Get Cloud Account Status (GCP)
POST/cas/v1/cloud_account/status/gcp
Lists the status of a GCP Cloud account. You can use this API to verify the status of the security capabilities which you will be onboarding on Prisma Cloud.
Request
- application/json
Body
-
If
accountType
is organization andaccountGroupCreationMode
is MANUAL. -
If
accountType
is masterServiceAccount. - Array [
- ]
- Array [
- ]
Possible values: [MANUAL
, AUTO
, RECURSIVE
]
Default value: MANUAL
MANUAL: Account will be mapped to the account group mentioned in defaultAccountGroupId
.
AUTO: Automatically creates account groups for each top-level folder in the hierarchy.
RECURSIVE: Automatically creates account groups for the folders that are nested within the GCP organization hierarchy.
Applicable only if the accountType
is organization.
cloudAccount objectrequired
Organization resource ID if accountType
is organization.
Project ID if accountType
is account or masterServiceAccount.
Possible values: [account
, masterServiceAccount
, organization
]
Cloud Account Type.
account: GCP Project
organization: GCP Organization
masterServiceAccount: Onboards all GCP projects that are accessible by the service account.
Enable or disable this account on Prisma Cloud.
Default value: false
List of Account Groups that must be mapped to this account. To get the account group ids,call List Account Groups API
Account name for the GCP account that will be onboarded on Prisma Cloud. (must be unique)
ID of the project.
Get the project ID from the credentials json file that is generated from the GCP Terraform template.
Enable or disable compressed network flow log generation.
Default value: false
credentials objectrequired
Add contents of the JSON file, which contains the credentials, that is generated from the GCP Terraform template.
Project ID where the Dataflow API is enabled .
Required if compressionEnabled
is set to true and if the accountType
is organization.
Optional if the accountType
is account or masterServiceAccount
Applicable only
features object[]
Features to be enabled and/ or disabled. To get a list of all the supported features, see Fetch Supported Features endpoint
Possible values: [enabled
, disabled
]
Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for Serverless Function Scanning
and Agentless Workload Scanning
features.
Feature name obtained from Fetch Supported Features endpoint
Possible values: [enabled
, disabled
]
Feature state. Whether to be enabled or disabled
Cloud Storage Bucket name that is used store the flow logs.
hierarchySelection object[]
Applicable only if accountType
is organization.
Include/Exclude a list of GCP folders, GCP projects under the organization.
To get the display name of resource, Refer List Children of Parent.
aws: List Children of Parent (AWS)
gcp: List Children of Parent (GCP). Display name is the organization name if nodeType
is ORG
Possible values: [ORG
, FOLDER
, PROJECT
, SUBSCRIPTION
, MANAGEMENT_GROUP
, TENANT
, ACCOUNT
, OU
]
Member account node type. Supported values based on cloud type:
aws: ORG, OU, or ACCOUNT
gcp: ORG, FOLDER, or PROJECT
azure: SUBSCRIPTION, MANAGEMENT_GROUP, or TENANT
To get the list of resource IDs and its details, Refer List Children of Parent.
aws: List Children of Parent (AWS)
Possible values: [ALL
, INCLUDE
, EXCLUDE
]
Organization Member accounts Selection type.
ALL: Include the resource and all its children
INCLUDE: Include the specified resource
EXCLUDE: Exclude the specified resource
GCP Organization name
Responses
- 200
- 400
- 500
successful operation
- application/json; charset=UTF-8
- Schema
- Example (from schema)
Schema
- Array [
- ]
statusMessage object
[
{
"id": "string",
"name": "string",
"status": "string",
"statusMessage": {
"message": "string",
"staticMessage": true
}
}
]
bad_request
internal_error