizations/123/locations/us-east1/workloads/assured-workload-1".
-  string name = 1 [(google.api.field_behavior) = REQUIRED];
-
-  // Required. The type of restriction for using gcp services in the Workload environment.
-  RestrictionType restriction_type = 2 [(google.api.field_behavior) = REQUIRED];
-}
-
-// Response for restricting the list of allowed services.
-message RestrictAllowedServicesResponse {
-
-}
-
 // Request for restricting list of available resources in Workload environment.
 message RestrictAllowedResourcesRequest {
   // The type of restriction.
@@ -166,41 +133,41 @@ message GetWorkloadRequest {
   ];
 }
 
-// Request to check if source workload can be moved to target workload.
+// A request to analyze a hypothetical move of a source project or project-based
+// workload to a target (destination) folder-based workload.
 message AnalyzeWorkloadMoveRequest {
-  // Kind of resource to be moved to the destination workload
+  // The resource type to be moved to the destination workload. It can be either
+  // an existing project or a project-based workload.
   oneof projectOrWorkloadResource {
-    // The Source is project based Workload to be moved. This is the workloads's
-    // relative path in the API, formatted as
-    // "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}".
-    // For example,
-    // "organizations/123/locations/us-east1/workloads/assured-workload-1".
+    // The source type is a project-based workload. Specify the workloads's
+    // relative resource name, formatted as:
+    // "organizations/{ORGANIZATION_ID}/locations/{LOCATION_ID}/workloads/{WORKLOAD_ID}"
+    // For example:
+    // "organizations/123/locations/us-east1/workloads/assured-workload-1"
     string source = 1;
 
-    // The Source is a project based to be moved.
-    // This is the project's relative path in the API, formatted as
-    // "cloudresourcemanager.googleapis.com/projects/{project_number}"
-    // "projects/{project_number}"
-    // "cloudresourcemanager.googleapis.com/projects/{project_id}"
-    // "projects/{project_id}"
-    // For example,
-    // "organizations/123/locations/us-east1/workloads/assured-workload-1".
+    // The source type is a project. Specify the project's relative resource
+    // name, formatted as either a project number or a project ID:
+    // "projects/{PROJECT_NUMBER}" or "projects/{PROJECT_ID}"
+    // For example:
+    // "projects/951040570662" when specifying a project number, or
+    // "projects/my-project-123" when specifying a project ID.
     string project = 3;
   }
 
-  // Required. The resource name of the Workload to fetch. This is the workloads's
-  // relative path in the API, formatted as
-  // "organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}".
-  // For example,
-  // "organizations/123/locations/us-east1/workloads/assured-workload-2".
+  // Required. The resource ID of the folder-based destination workload. This workload is
+  // where the source project will hypothetically be moved to. Specify the
+  // workload's relative resource name, formatted as:
+  // "organizations/{ORGANIZATION_ID}/locations/{LOCATION_ID}/workloads/{WORKLOAD_ID}"
+  // For example:
+  // "organizations/123/locations/us-east1/workloads/assured-workload-2"
   string target = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
-// Response with the analysis if the source workload can be moved to the target
-// workload
+// A response that includes the analysis of the hypothetical resource move.
 message AnalyzeWorkloadMoveResponse {
-  // List of blockers that prevent moving the source workload to the target
-  // workload
+  // A list of blockers that should be addressed before moving the source
+  // project or project-based workload to the destination folder-based workload.
   repeated string blockers = 1;
 }
 
@@ -308,6 +275,9 @@ message Workload {
 
     // International Traffic in Arms Regulations
     ITAR = 10;
+
+    // Assured Workloads for Australia Regions and Support controls
+    AU_REGIONS_AND_US_SUPPORT = 11;
   }
 
   // Settings specific to the Key Management Service.
@@ -483,7 +453,7 @@ message Workload {
     (google.api.field_behavior) = IMMUTABLE
   ];
 
-  // Input only. The billing account used for the resources which are
+  // Output only. The billing account used for the resources which are
   // direct children of workload. This billing account is initially associated
   // with the resources created as part of Workload creation.
   // After the initial creation of these resources, the customer can change
@@ -491,7 +461,7 @@ message Workload {
   // The resource name has the form
   // `billingAccounts/{billing_account_id}`. For example,
   // `billingAccounts/012345-567890-ABCDEF`.
-  string billing_account = 6 [(google.api.field_behavior) = INPUT_ONLY];
+  string billing_account = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Settings specific to the selected [compliance_regime]
   oneof compliance_regime_settings {
diff --git a/google/cloud/assuredworkloads/v1beta1/assuredworkloads_grpc_service_config.json b/google/cloud/assuredworkloads/v1beta1/assuredworkloads_grpc_service_config.json
index 38d4af5aa406e..1658f48956b38 100644
--- a/google/cloud/assuredworkloads/v1beta1/assuredworkloads_grpc_service_config.json
+++ b/google/cloud/assuredworkloads/v1beta1/assuredworkloads_grpc_service_config.json
@@ -31,10 +31,6 @@
           "service": "google.cloud.assuredworkloads.v1beta1.AssuredWorkloadsService",
           "method": "AnalyzeWorkloadMove"
         },
-        {
-          "service": "google.cloud.assuredworkloads.v1beta1.AssuredWorkloadsService",
-          "method": "AnalyzeWorkloadMove"
-        },
         {
           "service": "google.longrunning.Operations",
           "method": "GetOperation"
diff --git a/google/cloud/assuredworkloads/v1beta1/assuredworkloads_service.proto b/google/cloud/assuredworkloads/v1beta1/assuredworkloads_service.proto
index fff7655f664cc..9fbedf47b10eb 100644
--- a/google/cloud/assuredworkloads/v1beta1/assuredworkloads_service.proto
+++ b/google/cloud/assuredworkloads/v1beta1/assuredworkloads_service.proto
@@ -33,12 +33,10 @@ option ruby_package = "Google::Cloud::AssuredWorkloads::V1beta1";
 // Service to manage AssuredWorkloads.
 service AssuredWorkloadsService {
   option (google.api.default_host) = "assuredworkloads.googleapis.com";
-  option (google.api.oauth_scopes) =
-      "https://www.googleapis.com/auth/cloud-platform";
+  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
 
   // Creates Assured Workload.
-  rpc CreateWorkload(CreateWorkloadRequest)
-      returns (google.longrunning.Operation) {
+  rpc CreateWorkload(CreateWorkloadRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1beta1/{parent=organizations/*/locations/*}/workloads"
       body: "workload"
@@ -55,30 +53,16 @@ service AssuredWorkloadsService {
   // For force updates don't set etag field in the Workload.
   // Only one update operation per workload can be in progress.
   rpc UpdateWorkload(UpdateWorkloadRequest) returns (Workload) {
-    option (google.api.http) = {
-      patch: "/v1beta1/{workload.name=organizations/*/locations/*/workloads/*}"
-      body: "workload"
-    };
     option (google.api.method_signature) = "workload,update_mask";
   }
 
-  // Restrict the list of services allowed in the Workload environment.
-  // The current list of allowed services can be found at
-  // https://cloud.google.com/assured-workloads/docs/supported-products
-  // In addition to assuredworkloads.workload.update permission, the user should
-  // also have orgpolicy.policy.set permission on the folder resource
-  // to use this functionality.
-  rpc RestrictAllowedServices(RestrictAllowedServicesRequest)
-      returns (RestrictAllowedServicesResponse) {}
-
   // Restrict the list of resources allowed in the Workload environment.
   // The current list of allowed products can be found at
   // https://cloud.google.com/assured-workloads/docs/supported-products
   // In addition to assuredworkloads.workload.update permission, the user should
   // also have orgpolicy.policy.set permission on the folder resource
   // to use this functionality.
-  rpc RestrictAllowedResources(RestrictAllowedResourcesRequest)
-      returns (RestrictAllowedResourcesResponse) {
+  rpc RestrictAllowedResources(RestrictAllowedResourcesRequest) returns (RestrictAllowedResourcesResponse) {
     option (google.api.http) = {
       post: "/v1beta1/{name=organizations/*/locations/*/workloads/*}:restrictAllowedResources"
       body: "*"
@@ -103,10 +87,9 @@ service AssuredWorkloadsService {
     option (google.api.method_signature) = "name";
   }
 
-  // Analyze if the source Assured Workloads can be moved to the target Assured
-  // Workload
-  rpc AnalyzeWorkloadMove(AnalyzeWorkloadMoveRequest)
-      returns (AnalyzeWorkloadMoveResponse) {
+  // A request to analyze a hypothetical move of a source project or
+  // project-based workload to a target (destination) folder-based workload.
+  rpc AnalyzeWorkloadMove(AnalyzeWorkloadMoveRequest) returns (AnalyzeWorkloadMoveResponse) {
     option (google.api.method_signature) = "project,target";
   }