Support organization roles in all schemas (#3904)

* Support organization roles in all schemas * Support legacy domain-scoped project IDs for organization roles * fix legacy project pattern
2026-04-24 18:11:50 -03:00
parent 2eaa0d5e27
commit 4869044b60
38 changed files with 158 additions and 158 deletions
--- a/modules/dataplex-aspect-types/schemas/aspect-type.schema.json
+++ b/modules/dataplex-aspect-types/schemas/aspect-type.schema.json
@@ -31,7 +31,7 @@
      "type": "object",
      "additionalProperties": false,
      "patternProperties": {
-        "^(?:roles/|\\$custom_roles:)": {
+        "^(?:roles/|\\$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)": {
          "type": "array",
          "items": {
            "type": "string",
@@ -57,7 +57,7 @@
            },
            "role": {
              "type": "string",
-              "pattern": "^(?:roles/|\\$custom_roles:)"
+              "pattern": "^(?:roles/|\\$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)"
            },
            "condition": {
              "type": "object",
@@ -96,7 +96,7 @@
            },
            "role": {
              "type": "string",
-              "pattern": "^(?:roles/|\\$custom_roles:)"
+              "pattern": "^(?:roles/|\\$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)"
            },
            "condition": {
              "type": "object",
--- a/modules/dataplex-aspect-types/schemas/aspect-type.schema.md
+++ b/modules/dataplex-aspect-types/schemas/aspect-type.schema.md
@@ -18,7 +18,7 @@

 - **iam**<a name="refs-iam"></a>: *object*
  <br>*additional properties: false*
-  - **`^(?:roles/|\$custom_roles:)`**: *array*
+  - **`^(?:roles/|\$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)`**: *array*
    - items: *string*
      <br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:||\$iam_principals:[a-z0-9_-]+)*
 - **iam_bindings**<a name="refs-iam_bindings"></a>: *object*
@@ -29,7 +29,7 @@
      - items: *string*
        <br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
    - **role**: *string*
-      <br>*pattern: ^(?:roles/|\$custom_roles:)*
+      <br>*pattern: ^(?:roles/|\$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)*
    - **condition**: *object*
      <br>*additional properties: false*
      - ⁺**expression**: *string*
@@ -42,7 +42,7 @@
    - **member**: *string*
      <br>*pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|\$iam_principals:[a-z0-9_-]+)*
    - **role**: *string*
-      <br>*pattern: ^(?:roles/|\$custom_roles:)*
+      <br>*pattern: ^(?:roles/|\$custom_roles:|organizations/[0-9]+/roles/|([a-z0-9.]+:)?projects/[a-z0-9-]+/roles/)*
    - **condition**: *object*
      <br>*additional properties: false*
      - ⁺**expression**: *string*